Cyber Safety Review Board gaps detailed

More robust authorities and increased independence from the private sector were noted by cybersecurity experts to be needed by the Department of Homeland Security's Cyber Safety Review Board to bolster its investigations into major cybersecurity incidents, reports CyberScoop. While established to resemble the National Transportation Safety Board, the CSRB has not been very effective due to its inability to subpoena organizations involved in cybersecurity events, as well as its lack of full-time staff not connected to private firms, said Red Queen Dynamics CEO Tarah Wheeler before the Senate Homeland Security and Governmental Affairs Committee. Similar sentiments have been expressed by Atlantic Council Cyber Statecraft Initiative Director Tracy Herr, who noted that both investigations conducted by the CSRB on the Lapsus$ cybercrime operation and Log4j vulnerability were merely "consensus-based resolutions" that were lacking in substance. The CSRB has also not yet probed the widespread SolarWinds supply chain attack of 2020 despite the severity of the intrusion, said Herr, who also urged for increased transparency on the selection of the board's members.