{"id":1628,"date":"2025-01-22T18:14:41","date_gmt":"2025-01-22T18:14:41","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=1628"},"modified":"2025-01-22T18:14:41","modified_gmt":"2025-01-22T18:14:41","slug":"trump-disbands-cyber-safety-review-board-salt-typhoon-inquiry-in-limbo","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=1628","title":{"rendered":"Trump disbands Cyber Safety Review Board, Salt Typhoon inquiry in limbo"},"content":{"rendered":"<div>\n<div class=\"grid grid--cols-10@md grid--cols-8@lg article-column\">\n<div class=\"col-12 col-10@md col-6@lg col-start-3@lg\">\n<div class=\"article-column__content\">\n<div class=\"container\"><\/div>\n<p>The administration of US President Donald Trump has dismissed all members of its Cyber Safety Review Board (CSRB), including those investigating the <a href=\"https:\/\/www.csoonline.com\/article\/3632044\/more-telecom-firms-were-breached-by-chinese-hackers-than-previously-reported.html\">China-linked hacking group Salt Typhoon<\/a>. Other groups affected by a general clear-out include the <a href=\"https:\/\/www.csoonline.com\/article\/3801477\/bidens-final-push-using-ai-to-bolster-cybersecurity-standards.html\">AI Safety and Security Board<\/a> and the National Security Telecommunications Advisory Committee.<\/p>\n<p>Cybersecurity experts have expressed concern about the move, arguing that US cybersecurity will suffer unless the board or something similar is re-established.<\/p>\n<p>In a <a href=\"https:\/\/www.documentcloud.org\/documents\/25500093-dhs-advisory-boards-termination-letter\/\">short statement<\/a>, Benjamine Huffman, acting secretary of the Department of Homeland Security (DHS) notified members on all advisory committees within the department that their services were no longer required. The move was framed as part of plan to clamp down of the \u201cmisuse of resources\u201d in rationalising Homeland Security resources and focusing more keenly on national security issues.<\/p>\n<p>\u201cIn alignment with the Department of Homeland Security\u2019s commitment to eliminating the misuse of resources and ensuring that DHS activities prioritize our national security, I am directing the termination of all current memberships on advisory committees within DHS, effective immediately,\u201d Huffman said in the statement.<\/p>\n<p>\u201cFuture committee activities will be focused solely on advancing our critical mission to protect the homeland and support DHS\u2019s strategic priorities. To outgoing advisory board members, you are welcome to reapply, thank you for your service.\u201d<\/p>\n<h2 class=\"wp-block-heading\">The CSRB was a creation of the Biden administration<\/h2>\n<p>Members of the Cyber Safety Board include an array of cybersecurity luminaries \u2014 including former Cybersecurity and Infrastructure Security Agency (CISA) head Chris Krebs, who was dismissed from his leadership role in the organization towards the end of the previous Trump administration. Other members included veteran cybersecurity author, investigator, and CrowdStrike co-founder Dmitri Alperovitch and US security advisor Rob Joyce.<\/p>\n<p>The CSRB was created by an executive order by the Biden administration and tasked with reviewing significant cyber incidents affecting the US federal government.<\/p>\n<p>Both the CISA\u2019s advisory panel and the Cyber Safety Review Board, which was investigating Salt Typhoon\u2019s on US telecommunication networks, have been disbanded (at least in their current form). The <a href=\"https:\/\/x.com\/runasand\/status\/1881990907802579066\">CSRB previous investigated<\/a> hacking group Lapsus$ and the high profile 2023 Microsoft Exchange Online breach.<\/p>\n<h2 class=\"wp-block-heading\">Dismissing the board removes a \u2018security blanket,\u2019 experts say<\/h2>\n<p>\u201c[It\u2019s] disappointing that the CSRB was disbanded, especially given their work looking into Salt Typhoon\u201d, Daniel Cuthbert, a security researcher and co-chair of the UK government\u2019s Cyber Security Advisory Board, said in a <a href=\"https:\/\/x.com\/dcuthbert\/status\/1881946381704913127\">post on X ( formerly Twitter)<\/a>. \u201cThat report would have been vitally important for not just the US but many others.\u201d<\/p>\n<p>Brian Fox, co-founder and chief technology officer at technology vendor Sonatype, told CSO that \u201cany change in administration means we\u2019re hitting reset on the national cybersecurity strategy.\u201d Although the CSRB has been disbanded, \u201cit is absolutely critical that work continues to progress at the federal level,\u201d Fox said.<\/p>\n<p>Fox added that CISA has also made progress on multiple fronts with the launch of cyber advisory boards such as the CSRB, maintenance of the National Vulnerability Database, the Secure by Design initiative, the agency\u2019s work to champion SBOM (software bill of materials) adoption, and more.<\/p>\n<p>\u201cCISA\u2019s work, in particular, is a security blanket that we cannot afford to lose,\u201d Fox said. \u201cThough CISA primarily serves to protect federal systems, the agency operates as a guiding voice for the private sector\u2019s cybersecurity workforce.\u201d He expressed concern that without this protection and guidance, \u201csophisticated state-backed threat actors have a much easier path into the networks of American organizations\u201d.<\/p>\n<p>\u201cIncidents like the Salt Typhoon hacks which is still ongoing and being investigated by the CSRB, or the <a href=\"https:\/\/www.csoonline.com\/article\/3480397\/how-cyber-insurance-shapes-risk-ascension-and-the-limits-of-lessons-learned.html\">Ascension<\/a> ransomware attack, which resulted in hospitals relying on handwritten notes and unable to provide care, will only become more frequent,\u201d Fox said.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>The administration of US President Donald Trump has dismissed all members of its Cyber Safety Review Board (CSRB), including those investigating the China-linked hacking group Salt Typhoon. Other groups affected by a general clear-out include the AI Safety and Security Board and the National Security Telecommunications Advisory Committee. Cybersecurity experts have expressed concern about the [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":1610,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-1628","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/1628"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1628"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/1628\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/1610"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1628"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1628"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1628"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}