The United States Department of Homeland Security announcement on February 3, 2022, the formation of a 15-person Cyber Security Review Board (the “CSRB”), to be headed by Robert Silvers, the Department of Homeland Security’s Under Secretary for Policy, as chairman of the CSRB, and by Heather Adkins, senior director of security engineering at Google, as vice chairman of the CSRB. The creation of the CSRB was mandated by President Biden Executive Order #14028 entitled Improving the Nation’s Cybersecurity, which was published on May 12, 2021. The Cybersecurity and Infrastructure Security Agency (“CISA”), part of the Department of Homeland Security, is responsible for managing, supporting and funding the CSRB. The CSRB website address is here.
CISA Director Jen Easterly and CSRB Chairman Robert Silvers named 13 federal government and private sector cyber leaders who will serve on the CSRB along with Chairman Silvers and Vice Chairman Adkins:
- Dmitri Alperovitch – Co-Founder and President, Silverado Policy Accelerator, Co-Founder and Former CTO of Crowdstrike
- John Carlin – Senior Associate Deputy Attorney General, Department of Justice
- Chris DeRusha – Federal Information Security Officer, Office of Management and Budget
- Chris Inglis – National Cyber Director, Office of the National Cyber Director
- Rob Joyce – Director of Cybersecurity, United States National Security Agency
- Katie Moussouris – Founder and CEO, Luta Security
- David Mussington – Executive Assistant Director for Infrastructure Security, CISA
- Chris Novak – Co-Founder and Managing Director, Verizon Threat Research Advisory Center
- Tony Sager – Senior Vice President and Chief Evangelist, Center for Internet Security
- John Sherman – Director of Information, Ministry of Defense
- Bryan Vorndran – Deputy Director, Cyber Division, Federal Bureau of Investigation
- Kemba Walden – Assistant General Counsel, Digital Crimes Unit, Microsoft
- Wendi Whitmore – Senior Vice President, Unit 42, Palo Alto Networks
The CSRB is a public-private initiative involving the federal government and industry leaders to improve the protection of the nation’s infrastructure and networks. The initial CSRB meeting should focus on vulnerabilities in the Log4j software library. President Biden’s Executive Order No. 14028 directs the CSRB to release its initial report by May 2022.