Removal of Cyber Safety Review Board members sparks alarm from cyber pros, key lawmaker  – CyberScoop

The top Democrat on the House Homeland Security Committee and a number of cyber professionals on Wednesday lamented the Trump administration’s decision to purge a cyber incident investigation board of its membership.

But the move had some supporters, including the chairman of that same committee.

Acting Department of Homeland Security Secretary Benjamine Huffman issued a memorandum Monday that strips all advisory committees of its members, a move that deletes the roster for both the Cyber Safety Review Board (CSRB) and the Cybersecurity and Infrastructure Security Agency’s Cybersecurity Advisory Committee.

The CSRB has been reviewing the massive breach of telecommunications companies by the Chinese hacking group Salt Typhoon.

“In alignment with the Department of Homeland Security’s (DHS) commitment to eliminating the misuse of resources and ensuring that DHS activities prioritize our national security, I am directing the termination of all current memberships on advisory committees within DHS, effective immediately,” he wrote, adding that outgoing members could reapply for their positions. “Further committee activities will be focused solely on our critical mission to protect the homeland and support DHS’s strategic priorities.”

Next plans for the CSRB weren’t clear, but the move sparked some fears about the nearly three-year-old board’s future.

“It is a national security imperative that the investigation be completed expeditiously,” Mississippi Rep. Bennie Thompson, the top Democrat on the House Homeland Security panel, said at a committee hearing Wednesday. “I’m troubled that the president’s attempt to stack the CSRB with loyalists may cause its important work on the Salt Typhoon campaign to be delayed. The American people deserve better.”

Cybersecurity researcher Kevin Beaumont said on the social media platform Bluesky that the move would give Microsoft a “free pass,” referring to the CSRB’s critical report of the tech giant — and Beaumont’s former employer — over its handling of a prior Chinese hacker breach.

Jake Williams, faculty at IANS Research, went even further on the same website: “We should have been putting more resources into the CSRB, not dismantling it,”he wrote. “There’s zero doubt that killing the CSRB [would] hurt national security.”

But House Homeland Security Chairman Mark Green, R-Tenn., said it was the new president’s prerogative to assemble his own team.

“It is worth remembering that while the CSRB is meant to be an impartial body, its members were appointed by the former Director of CISA,” he said in a written statement. “Given the CSRB is tasked with investigating significant cyber intrusions — such as the Microsoft Exchange incident my committee examined last year — President Trump’s new DHS leadership should have the opportunity to decide the future of the Board. This could include appointing new members, reviewing its structure, or deciding if the Board is the best way to examine cyber intrusions.”

Said a senior DHS official: “Effective immediately, the Department of Homeland Security will no longer tolerate any advisory committee[s] which push agendas that attempt to undermine its national security mission, the President’s agenda or Constitutional rights of Americans.”  

JD Work, a professor at the National Defense University College of Information and Cyberspace, said on X the CSRB undercut itself by investigating an active incident, saying it was intended to do after-the-fact reviews.

At the same hearing where Thompson spoke out on the administration’s decision, witnesses testified that Congress needs to act this year to renew the 2015 Cyber Information Security Act, which established a shield against lawsuits and disclosures for companies that share cyber threat data with DHS.

The law is an important intelligence-sharing tool and allowing it to expire “would be a huge step back,” Brandon Wales, the former executive director of cybersecurity at CISA and now vice president of cybersecurity strategy at SentinelOne, said in written testimony.

The Homeland Security Committee needs to extend the life of the law “to ensure we do not see hard-won progress lost to congressional inaction,” said Kemba Walden, president of the Paladin Global Institute and former acting national cybersecurity director.

The law’s effectiveness has long fallen short of its intentions to boost private-sector information sharing, repeated outside reviews have concluded, although the most recent public examination noted improvement in recent years.

The post Removal of Cyber Safety Review Board members sparks alarm from cyber pros, key lawmaker appeared first on CyberScoop.

  –

Read More  – CyberScoop