Cyber Safety Review Board

The Cyber Safety Review Board (also called the Cybersecurity Safety Review Board) was established by the United States Secretary of Homeland Security.^[1][2][3] Modeled after the National Transportation Safety Board, it will meet in cases of significant cybersecurity incidents.^[4][5] The board's creation was announced upon President Joe Biden's signing of Executive Order 14028 on May 12, 2021.^[6][7]

The Board serves a deliberate function to review major cyber events and make concrete recommendations that would drive improvements within the private and public sectors. The Board’s construction is a unique and valuable collaboration of government and private sector members, and provides a direct path to the Secretary of Homeland Security and the President to ensure the recommendations are addressed and implemented, as appropriate. As a uniquely constituted advisory body, the Board will focus on learning lessons and sharing them with those that need them to enable advances in national cybersecurity.^[3]

The CSRB is composed of 15 highly esteemed cybersecurity leaders from the federal government and the private sector that make up the inaugural board membership:^[3]

• Robert Silvers, Under Secretary for Policy, Department of Homeland Security (Chair)
• Heather Adkins, Vice President, Security Engineering, Google (Deputy Chair)
• Dmitri Alperovitch, Co-Founder and Chairman, Silverado Policy Accelerator and Co-Founder and former CTO of CrowdStrike, Inc.
• Chris DeRusha, Federal Chief Information Security Officer, Office of Management and Budget
• Chris Inglis, National Cyber Director, Office of the National Cyber Director
• Rob Joyce, Director of Cybersecurity, National Security Agency
• Katie Moussouris, Founder and CEO, Luta Security
• David Mussington, Executive Assistant Director for Infrastructure Security, Cybersecurity and Infrastructure Security Agency
• Chris Novak, Co-Founder and Managing Director, Verizon Threat Research Advisory Center
• Tony Sager, Senior Vice President and Chief Evangelist, Center for Internet Security
• John Sherman, Chief Information Officer, Department of Defense
• Bryan Vorndran, Assistant Director, Cyber Division, Federal Bureau of Investigation
• Kemba Walden, Assistant General Counsel, Digital Crimes Unit, Microsoft
• Wendi Whitmore, Senior Vice President, Unit 42, Palo Alto Networks

The first report of the board was published 11 July 2022 and described Log4j and Log4shell.^[8]

References

1. Sanger, David E.; Perlroth, Nicole; Barnes, Julian E. (2021-05-10). "Biden Plans an Order to Strengthen Cyberdefenses. Will It Be Enough?". The New York Times. ISSN 0362-4331. Retrieved 2021-05-13.
2. "Biden Signs Cybersecurity Executive Order Following Colonial Pipeline Hack". NPR.org. Retrieved 2021-05-13.
3. "Cyber Safety Review Board website".
4. "The New Cyber Executive Order is a Good Start, But Needs a Supercharge from Congress". Just Security. 2021-05-13. Retrieved 2021-05-14.
5. Katz, Justin (May 13, 2021). "Cyber EO lays a foundation for securing government". GCN. Archived from the original on 2021-05-14. Retrieved 2021-05-14.
6. "Executive Order on Improving the Nation's Cybersecurity". The White House. 2021-05-12. Retrieved 2021-05-13.
7. Macias, Kevin Breuninger,Amanda (2021-05-12). "Biden signs executive order to strengthen U.S. cybersecurity defenses after Colonial Pipeline hack". CNBC. Retrieved 2021-05-13.
8. Cyber Safety Review Board (11 July 2022), Review of the December 2021 Log4j Event (PDF), Cybersecurity and Infrastructure Security Agency, Wikidata Q113274848