CYBER CORNER
DHS LAUNCHES FIRST-EVER CYBER SAFETY REVIEW BOARD
The Department of Homeland Security (“DHS”) recently announced the formation of a new regulatory body known as the Cyber Safety Review Board (“CSRB”).
The mission of the CSRB is to investigate major cybersecurity incidents and help companies understand the threat environment in which they operate to better protect the nation’s infrastructure from cyberattacks.
The new entity, which is loosely patterned after the National Transportation Safety Board, will include representatives from various government agencies, as well as Technology industry executives. According to DHS Secretary Alejandro Mayorkas, the CSRB is being established “to thoroughly assess past events, ask the hard questions, and drive improvements across the private and public sector.” The CSRB will produce reports aimed at improving the nation’s cyber defenses.
The CSRB’s first review will focus on the log4j vulnerability, which came to light in December 2021. The board expects to deliver its report on this issue by the summer of 2022, detailing actions taken by the government and private industry to address this security flaw as well as lessons learned from the response effort.
The Takeaway
Businesses should ensure their own response to the log4j vulnerability stays up to date. This includes taking inventory of which of their applications use log4j, as underwriters are already asking their insureds about these precautions as part of the renewal process. It is also important for businesses to review their cyber insurance policies to confirm coverage for regulatory proceedings is not predicated on there being a network breach event, as regulators can initiate enforcement actions for other reasons.