Cybersecurity, Emerging Issues in Security, Policies and Training

DHS Establishes ‘Unprecedented’ Cyber Safety Review Board

The U.S. Department of Homeland Security (DHS) has launched the first-ever Cyber Safety Review Board (CSRB), as directed in an executive order from President Joe Biden. The agency said the CSRB is an “unprecedented” public-private initiative that will bring together government and industry leaders to review and assess significant cybersecurity events to better protect the country’s networks and infrastructure.

The CSRB’s first review will focus on the vulnerabilities discovered in late 2021 in the widely used log4j software library. These vulnerabilities, which are being exploited by a growing set of threat actors, present an urgent challenge to network defenders. As one of the most serious vulnerabilities discovered in recent years, its examination will generate many lessons learned for the cybersecurity community. Together, the White House and DHS determined that focusing on this vulnerability and its associated remediation process was the most important first use of the CSRB’s expertise.

The report will be delivered this summer. To the greatest extent possible, the CSRB will share a public version of the report with appropriate redactions for privacy and to preserve confidential information.

CSRB Members

The CSRB is composed of 15 cybersecurity leaders from the federal government and the private sector. Robert Silvers, DHS Under Secretary for Policy, will serve as Chair; and Heather Adkins, Google’s Senior Director for Security Engineering, will serve as Deputy Chair. DHS’s Cybersecurity and Infrastructure Security Agency (CISA) will manage, support, and fund the board, with CISA Director Jen Easterly responsible for appointing CSRB members, in consultation with Silvers, and for convening the board following significant cybersecurity events.

The full list of members is as follows:

  • Robert Silvers, Under Secretary for Policy, Department of Homeland Security (CSRB Chair)
  • Heather Adkins, Senior Director, Security Engineering, Google (CSRB Deputy Chair)
  • Dmitri Alperovitch, Co-Founder and Chairman, Silverado Policy Accelerator; Co-Founder and former CTO, CrowdStrike, Inc.
  • John Carlin, Principal Associate Deputy Attorney General, Department of Justice
  • Chris DeRusha, Federal Chief Information Security Officer, Office of Management and Budget
  • Chris Inglis, National Cyber Director, Office of the National Cyber Director
  • Rob Joyce, Director of Cybersecurity, National Security Agency
  • Katie Moussouris, Founder and CEO, Luta Security
  • David Mussington, Executive Assistant Director for Infrastructure Security, Cybersecurity and Infrastructure Security Agency
  • Chris Novak, Co-Founder and Managing Director, Verizon Threat Research Advisory Center
  • Tony Sager, Senior Vice President and Chief Evangelist, Center for Internet Security
  • John Sherman, Chief Information Officer, Department of Defense
  • Bryan Vorndran, Assistant Director, Cyber Division, Federal Bureau of Investigation
  • Kemba Walden, Assistant General Counsel, Digital Crimes Unit, Microsoft
  • Wendi Whitmore, Senior Vice President, Unit 42, Palo Alto Networks

The CSRB does not have regulatory powers and is not an enforcement authority. Instead, its purpose is to identify and share lessons learned to enable advances in national cybersecurity. To learn more about the CSRB, visit CISA.gov.