DHS says CISA won’t stop looking at Russian cyber threats
The Department of Homeland Security said that its Cybersecurity and Infrastructure Security Agency will continue to pay attention to Russian cyber threats, contrary to media reports suggesting the opposite.
The Guardian reported last week that a recent CISA memo setting out priorities for the agency didn’t list Russia among them, while including Chinese threats and critical infrastructure protection. It further reported that analysts at the agency were verbally told not to follow or report on Russian cyber threats.
“The memo referenced in the Guardian’s ‘reporting’ is not from the Trump Administration, which is quite inconvenient to the Guardian’s preferred narrative,” said Tricia McLaughlin, DHS spokesperson. “CISA remains committed to addressing all cyber threats to U.S. critical infrastructure, including from Russia. There has been no change in our posture or priority on this front.”
The Washington Post also reported that some CISA experts had been directed to focus on adversaries other than Russia. DHS also told the Post its posture had not changed.
The two stories came as the Trump administration is seeking to improve relations with Moscow, and as the administration has reportedly paused cyber offensive operations against Russia.
The notion of ceasing attention on Russian cyber threats is a poor one, some cyber experts have observed.
“The biggest procedural issue with ‘stop tracking Russian cyber threat actor groups’ (though there are many other issues) is that we don’t know until the end of the attribution lifecycle which data corresponds to which nations,” wrote Jacob Williams, a former vulnerability analyst at the Defense Department and now vice president of research and development at Hunter Strategy. “Given all the administration focus on ‘efficiency’ this makes no sense. Under the current framework, an analyst would have to throw away their analysis if they reach the conclusion that a threat they’re tracking is a Russian threat actor.”
Congressional Democrats have criticized the reported shift.
“I am deeply concerned by reports that the Administration does not see Russia as a significant cyber threat and is halting actions to counter Russian cyber activity,” said Mississippi Rep. Bennie Thompson, the top Democrat on the Homeland Security Committee, who is requesting a panel hearing on the subject. “To capitulate now, as we appear to bail on our allies in Ukraine, is an inexplicable dereliction of duty that puts American critical infrastructure at risk.”
