In the wake of the recent identification of a critical vulnerability in the Java-based Log4j software code and due to the alarming rise in cybercrime, ransomware attacks and information breaches, the U.S. government is ramping up its cybersecurity response and resilience efforts.
The Department of Homeland Security on Thursday established the country’s first-ever Cyber Safety Review Board, whose mission is to review and assess significant cyber events, provide strategic recommendations to DHS and the White House and improve the cybersecurity of public and private sector organizations.
The CSRB currently consists of 15 members from government agencies and industry, appointed by Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency and recently named 2022 Wash100 Award winner.
“A continuous learning culture is critical to staying ahead of the increasingly sophisticated cyber threats we face in today’s complex technology landscape,” Easterly said, highlighting the After Action Review process she experienced during her 20 years in the U.S. Army as a critical measure for reflecting upon organizational failures and successes.
Easterly added that the board will “take on the comparable challenge of ensuring that we fully understand and learn from significant cyber events that may threaten our nation.”
CSRB’s first report, expected in the summer of 2022, will review, assess and deliver recommendations on the Log4j vulnerability.
Chris Inglis, national cyber director and fellow 2022 Wash100 Award recipient, also sits on the Cyber Safety Review Board.
During a recent Digital Currency and National Security Forum hosted by the Potomac Officers Club, Inglis celebrated the relatively swift response across the public and private sectors to the Log4j vulnerability.
“The U.S. government and the private sector have received generally high marks for the response,” Inglis shared in his keynote address. However, he continued, “As much as we might be complimenting ourselves properly on that response, we make a mistake if we think that our present actions constitute the strategy. They do not.”
Inglis said the country’s overarching cybersecurity strategy must contain efforts to improve software security prior to attacks if it is to be fully effective against future threats.
“No code base will be ultimately perfectly secure,” he shared. “We need to work hard to get left of boom, but when that occurs, we need to quickly discern and quickly act in a collective, collaborative fashion.”
CISA Chief Information Officer Robert Costello will keynote the event ahead of an expert panel discussion featuring other notable leaders from CISA and industry.
Register now for the Feb. 23 Information Security and Innovation Forum!