Cyber Safety Review Board

The Cyber Safety Review Board (also called the CSRB) was established by United States Secretary of Homeland Security Alejandro Mayorkas on February 3, 2022.[1][2][3][4] Modeled after the National Transportation Safety Board, the Board reviews significant cybersecurity incidents and issues reports.[5][6] President Joe Biden directed the Board's creation through Section 5 of Executive Order 14028, issued on May 12, 2021.[7][8]

On January 21, 2025, it was reported that the Trump administration fired all members of the CSRB.[9]

Overview

The Board reviews and assesses significant cyber incidents and provides findings and recommendations to the United States Secretary of Homeland Security. The Board’s construction is a unique and valuable collaboration of government and private sector members, and provides a direct path to the Secretary of Homeland Security and the President to ensure the recommendations are addressed and implemented, as appropriate.

Executive Order 14028 provides that the Board is composed of up to twenty members, chosen by the Director of the Cybersecurity and Infrastructure Security Agency.[10] Those members must include representatives from various federal agencies, as well as individuals employed by the private sector.[10] The CSRB lacks subpoena power and instead relies on voluntary cooperation from organizations with relevant information, though the Biden Administration has published a legislative proposal requesting that Congress grant the CSRB subpoena power.[11]

Reports

As of 2024, the CSRB has issued three substantive reports.

Review of the December 2021 Log4j Event

On July 11, 2022, the CSRB published its first report, reviewing the Log4Shell vulnerability and associated incidents.[12]

On July 24, 2023, the CSRB published a report reviewing the Lapsus$ international hacker group.[13]

Review of the Summer 2023 Microsoft Exchange Online Intrusion

On March 20, 2024, the CSRB published a report detailing how in May 2023, a cyber threat actor classified by Microsoft as STORM-0558 compromised the mailboxes of a broad range of victims in the United States and United Kingdom, including email accounts in the U.S. Department of State, U.S. Department of Commerce, and U.S. House of Representatives.[14] The CSRB reported that STORM-0558 was able to compromise Microsoft's corporate network using unknown means and steal a Microsoft Services Account (MSA) key, which STORM-0558 then used to sign forged authentication tokens granting it access to specific mail accounts.[14] This malicious cyber activity was eventually detected by the U.S. Department of State, rather than by Microsoft itself.

The CSRB concluded that "Microsoft’s security culture was inadequate and requires an overhaul," noting that Microsoft "failed to detect the compromise of its cryptographic crown jewels on its own, relying instead of a customer."[14] This report was widely covered by traditional media and cybersecurity trade press.[15][16][17][18]

Following the publication of the report, Microsoft CEO Satya Nadalla released a blog post acknowledging the CSRB's report and pledging to prioritize security in the future.[19]

Current Composition

The CSRB is composed of 15 cybersecurity leaders from the federal government and the private sector:[3]

Former Members

Private sector CSRB members serve for a term of two years, which may be renewed up to three times.[10][20]

References

  1. ^ Sanger, David E.; Perlroth, Nicole; Barnes, Julian E. (May 10, 2021). "Biden Plans an Order to Strengthen Cyberdefenses. Will It Be Enough?". The New York Times. ISSN 0362-4331. Archived from the original on October 16, 2021. Retrieved May 13, 2021.
  2. ^ "Biden Signs Cybersecurity Executive Order Following Colonial Pipeline Hack". NPR.org. Archived from the original on June 24, 2021. Retrieved May 13, 2021.
  3. ^ a b "Cyber Safety Review Board website". Archived from the original on July 21, 2022. Retrieved August 10, 2022.
  4. ^ "DHS Launches First-Ever Cyber Safety Review Board | Homeland Security". www.dhs.gov. Archived from the original on May 31, 2024. Retrieved June 1, 2024.
  5. ^ "The New Cyber Executive Order is a Good Start, But Needs a Supercharge from Congress". Just Security. May 13, 2021. Archived from the original on September 26, 2021. Retrieved May 14, 2021.
  6. ^ Katz, Justin (May 13, 2021). "Cyber EO lays a foundation for securing government". GCN. Archived from the original on May 14, 2021. Retrieved May 14, 2021.
  7. ^ "Executive Order on Improving the Nation's Cybersecurity". The White House. May 12, 2021. Archived from the original on May 15, 2021. Retrieved May 13, 2021.
  8. ^ Macias, Kevin Breuninger,Amanda (May 12, 2021). "Biden signs executive order to strengthen U.S. cybersecurity defenses after Colonial Pipeline hack". CNBC. Archived from the original on October 19, 2021. Retrieved May 13, 2021.{{cite web}}: CS1 maint: multiple names: authors list (link)
  9. ^ https://techcrunch.com/2025/01/22/trump-administration-fires-members-of-cybersecurity-review-board-in-horribly-shortsighted-decision/
  10. ^ a b c "Cyber Safety Review Board Charter | CISA". www.cisa.gov. September 21, 2023. Archived from the original on June 14, 2024. Retrieved June 1, 2024.
  11. ^ "Is the Cyber Safety Review Board working? Lawmakers consider tweaks to CSRB". federalnewsnetwork.com. January 18, 2024. Archived from the original on June 14, 2024. Retrieved June 1, 2024.
  12. ^ Cyber Safety Review Board (July 11, 2022), Review of the December 2021 Log4j Event (PDF), Cybersecurity and Infrastructure Security Agency, Wikidata Q113274848
  13. ^ "Review Of The Attacks Associated with Lapsus$ And Related Threat Groups Report | CISA". www.cisa.gov. August 10, 2023. Archived from the original on June 1, 2024. Retrieved June 1, 2024.
  14. ^ a b c "Summer 2023 Review of the Microsoft Exchange Online Intrusion | CISA". www.cisa.gov. May 24, 2024. Archived from the original on May 31, 2024. Retrieved June 1, 2024.
  15. ^ Nakashima, Ellen; Menn, Joseph (April 2, 2024). "Microsoft faulted for 'cascade' of failures in Chinese hack". Washington Post. ISSN 0190-8286. Archived from the original on May 18, 2024. Retrieved June 1, 2024.
  16. ^ eliasgroll (April 3, 2024). "Cyber review board blames cascading Microsoft failures for Chinese hack". CyberScoop. Archived from the original on June 1, 2024. Retrieved June 1, 2024.
  17. ^ Hendery, Simon (April 3, 2024). "Review board slams Microsoft's lax security practices and culture". SC Media. Archived from the original on June 1, 2024. Retrieved June 1, 2024.
  18. ^ "U.S. Cyber Safety Review Board blames Microsoft for Chinese hack". CNBC. April 3, 2024. Archived from the original on June 1, 2024. Retrieved June 1, 2024.
  19. ^ Blogs, Microsoft Corporate (May 3, 2024). "Prioritizing security above all else". The Official Microsoft Blog. Archived from the original on June 1, 2024. Retrieved June 1, 2024.
  20. ^ "DHS, CISA Announce Membership Changes to the Cyber Safety Review Board | CISA". www.cisa.gov. May 6, 2024. Archived from the original on June 1, 2024. Retrieved June 1, 2024.

 

Index: pl ar de en es fr it arz nl ja pt ceb sv uk vi war zh ru af ast az bg zh-min-nan bn be ca cs cy da et el eo eu fa gl ko hi hr id he ka la lv lt hu mk ms min no nn ce uz kk ro simple sk sl sr sh fi ta tt th tg azb tr ur zh-yue hy my ace als am an hyw ban bjn map-bms ba be-tarask bcl bpy bar bs br cv nv eml hif fo fy ga gd gu hak ha hsb io ig ilo ia ie os is jv kn ht ku ckb ky mrj lb lij li lmo mai mg ml zh-classical mr xmf mzn cdo mn nap new ne frr oc mhr or as pa pnb ps pms nds crh qu sa sah sco sq scn si sd szl su sw tl shn te bug vec vo wa wuu yi yo diq bat-smg zu lad kbd ang smn ab roa-rup frp arc gn av ay bh bi bo bxr cbk-zam co za dag ary se pdc dv dsb myv ext fur gv gag inh ki glk gan guw xal haw rw kbp pam csb kw km kv koi kg gom ks gcr lo lbe ltg lez nia ln jbo lg mt mi tw mwl mdf mnw nqo fj nah na nds-nl nrm nov om pi pag pap pfl pcd krc kaa ksh rm rue sm sat sc trv stq nso sn cu so srn kab roa-tara tet tpi to chr tum tk tyv udm ug vep fiu-vro vls wo xh zea ty ak bm ch ny ee ff got iu ik kl mad cr pih ami pwn pnt dz rmy rn sg st tn ss ti din chy ts kcg ve
Prefix: a b c d e f g h i j k l m n o p q r s t u v w x y z 0 1 2 3 4 5 6 7 8 9

Portal di Ensiklopedia Dunia

Portal : Agama
Agama
Portal : Bahasa
Bahasa
Portal : Biografi
Biografi
Portal : Budaya
Budaya
Portal : Ekonomi
Ekonomi
Portal : Elektronika
Elektronika
Portal : Film
Film
Portal : Filsafat
Filsafat
Portal : Geografi
Geografi
Portal : Indonesia
Indonesia
Portal : Ilmu
Ilmu
Portal : Lingkungan
Lingkungan
Portal : Masyarakat
Masyarakat
Portal : Matematika
Matematika
Portal : Militer
Militer
Portal : Mitologi
Mitologi
Portal : Musik
Musik
Portal : Olahraga
Olahraga
Portal : Pendidikan
Pendidikan
Portal : Politik
Politik
Portal : Sastra
Sastra
Portal : Sejarah
Sejarah
Portal : Seni
Seni
Portal : Teknologi
Teknologi