DHS Launches Cyber Safety Review Board

The CSRB’s first report, which will be delivered this summer, will include the following:

·  a review and assessment of vulnerabilities associated with the Log4j software library, to include associated threat activity and known impacts, as well as actions taken by both the government and the private sector to mitigate the impact of such vulnerabilities;

·  recommendations for addressing any ongoing vulnerabilities and threat activity; and,

·  recommendations for improving cybersecurity and incident response practices and policy based on lessons learned from the Log4j vulnerability.

To the greatest extent possible, the CSRB will share a public version of the report with appropriate redactions for privacy and to preserve confidential information.

“A continuous learning culture is critical to staying ahead of the increasingly sophisticated cyber threats we face in today’s complex technology landscape. Over two decades in the Army, I learned the importance of a detailed and transparent After Action Review process in unpacking both failures and successes. I’m thrilled today to appoint the distinguished members of our first ever Cyber Safety Review Board to take on the comparable challenge of ensuring that we fully understand and learn from significant cyber events that may threaten our nation,” said CISA Director Jen Easterly. “I’m looking forward to the Board’s insight and the lessons we’ll learn and implement together across the cybersecurity community.” 

“This is a once-in-a-generation opportunity to reshape how we draw lessons from cyber events and improve for the future,” said CSRB Chair and DHS Under Secretary for Policy Robert Silvers. “My colleagues on the CSRB are luminaries in the field and I am honored to serve alongside them as the Board’s chair. Together, we will conduct a thorough review and issue recommendations that will enable both our national leaders and the private sector to better secure our country.”

“When a major cyber incident occurs, it impacts all of us,” said CSRB Deputy Chair Heather Adkins. “The CSRB is a ground-breaking opportunity to conduct holistic reviews and provide forward-thinking solutions that cut across organizations and sectors. I am honored to serve with this diverse array of talent from both private companies and the U.S. government as we launch this inaugural review.”

The CSRB is committed to transparency and will conduct its review in the public interest. Board meetings are limited to members, staff, and invited subject matter experts. Whenever possible, the CSRB’s advice, information, or recommendations will be made publicly available, with any appropriate redactions, consistent with applicable law and the need to protect sensitive information from disclosure. The CSRB does not have regulatory powers and is not an enforcement authority. Instead, its purpose is to identify and share lessons learned to enable advances in national cybersecurity.

CSRB Members:

  • Robert Silvers, Under Secretary for Policy, Department of Homeland Security (CSRB Chair)
  • Heather Adkins, Senior Director, Security Engineering, Google (CSRB Deputy Chair)
  • Dmitri Alperovitch, Co-Founder and Chairman, Silverado Policy Accelerator; Co-Founder and former CTO, CrowdStrike, Inc.
  • John Carlin, Principal Associate Deputy Attorney General, Department of Justice
  • Chris DeRusha, Federal Chief Information Security Officer, Office of Management and Budget
  • Chris Inglis, National Cyber Director, Office of the National Cyber Director
  • Rob Joyce, Director of Cybersecurity, National Security Agency
  • Katie Moussouris, Founder and CEO, Luta Security
  • David Mussington, Executive Assistant Director for Infrastructure Security, Cybersecurity and Infrastructure Security Agency
  • Chris Novak, Co-Founder and Managing Director, Verizon Threat Research Advisory Center
  • Tony Sager, Senior Vice President and Chief Evangelist, Center for Internet Security
  • John Sherman, Chief Information Officer, Department of Defense
  • Bryan Vorndran, Assistant Director, Cyber Division, Federal Bureau of Investigation
  • Kemba Walden, Assistant General Counsel, Digital Crimes Unit, Microsoft
  • Wendi Whitmore, Senior Vice President, Unit 42, Palo Alto Networks

To learn more about the CSRB, visit CISA.gov.