DHS’ New Cyber Safety Review Board to Focus on Addressing Log4j Vulnerability
DHS established the CSRB in accordance with President Joe Biden’s May 2021 executive order on modernizing the federal government’s cybersecurity.
The board is made up of more than 20 members from the private sector as well as the departments of Defense and Justice, DHS, National Security Agency and the FBI, according to a notice posted on the Federal Register.
According to a DHS spokesperson, reviews of past cyberattacks suggest that the CSRB’s expertise will be best put to use in remediating the Log4j flaw, Nextgov reported.
“The widespread use of the software, the ease of exploitation, and the potential impact by an adversary on a network make this an incredibly serious vulnerability,” the spokesperson told Nextgov.
DHS’ Cybersecurity and Infrastructure Security Agency raised the alarm on Log4j in early December 2021, warning that the flaw in the Apache logging framework could allow a hacker to remotely control a system.
Cybersecurity analysts said that the vulnerability affected Apple’s iCloud service, the Steam digital store, Chinese web giant Baidu and the Java Edition of Minecraft, where the exploit was first found.
The DHS spokesperson told Nextgov that the CSRB will account for the findings related to the SolarWinds Orion hack discovered in early 2021.
The SolarWinds incident reportedly compromised the networks of at least nine federal government agencies about a hundred American companies.
Tags: CISA Cyber Safety Review Boards cybersecurity Department of Homeland Security Federal Register Log4j Nextgov SolarWinds