Cyber Safety Review Board

Last updated

The Cyber Safety Review Board (also called the CSRB) was established by United States Secretary of Homeland Security Alejandro Mayorkas on February 3, 2022. [1] [2] [3] [4] Modeled after the National Transportation Safety Board, the Board reviews significant cybersecurity incidents and issues reports. [5] [6] President Joe Biden directed the Board's creation through Section 5 of Executive Order 14028, issued on May 12, 2021. [7] [8]

Contents

On January 21, 2025, it was reported that the Trump administration fired all members of the CSRB. [9]

Overview

The Board reviews and assesses significant cyber incidents and provides findings and recommendations to the United States Secretary of Homeland Security. The Board’s construction is a unique and valuable collaboration of government and private sector members, and provides a direct path to the Secretary of Homeland Security and the President to ensure the recommendations are addressed and implemented, as appropriate.

Executive Order 14028 provides that the Board is composed of up to twenty members, chosen by the Director of the Cybersecurity and Infrastructure Security Agency. [10] Those members must include representatives from various federal agencies, as well as individuals employed by the private sector. [10] The CSRB lacks subpoena power and instead relies on voluntary cooperation from organizations with relevant information, though the Biden Administration has published a legislative proposal requesting that Congress grant the CSRB subpoena power. [11]

Reports

As of 2024, the CSRB has issued three substantive reports.

Review of the December 2021 Log4j Event

On July 11, 2022, the CSRB published its first report, reviewing the Log4Shell vulnerability and associated incidents. [12]

On July 24, 2023, the CSRB published a report reviewing the Lapsus$ international hacker group. [13]

Review of the Summer 2023 Microsoft Exchange Online Intrusion

On March 20, 2024, the CSRB published a report detailing how in May 2023, a cyber threat actor classified by Microsoft as STORM-0558 compromised the mailboxes of a broad range of victims in the United States and United Kingdom, including email accounts in the U.S. Department of State, U.S. Department of Commerce, and U.S. House of Representatives. [14] The CSRB reported that STORM-0558 was able to compromise Microsoft's corporate network using unknown means and steal a Microsoft Services Account (MSA) key, which STORM-0558 then used to sign forged authentication tokens granting it access to specific mail accounts. [14] This malicious cyber activity was eventually detected by the U.S. Department of State, rather than by Microsoft itself.

The CSRB concluded that "Microsoft’s security culture was inadequate and requires an overhaul," noting that Microsoft "failed to detect the compromise of its cryptographic crown jewels on its own, relying instead of a customer." [14] This report was widely covered by traditional media and cybersecurity trade press. [15] [16] [17] [18]

Following the publication of the report, Microsoft CEO Satya Nadalla released a blog post acknowledging the CSRB's report and pledging to prioritize security in the future. [19]

Current Composition

The CSRB is composed of 15 cybersecurity leaders from the federal government and the private sector: [3]

Former Members

Private sector CSRB members serve for a term of two years, which may be renewed up to three times. [10] [20]

Related Research Articles

<span class="mw-page-title-main">United States Department of Homeland Security</span> United States federal executive department

The United States Department of Homeland Security (DHS) is the U.S. federal executive department responsible for public security, roughly comparable to the interior or home ministries of other countries. Its stated missions involve anti-terrorism, border security, immigration and customs, cyber security, and disaster prevention and management.

The United States Computer Emergency Readiness Team (US-CERT) was a team under the Cybersecurity and Infrastructure Security Agency of the Department of Homeland Security.

<span class="mw-page-title-main">Jeff Moss (hacker)</span> American computer security expert (born 1975)

Jeff Moss, also known as Dark Tangent, is an American hacker, computer and internet security expert who founded the Black Hat and DEF CON computer security conferences.

A supply chain attack is a cyber-attack that seeks to damage an organization by targeting less secure elements in the supply chain. A supply chain attack can occur in any industry, from the financial sector, oil industry, to a government sector. A supply chain attack can happen in software or hardware. Cybercriminals typically tamper with the manufacturing or distribution of a product by installing malware or hardware-based spying components. Symantec's 2019 Internet Security Threat Report states that supply chain attacks increased by 78 percent in 2018.

Phil Reitinger was the Deputy Under Secretary of the National Protection and Programs Directorate (NPPD) and Director of the National Cybersecurity Center (NCSC) at the United States Department of Homeland Security from 2009 to 2011. During that time, Reitinger led the department's integrated efforts to reduce risks across physical and cyber infrastructures and helping secure federal networks and systems by collecting, analyzing, integrating and sharing information among interagency partners.

<span class="mw-page-title-main">Director of the Cybersecurity and Infrastructure Security Agency</span> Civilian official in the US Department of Homeland Security

The Director of the Cybersecurity and Infrastructure Security Agency is a high level civilian official in the United States Department of Homeland Security. The Director, as head of Cybersecurity and Infrastructure Security Agency at DHS, is the principal staff assistant and adviser to both the Secretary of Homeland Security and the Deputy Secretary of Homeland Security for all DHS programs designed to reduce the nation's risk to terrorism and natural disasters. The Director is appointed from civilian life by the President with the consent of the Senate to serve at the pleasure of the President.

<span class="mw-page-title-main">Dmitri Alperovitch</span> American computer security industry executive (born 1980)

Dmitri Alperovitch is an American think-tank founder, author, philanthropist, podcast host and former computer security industry executive. He is the chairman of Silverado Policy Accelerator, a geopolitics think-tank in Washington, D.C., and a co-founder and former chief technology officer of CrowdStrike. Alperovitch is a naturalized U.S. citizen born in Russia who immigrated from the country in 1994 with his family.

<span class="mw-page-title-main">Cybersecurity Information Sharing Act</span>

The Cybersecurity Information Sharing Act is a United States federal law designed to "improve cybersecurity in the United States through enhanced sharing of information about cybersecurity threats, and for other purposes". The law allows the sharing of Internet traffic information between the U.S. government and technology and manufacturing companies. The bill was introduced in the U.S. Senate on July 10, 2014, and passed in the Senate on October 27, 2015. Opponents question CISA's value, believing it will move responsibility from private businesses to the government, thereby increasing vulnerability of personal private information, as well as dispersing personal private information across seven government agencies, including the NSA and local police.

The Center for Internet Security (CIS) is a US 501(c)(3) nonprofit organization, formed in October 2000. Its mission statement professes that the function of CIS is to " help people, businesses, and governments protect themselves against pervasive cyber threats."

The National Cybersecurity and Communications Integration Center (NCCIC) is part of the Cybersecurity Division of the Cybersecurity and Infrastructure Security Agency, an agency of the U.S. Department of Homeland Security. It acts to coordinate various aspects of the U.S. federal government's cybersecurity and cyberattack mitigation efforts through cooperation with civilian agencies, infrastructure operators, state and local governments, and international partners.

<span class="mw-page-title-main">Rob Joyce</span> American cybersecurity official

Robert E. Joyce is an American cybersecurity official who served as special assistant to the President and Cybersecurity Coordinator on the U.S. National Security Council. He also began serving as White House Homeland Security Adviser to President Donald Trump on an acting basis after the resignation of Tom Bossert from April 10, 2018, to May 31, 2018. He completed his detail to the White House in May 2018 and returned to the National Security Agency, where he served as the Senior Advisor to the Director NSA for Cyber Security Strategy, until July 2019 when he went to London and served in the US Embassy as the NSA's senior cryptologic representative to the UK. Joyce previously performed as acting Deputy Homeland Security Advisor since October 13, 2017. On January 15, 2021, the NSA announced that Joyce would replace Anne Neuberger as its Director of Cybersecurity.

<span class="mw-page-title-main">Cybersecurity and Infrastructure Security Agency</span> Agency of the United States Department of Homeland Security

The Cybersecurity and Infrastructure Security Agency (CISA) is a component of the United States Department of Homeland Security (DHS) responsible for cybersecurity and infrastructure protection across all levels of government, coordinating cybersecurity programs with U.S. states, and improving the government's cybersecurity protections against private and nation-state hackers. Cybersecurity is now considered as important part of individuals and families, as well as organizations, governments, educational institutions and our business. It is essential for families and parents to protect the children and family members from online fraud. The term cyber attack covers a wide variety of actions ranging from simple probes, to defacing websites, to denial of service, to espionage and destruction.

<span class="mw-page-title-main">Jake Braun</span> American political, cyber and national security expert

Jacob H. Braun is an American politician, cyber and national security expert. He was appointed by President Joseph Biden as the U.S. Department of Homeland Security (DHS) Secretary's Senior Advisor to the Management Directorate, and as Senior Counselor for Transformation to the Secretary of Homeland Security from June 2021 - May 2023. He was later appointed as the Acting Principal Deputy National Cyber Director in The White House from May 2023 - July 2024. Braun is also a lecturer at the University of Chicago’s Harris School of Public Policy Studies where he teaches courses on cyber policy and election security. He previously served as the Executive Director for the University of Chicago Harris Cyber Policy Initiative (CPI).

<span class="mw-page-title-main">Chris Krebs</span> American cybersecurity and infrastructure security expert (born 1977)

Christopher Cox Krebs is an American attorney who served as Director of the Cybersecurity and Infrastructure Security Agency in the United States Department of Homeland Security from November 2018 until November 17, 2020, when President Donald Trump fired Krebs for contradicting Trump's claims of election fraud in the 2020 presidential election.

<span class="mw-page-title-main">Brandon Wales</span> American national security official

Brandon D. Wales is an American national security official who served as the acting director of the Cybersecurity and Infrastructure Security Agency. Wales assumed office after President Donald Trump fired Chris Krebs, and previously served as first executive director of the agency.

<span class="mw-page-title-main">2020 United States federal government data breach</span> US federal government data breach

In 2020, a major cyberattack suspected to have been committed by a group backed by the Russian government penetrated thousands of organizations globally including multiple parts of the United States federal government, leading to a series of data breaches. The cyberattack and data breach were reported to be among the worst cyber-espionage incidents ever suffered by the U.S., due to the sensitivity and high profile of the targets and the long duration in which the hackers had access. Within days of its discovery, at least 200 organizations around the world had been reported to be affected by the attack, and some of these may also have suffered data breaches. Affected organizations worldwide included NATO, the U.K. government, the European Parliament, Microsoft and others.

<span class="mw-page-title-main">Jen Easterly</span> Former American government official

Jen Easterly is an American intelligence officer and former military official who served as the Director of the Cybersecurity and Infrastructure Security Agency in the Biden administration. She was confirmed by a voice vote in the Senate on July 12, 2021.

<span class="mw-page-title-main">Robert P. Silvers</span> American lawyer & government official

Robert Peter Silvers is an American lawyer and government official who has served as the Under Secretary of Homeland Security for Strategy, Policy, and Plans since 2021.

Operational collaboration is a cyber resilience framework that leverages public-private partnerships to reduce the risk of cyber threats and the impact of cyberattacks on United States cyberspace. This operational collaboration framework for cyber is similar to the Federal Emergency Management Agency (FEMA)'s National Preparedness System which is used to coordinate responses to natural disasters, terrorism, chemical and biological events in the physical world.

<span class="mw-page-title-main">Disinformation Governance Board</span> Board of the United States Department of Homeland Security

The Disinformation Governance Board (DGB) was an advisory board of the United States Department of Homeland Security (DHS), from April 27, 2022 to August 24, 2022. The board's stated function was to protect national security by disseminating guidance to DHS agencies on combating misinformation, malinformation, and disinformation that threatens the security of the homeland. Specific problem areas mentioned by the DHS included false information propagated by human smugglers encouraging migrants to surge to the Mexico–United States border, as well as Russian-state disinformation on election interference and the 2022 Russian invasion of Ukraine.

References

  1. Sanger, David E.; Perlroth, Nicole; Barnes, Julian E. (May 10, 2021). "Biden Plans an Order to Strengthen Cyberdefenses. Will It Be Enough?". The New York Times. ISSN   0362-4331. Archived from the original on October 16, 2021. Retrieved May 13, 2021.
  2. "Biden Signs Cybersecurity Executive Order Following Colonial Pipeline Hack". NPR.org. Archived from the original on June 24, 2021. Retrieved May 13, 2021.
  3. 1 2 "Cyber Safety Review Board website". Archived from the original on July 21, 2022. Retrieved August 10, 2022.
  4. "DHS Launches First-Ever Cyber Safety Review Board | Homeland Security". www.dhs.gov. Archived from the original on May 31, 2024. Retrieved June 1, 2024.
  5. "The New Cyber Executive Order is a Good Start, But Needs a Supercharge from Congress". Just Security. May 13, 2021. Archived from the original on September 26, 2021. Retrieved May 14, 2021.
  6. Katz, Justin (May 13, 2021). "Cyber EO lays a foundation for securing government". GCN. Archived from the original on May 14, 2021. Retrieved May 14, 2021.
  7. "Executive Order on Improving the Nation's Cybersecurity". The White House. May 12, 2021. Archived from the original on May 15, 2021. Retrieved May 13, 2021.
  8. Macias, Kevin Breuninger,Amanda (May 12, 2021). "Biden signs executive order to strengthen U.S. cybersecurity defenses after Colonial Pipeline hack". CNBC. Archived from the original on October 19, 2021. Retrieved May 13, 2021.{{cite web}}: CS1 maint: multiple names: authors list (link)
  9. https://techcrunch.com/2025/01/22/trump-administration-fires-members-of-cybersecurity-review-board-in-horribly-shortsighted-decision/
  10. 1 2 3 "Cyber Safety Review Board Charter | CISA". www.cisa.gov. September 21, 2023. Archived from the original on June 14, 2024. Retrieved June 1, 2024.
  11. "Is the Cyber Safety Review Board working? Lawmakers consider tweaks to CSRB". federalnewsnetwork.com. January 18, 2024. Archived from the original on June 14, 2024. Retrieved June 1, 2024.
  12. Cyber Safety Review Board (July 11, 2022), Review of the December 2021 Log4j Event (PDF), Cybersecurity and Infrastructure Security Agency, Wikidata   Q113274848
  13. "Review Of The Attacks Associated with Lapsus$ And Related Threat Groups Report | CISA". www.cisa.gov. August 10, 2023. Archived from the original on June 1, 2024. Retrieved June 1, 2024.
  14. 1 2 3 "Summer 2023 Review of the Microsoft Exchange Online Intrusion | CISA". www.cisa.gov. May 24, 2024. Archived from the original on May 31, 2024. Retrieved June 1, 2024.
  15. Nakashima, Ellen; Menn, Joseph (April 2, 2024). "Microsoft faulted for 'cascade' of failures in Chinese hack". Washington Post. ISSN   0190-8286. Archived from the original on May 18, 2024. Retrieved June 1, 2024.
  16. eliasgroll (April 3, 2024). "Cyber review board blames cascading Microsoft failures for Chinese hack". CyberScoop. Archived from the original on June 1, 2024. Retrieved June 1, 2024.
  17. Hendery, Simon (April 3, 2024). "Review board slams Microsoft's lax security practices and culture". SC Media. Archived from the original on June 1, 2024. Retrieved June 1, 2024.
  18. "U.S. Cyber Safety Review Board blames Microsoft for Chinese hack". CNBC. April 3, 2024. Archived from the original on June 1, 2024. Retrieved June 1, 2024.
  19. Blogs, Microsoft Corporate (May 3, 2024). "Prioritizing security above all else". The Official Microsoft Blog. Archived from the original on June 1, 2024. Retrieved June 1, 2024.
  20. "DHS, CISA Announce Membership Changes to the Cyber Safety Review Board | CISA". www.cisa.gov. May 6, 2024. Archived from the original on June 1, 2024. Retrieved June 1, 2024.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.