DHS Cybersecurity Review Board: First Priorities Surface
A first of its kind cybersecurity advisory panel of government and industry leaders has been established by the Department of Homeland Security (DHS) with a directive to dive into pressing cybersecurity issues and policies.
The Cyber Safety Review Board (CSRB), in direct response to President Biden’s cybesecurity-centric executive order issued last May, will “thoroughly assess past events, ask the hard questions, and drive improvements across the private and public sectors,” said Secretary of Homeland Security Alejandro Mayorkas.
Skeptics wonder why it took so for the board to officially form and launch. Proponents say the long-anticipated board will fill a key void. Indeed, the review board is tasked with examining and assessing significant cybersecurity events to improve the ability of government, industry, and the broader security community to protect our nation’s networks and infrastructure. Unsurprisingly, its maiden voyage is to investigate vulnerabilities in the Log4j software library that hackers exploited last December, including:
- Associated threat activity and known impacts, as well as actions taken by both the government and the private sector to mitigate the impact of such vulnerabilities.
- Recommendations for addressing any ongoing vulnerabilities and threat activity.
- Recommendations for improving cybersecurity and incident response practices and policy based on lessons learned from the Log4j vulnerability.
The report is slated for release this summer. CSRB officials said that a redacted version of the report will be offered publicly “to the greatest extent possible.” What that means is the CSRB’s advice, information, or recommendations will be made publicly available, “with any appropriate redactions, consistent with applicable law and the need to protect sensitive information from disclosure.”
Here’s how the board will operate:
- Robert Silvers, DHS Under Secretary for Policy, will serve as Chair. Heather Adkins, Google’s Senior Director for Security Engineering, will serve as Deputy Chair.
- The Cybersecurity and Infrastructure Security Agency (CISA) will manage, support, and fund the Board.
- CISA Director Jen Easterly is responsible for appointing CSRB members, in consultation with the DHS Under Secretary for Policy Rob Silvers, and for convening the Board following significant cybersecurity events.
- The CSRB, which is made up of 15 representatives of the federal government and the private sector, will deliver strategic recommendations to Biden and Mayorkas.
- Board meetings are limited to members, staff, and invited subject matter experts.
- The CSRB does not have regulatory powers and is not an enforcement authority.
“When a major cyber incident occurs, it impacts all of us,” said Adkins. “The CSRB is a ground-breaking opportunity to conduct holistic reviews and provide forward-thinking solutions that cut across organizations and sectors.