Russian Roulette
3–3–2025 (Monday)
Hello, and welcome to The Intentional Brief - your weekly video update on the one big thing in cybersecurity for middle market companies, their investors, and executive teams.
I’m your host, Shay Colson, Managing Partner at Intentional Cybersecurity, and you can find us online at intentionalcyber.com.
Today is Monday, March 3, 2025. Whether it’s the flu, allergies, or the last of cold season, I know I’m not the only one who isn’t feeling 100% today, but we show up and get to work because we’re professionals.
We talked last week about uncertainty, and I hope you took some of those lessons to heart, because the cyber world is facing some serious shifts this week, and uncertainty is the only way to describe it.
Russian Roulette
I am talking, of course, about the rash of news that has come out in the past 72 hours or so regarding Russian. I’ll leave the analysis of Zelensky’s meeting in the Oval with Trump and Vance to others, but do want to call your attention to other Russia-related items we’ve seen come out since then.
It was reported over the weekend that “Defense Secretary Pete Hegseth last week ordered U.S. Cyber Command to stand down from all planning against Russia, including offensive digital actions, according to three people familiar with the matter.”
Reporting from the Guardian leads their article with this sentence:
“The Trump administration has publicly and privately signaled that it does not believe Russia represents a cyber threat against US national security or critical infrastructure.”
The public portion of this stance is based on comments from “Liesyl Franz, deputy assistant secretary for international cybersecurity at the state department, said in a speech last week before a United Nations working group on cybersecurity that the US was concerned by threats perpetrated by some states but only named China and Iran, with no mention of Russia in her remarks. Franz also did not mention the Russia-based LockBit ransomware group, which the US has previously said is the most prolific ransomware group in the world and has been called out in UN forums in the past.”
At the same time, “A recent memo at the Cybersecurity and Infrastructure Security Agency (CISA) set out new priorities for the agency, which is part of the Department of Homeland Security and monitors cyber threats against US critical infrastructure. The new directive set out priorities that included China and protecting local systems. It did not mention Russia.”
Given the fact that 2024 was the biggest year ever for ransomware - a threat that almost exclusively operates out of Russia - this is quite a turn.
I’m hesitant to speculate about what this means in the big picture, though there is plenty of that online and I’d encourage you to read a post from former NSA cyber operator Jake Williams on LinkedIn.
I suppose it is true that if we’re suddenly “aligned” with Russia, that ransomware attacks could just stop - it’s well known that these groups don’t attack Russian-owned or aligned resources.
But, in reality, I think it just makes one of the hardest parts about cyber operations - attribution - that much harder.
More than anything, we need to be looking at these threats from a clear-eyed perspective. Cutting cyber efforts will have a long-tail effect that will be difficult to recover from, given the pace of change in this space and well-known difficulties of recruiting cyber talent into .gov roles.
To give you a sense of the range of dangers, just last week we saw a US Army Soldier plead guilty to leaking phone records to an undisclosed foreign government (while also googling about defecting to Russia), and the FBI attributing the single largest cryptocurrency theft (or any theft, really) ever ($1.5B!) to North Korea.
At the same time, CNN reports that Russia is looking to rebuild their spy networks within the US through their embassies ahead of a meeting between Trump and Putin later this month.
This approach towards an adversary like Russia - who has shown no concern for either invading their neighbors using their military or providing cover for large-scale criminal syndicates, cannot be a positive step for our national cyber risk.
Critical industries - and the 17 sectors that CISA has identified them as operating in - will be faced with greater threats moving forward. They will also have fewer resources (whether that’s threat intelligence, or anything else) from the US Government.
We’re back to a place of really seeing every shop out on their own - and if you own the security responsibility at your organization, you need to start now - like, today - making sure that your leadership understands this changing landscape and what it will mean for your ability to operate.
Plan accordingly, focus on those things you can control, and continue to build those relationships. That’s the most we can do at this point.
Fundraising
Axios ran a story in their morning newsletter claiming this as “The bottom line: Private equity isn't in a crisis, but it may be nearing a crossroads.”
With more than $8.4B in newly committed capital this week, it wasn’t a “bad” week, per se, but we’re getting signals that there’s more investment coming, including that JPMorgan is allocating $50 billion from its balance sheet, along with nearly $15 billion from multiple co-lenders, while Blackstone raised $5.6b for its fourth energy transition fund. Brookfield plans to seek at least $7b for its fourth infrastructure debt fund, per Bloomberg. HPS Investment Partners is targeting more than $10b for its sixth junior credit fund, per Bloomberg.
So - plenty of dry powder, not at crisis mode yet, but all of these investments do have to make an exit, eventually, and selling to another PE fund can only take you so far. Will we see the return of the IPO? Hard to say - as volatility doesn’t make warm waters in the market for efforts like this.
A reminder that you can find links to all the articles we covered below, find back issues of these videos and the written transcripts at intentionalcyber.com, and we’ll see you next week for another edition of the Intentional Brief.
Links
https://therecord.media/hegseth-orders-cyber-command-stand-down-russia-planning
https://www.theguardian.com/us-news/2025/feb/28/trump-russia-hacking-cyber-security
https://www.axios.com/2025/02/28/the-long-lasting-impact-of-cyber-job-cuts-codebook
https://krebsonsecurity.com/2025/02/u-s-soldier-charged-in-att-hack-searched-can-hacking-be-treason/
https://www.cnn.com/2025/02/24/politics/north-korean-hackers-crypto-hack/index.html
https://www.ic3.gov/PSA/2025/PSA250226
https://www.bain.com/insights/topics/global-private-equity-report/