This browser is not actively supported anymore. For the best passle experience, we strongly recommend you upgrade your browser.
| less than a minute read

New Federal Cybersecurity Board to Review Incidents

The Department of Homeland Security has created a federal private/public review board to "review and assess significant cybersecurity events" such as the Log4J events of late 2021. The board will not have regulatory powers. It appears to be intended to operate like the National Transportation Safety Board, which assesses major aviation incidents and makes safety recommendations based on its reviews.  

Why It Matters

Although this board is not a new rule-making agency, it has representatives from private industry (e.g., Google, Microsoft) working in partnership with federal policymakers. Their work product will be in the form of recommendations to DHS and the White House on how to strengthen the nation's ability to avoid and mitigate attacks. These recommendations are non-binding, but are likely to contain helpful threat intel (some redacted) and "lessons learned," as well as specific security techniques, that can be of use to the private sector in its own security planning.  

The board was part of the executive order that President Joe Biden signed last year. Experts have long urged the federal government to create an organization for cybersecurity incidents akin to the National Transportation Safety Board, which investigates airplane crashes and transportation incidents.

Tags

insights, hill_mitzi, data security and privacy