Cyber Safety Review Board ‘moving quickly’ on second report: DHS Under Secretary
The Cyber Safety Review Board isn’t waiting for a new incident to issue a second report making actionable cybersecurity recommendations to government, industry and academia, according to DHS Under Secretary and board Chair Rob Silvers.
“We have some ideas that are moving quickly down the pipeline now,” Silvers said, during a Center for Strategic & International Studies event Thursday.
The CSRB is a public-private partnership that performs after-action reviews of the biggest cyber incidents to develop lessons learned. Its inaugural review of Log4j — the “worst” software vulnerability ever discovered, which prompted the largest-scale incident response in history — yielded 19 recommendations this summer, Silvers said.
“It was really a proof of concept, and this is going to be an enduring, new part of the ecosystem,” he said. “It’s something that was missing.”
More than 80 companies provided data to assist with the Log4j review, proving the “strong” community interest, Silvers added.
Silvers has served as Under Secretary of Homeland Security for Strategy, Policy and Plans since his confirmation in the role in August last year.
Since the CSRB released its recommendations, the Cybersecurity and Infrastructure Security Agency responded by issuing guidance on asset management. Meanwhile the Department of Homeland Security and large tech companies have begun allowing their development teams to maintain open-source software libraries based on the CSRB’s advice.
“We need to build and sustain the Cyber Safety Review Board, so we are building out permanent staff, we’ve hired, we’re going to be talking with Congress about how we can work together on appropriations and the like to really cultivate this,” Silvers said. “And the enthusiasm has been really high.”