Senate Democrats advocate for the re-establishment of the Cybersecurity and Infrastructure Security Agency's (CISA) Cybersecurity Review Board (CSRB)
In a recent letter to Governor Noem, four Democratic senators have expressed mounting anxieties within the digital security community about the continued implications of the Cyber Safety Review Board's (CSRB) closure. As of May 2023, there is no publicly available information indicating that the CSRB has been reconstituted or has initiated an investigation into the high-profile "Salt Typhoon" breach of U.S. telecom companies.
The CSRB, composed of senior government officials and prominent cyber-industry executives, was established by the Biden administration to produce detailed, actionable reports on major cyberattacks, drawing lessons from the role that the National Transportation Safety Board has played in accident investigations. Unfortunately, the CSRB was abruptly disbanded by the Trump administration in January 2023, while it was investigating the Salt Typhoon breach.
The lack of a CSRB report on Salt Typhoon is depriving the public of a fuller accounting of the origin, scope, scale, and severity of these compromises. The senators have emphasised the need for clear root-cause analyses of each successful penetration and key recommendations for the telecommunications sector to better protect itself against similar complex and large-scale compromises by future threat actors.
Deputy Secretary Troy Edgar of the Department of Homeland Security (DHS) stated during his confirmation hearing in February that the department plans to reconstitute the CSRB "at the right time." However, as of February 2025, the Secretary of Homeland Security only mentioned plans to reconstitute the CSRB as part of efforts to better align cybersecurity efforts within federal agencies.
Some former CSRB members have suggested that a new board should be structured differently, with members who work for it full-time. Dmitri Alperovitch, chairman of Silverado Policy Accelerator, has proposed that the CSRB should be an independent entity.
The Chinese government-backed hacking operations are among the most serious threats facing the U.S., and concerns about these attacks have mounted as Trump has stoked a trade war with Beijing. The senators claim that the dismissal of CSRB members in January has undermined cyber defense preparations for public and private entities across the United States.
DHS did not respond to a request for comment about the letter. The CSRB has produced reports on China's intrusions into Microsoft Exchange Online and Russia's supply-chain attack against SolarWinds and its customers. It is essential that the U.S. develops a complete and thorough understanding of the factors that contributed to the success of these intrusions to better protect itself against future cyber threats.
- The senators' letter to Governor Noem highlights their concerns about the closure of the Cyber Safety Review Board (CSRB), emphasizing the need for its reconstitution to investigate the "Salt Typhoon" breach and produce reports on such cyberattacks.
- In the absence of the CSRB, there is a gap in understanding the origin, scope, and severity of cyberattacks like "Salt Typhoon", with the senators advocating for clear root-cause analyses and recommendations to improve cybersecurity in the telecommunications sector.
- Amidst escalating worries about Chinese government-backed hacking operations and potential future cyber threats, the senators claim that the dismissal of CSRB members has weakened cyber defense preparations for both public and private entities in the United States.
%20Cybersecurity%20Review%20Board%20(CSRB)){kind=link}