CISA refutes claims it has been ordered to stop monitoring Russian cyber threats

It's been a confusing few days in the world of American cybersecurity.

At the end of last week, it was reported that US Cyber Command had been ordered by Defense Secretary Pete Hegseth to pause its offensive operations against Russia. The news was swiftly followed by reports that staff at the US Cybersecurity and Infrastructure Security Agency (CISA) had been given similar instructions to turn a blind eye to hacks directed against United States that might be linked to Russia.

As we described yesterday, both CISA and US Cyber Command had reportedly been ordered by the Trump administration to stop following or reporting on Russian threats, despite them previously being their main focus.

The radical change in direction was widely reported, by the likes of The Guardian, the New York Times, Washington Post, and The Record, who quoted anonymous sources familiar with the matter.

However, an article from The Guardian detailing what it described as "a retreat in the fight against Russian cyber threats" has now been refuted by one of the agencies listed: CISA.

Posting on Twitter, CISA said that media reports of it being ordered to no longer follow or report on Russian cyber threats against the United States were "fake", and that there had been |no change" in its mission to "defend against all cyber threats to U.S. Critical Infrastructure, including from Russia."

What isn't in question, however, is that the US Department of Homeland Security has dismantled the Cyber Safety Review Board (CSRB), an advisory committee of CISA that has probed major cybersecurity incidents including the Log4J vulnerability, the Lapsus$ hacking gang, and the hack of Microsoft Exchange Online in 2023 that was blamed on "a cascade of security failures" at Microsoft and deemed "preventable".

The disbandment of the CSRB would appear to be bad news for its current inquiry into Salt Typhoon, a Chinese-linked hacking group that has attacked multiple major US telecoms companies and even the US Treasury.

Whether it's accurate to say that CISA has been ordered to turn a blind eye to Russia's hacking activities or not, it's clear that CISA will face significant challenges in its mission to defend critical US infrastructure if it continues to be weakened.

Last month, at least 130 employees were fired from CISA - reportedly including staff focused on securing US elections, and fighting state-sponsored misinformation campaigns.