DHS Reveals America's First Cyber Safety Review Board

pcmag.com:

The Department of Homeland Security (DHS) is bridging the gap between private companies and government agencies via the newly formed Cyber Safety Review Board (CSRB).

"The CSRB will review and assess significant cybersecurity events so that government, industry, and the broader security community can better protect our nation’s networks and infrastructure," DHS says, starting with a report on the vulnerabilities discovered in the Log4j library in 2021.

Log4j is a nigh-ubiquitous Java library, which means the vulnerabilities disclosed in late 2021 could be exploited to enable remote code execution on countless servers. Microsoft said in December that state-sponsored hackers and criminals alike were starting to exploit these flaws.

DHS says the CSRB will include the following items in a report on the flaws due this summer:

a review and assessment of vulnerabilities associated with the Log4j software library, to include associated threat activity and known impacts, as well as actions taken by both the government and the private sector to mitigate the impact of such vulnerabilities;

recommendations for addressing any ongoing vulnerabilities and threat activity; and,

recommendations for improving cybersecurity and incident response practices and policy based on lessons learned from the Log4j vulnerability.

"To the greatest extent possible," DHS says, "the CSRB will share a public version of the report with appropriate redactions for privacy and to preserve confidential information."

The CSRB includes "15 highly esteemed cybersecurity leaders from the federal government and the private sector." That includes officials from the National Security Agency, Department of Defense, and FBI as well as executives from Microsoft,