DHS, CISA announce changes to Cyber Safety Review Board membership
The U.S. Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA) announced on Monday changes to the Cyber Safety Review Board (CSRB) membership. The CSRB conducts fact-finding and issues recommendations in the wake of major cyber incidents.
Jamil Jaffer, venture partner at Paladin Capital Group and founder and executive director, National Security Institute, George Mason University Scalia Law School; David Luber, director, cybersecurity directorate at National Security Agency (NSA); Katie Nickels, senior director of intelligence operations at Red Canary; and Chris Krebs, chief intelligence and public policy officer at Sentinel One will be joining the CSRB.
Luber will serve as the Federal CSRB representative from the NSA, replacing Rob Joyce upon his retirement. Joyce has been asked to continue to serve on the board as a private-sector member.
Other returning members include Dmitri Alperovitch, co-founder and chairman, Silverado Policy Accelerator and co-founder and former CTO of CrowdStrike; Harry Coker, Jr., national cyber director at the Office of the National Cyber Director (ONCD): Jerry Davis, founder of Gryphon X; Chris DeRusha, federal chief information security officer at the Office of Management and Budget (OMB); Eric Goldstein, executive assistant director for CISA; Marshall Miller, principal associate deputy attorney general at the Department of Justice (DoJ); John Sherman, chief information officer, Department of Defense (DoD); and Bryan Vorndran, assistant director for cyber division at the Federal Bureau of Investigation (FBI).
The departing CSRB members are Katie Moussouris, founder and CEO at Luta Security; Chris Novak, co-founder and managing director at Verizon Threat Research Advisory Center; Tony Sager, senior vice president and chief evangelist for Center for Internet Security, and Wendi Whitmore, senior vice president, Unit 42 at Palo Alto Networks.
“I can’t thank Katie, Chris, Tony, and Wendi enough for the outstanding contributions they’ve made as CSRB members. I am truly grateful for their service on the Board,” Jen Easterly, CISA director said in a media statement. “I am also very pleased to welcome Jamil, Dave, Katie, and Chris to the Board. I know their cybersecurity expertise and experience will be instrumental in the continuing evolution of the CSRB as a catalyst for positive change in the cybersecurity ecosystem.”
Robert Silvers, DHS Under Secretary for Policy, and Heather Adkins, Vice President for Security Engineering at Google, have been re-appointed as the Chair and Deputy Chair respectively for a second term by Easterly.
“I send my sincere thanks to the departing members and welcome those who are beginning their service,” said Under Secretary Silvers. “The Cyber Safety Review Board will continue in its charge to conduct fact-finding and develop lessons learned from the most serious cyber incidents.”
“It has been an honor to serve on the CSRB and I am looking forward to seeing the Board continue to evolve its important role in the cybersecurity ecosystem as we increase the security of the nation,” said Deputy Chair Adkins.
The Board is made up of cybersecurity luminaries from the private sector and senior officials from DHS, CISA, the DoD, the NSA, the DoJ, the FBI, the ONCD, and the OMB.
As directed by President Joe Biden through his Executive Order 14028 on Improving the Nation’s Cybersecurity, Secretary Alejandro Mayorkas established the CSRB in February 2022. The Board is administered by CISA on behalf of the Secretary. The Board’s reviews are conducted independently, and its conclusions are independently reached.
DHS and the CSRB are committed to transparency and will, whenever possible, release public versions of CSRB reports, consistent with applicable law and the need to protect sensitive information from disclosure.
Last month, the CSRB published a 34-page report on the Summer 2023 Microsoft Exchange breach by Storm-0558, a group associated with China. The exploitation impacted the mailboxes of 22 organizations and over 500 individuals globally, including U.S. government officials like Commerce Secretary Gina Raimondo, U.S. Ambassador to China R. Nicholas Burns, and Congressman Don Bacon. The intrusion involved the use of authentication tokens signed with a key generated by Microsoft.
Related
