The US Department of Homeland Security has set up a review board that will be tasked with investigating major national cybersecurity incidents in an effort to “significantly improve” the country’s cyber resilience.
The Cybersecurity Review Board (CSRB), whose creation was initiated by a May 2020 executive order signed by President Biden in response to the SolarWinds attack, will be tasked with studying the cause and consequences of major hacks so that the government, industry and security agencies can better protect national networks and infrastructure, according to DHS. The board was loosely modeled on the National Transportation Safety Board (NTSB), which investigates air crashes, train derailments, and other transportation accidents.
The CSRB’s first review will focus on vulnerabilities discovered in December in the widely used Log4j software library, with a full report due this summer. Examining these vulnerabilities, which are being exploited by a growing set of threat actors since vulnerability details were released, “will yield many lessons learned for the cybersecurity community,” DHS says, adding that the advice, information or recommendations of the CSRB be made public “whenever possible”.
The council is made up of 15 members – three times as many as the NTSB – made up of cybersecurity leaders from the federal government and the private sector. Homeland Security Under Secretary for Policy Robert Silvers will serve as president, and Google’s head of security engineering Heather Adkins will serve as vice president.
Other board members include Rob Joyce, director of cybersecurity at the National Security Agency, Dmitri Alperovitch, co-founder and president of the Silverado Policy Accelerator and former chief technology officer at CrowdStrike, and Katie Moussouris, a bug bounty pioneer who founded and leads the Security Fight.
Moussouris tells Ploonge that the CSRB could not have come at a better time: “It will be critical to strengthening our resilience in the face of cyber incidents that affect the public and private sectors with increasing frequency,” said Moussouris. “I look forward to sharing recommendations and what we learned from investigating these incidents starting with Log4j.”
Senator Mark Warner (D-VA), chairman of the Senate Intelligence Committee, also welcomed the formation of the CSRB, warning that “it’s just a matter of when, not if, we face another widespread cyber breach that threatens our national security.”
“I was happy to see this NTSB-like function included in the May 2020 President’s Executive Order on Cybersecurity, and this is a good first step in establishing that capability,” he added. “I look forward to monitoring how this council develops in the coming months.”