Cyber Safety Review Board axed in DHS cost-cutting move

The U.S. Department of Homeland Security terminated memberships at the Cyber Safety Review Board and all other DHS advisory committees as part of a sweeping action to cut "misuse" of department resources.

The decision was announced in a Jan. 20 memo by Acting DHS Secretary Benjamine C. Huffman that directed the termination of all current DHS advisory committee memberships, effective immediately. He said the move was in alignment with DHS' "commitment to eliminating the misuse of resources and ensuring that DHS activities prioritize our national security."

"Future committee activities will be focused solely on advancing our critical mission to protect the homeland and support DHS's strategic priorities," Huffman wrote. "To outgoing advisory board members, you are welcome to reapply, thank you for your service."

Although President Donald Trump was not mentioned in Huffman's memo, references to "misuse" of government resources are in line with Trump's aims to eliminate perceived waste in government spending.

The Cyber Safety Review Board (CSRB) was established by former President Joe Biden in 2021 as a means of reviewing significant cybersecurity incidents and reporting issues. Three major reports were issued during its tenure, the first of which was dedicated to incidents surrounding a series of Log4j vulnerabilities in December 2021. The second CSRB report covered the notorious cybercriminal gang Lapsus$, which has taken credit for several breaches at major technology companies such as Microsoft and Okta.

The CSRB's most high-profile report was issued last spring and focused on the May 2023 incident in which Microsoft was breached by Chinese state-sponsored threat group Storm-0558. The group stole a Microsoft account consumer signing key and used it to create authentication tokens for Outlook Web Access and Outlook.com. This activity resulted in threat actors accessing customer email accounts at 25 customer organizations, including U.S. federal agencies. The CSRB issued a scathing report in March, finding that a "cascade of security failures at Microsoft" resulted in the theft of the company's cryptographic crown jewels, and that the attack should never have happened.

The report was widely praised by infosec industry leaders, and Microsoft responded to the report by establishing its Secure Future Initiative in order to prioritize security above all other business interests.

Informa TechTarget contacted Microsoft for comment on the CSRB's apparent dismantling, but the company did not respond at press time.

The CSRB was in the process of investigating Salt Typhoon, a Chinese state-sponsored threat actor credited with hacking multiple major telecom companies in an espionage campaign last year.

The board's membership was previously determined by the director of CISA, who at the time was Jen Easterly; Easterly stepped down on Jan. 20. Members included Chris Krebs, former CISA director and current SentinelOne executive; Dmitri Alperovitch, CrowdStrike co-founder and former CTO; and Jerry Davis, Microsoft CISO of software and digital platforms.

Trump's nominee for DHS secretary, South Dakota Gov. Kristi Noem, said during testimony last week that CISA has gone "far off-mission" and that the agency should be made "smaller" in order to focus on protecting critical infrastructure.

Informa TechTarget contacted CISA for additional comment. A CISA spokesperson shared the following statement attributed to an unnamed senior DHS official.

"Effective immediately, the Department of Homeland Security will no longer tolerate any advisory committee which pushes agendas that attempt to undermine its national security mission, the President's agenda or Constitutional rights of Americans," the statement read.

Alexander Culafi is a senior information security news writer and podcast host for Informa TechTarget.