Updated News Around the World

WSJ News Exclusive | Biden Administration Forms Cybersecurity Review Board to Probe Failures

WASHINGTON—The Biden administration has formed a panel of senior administration officials and private-sector experts to investigate major national cybersecurity failures, and it will probe as its first case the recently discovered Log4j internet bug, officials said.

The new Cyber Safety Review Board is tasked with examining significant cybersecurity events that affect government, business and critical infrastructure. It will publish reports on security findings and recommendations, officials said. Details of the board will be announced Thursday.

The board, officials have said, is modeled loosely on the National Transportation Safety Board, which investigates and issues public reports on airplane crashes, train derailments and other transportation accidents. The new panel’s authority derives from an executive order that President Biden signed in May to improve federal cybersecurity defenses.

The cyber board isn’t an independent agency like the transportation board and will instead reside within the Department of Homeland Security. It will have 15 members—three times as many as the full complement of the transportation board—from government and the public sector who don’t need to be confirmed by the Senate. It lacks subpoena power, unlike the transportation board.

Homeland Security Secretary

Alejandro Mayorkas

said in an interview that the cyber board was intended to draw solutions to future problems from past cybersecurity crises, rather than casting blame where shortcomings are identified.

“It is not a regulatory authority, it is not a board that is searching for or focused upon accountability or fault,” Mr. Mayorkas said. “We are going to be looking at ourselves, we are going to be looking at one another, and that really underscores the purpose of this board—to not focus on fault.”

Rob Silvers,

the undersecretary for policy at DHS and a lawyer with experience in cybersecurity issues, will chair the review board.

Heather Adkins,

senior director of security engineering at

Alphabet Inc.’s

Google, has been tapped as the vice chair.

Several government agencies, including the National Security Agency and other parts of DHS, have expansive cybersecurity missions that include protecting the federal government and assisting the private sector. Officials said the new board was necessary to combine the expertise of government officials and private-sector researchers to study high-profile cybersecurity episodes and share comprehensive findings with the public.

Ransomware attacks are increasing in frequency, victim losses are skyrocketing, and hackers are shifting their targets. WSJ’s Dustin Volz explains why these attacks are on the rise and what the U.S. can do to fight them. Photo illustration: Laura Kammermann

“This is something that has been missing from the ecosystem until now,” Mr. Silvers said of the Cyber Safety Review Board, which he said will draw personnel support and funding from the Cybersecurity and Infrastructure Security Agency, DHS’s cybersecurity wing.

Mr. Silvers said the board expects to finish by May its probe of the vulnerabilities related to the open-source software logging tool called Log4j. It is a free piece of code that logs activity in computer networks and applications, and officials have warned that it is likely one of the gravest cybersecurity vulnerabilities on record.

Researchers have said the Log4j flaw, publicly disclosed in December after its discovery by a Chinese security team, was particularly worrying because the free Java-based software is used in a range of products including security software, networking tools and videogame servers. The exact number of users of Log4j is probably impossible to know, but the software has been downloaded millions of times, according to the organization that builds it, Apache Software Foundation.

SHARE YOUR THOUGHTS

What should be the priorities of the cybersecurity review board? Join the conversation below.

Other members of the 15-person board include

Rob Joyce,

the top cybersecurity official at the National Security Agency;

John Carlin,

principal associate deputy attorney general; National Cyber Director

Chris Inglis

;

Dmitri Alperovitch,

co-founder of the Washington-based Silverado Policy Accelerator think tank; and

Katie Moussouris,

a security researcher who pioneered bug-bounty programs as an incentive for reporting computer flaws.

Kemba Walden,

assistant general counsel for

Microsoft Corp.

, and

Wendi Whitmore,

senior vice president of

Palo Alto Networks Inc.’s

cyber threat team, are also on the board.

Democratic Sen.

Mark Warner

of Virginia, chairman of the Senate Intelligence Committee and co-chairman of the Senate cybersecurity caucus, had pushed for the creation of such a review board to probe major cybersecurity crises.

“It’s only a matter of when, not if, we face another widespread cyber breach that threatens our national security,” Mr. Warner said. “I was glad to see this NTSB-like function included in the president’s May 2021 executive order on cybersecurity, and this is a good first step to establishing such a capability.”

Write to Dustin Volz at [email protected]

Copyright ©2022 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! NewsUpdate is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.