DHS Cyber Safety Review Board Gets Its First Case – Log4j

The President’s Executive Order on Cybersecurity (EO 14928) ordered Homeland Security to create a Cyber Safety Review Board (CSRB). The CSRB is supposed to be like the National Transportation Safety Board (NTSB) with some major differences.

The CSRB will investigate major cyber isssues while the NTSB investigates transportation accidents.

Unlike the NTSB which can take a year or more to report back, the CSRB has to report quickly.

Required members of the board – which is mandated to be less than 20 people, incude DHS, CISA, FBI, NSA and DoJ. The rest are domain experts.

Any event which activates the Cyber Unified Coordination Group, a cross government incident response group, will be investigated. Alternatively, the heads of DHS or CISA can convene the group.

Their advice goes to the Secretary of DHS and then the President. A redacted version will be made public. How redacted will show how committed they are to transparency. Stay tuned on that one; the jury is still out.

One sort of weird thing is that the CSRB sunsets after each two years unless extended by the Secretary of DHS, who may be overruled by the President. That doesn’t seem like a good plan to me.

The first incident that they are investigating is the Log4j attack. They are doing that because there is a lot of open source software which is super widely used and under supported. If they can come up with some viable recommendations, that would be a very good thing.

Stay tuned for the outcome. Consider this a beta test.

Credit: The Federal Register

Credit: Cyberscoop

Credit: Dark Reading

One thought on “DHS Cyber Safety Review Board Gets Its First Case – Log4j”

  1. Can I simply just say what a comfort to discover a person that truly
    knows what they are discussing online. You definitely understand how to bring a problem to light and
    make it important. More people must read this and understand this
    side of your story. I was surprised that you aren’t more popular given that you surely possess the gift.

Leave a Reply

Your email address will not be published.