#Senators to #Noem: Axing review board puts 'lives at risk'
A group of Democratic senators has urged #HomelandSecurity Secretary #KristiNoem to reestablish the Cyber Safety Review Board (#CSRB), which had been investigating how #China's #SaltTyphoon hacked US government and telecommunications networks.
https://www.theregister.com/2025/06/02/senators_to_noem_reestablish_csrb/
#CSRB
During confirmation hearings in the US Senate for the role of deputy director of the Dept of #HomelandSecurity, the nominee #TroyEdgar said #CISA has had the wrong management and needed to be "reined in."
Cyber Safety Review Board (#CSRB) had been probing #China's #SaltTyphoon campaign, in which telecommunication networks in America and beyond had been compromised by Beijing to snoop on potentially millions of people, though now CISA has taken over that role, Edgar said.
https://www.theregister.com/2025/02/26/dhs_cisa_doge/
As expected, major setbacks on cybersecurity front during first week of Trump regime. Summary of related chaos👇
#Cybersecurity #Trump #ExecutiveOrders #CSRB #CISA #Policy #Hacks #KrebsOnSecurity
A Tumultuous Week for Federal ...
Trump Disbands Cybersecurity Board Investigating Massive Chinese Phone System Hack (“the worst hack in US history”).
> While some have speculated that this move is an attempt to cover up the extent of the breach or even deliberately assist the Chinese, a more likely explanation is simple incompetence
My latest: #AIgovernance grows more complex as Trump rescinds a Biden #executiveorder and uncertainty lingers about the future of the #CSRB and #CISA, while the #EU enforces new regulations. #AIsafety #cybersecurity #CRA #DORA #AIAct
https://www.techtarget.com/searchitoperations/news/366618386/EU-US-at-odds-on-AI-safety-regulations
How pray tell is this a good move??
Department of Homeland Security (DHS) disbands all memberships of advisory committees including the Cyber Safety Review Board (CSRB). https://thehackernews.com/2025/01/trump-terminates-dhs-advisory-committee.html #Hackers #CyberSecurity #cybercrime #DHS #CSRB #Log4j #SaltTyphoon #security
#Trump administration fires members of #cybersecurity review board in 'horribly shortsighted' decision
The #CSRB was made up of both private sector and government cybersecurity experts.
Another person familiar with the matter pointed out that “it’s interesting that the rationale is ‘misuse of resources’ because all advisory board members get an excitingly rich salary of…$0.”
https://techcrunch.com/2025/01/22/trump-administration-fires-members-of-cybersecurity-review-board-in-horribly-shortsighted-decision/
The US Department of Homeland Security has dismissed all members of advisory committees, including the Cyber Safety Review Board. The board had been investigating the Salt Typhoon cyberattack on US telecoms infrastructure.
https://www.computing.co.uk/news/2025/security/trump-disbands-cyber-safety-review-board
@arstechnica Disbanding the #csrb is big mistake! They did good work that was felt industry wide and across the globe. I hope he, himself personally gets cybered nice and proper.
Trump is making us weaker and less secure:
The Department of Homeland Security told members of several advisory committees that they were effectively fired.
Among the committees impacted is the "Cyber Security Review Board", or #CSRB.
The CSRB was made up of both private sector and government cybersecurity experts.
One person familiar with the CSRB, who received the letter informing them that their membership in the CSRB was being terminated, criticized the decision:
“Shutting down all DHS advisory boards without consideration of the impact was horribly shortsighted,”
the person, who asked to remain anonymous, told TechCrunch.
“Stopping the CSRB review when China has ongoing cyber attacks into our critical infrastructure is a dangerous blunder.
We need to learn from Salt Typhoon and protect ourselves better.
👉The fact this isn’t a priority for Trump is telling.”
“You can’t stop what you don’t understand
and the CSRB was arming us with understanding,” the person added.
The person was referring to the CSRB’s review of the devastating recent breaches at several telecoms in the U.S.,
allegedly carried out by Chinese government hackers. https://techcrunch.com/2025/01/22/trump-administration-fires-members-of-cybersecurity-review-board-in-horribly-shortsighted-decision/
I'm a podcasting fool lately! Took a turn in the guest seat on @robwright 's Risk & Repeat for an episode about #Microsoft's first #securefutureinitiative report. Check it out! #sfi #csrb #cybersecurity #msft
https://riskandrepeat.podbean.com/e/risk-repeat-inside-the-microsoft-sfi-progress-report/
Microsoft just released a crucial progress report on its commitment to prioritizing security, a response to the US CSRB's scathing review from November 2023. Are they on track to rebuild trust? Stay updated on their journey! #Microsoft #CyberSecurity #Trust #CSRB
Reading the #CSRB report on the 2023 Microsoft Exchange intrusion and… wow. I don't think I've ever seen a government report at this level that is so sharply worded.
The #CSRB report on the #Microsoft #Azure #Storm0558 security incident says that Cloud Service Providers (#CSP) should adopt a minimum standard for default audit logging.
A wonder which standard exist there? Any pointers welcome.
The report later mentions the #FedRAMP AU-2 "standard". But I couldn't find it 😠
DHS blames ‘cascade of security failures at Microsoft’ for China hack on US government
https://therecord.media/dhs-cascade-of-security-failures-microsoft-china-hack #security #MicrosoftExchangeOnline #china #US #government #CSRB #Storm0558 #deprioritized #EnterpriseSecurity #MajorFuckingFuckup
DHS Cyber Safety Review Board (CSRB) absolutely savages Microsoft over the June 2023 Exchange Online breach by Chinese threat actor Storm-0558 and accessing U.S. government emails right before Secretary of State Anthony Blinken was to visit China. This 34 page PDF is written in the style of a U.S. Government Accountability Office (GAO) report. 🔗 https://www.dhs.gov/news/2024/04/02/cyber-safety-review-board-releases-report-microsoft-online-exchange-incident-summer
Key takeways (copied verbatim, emphasis mine):
- "Google's Threat Analysis Group was able to link at least one entity tied to this threat actor to the group responsible for the 2009 compromise of Google and dozens of other private companies in a campaign known as Operation Aurora, as well as the RSA SecurID incident."
- "However, by the conclusion of this review, Microsoft was still unable to demonstrate to the Board that it knew how Storm-0558 had obtained the 2016 MSA key."
- "Microsoft acknowledged to the Board in November 2023 that its September 6, 2023 blog post about the root cause was inaccurate, it did not update that post until March 12, 2024, as the Board was concluding its review and only after the Board's repeated questioning about Microsoft's plans to issue a correction;"
#DHS #CSRB #Microsoft #MSRC #China #cyberespionage #Storm0558
“Thus, possession of the 2016 MSA key-dated though it was-enabled the threat actor to forge authentication tokens that allowed it to access email systems.”
#CSRB #Microsoft
Microsoft's lax security blasted by investigators after serious breach
Cascade of failings allowed Chinese hackers to access government emails, says US review board
https://www.computing.co.uk/news/4192192/microsofts-lax-security-blasted-investigators-breach
Client Info
Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst