Federal authorities dismantle current Council ofirling Safe and Resilient Buildings panel, sparking concerns regarding the future of CSRB
The Cyber Safety Review Board (CSRB), a critical body established to investigate major cybersecurity incidents and improve national cybersecurity practices, has been temporarily disbanded by the Trump administration in early 2025 [2][3]. The decision came before the CSRB could complete its investigation into a significant incident known as Salt Typhoon.
The Salt Typhoon attacks were attributed to Salt Typhoon, a threat group backed by the People's Republic of China, and the CSRB was currently investigating the hacking of nine U.S. telecommunications firms [6]. Bennie Thompson, the ranking member of the House Committee on Homeland Security, expressed concern about the decision to disband advisory committees, including the CSRB, during a hearing [7].
The disbanding of the CSRB has left a temporary gap in formal review and lessons-learned analyses for significant cyber incidents [2]. The absence of the CSRB also raises questions about the future of the telecom attacks probe and future investigations into cyber threat activity [5].
In the meantime, the Department of Homeland Security (DHS) and its Cybersecurity and Infrastructure Security Agency (CISA) continue other cybersecurity efforts [2]. However, the CSRB itself remains inactive as of mid-2025 due to the administrative decision [2]. There is no clear public timeline announced yet for the CSRB's reinstatement.
The situation signals that the CSRB's eventual reconstitution could reflect an updated mandate or structure aligned with broader cybersecurity strategies [4][5]. Agencies like NIST and DHS are implementing new policies and frameworks under recent executive orders focused on cybersecurity improvements [4][5].
The decision to turn over membership on the CSRB is fairly standard practice during a change in administrations [8]. Notably, Chris Krebs, the former chief intelligence and public policy officer at SentinelOne, resigned from the CSRB two days before the memo was issued disbanding advisory committees within the U.S. Department of Homeland Security [9].
Annie Fixler, director of the Center on Cyber and Technology Innovation, stated that the investigation into China's Salt Typhoon compromise of American telecommunications companies is of paramount importance [10]. Thompson also expressed concern that the decision may cause the important work on the Salt Typhoon campaign to be delayed [7].
In early 2024, the CSRB issued a blistering report following the state-linked hacks of Microsoft Exchange Online in 2023 [11]. The report concluded that Microsoft had neglected cybersecurity concerns due to cultural failures at the company, including prioritizing speed to market and sales objectives [12].
The future implications of this include continued debate and need for improved federal coordination and public-private partnerships to respond effectively to cyber threats in the absence of a fully operational board [3]. Potential continued focus on other cybersecurity initiatives, such as federal grants for state and local governments for cyber defense, and coordination efforts under CISA and the Office of the National Cyber Director (ONCD), are also possible [1][3].
In conclusion, the temporary disbanding of the CSRB has left a gap in national incident review and response coordination. While DHS and related agencies continue other cyber defense efforts, the absence of the CSRB underscores the need for improved federal coordination and public-private partnerships in the cybersecurity domain. The eventual reconstitution of the CSRB could reflect an updated mandate or structure aligned with broader cybersecurity strategies.
References: 1. Cyber Safety Review Board Disbanded, Leaving a Gap in National Cybersecurity Response 2. DHS Disbands Cyber Safety Review Board Amid Ongoing Investigations 3. What the DHS Decision to Disband the Cyber Safety Review Board Means 4. DHS Deputy Secretary Nominee: CSRB to be Reinstated at the Right Time 5. Implications of the Disbanding of the Cyber Safety Review Board 6. CSRB Investigating Salt Typhoon Hacking of Nine U.S. Telecom Firms 7. Thompson Expresses Concern Over DHS Decision to Disband Advisory Committees 8. Resignation of Chris Krebs from the Cyber Safety Review Board 9. Chris Krebs Resigns from Cyber Safety Review Board 10. Annie Fixler: Salt Typhoon Compromise of American Telecom Companies is of Paramount Importance 11. CSRB Issues Report on Microsoft Exchange Online Hacks 12. Microsoft Failed to Prioritize Cybersecurity, According to CSRB Report
- The disbanding of the Cyber Safety Review Board (CSRB) has raised questions about the future of investigations into significant cybersecurity incidents, such as the Salt Typhoon attacks, which were attributed to a threat group backed by the People's Republic of China.
- The eventual reconstitution of the CSRB could reflect an updated mandate or structure aligned with broader cybersecurity strategies, emphasizing the need for improved federal coordination and public-private partnerships in the cybersecurity domain.
