Skip to main content

DHS creates Cyber Safety Review Board, targets Log4j exploit for its first report

DHS creates Cyber Safety Review Board, targets Log4j exploit for its first report

/

The board was outlined in the president’s executive order on improving the nation’s cybersecurity

Share this story

Photo by Amelia Holowaty Krales / The Verge

The US Department of Homeland Security announced Thursday the creation of a new body, the Cyber Safety Review Board (CSRB), to investigate major cybersecurity events.

The 15-person board will be comprised of a mixture of senior officials from agencies like the NSA, FBI and CISA, and governmental departments including the Department of Defense and Department of Justice, along with private sector executives from companies including Google, Microsoft, and Verizon.

“The Biden-Harris administration has taken bold steps to meaningfully improve our cybersecurity resilience,” said Secretary of Homeland Security Alejandro N. Mayorkas. “At the president’s direction, DHS is establishing the Cyber Safety Review Board to thoroughly assess past events, ask the hard questions, and drive improvements across the private and public sectors.”

The mandate of the CSRB will be to investigate significant cybersecurity events that affect government and industry and produce reports containing recommendations for improving the nation’s cybersecurity resilience.

“The Biden-Harris administration has taken bold steps to meaningfully improve our cybersecurity resilience”

It’s been created as part of the roadmap laid out in President Biden’s executive order on improving the nation’s cybersecurity, which also states that the board should begin to deliver recommendations within 90 days of its creation.

The first review undertaken by the board will be focused on vulnerabilities associated with the Log4j library, a serious and widespread security flaw uncovered in December 2021.

The ensuing report, which will be delivered by summer 2022, will include an assessment of the vulnerability, including threat activity and known impacts, as well as actions taken by both the government and the private sector to mitigate its impact.

It will also provide recommendations for improving cybersecurity policy based on lessons learned from the handling of the Log4j vulnerability.

“This is a once-in-a-generation opportunity to reshape how we draw lessons from cyber events and improve for the future,” said DHS Under Secretary for Policy Robert Silvers.

Silvers will serve as chair of the CSRB and is joined by Google’s head of security engineering Heather Adkins as deputy chair.