The Cyber Safety Review Board (CSRB) is moving closer to releasing a new report with further cybersecurity recommendations, according to Rob Silvers, the Department of Homeland Security’s (DHS) under secretary for policy.
Silvers briefly talked about the soon to be released report at an event hosted by the Center for Strategic & International Studies (CSIS) on Oct. 28.
“We have some ideas that are moving quickly down the pipeline now,” he said in response to questioning about the board’s future output. Silvers did not offer details on what the new report would cover.
The CSRB issued its inaugural report in July, in which it praised the Cybersecurity and Infrastructure Security Agency (CISA) for its response to the Log4j software vulnerability, and found that to date there had not been any significant Log4J-based attacks on U.S. critical infrastructure.
Silvers talked about that report on Oct. 28.
“Our very first inaugural review on the log4j vulnerability – the worst, most serious software vulnerability ever discovered – … triggered the biggest mass-scale incident response ever in history, because virtually every organization was impacted,” he said. “We came out with 19 actionable specific recommendations, some to Federal agencies, some to CISOs and network defenders, some to the academic community.”
Silvers said many of the recommendations stemmed from the joint effort of 80 different private and public organizations that provided data on the vulnerability.
Silvers ended his discussion on a positive note on the important role the CSRB is playing to protect organizations from cyber vulnerabilities.
“We need to build and sustain the Cyber Safety Review Board, so we are building out permanent staff, we’ve hired, we’re going to be talking with Congress about how we can work together on appropriations and the like to really cultivate this,” he said.
The CSRB was created in February by the Department of Homeland Security (DHS), stemming from instructions on President Biden’s cybersecurity executive order issued last year. The board’s job, DHS said, is to assess past cybersecurity events, “ask the hard questions, and drive improvements across the private and public sectors.”