The Cyber Safety Review Board (also called the Cybersecurity Safety Review Board) was established by the United States Secretary of Homeland Security.[1][2][3] Modeled after the National Transportation Safety Board, it will meet in cases of significant cybersecurity incidents.[4][5] The board's creation was announced upon President Joe Biden's signing of Executive Order 14028 on May 12, 2021.[6][7]
The Board serves a deliberate function to review major cyber events and make concrete recommendations that would drive improvements within the private and public sectors. The Board’s construction is a unique and valuable collaboration of government and private sector members, and provides a direct path to the Secretary of Homeland Security and the President to ensure the recommendations are addressed and implemented, as appropriate. As a uniquely constituted advisory body, the Board will focus on learning lessons and sharing them with those that need them to enable advances in national cybersecurity.[3]
The CSRB is composed of 15 highly esteemed cybersecurity leaders from the federal government and the private sector that make up the inaugural board membership:[3]
- Robert Silvers, Under Secretary for Policy, Department of Homeland Security (Chair)
- Heather Adkins, Vice President, Security Engineering, Google (Deputy Chair)
- Dmitri Alperovitch, Co-Founder and Chairman, Silverado Policy Accelerator and Co-Founder and former CTO of CrowdStrike, Inc.
- Chris DeRusha, Federal Chief Information Security Officer, Office of Management and Budget
- Chris Inglis, National Cyber Director, Office of the National Cyber Director
- Rob Joyce, Director of Cybersecurity, National Security Agency
- Katie Moussouris, Founder and CEO, Luta Security
- David Mussington, Executive Assistant Director for Infrastructure Security, Cybersecurity and Infrastructure Security Agency
- Chris Novak, Co-Founder and Managing Director, Verizon Threat Research Advisory Center
- Tony Sager, Senior Vice President and Chief Evangelist, Center for Internet Security
- John Sherman, Chief Information Officer, Department of Defense
- Bryan Vorndran, Assistant Director, Cyber Division, Federal Bureau of Investigation
- Kemba Walden, Assistant General Counsel, Digital Crimes Unit, Microsoft
- Wendi Whitmore, Senior Vice President, Unit 42, Palo Alto Networks
The first report of the board was published 11 July 2022 and described Log4j and Log4shell.[8]
References
- ↑ Sanger, David E.; Perlroth, Nicole; Barnes, Julian E. (2021-05-10). "Biden Plans an Order to Strengthen Cyberdefenses. Will It Be Enough?". The New York Times. ISSN 0362-4331. Retrieved 2021-05-13.
- ↑ "Biden Signs Cybersecurity Executive Order Following Colonial Pipeline Hack". NPR.org. Retrieved 2021-05-13.
- 1 2 3 "Cyber Safety Review Board website".
- ↑ "The New Cyber Executive Order is a Good Start, But Needs a Supercharge from Congress". Just Security. 2021-05-13. Retrieved 2021-05-14.
- ↑ Katz, Justin (May 13, 2021). "Cyber EO lays a foundation for securing government". GCN. Archived from the original on 2021-05-14. Retrieved 2021-05-14.
- ↑ "Executive Order on Improving the Nation's Cybersecurity". The White House. 2021-05-12. Retrieved 2021-05-13.
- ↑ Macias, Kevin Breuninger,Amanda (2021-05-12). "Biden signs executive order to strengthen U.S. cybersecurity defenses after Colonial Pipeline hack". CNBC. Retrieved 2021-05-13.
{{cite web}}: CS1 maint: multiple names: authors list (link) - ↑ Cyber Safety Review Board (11 July 2022), Review of the December 2021 Log4j Event (PDF), Cybersecurity and Infrastructure Security Agency, Wikidata Q113274848