UK Security Officials Alarmed by US Cyber Command’s New Directive
British security officials have reacted with disbelief to reports indicating that US Defense Secretary Pete Hegseth has ordered US intelligence agencies to cease cyber operations against Russia, with one official describing the decision as sheer “madness.” Concerns are mounting that this move will leave the UK more exposed to cyber threats orchestrated by the Kremlin.
The Pentagon is reportedly reassessing its cyber operations against Russia as the US seeks to improve relations with President Vladimir Putin and negotiate a peace deal regarding Ukraine. According to news outlets in the US, Hegseth has instructed the Pentagon’s cyber warfare agency, the US Cyber Command, to halt its operations against Russia prior to President Donald Trump’s meeting with Ukrainian President Volodymyr Zelensky scheduled for Friday.
A UK intelligence source characterized the reports as “madness,” asserting that, if true, this decision reflects a clear intention from the US to pursue a “cyber peace deal” with Russia. The source suggested that such a move could potentially deter Kremlin-linked groups from launching cyber attacks on the US, which have previously targeted critical national infrastructure and infiltrated government departments. However, they also expressed concerns that this decision would leave Europe and the UK as “open targets,” lamenting that “the US will simply argue that we should have invested more in our defenses.”
Former NATO and Ministry of Defence official Nicholas Williams noted that this directive might be a symbolic gesture from the Trump administration aimed at demonstrating to Putin their sincerity and commitment to improving relations and resolving the ongoing conflict in Ukraine. Nevertheless, Williams fears this action could render the UK “isolated and more vulnerable” to cyber threats.
Potential Consequences for the UK
Williams elaborated, stating, “The outcome of the war in Ukraine will likely position the UK as a primary target, since the Russians hold the UK responsible not only for supporting the Ukrainians but also for various actions they deem as terrorist activities by Ukrainians.” He warned that cyber attacks are one of the few options available to Russia that do not escalate to invoking NATO’s Article 5, which would require collective defense responses.
The proposal to pause operations focused on Russia comes in stark contrast to previous assessments from both the US and UK governments, which have consistently highlighted the cyber threat posed by the Kremlin and criminal organizations operating from Russian territory. A catastrophic cyber attack on the NHS last year led to the cancellation of thousands of appointments and operations and was attributed to a Kremlin-protected group of hackers, representing a significant escalation in Moscow’s cyber warfare strategy. Months later, it was revealed that Russian hackers targeted the UK ambulance service, and numerous emails and passwords from the Ministry of Defence were compromised by criminal entities utilizing Russian hacking tools.
Under former President Joe Biden’s administration, US intelligence agencies accused Russian operatives of orchestrating cyber attacks aimed at espionage, sabotage, and undermining the reputation of the US. The US Cyber Command has collaborated closely with the UK’s Strategic Command and the Government Communications Headquarters (GCHQ) to lay the groundwork for future military and intelligence initiatives within the cyber realm.
In 2023, the UK’s National Cyber Security Centre (NCSC), an offshoot of GCHQ, issued a warning regarding the emergence of a “new class” of cyber adversaries aligned with the Russian state. This warning highlighted the activities of hackers sympathetic to Russia’s invasion of Ukraine who are motivated by ideology rather than financial gain. The NCSC cautioned, “Although these groups may align with Russia’s perceived interests, they often operate without formal state control, resulting in less constrained actions and broader targeting than traditional cyber criminals.” Some of these groups have expressed a desire to inflict significant disruptions and damage to Western critical national infrastructure.
US Senate Minority Leader Chuck Schumer criticized the move, calling it “a critical strategic mistake.” Schumer added, “Trump appears to be granting Putin a free pass at a time when Russia continues to unleash cyber operations and ransomware attacks against essential American infrastructure.”
The US Cybersecurity and Infrastructure Security Agency (CISA), part of the Department of Homeland Security, reaffirmed its commitment, stating, “Our mission is to defend against all cyber threats to US critical infrastructure, including those arising from Russia.” However, a US official revealed to this newspaper that there remains “little clarity” regarding the agency’s directives concerning Russia.
Shifting Dynamics in US Foreign Policy
This situation arises amid growing insecurity across Europe as US foreign policy undergoes rapid changes. Recently, reports surfaced indicating a senior White House official’s desire to remove Canada from the crucial Five Eyes intelligence-sharing alliance while Trump threatened the country with tariffs.
A NATO commander, who requested anonymity, expressed concerns that the “reshaping” of US military priorities could grant Russia a “free hand” in Europe. They remarked, “Europeans have invested in US military structures and capabilities because they believed they could rely on US support. If that support begins to wane, we could find ourselves in serious trouble.”
In light of these developments, when Sir Keir Starmer announced plans to boost defense spending to 2.5% of GDP by 2027, the UK government also revised its definition of defense spending to encompass security and intelligence agencies. The Prime Minister noted, “This shift acknowledges that our intelligence operations increasingly overlap with and complement those of our Armed Forces, highlighting the necessity for total deterrence against modern hybrid threats, ranging from cyber attacks to sabotage.”
A recent review conducted by the National Audit Office presented a damning evaluation of the UK’s cyber defenses, identifying skills gaps as the “biggest risk” to enhancing cyber resilience. In 2023-24, one in three cybersecurity positions within the government remained either vacant or filled with temporary staff.
Despite these warnings, a UK intelligence source stated that budget cuts and the lack of competitive salaries for analysts and operational officers have left the country “blind” and in “dire need of personnel uplift.” They commented, “Investing in ships, planes, and tanks is an impressive show of strength and a reaction to Trump, but the effectiveness of those assets depends on intelligence capabilities. Consider the retention rates for the Army, especially in intelligence roles. Domestic intelligence agencies are increasingly filled with students who are cost-effective and impressionable.”
A UK government spokesperson commented, “Protecting national security is the cornerstone of our Plan for Change, which is why the Prime Minister has announced the most significant sustained increase in defense spending since the Cold War, raising funding to 2.5% of GDP by 2027. Since July, we have taken decisive steps to strengthen our cyber defenses—introducing new legislation to empower us to protect critical national infrastructure from cyber attacks, launching thirty new regional cyber skills projects to enhance our digital workforce, and establishing a new ‘cyber pipeline’ to expedite Armed Forces recruitment to bolster UK cyber defense capabilities.”
