DHS Launches Cyber Safety Review Board
Thursday, February 03, 2022 | Comments

The U.S. Department of Homeland Security (DHS) announced the establishment of the Cyber Safety Review Board (CSRB), as directed in Executive Order 14028 on Improving the Nation’s Cybersecurity. The CSRB is an unprecedented public-private initiative that will bring together government and industry leaders to elevate our nation’s cybersecurity.

“The Biden-Harris Administration has taken bold steps to meaningfully improve our cybersecurity resilience,” said Secretary of Homeland Security Alejandro N. Mayorkas. “At the president’s direction, DHS is establishing the Cyber Safety Review Board to thoroughly assess past events, ask the hard questions, and drive improvements across the private and public sectors. I look forward to reviewing the board’s recommendations regarding how we can better protect communities across our country as DHS works to build a more secure digital future.”

The CSRB will review and assess significant cybersecurity events so that government, industry and the broader security community can better protect our nation’s networks and infrastructure.

The CSRB’s first review will focus on the vulnerabilities discovered in late 2021 in the widely used log4j software library. These vulnerabilities, which are being exploited by a growing set of threat actors, present an urgent challenge to network defenders. As one of the most serious vulnerabilities discovered in recent years, its examination will generate many lessons learned for the cybersecurity community. Together, the White House and DHS determined that focusing on this vulnerability and its associated remediation process was the most important first use of the CSRB’s expertise.

The CSRB will provide a unique forum for collaboration between government and private sector leaders who will deliver strategic recommendations to the president and the secretary of homeland security. The CSRB is composed of 15 highly esteemed cybersecurity leaders from the federal government and the private sector. Robert Silvers, DHS under secretary for policy, will serve as chair and Heather Adkins, Google’s senior director for security engineering, will serve as deputy chair. DHS’s Cybersecurity and Infrastructure Security Agency (CISA) will manage, support and fund the board with CISA Director Jen Easterly responsible for appointing CSRB members, in consultation with Silvers, and for convening the board following significant cybersecurity events.

The CSRB’s first report, which will be delivered this summer, will include the following:
• A review and assessment of vulnerabilities associated with the log4j software library, including associated threat activity and known impacts, as well as actions taken by both the government and the private sector to mitigate the impact of such vulnerabilities;
• Recommendations for addressing any ongoing vulnerabilities and threat activity; and
• Recommendations for improving cybersecurity and incident response practices and policy based on lessons learned from the log4j vulnerability.

To the greatest extent possible, the CSRB will share a public version of the report with appropriate redactions for privacy and to preserve confidential information.

“This is a once-in-a-generation opportunity to reshape how we draw lessons from cyber events and improve for the future,” said Silvers. “My colleagues on the CSRB are luminaries in the field, and I am honored to serve alongside them as the board’s chair. Together, we will conduct a thorough review and issue recommendations that will enable both our national leaders and the private sector to better secure our country.”

The CSRB is committed to transparency and will conduct its review in the public interest. Board meetings are limited to members, staff and invited subject matter experts. Whenever possible, the CSRB’s advice, information or recommendations will be made publicly available, with any appropriate redactions, consistent with applicable law and the need to protect sensitive information from disclosure. The CSRB does not have regulatory powers and is not an enforcement authority. Instead, its purpose is to identify and share lessons learned to enable advances in national cybersecurity.

“When a major cyber incident occurs, it impacts all of us,” said Adkins. “The CSRB is a ground-breaking opportunity to conduct holistic reviews and provide forward-thinking solutions that cut across organizations and sectors. I am honored to serve with this diverse array of talent from both private companies and the U.S. government as we launch this inaugural review.”

The initial CSRB members are:
• Silvers (CSRB chair)
• Adkins (CSRB deputy chair)
• Dmitri Alperovitch, co-founder and chairman, Silverado Policy Accelerator and co-founder and former chief technology officer (CTO), CrowdStrike
• John Carlin, Department of Justice (DOJ) principal associate deputy attorney general
• Chris DeRusha, federal chief information security officer, Office of Management and Budget (OMB)
• Chris Inglis, national cyber director, Office of the National Cyber Director
• Rob Joyce, director of cybersecurity, National Security Agency (NSA)
• Katie Moussouris, founder and CEO, Luta Security
• David Mussington, CISA executive assistant director for infrastructure security
• Chris Novak, co-founder and managing director, Verizon Threat Research Advisory Center
• Tony Sager, senior vice president and chief evangelist, Center for Internet Security
• John Sherman, Department of Defense (DoD) chief information officer
• Bryan Vorndran, assistant director, FBI cyber division
• Kemba Walden, assistant general counsel, digital crimes unit, Microsoft
• Wendi Whitmore, SVP Unit 42, Palo Alto Networks

“A continuous learning culture is critical to staying ahead of the increasingly sophisticated cyber threats we face in today’s complex technology landscape,” said Easterly. “Over two decades in the Army, I learned the importance of a detailed and transparent after action review process in unpacking both failures and successes. I’m thrilled today to appoint the distinguished members of our first ever Cyber Safety Review Board to take on the comparable challenge of ensuring that we fully understand and learn from significant cyber events that may threaten our nation. I’m looking forward to the board’s insight and the lessons we’ll learn and implement together across the cybersecurity community.”

Would you like to comment on this story? Find our comments system below.

Post a comment
Name: *
Email: *
Title: *
Comment: *


No Comments Submitted Yet

Be the first by using the form above to submit a comment!


November 2022

8 - 10
Communications Marketing Conference (CMC)
Albuquerque, New Mexico

March 2023

27 - 30
International Wireless Communications Expo (IWCE) 2023
Las Vegas

More Events >

Site Navigation