The U.S. Department of Homeland Security has established a new review board to study cybersecurity called the Cyber Safety Review Board or CSRB.
The new review board is “loosely modeled on the National Transportation Safety Board (NTSB), which investigates air crashes, train derailments, and other transportation accidents,” Tech Crunch reported.
The new review board “will review and assess significant cybersecurity events so that government, industry, and the broader security community can better protect our nation’s networks and infrastructure,” a Homeland Security news release said.
The CSRB’s first assignment involves the log4j vulnerability crisis of late 2021. The goal for the CSRB is to develop “lessons learned” for the cybersecurity community – and potentially influence the adoption of “best practices.”
The Homeland Security release says the board will deliver a report this summer that includes
- recommendations for addressing any ongoing (Log4j) vulnerabilities and threat activity; and
- recommendations for improving cybersecurity and incident response practices and policy based on lessons learned from the Log4j vulnerability.
“To the greatest extent possible, the CSRB will share a public version of the report with appropriate redactions for privacy and to preserve confidential information,” the release says.
In December, the Brookings Institute, in an article titled “The urgent need to stand up a cybersecurity review board,” noted the cybersecurity industry “lacks authoritative, independent investigations capable of understanding how breaches occur and how to carry out systematic improvements. Until such a system exists, major breaches are likely to continue, with predictably disastrous consequences.”
The review board is an effort to address that.
The initial roster of board members shows a mix of government and private industry executives. The board is chaired by Robert Silvers, Under Secretary for Policy, Department of Homeland Security. Heather Adkins, Senior Director, Security Engineering, Google, will serve as deputy chair.
Other members include officials with the National Security Agency, Verizon, Microsoft, Palo Alto Networks, the Department of Defense, and the Federal Bureau of Investigation.