Launch of a long-awaited public-private initiative to assess the country’s cybersecurity and improve resilience
Several government and private sector organizations in the United States have joined forces for the Department of Homeland Security’s first-ever Cybersecurity Review Panel, whose goal is to strengthen the nation’s cybersecurity.
The DHS Cyber Security Review Board (CSRB) was created under the instructions of the executive order signed by President Joe Biden in May 2021 to improve cyber defenses.
This executive order represents the basis of several cybersecurity initiatives, including two announced last month: a memorandum focused on strengthening the cybersecurity of national security systems and a federal zero trust strategy.
DHS announced the launch of CSBR about a week after lawmakers raised concerns that the board had still not been created eight months after the executive order was signed.
The CSRB has been tasked with reviewing and evaluating major cybersecurity events with the goal of helping government, industry and the security community better protect the nation’s networks and infrastructure. The board will also “provide strategic recommendations to the President and the Secretary of Homeland Security.”
The original plan was for the council to investigate the SolarWinds hack. However, DHS has revealed that it will first investigate recently disclosed Log4j vulnerabilities, which have been exploited by for-profit cybercriminals and state-sponsored threat actors. The first report is expected to be completed this summer and, in addition to a review and assessment, will contain recommendations for improving security and incident response based on lessons learned from this incident.
A public version of the report should be made available, along with other advice, information and recommendations from the board, but information made public may be redacted to protect sensitive information, DHS said.
Robert Silvers, deputy secretary for policy at DHS, will serve as chairman of the board and Heather Adkins, senior director of security engineering at Google, will serve as vice chairman.
Other members include representatives from the Cybersecurity and Infrastructure Security Agency (CISA), the Department of Justice, the Department of Defense, the Office of Management and Budget, the Office of the National Cybersecurity Director, the National Security Agency, Federal Bureau of Investigation, Center for Internet Security, Luta Security, CrowdStrike, Microsoft, Verizon, and Palo Alto Networks.
“The CSRB has no regulatory powers and is not an enforcement authority,” DHS noted.
Related: Biden extends executive order on cyberattack sanctions
Related: 3 Key Questions for CISOs on the Historic Wave of Industrial Cybersecurity Legislation
Related: New executive order aims to protect US power grid from hijacked equipment