DHS Creates Cyber Safety Review Board, Targets log4j Exploit for Its First Report
Cybersecurity is an increasingly important part of our everyday lives, from our personal interactions to government services, healthcare, and financial institutions. As systems, services and devices become more interconnected and digitised; the government is also trying to keep up and protect the people from emerging cyber threats. Recently, the US Department of Homeland Security (DHS) has taken a significant step forward to strengthen the nation’s cybersecurity.
DHS Creates Cyber Safety Review Board
In February 2022, DHS has announced the creation of a Cyber Safety Review Board (CSRB) to assist with cyber threats facing the United States. The board will investigate the past cybersecurity incidents in order to develop recommendations for improving the country’s cyber-critical infrastructure.
DHS is hoping that this new board will provide valuable insight into how to improve cybersecurity across the country. The CSRB will analyse data related to significant cyber security events and provide strategic recommendations to the administration on how to enhance the nation’s cyber defenses.
The board will consist of 15 members, all with experience in cyber security from the private sector and federal governments, who will collaborate to identify vulnerabilities in current technology and practices, as well as make recommendations on how they can be improved. The board will also focus on ways to strengthen public-private partnerships in order to promote greater cooperation between government and industry.
Alejandro N. Mayorkas, Secretary of Homeland Security, said that the establishment of CSRB reflected Biden-Harris Administration’s continued commitment to strengthen the nation’s cybersecurity and protect all Americans from cyberattacks. He also added that CSRB would be responsible for conducting a thorough review of past cyber-attacks and providing recommendations on how to enhance and expand cybersecurity programs across the government and private sector.
DHS’s Cybersecurity and Infrastructure Security Agency (CISA) will be responsible for assisting CSRB on the operational aspects of its cybersecurity responsibilities. These include managing, supporting, and funding cross-sector cybersecurity activities. CISA Director will appoint CSRB members in consultation with CSRB Chair.
Robert Silvers (DHS Under Secretary for Policy) will be CSRB Chair, and Heather Adkins (Senior Director, Security Engineering, Google) will be Deputy chair. Robert Silvers said that it was an excellent opportunity to learn from past cyber incidents and improve national security. He also said that he was excited to be serving as the new chair of the CSRB and work with the rest of the members as they would draw lessons from the past events together and help public and private sectors better protect themselves from cyber-attacks in the future.
The CSRB will not be an investigative body or a policy-setting group; it will instead focus on identifying systemic issues that need to be addressed for building Nation’s cyber resilience and strengthening cyber defense posture.
DHS Targets log4j Exploit for Its First Report
In its first review, CSRB will conduct in-depth reviews of vulnerabilities found in late 2021 in the log4j and provide recommendations to build a more resilient cybersecurity landscape. Log4j is a popular open-source logging tool used by many developers to capture output information to a variety of targets from their Java programs.
According to DHS, there are a growing number of bad actors taking advantage of this vulnerability which poses a significant risk to critical infrastructure components. Through CSRB, DHS is hoping to mitigate the exploitation of this vulnerability. The review board’s first report is expected to be released this summer and includes:
- A review of existing vulnerabilities related to the Log4j, and an evaluation of how government and the private sector would take action against them
- Recommendations on the best practices for addressing any current vulnerabilities and cyberthreats
- Recommendations for security measures that could be taken to prevent future incidents and improve policy and incident response practices based on the results of its work
Whenever possible, all information or recommendations of the CSRB will be open to the public and media.
Heather Adkins, CSRB Deputy Chair, said that as cyber incidents become more common and raise security concerns in all sectors, the launch of this inaugural review came at an important time to safeguard the nation’s cybersecurity infrastructure. He also said that the CSRB aimed to serve as a forum for both the private sector and the US government to come together to tackle cyber security challenges. He also added that he was honoured to serve CSRB which would conduct a comprehensive and strategic assessment of US cybersecurity.
Conclusion
The CSRB has the potential to make significant and positive changes in the cybersecurity landscape. It is a positive step forward in helping to ensure the nation’s safety and security. It will also help identify new strategies and solutions that can be used across all critical infrastructure sectors to address existing and future threats. Greater cooperation between government and industry will undoubtedly make for stronger, more secure networks and systems. It will be interesting to see how things develop from here.
References
- https://www.dhs.gov/news/2022/02/03/dhs-launches-first-ever-cyber-safety-review-board
- https://www.theverge.com/2022/2/4/22917802/dhs-creates-cyber-safety-review-board-log4j-fbi-nsa
- https://headtopics.com/us/dhs-creates-cyber-safety-review-board-targets-log4j-exploit-for-its-first-report-23881019
Written by The Original PC Doctor on 20/3/2022.