Sensators Urge DHS to Reinstate Disbanded Cyber Review Board

Four prominent senators from both parties are urging the Department of Homeland Security (DHS) to reinstate a cyber review board that was dissolved earlier this year. The board, created during the Biden administration, aimed to investigate significant cybersecurity incidents and provide transparency into the causes of major breaches.

A Well-Intentioned but Imperfect Tool

The Cyber Safety Review Board (CSRB) has been viewed as a well-intentioned but imperfect tool for reviewing cybersecurity events. Despite its flaws, it has been instrumental in probing the causes of major incidents, including the recent Salt Typhoon hacks.

The Salt Typhoon Hacks: A Widespread Chinese Infiltration

The CSRB was investigating the Salt Typhoon hacks when it was suddenly disbanded. The hackers targeted the communications of high-profile individuals, including those tied to President Donald Trump and Vice President JD Vance, exploiting American providers' "lawful intercept" wiretap request systems.

A Criticized but Crucial Institution

The CSRB has faced criticism regarding its effectiveness, transparency, and objectivity. Member selection criteria is not entirely clear, which may lead to conflicts of interest, especially if members are in positions to investigate competitors.

A Call for Action from the Senators

Democrats Mark Warner of Virginia, Richard Blumenthal of Connecticut, Elissa Slotkin of Michigan, and Ron Wyden of Oregon have written to DHS Secretary Kristi Noem urging her to restore the CSRB. They argue that the board's dissolution will undermine the government's ability to leverage private sector expertise in cybersecurity.

A Need for Transparency and Rigor

The senators emphasize the importance of transparent, accessible, and rigorous research and forensics in building cyber security capabilities. They note that the CSRB's success is a testament to its effectiveness as a collaboration between the federal government and the private sector.

A Call for Subpoena Power

Some telecom companies became nervous about sharing information with CISA, citing the CSRB's involvement. Dmitri Alperovich, co-founder of CrowdStrike, argued that the board needs subpoena power to legally compel companies to speak about incidents.

A Response from DHS

A DHS spokesperson did not immediately return a request for comment on the senators' letter. However, Troy Edgar, the deputy secretary of Homeland Security, stated during his confirmation hearing that the CSRB would be "reconstituted at the right time" and that it was "going in the wrong direction."