Connect with us

Hi, what are you looking for?

News

Biden Administration’s Cyber Safety Review Board Faces Criticism for Not Investigating SolarWinds Attack

Joe Biden
Joe Biden

The Biden administration established the Cyber Safety Review Board (CSRB) in response to a major cyber-espionage attack by Russian intelligence, which targeted U.S. government agencies through the SolarWinds software.

The hackers used a vulnerability in a Microsoft product to infiltrate the National Nuclear Security Administration, National Institutes of Health, and the Treasury Department, marking what Microsoft President Brad Smith described as the most sophisticated attack ever. Despite the board’s creation to investigate such incidents, it never examined the SolarWinds attack as initially directed.

The CSRB, created to address cyber threats compromising U.S. economic and national security, was intended to function similarly to the National Transportation Safety Board (NTSB), which investigates aviation accidents independently and publicly.

However, unlike the NTSB, the CSRB operates within the Department of Homeland Security (DHS), and lacks full-time staff, subpoena power, and dedicated funding. This structure has led to criticism regarding its ability to conduct thorough, independent investigations.

The CSRB’s decision not to review SolarWinds remains unexplained. Instead, it investigated a 2023 cyber attack by Chinese state hackers, who exploited various Microsoft security flaws to access the emails of top federal officials.

Joe Biden

Joe Biden

A public examination of the SolarWinds incident could have exposed Microsoft’s longstanding knowledge and neglect of a critical security flaw, which would have significant implications for U.S. government security and Microsoft’s practices.

Critics argue that the board’s failure to investigate SolarWinds has prevented accountability and potential prevention of future attacks. Senator Ron Wyden and other cybersecurity experts suggest that a thorough review could have identified weaknesses in Microsoft’s security culture and possibly prevented the 2023 Chinese hack.

However, DHS maintains that the two incidents were distinct and a review of SolarWinds wouldn’t have necessarily uncovered the gaps found in the latest attack.

Microsoft has not disputed the whistleblower’s claims regarding its security failings but emphasizes its commitment to customer protection and thorough handling of security issues.

The board’s failure to probe SolarWinds raises questions about its ability to hold government agencies accountable for their cybersecurity lapses. Critics, including Wyden, express concern that the board’s composition, with federal officials as the majority, might hinder impartial evaluations of government negligence.

Despite the board’s lack of action on SolarWinds, it has led to some regulatory changes, such as new FCC rules related to cell phone security. Nonetheless, cybersecurity experts remain skeptical of the board’s effectiveness, especially given the Government Accountability Office’s (GAO) puzzling endorsement of the board’s work.

The CSRB’s limited scope and independence contrast sharply with the NTSB model, underscoring the need for a more robust and autonomous cybersecurity review process to address the escalating threats to national security.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Tech

Amazon Web Services (AWS) recently unveiled several innovations aimed at enhancing the development and deployment of generative AI applications, addressing concerns around accuracy and...

News

AU10TIX, an Israeli company that verifies IDs for clients like TikTok, X, and Uber, accidentally left important admin credentials exposed for over a year....

Cars

At vero eos et accusamus et iusto odio dignissimos ducimus qui blanditiis praesentium voluptatum deleniti atque corrupti quos.

Tech

At vero eos et accusamus et iusto odio dignissimos ducimus qui blanditiis praesentium voluptatum deleniti atque corrupti quos.