Role and Impact of the DHS Cyber Safety Review Board
On January 20, 2025, Acting Secretary of the Department of Homeland Security (DHS), Benjamine Huffman, issued a memorandum terminating all current memberships on DHS advisory committees, including the Cyber Safety Review Board (CSRB). This decision aligns with the Trump administration's initiative to eliminate what it deems as "misuse of resources" and to ensure that DHS activities prioritize national security.

The Role and Impact of the Cyber Safety Review Board
Established under President Biden's Executive Order 14028 in 2022, the CSRB was designed to review and assess significant cybersecurity incidents, providing recommendations to enhance cybersecurity practices across both private and public sectors. The board comprised a unique collaboration between government officials and private sector experts, serving as a critical mechanism for learning from cyber events and bolstering national cyber resilience.
Prior to its dissolution, the CSRB was actively investigating a major cybersecurity incident involving a Chinese state-sponsored group known as Salt Typhoon. This group had infiltrated U.S. telecommunications networks, compromising sensitive communications, including those of high-profile political figures. The termination of the CSRB's members is expected to delay this crucial investigation, potentially hindering efforts to understand and mitigate the impact of the breach.
Broader Implications for DHS Advisory Committees
The disbanding of the CSRB is part of a wider initiative by the Trump administration to reassess and restructure DHS advisory committees. In his memo, Acting Secretary Huffman emphasized that future committee activities would be realigned to focus solely on advancing DHS's core mission of protecting the homeland and supporting strategic priorities. Former advisory board members have been invited to reapply for their positions, indicating a potential reformation of these committees under new guidelines.
Reactions and Concerns
The decision to terminate the CSRB and other advisory committees has sparked concerns among cybersecurity experts and policymakers. Critics argue that dismantling such bodies, especially amid ongoing cyber threats from adversaries like China, could weaken the nation's cybersecurity posture. The CSRB's role in investigating significant cyber incidents and providing actionable recommendations was viewed as a vital component of the nation's defense against cyber adversaries.
As the Trump administration continues to implement its agenda of reducing government spending and restructuring federal agencies, the future of cybersecurity initiatives within DHS remains uncertain. The potential reformation of advisory committees, including the CSRB, will likely reflect the administration's priorities and approach to national security and resource allocation. Stakeholders within the cybersecurity community will be closely monitoring these developments, advocating for the preservation of mechanisms that enhance the nation's ability to respond to and learn from cyber incidents.
DHS Launches First-Ever Cyber Safety Review Board: A Closer Look
The Department of Homeland Security (DHS) officially announced the establishment of the first-ever Cyber Safety Review Board (CSRB) on February 3, 2022. This initiative, created under President Biden's Executive Order 14028, aimed to enhance cybersecurity practices across public and private sectors by investigating and reviewing significant cybersecurity incidents.

Objectives of the Cyber Safety Review Board
The CSRB was designed to operate similarly to the National Transportation Safety Board (NTSB) in investigating transportation accidents but with a cybersecurity focus. Its primary goals included:
- Investigating Major Cyber Incidents – The board was tasked with reviewing high-profile cyber incidents that impacted national security, critical infrastructure, and public trust.
- Identifying Lessons Learned – By analyzing past breaches, the CSRB provided actionable recommendations to mitigate future cyber threats.
- Strengthening Public-Private Collaboration – Bringing together cybersecurity experts from both government and private industries to create a unified defense strategy.
- Enhancing Incident Response – Offering guidance on improving national response mechanisms to cyber threats.
Structure and Composition
The CSRB consisted of leading figures from both government agencies and the private sector. Key participants included:
- Representatives from the Cybersecurity and Infrastructure Security Agency (CISA)
- The Department of Justice (DOJ)
- Private-sector cybersecurity leaders from major technology companies
- Industry experts specializing in threat intelligence and cybersecurity best practices
Chaired by the Under Secretary for Policy at DHS, the board's decisions and reports were intended to inform policy changes and industry practices.
Key Achievements of the CSRB
Since its formation, the CSRB conducted several high-impact reviews, including:
- Log4Shell Vulnerability Review (2022):
- The CSRB's inaugural report analyzed the widespread Log4j vulnerability, offering actionable recommendations for businesses to protect against similar vulnerabilities.
- Key findings highlighted the need for better software supply chain security and enhanced patch management processes.
- LAPSUS$ Group Investigation (2023):
- The CSRB examined the tactics, techniques, and procedures (TTPs) used by the LAPSUS$ cybercriminal group.
- The report emphasized the importance of multi-factor authentication (MFA) and insider threat mitigation strategies.
- Salt Typhoon Threat Actor Analysis:
- Investigating the Chinese state-sponsored hacking group, Salt Typhoon, which targeted U.S. telecommunications networks.
- The review recommended stricter access controls and enhanced monitoring of critical infrastructure networks.
In October 2024, the U.S. Cyber Safety Review Board (CSRB) initiated an investigation into a significant cybersecurity breach attributed to the Chinese state-sponsored group known as Salt Typhoon. This group successfully infiltrated multiple U.S. telecommunications networks, including major providers such as Verizon, AT&T, and Lumen Technologies, with the primary objective of conducting espionage on prominent American figures,
Scope and Impact of the Breach
The cyber intrusion granted Salt Typhoon access to sensitive communications data, including call logs and unencrypted text messages. Notably, the hackers targeted individuals involved in high-level political activities, such as former President Donald Trump and associates of Vice President Kamala Harris's campaign. The breach's extensive reach has raised significant concerns among U.S. officials regarding the potential for substantial espionage activities.
CSRB's Investigative Mandate
Established in 2022, the CSRB operates under the Department of Homeland Security with a mandate to examine major cybersecurity incidents affecting critical infrastructure. The board's role includes analyzing security failures, understanding the methods employed by adversaries, and providing recommendations to prevent future attacks. In this instance, the CSRB's investigation focuses on identifying the security lapses that allowed Salt Typhoon to penetrate the telecommunications networks and assessing the broader implications for national security.
Broader Implications
The Salt Typhoon incident underscores the evolving capabilities of Chinese cyber-espionage groups and their focus on U.S. critical infrastructure. The breach not only compromised the privacy of high-profile individuals but also exposed vulnerabilities in systems used for lawful intercepts by U.S. law enforcement. This situation highlights the pressing need for robust cybersecurity measures and the importance of thorough investigations like those conducted by the CSRB to fortify defenses against sophisticated state-sponsored cyber threats
Challenges and Controversies
Despite its successes, the CSRB faced challenges, including concerns over:
- Funding and Resource Allocation: Some critics argued that the board lacked adequate resources to conduct comprehensive investigations.
- Industry Cooperation: Certain sectors were reluctant to share proprietary data, fearing reputational damage.
- Political Influence: Shifts in administration priorities threatened the board's continuity and effectiveness.
The CSRB's Recent Dissolution
In January 2025, the Trump administration moved to terminate all DHS advisory committees, including the CSRB, citing "misuse of resources" and a need to reallocate efforts toward national security priorities. This decision effectively put an end to the board's operations, raising concerns within the cybersecurity community about the potential loss of valuable insights and collaboration.
Future Outlook
While the CSRB's dissolution marks the end of its formal operations, cybersecurity experts advocate for alternative mechanisms to continue its mission. Suggestions include:
- Establishing an independent cybersecurity review body outside of federal oversight.
- Encouraging industry-led initiatives to fill the gap left by the CSRB.
- Integrating CSRB recommendations into existing cybersecurity frameworks like NIST and ISO 27001.
Conclusion
The DHS Cyber Safety Review Board represented a groundbreaking effort to enhance national cybersecurity resilience through collaborative reviews and strategic recommendations. Although its tenure was short-lived, its contributions laid the groundwork for improved cybersecurity practices and policies that will continue to influence the industry in the years to come.