The White House released its national cybersecurity strategy in March 2026 naming China, Iran, and North Korea as primary threats – a list that conspicuously relegates Russia to an asterisk. This is not an oversight. It is policy. And the consequences of that policy will be measured in the damage done to American networks by the one adversary Washington just decided not to defend against.
Russia Is the Most Capable Cyber Threat America Faces – And the Strategy Barely Mentions It
The Trump administration’s six-pillar Cyber Strategy for America identifies China as “the most active and persistent cyber threat” to U.S. government and private sector networks, according to The White House (.gov). Iran and North Korea feature prominently. Russia does not. The document contains broad language about adversary threats, but the operational reality – the decisions being made inside agencies right now – tells a different story.
In late February 2025, Defense Secretary Pete Hegseth ordered US Cyber Command to stand down from all planning against Russia, including offensive digital operations, according to Axios. CISA analysts were reportedly told verbally to stop following or reporting on Russian cyber threats. When Deputy Assistant Secretary Liesyl Franz addressed the United Nations on cybersecurity, she named only China and Iran – omitting Russia and the LockBit ransomware group entirely, despite LockBit being previously identified by Western intelligence as the world’s most prolific ransomware operation. One security expert quoted by The Guardian called the deprioritization “incomprehensible” and “delusional.”
The Kremlin noticed. Russian officials stated that the new American cyber policy “largely coincides” with Russia’s own positions. That sentence alone should end the debate about whether the omission is strategic or accidental.
A Strategy Built Around the Wrong Enemy
The Council on Foreign Relations’ Matthew Ferren argues that the strategy already fundamentally misunderstands China’s threat – that prioritizing offensive operations against Beijing “cannot stop or even substantially diminish” its persistent campaigns. His critique is surgical: the strategy doubles down on offense while simultaneously weakening the defenses that actually stop attacks. CISA is facing a nearly 25% budget cut. Its Cybersecurity Division takes an 18% reduction. The National Risk Management Center – which coordinates protection of critical infrastructure – faces a 73% funding cut, according to CPO Magazine.
If the offense-over-defense trade-off is already a strategic miscalculation against China, it is catastrophic when applied to Russia. China runs patient, long-term intelligence-gathering operations. Russia runs destructive ones. NotPetya. SolarWinds. The compromise of energy grid control systems. Russia does not merely collect data – it pre-positions itself to cause physical damage. A cyber strategy that deprioritizes that adversary at the exact moment it is being diplomatically rehabilitated is not strategic alignment. It is exposure.
Trump’s Russia Realignment Has a Cybersecurity Price Tag
The decision to soften Russia’s threat classification tracks directly against Trump’s broader diplomatic normalization effort with Putin. That political logic may be coherent on its own terms. But it collides with a basic operational reality: Russian state hackers do not pause their operations because Washington pauses its defensive posture against them.
Security Affairs reported that The White House (.gov) strategy frames cyberspace as a strategic domain for projecting national power. The problem is that projection requires a secure home base. You cannot project from a network that your most sophisticated state adversary is actively mapping for future disruption – and has been doing so for years. The CISA budget cuts, combined with the stand-down order on Russia planning, mean that the moment Moscow decides the diplomatic channel is no longer useful, America’s early warning system will be smaller, slower, and explicitly instructed not to be watching in the right direction.
What This Actually Means
The Trump cyber strategy is coherent only if you believe Russia has genuinely moderated its threat posture because Washington started treating it as a partner. There is no intelligence basis for that belief. Russia-linked actors have not stopped targeting American infrastructure, financial systems, or political institutions. The only thing that has changed is that the federal government has officially downgraded its interest in knowing about it.
What The White House (.gov) released in March 2026 is not a comprehensive national cybersecurity strategy. It is a China-and-Iran strategy with a Russia-shaped hole in the middle. The next significant Russian cyber operation against American infrastructure will not be a surprise. The surprise will be that the administration spent the preceding months actively dismantling the capacity to respond.
Sources
Security Affairs | The Guardian | Council on Foreign Relations | Axios | CPO Magazine | WIRED