US Cybercom, CISA retreat in fight against Russian cyber threats: reports

Purported shift at CISA away from reporting on Russian threats

Shortly after The Record issued its report, The Guardian reported that the US Cybersecurity and Infrastructure Security Agency (CISA) sent an internal memo setting out new priorities for the agency, including China but excluding Russia. One source said analysts at the agency were verbally informed that they were not to follow or report on Russian threats.

The purported shift at CISA follows a speech before a UN cybersecurity working group last week by Liesyl Franz, deputy assistant secretary for international cybersecurity at the State Department, that highlighted how the US is concerned by threats perpetrated by some states but only named China and Iran, with no mention of Russia. Franz also didn’t mention the LockBit ransomware group, which the US has called out in past UN forums as the most prolific ransomware group in the world.

In a post on X, DHS denied The Guardian’s report, saying, “CISA’s mission is to defend against all cyber threats to U.S. Critical Infrastructure, including from Russia. There has been no change in our posture. Any reporting to the contrary is fake and undermines our national security.”