Last Thursday, the United States Department of Homeland Security (DHS) announced the establishment of the Cyber Safety Review Board (CSRB), as directed in President Biden’s Executive Order 14028 on Improving the Nation’s Cybersecurity.
The CSRB will review and assess significant cybersecurity events so that government, industry, and the broader security community can better protect our nation’s networks and infrastructure. The CSRB’s first review will focus on the vulnerabilities discovered in late 2021 in the widely used log4j software library.
The CSRB’s first report, which will be delivered this summer, will include the following:
- a review and assessment of vulnerabilities associated with the Log4j software library, to include associated threat activity and known impacts, as well as actions taken by both the government and the private sector to mitigate the impact of such vulnerabilities;
- recommendations for addressing any ongoing vulnerabilities and threat activity; and,
- recommendations for improving cybersecurity and incident response practices and policy based on lessons learned from the Log4j vulnerability.
To the greatest extent possible, the CSRB will share a public version of the report with appropriate redactions for privacy and to preserve confidential information.
The CSRB is committed to transparency and will conduct its review in the public interest. Board meetings are limited to members, staff, and invited subject matter experts. Whenever possible, the CSRB’s advice, information, or recommendations will be made publicly available, with any appropriate redactions, consistent with applicable law and the need to protect sensitive information from disclosure. The CSRB does not have regulatory powers and is not an enforcement authority. Instead, its purpose is to identify and share lessons learned to enable advances in national cybersecurity.