The DHS has launched the first-ever Cyber Safety Review Board. The 15-member group will focus on significant cybersecurity events and recommend improvements.
The CSRB’s first report, which will be delivered this summer, will include:
a review and assessment of vulnerabilities associated with the Log4j software library, to include associated threat activity and known impacts, as well as actions taken by both the government and the private sector to mitigate the impact of such vulnerabilities.
recommendations for addressing any ongoing vulnerabilities and threat activity; and,
recommendations for improving cybersecurity and incident response practices and policy based on lessons learned from the Log4j vulnerability.
“A continuous learning culture is critical to staying ahead of the increasingly sophisticated cyber threats we face in today’s complex technology landscape. Over two decades in the Army, I learned the importance of a detailed and transparent After Action Review process in unpacking both failures and successes.” said CISA Director Jen Easterly.
George McGregor, VP, Approov shared his perspective on this announcement what we should come to expect from the board:
"We welcome this initiative. It will be important for the board to consider two major reports published last year (https://www.fiercehealthcare.com/tech/report-shows-patient-data-vulnerable-to-hacks-third-party-aggregators) that found that no effective shielding solutions were in place in mobile health apps: secrets could be acquired from mobile health apps and used to attack APIs directly.
The research also highlighted well known vulnerabilities found in some APIs and it was possible to use one user's (genuine) credentials to access (many) other people's PHI data. Effective run-time shielding can eliminate these risks.”