Jump to content

Cyber Safety Review Board: Difference between revisions

Add links
From Wikipedia, the free encyclopedia
Browse history interactively
← Previous edit
Content deleted Content added
VisualWikitext
First report
m v2.05 - Fix errors for CW project (Link equal to linktext)
 
(12 intermediate revisions by 7 users not shown)
Line 1: Line 1:
{{Short description|Proposed US government panel}}
{{Short description|Public-private review board}}
The '''Cyber Safety Review Board''' (also called the '''CSRB''') was established by [[United States Secretary of Homeland Security]] [[Alejandro Mayorkas]] on February 3, 2022.<ref>{{Cite news|last1=Sanger|first1=David E.|last2=Perlroth|first2=Nicole|last3=Barnes|first3=Julian E.|date=2021-05-10|title=Biden Plans an Order to Strengthen Cyberdefenses. Will It Be Enough?|language=en-US|work=The New York Times|url=https://www.nytimes.com/2021/05/09/us/politics/biden-cyberattack-response.html|access-date=2021-05-13|issn=0362-4331|archive-date=2021-10-16|archive-url=https://web.archive.org/web/20211016003111/https://www.nytimes.com/2021/05/09/us/politics/biden-cyberattack-response.html|url-status=live}}</ref><ref>{{Cite web|title=Biden Signs Cybersecurity Executive Order Following Colonial Pipeline Hack|url=https://www.npr.org/2021/05/12/996367760/biden-signs-cybersecurity-executive-order-following-colonial-pipeline-hack|access-date=2021-05-13|website=NPR.org|language=en|archive-date=2021-06-24|archive-url=https://web.archive.org/web/20210624045408/https://www.npr.org/2021/05/12/996367760/biden-signs-cybersecurity-executive-order-following-colonial-pipeline-hack|url-status=live}}</ref><ref name=":0">{{Cite web|title=Cyber Safety Review Board website|language=en-US|url=https://www.cisa.gov/cyber-safety-review-board|access-date=2022-08-10|archive-date=2022-07-21|archive-url=https://web.archive.org/web/20220721152909/https://www.cisa.gov/cyber-safety-review-board|url-status=live}}</ref><ref>{{Cite web |title=DHS Launches First-Ever Cyber Safety Review Board {{!}} Homeland Security |url=https://www.dhs.gov/news/2022/02/03/dhs-launches-first-ever-cyber-safety-review-board |access-date=2024-06-01 |website=www.dhs.gov |language=en |archive-date=2024-05-31 |archive-url=https://web.archive.org/web/20240531230221/https://www.dhs.gov/news/2022/02/03/dhs-launches-first-ever-cyber-safety-review-board |url-status=live }}</ref> Modeled after the [[National Transportation Safety Board]], the Board reviews significant cybersecurity incidents and issues reports.<ref>{{Cite web|date=2021-05-13|title=The New Cyber Executive Order is a Good Start, But Needs a Supercharge from Congress|url=https://www.justsecurity.org/76154/the-new-cyber-executive-order-is-a-good-start-but-needs-a-supercharge-from-congress/|access-date=2021-05-14|website=Just Security|language=en-US|archive-date=2021-09-26|archive-url=https://web.archive.org/web/20210926220618/https://www.justsecurity.org/76154/the-new-cyber-executive-order-is-a-good-start-but-needs-a-supercharge-from-congress/|url-status=live}}</ref><ref>{{Cite web|last=Katz|first=Justin|date=May 13, 2021|title=Cyber EO lays a foundation for securing government|url=https://gcn.com/articles/2021/05/13/cybersecurity-eo.aspx|access-date=2021-05-14|website=GCN|language=en|archive-date=2021-05-14|archive-url=https://web.archive.org/web/20210514132906/https://gcn.com/articles/2021/05/13/cybersecurity-eo.aspx|url-status=dead}}</ref> President [[Joe Biden]] directed the Board's creation through Section 5 of Executive Order 14028, issued on May 12, 2021.<ref>{{Cite web|date=2021-05-12|title=Executive Order on Improving the Nation's Cybersecurity|url=https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/|access-date=2021-05-13|website=The White House|language=en-US|archive-date=2021-05-15|archive-url=https://web.archive.org/web/20210515153804/https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/|url-status=live}}</ref><ref>{{Cite web|last=Macias|first=Kevin Breuninger,Amanda|date=2021-05-12|title=Biden signs executive order to strengthen U.S. cybersecurity defenses after Colonial Pipeline hack|url=https://www.cnbc.com/2021/05/12/biden-signs-executive-order-to-strengthen-cybersecurity-after-colonial-pipeline-hack.html|access-date=2021-05-13|website=CNBC|language=en|archive-date=2021-10-19|archive-url=https://web.archive.org/web/20211019173744/https://www.cnbc.com/2021/05/12/biden-signs-executive-order-to-strengthen-cybersecurity-after-colonial-pipeline-hack.html|url-status=live}}</ref>
{{Orphan|date=July 2021}}
== Overview ==
The Board reviews and assesses significant cyber incidents and provides findings and recommendations to the [[United States Secretary of Homeland Security]]. The Board’s construction is a unique and valuable collaboration of government and private sector members, and provides a direct path to the Secretary of Homeland Security and the President to ensure the recommendations are addressed and implemented, as appropriate.


Executive Order 14028 provides that the Board is composed of up to twenty members, chosen by the [[Director of the Cybersecurity and Infrastructure Security Agency]].<ref name=":1">{{Cite web |date=2023-09-21 |title=Cyber Safety Review Board Charter {{!}} CISA |url=https://www.cisa.gov/resources-tools/resources/cyber-safety-review-board-charter |access-date=2024-06-01 |website=www.cisa.gov |language=en |archive-date=2024-06-14 |archive-url=https://web.archive.org/web/20240614013832/https://www.cisa.gov/resources-tools/resources/cyber-safety-review-board-charter |url-status=live }}</ref> Those members must include representatives from various federal agencies, as well as individuals employed by the private sector.<ref name=":1" /> The CSRB lacks subpoena power and instead relies on voluntary cooperation from organizations with relevant information, though the Biden Administration has published a legislative proposal requesting that Congress grant the CSRB subpoena power.<ref>{{Cite web |date=2024-01-18 |title=Is the Cyber Safety Review Board working? Lawmakers consider tweaks to CSRB |url=https://federalnewsnetwork.com/cybersecurity/2024/01/is-the-cyber-safety-review-board-working-lawmakers-consider-tweaks-to-csrb/ |access-date=2024-06-01 |website=federalnewsnetwork.com |language=en-US |archive-date=2024-06-14 |archive-url=https://web.archive.org/web/20240614013829/https://federalnewsnetwork.com/cybersecurity/2024/01/is-the-cyber-safety-review-board-working-lawmakers-consider-tweaks-to-csrb/ |url-status=live }}</ref>
The '''Cyber Safety Review Board''' (also called the '''Cybersecurity Safety Review Board''') is a proposed panel scheduled to be established by the [[United States Secretary of Homeland Security]].<ref>{{Cite news|last=Sanger|first=David E.|last2=Perlroth|first2=Nicole|last3=Barnes|first3=Julian E.|date=2021-05-10|title=Biden Plans an Order to Strengthen Cyberdefenses. Will It Be Enough?|language=en-US|work=The New York Times|url=https://www.nytimes.com/2021/05/09/us/politics/biden-cyberattack-response.html|access-date=2021-05-13|issn=0362-4331}}</ref><ref>{{Cite web|title=Biden Signs Cybersecurity Executive Order Following Colonial Pipeline Hack|url=https://www.npr.org/2021/05/12/996367760/biden-signs-cybersecurity-executive-order-following-colonial-pipeline-hack|access-date=2021-05-13|website=NPR.org|language=en}}</ref> Modeled after the [[National Transportation Safety Board]], it will meet in cases of significant cybersecurity incidents.<ref>{{Cite web|date=2021-05-13|title=The New Cyber Executive Order is a Good Start, But Needs a Supercharge from Congress|url=https://www.justsecurity.org/76154/the-new-cyber-executive-order-is-a-good-start-but-needs-a-supercharge-from-congress/|access-date=2021-05-14|website=Just Security|language=en-US}}</ref><ref>{{Cite web|last=Katz|first=Justin|date=May 13, 2021|title=Cyber EO lays a foundation for securing government|url=https://gcn.com/articles/2021/05/13/cybersecurity-eo.aspx|access-date=2021-05-14|website=GCN|language=en}}</ref> The board's creation was announced upon President [[Joe Biden]]'s signing of Executive Order 14028 on May 12, 2021.<ref>{{Cite web|date=2021-05-12|title=Executive Order on Improving the Nation's Cybersecurity|url=https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/|access-date=2021-05-13|website=The White House|language=en-US}}</ref><ref>{{Cite web|last=Macias|first=Kevin Breuninger,Amanda|date=2021-05-12|title=Biden signs executive order to strengthen U.S. cybersecurity defenses after Colonial Pipeline hack|url=https://www.cnbc.com/2021/05/12/biden-signs-executive-order-to-strengthen-cybersecurity-after-colonial-pipeline-hack.html|access-date=2021-05-13|website=CNBC|language=en}}</ref>


== Reports ==
The first report of the board was published 11 July 2022 and described [[Log4j]] and [[Log4shell]].<ref>{{Cite Q | Q113274848 }}</ref>
As of 2024, the CSRB has issued three substantive reports.

=== Review of the December 2021 Log4j Event ===
On July 11, 2022, the CSRB published its first report, reviewing the [[Log4Shell|Log4Shell vulnerability]] and associated incidents.<ref>{{Cite Q|Q113274848}}</ref>

=== Review of the Attacks Associated with Lapsus$ and Related Threat Groups ===
On July 24, 2023, the CSRB published a report reviewing the [[Lapsus$]] international hacker group.<ref>{{Cite web |date=2023-08-10 |title=Review Of The Attacks Associated with Lapsus$ And Related Threat Groups Report {{!}} CISA |url=https://www.cisa.gov/resources-tools/resources/review-attacks-associated-lapsus-and-related-threat-groups-report |access-date=2024-06-01 |website=www.cisa.gov |language=en |archive-date=2024-06-01 |archive-url=https://web.archive.org/web/20240601191102/https://www.cisa.gov/resources-tools/resources/review-attacks-associated-lapsus-and-related-threat-groups-report |url-status=live }}</ref>

=== Review of the Summer 2023 Microsoft Exchange Online Intrusion ===
On March 20, 2024, the CSRB published a report detailing how in May 2023, a cyber threat actor classified by [[Microsoft]] as STORM-0558 compromised the mailboxes of a broad range of victims in the United States and United Kingdom, including email accounts in the [[United States Department of State|U.S. Department of State]], [[United States Department of Commerce|U.S. Department of Commerce]], and [[United States House of Representatives|U.S. House of Representatives]].<ref name=":2">{{Cite web |date=2024-05-24 |title=Summer 2023 Review of the Microsoft Exchange Online Intrusion {{!}} CISA |url=https://www.cisa.gov/resources-tools/resources/summer-2023-review-microsoft-exchange-online-intrusion |access-date=2024-06-01 |website=www.cisa.gov |language=en |archive-date=2024-05-31 |archive-url=https://web.archive.org/web/20240531160523/https://www.cisa.gov/resources-tools/resources/summer-2023-review-microsoft-exchange-online-intrusion |url-status=live }}</ref> The CSRB reported that STORM-0558 was able to compromise Microsoft's corporate network using unknown means and steal a Microsoft Services Account (MSA) key, which STORM-0558 then used to sign forged [[Security token|authentication tokens]] granting it access to specific mail accounts.<ref name=":2" /> This malicious cyber activity was eventually detected by the U.S. Department of State, rather than by Microsoft itself.

The CSRB concluded that "Microsoft’s security culture was inadequate and requires an overhaul," noting that Microsoft "failed to detect the compromise of its cryptographic crown jewels on its own, relying instead of a customer."<ref name=":2" /> This report was widely covered by traditional media and cybersecurity trade press.<ref>{{Cite news |last1=Nakashima |first1=Ellen |last2=Menn |first2=Joseph |date=2024-04-02 |title=Microsoft faulted for 'cascade' of failures in Chinese hack |url=https://www.washingtonpost.com/national-security/2024/04/02/microsoft-cyber-china-hack-report/ |access-date=2024-06-01 |newspaper=Washington Post |language=en-US |issn=0190-8286 |archive-date=2024-05-18 |archive-url=https://web.archive.org/web/20240518120634/https://www.washingtonpost.com/national-security/2024/04/02/microsoft-cyber-china-hack-report/ |url-status=live }}</ref><ref>{{Cite web |last=eliasgroll |date=2024-04-03 |title=Cyber review board blames cascading Microsoft failures for Chinese hack |url=https://cyberscoop.com/microsoft-csrb-china-hacking/ |access-date=2024-06-01 |website=CyberScoop |language=en-US |archive-date=2024-06-01 |archive-url=https://web.archive.org/web/20240601191102/https://cyberscoop.com/microsoft-csrb-china-hacking/ |url-status=live }}</ref><ref>{{Cite web |last=Hendery |first=Simon |date=2024-04-03 |title=Review board slams Microsoft's lax security practices and culture |url=https://www.scmagazine.com/news/review-board-slams-microsofts-lax-security-practices-and-culture |access-date=2024-06-01 |website=SC Media |language=en |archive-date=2024-06-01 |archive-url=https://web.archive.org/web/20240601191103/https://www.scmagazine.com/news/review-board-slams-microsofts-lax-security-practices-and-culture |url-status=live }}</ref><ref>{{Cite web |date=2024-04-03 |title=U.S. Cyber Safety Review Board blames Microsoft for Chinese hack |url=https://www.cnbc.com/video/2024/04/03/u-s-cyber-safety-review-board-blames-microsoft-for-chinese-hack.html |access-date=2024-06-01 |website=CNBC |language=en |archive-date=2024-06-01 |archive-url=https://web.archive.org/web/20240601191102/https://www.cnbc.com/video/2024/04/03/u-s-cyber-safety-review-board-blames-microsoft-for-chinese-hack.html |url-status=live }}</ref>

Following the publication of the report, Microsoft CEO [[Satya Nadella|Satya Nadalla]] released a blog post acknowledging the CSRB's report and pledging to prioritize security in the future.<ref>{{Cite web |last=Blogs |first=Microsoft Corporate |date=2024-05-03 |title=Prioritizing security above all else |url=https://blogs.microsoft.com/blog/2024/05/03/prioritizing-security-above-all-else/ |access-date=2024-06-01 |website=The Official Microsoft Blog |language=en-US |archive-date=2024-06-01 |archive-url=https://web.archive.org/web/20240601133455/https://blogs.microsoft.com/blog/2024/05/03/prioritizing-security-above-all-else/ |url-status=live }}</ref>

== Current Composition ==
The CSRB is composed of 15 highly esteemed{{by whom|date=June 2024}} cybersecurity leaders from the federal government and the private sector:<ref name=":0" />

* '''[[Robert P. Silvers|Robert Silvers]]''', Under Secretary for Policy, [[United States Department of Homeland Security|Department of Homeland Security]] (Chair)
* '''[https://www.linkedin.com/in/argvee/ Heather Adkins]''', Vice President, Security Engineering, [[Google]] (Deputy Chair)
* '''[[Dmitri Alperovitch]]''', Co-Founder and Chairman, [https://silverado.org/ Silverado Policy Accelerator] and Co-Founder and former CTO of [[CrowdStrike]], Inc.
* [[Harry Coker|'''Harry Coker, Jr.''']], National Cyber Director, [[Office of the National Cyber Director]]
* '''Jerry Davis''', Founder, Gryphon X
* '''[https://www.linkedin.com/in/chris-derusha-6325805/ Chris DeRusha]''', Federal Chief Information Security Officer, [[Office of Management and Budget]]
* '''Eric Goldstein''', Executive Assistant Director for Cybersecurity, Cybersecurity and Infrastructure Security Agency
* '''Jamil Jaffer''', Venture Partner, Paladin Capital Group and Founder and Executive Director, National Security Institute, GMU Scalia Law School
* '''[[Rob Joyce]]''', Owner, Joyce Cyber LLC.
* '''[[Chris Krebs]]''', Chief Intelligence and Public Policy Officer, [[SentinelOne|Sentinel One]]
* '''David Luber''', Director, Cybersecurity Directorate, [[National Security Agency]]
* '''Marshall Miller''', Principal Associate Deputy Attorney General, [[United States Department of Justice|Department of Justice]]
* '''Katie Nickels''', Senior Director of Intelligence Operations, Red Canary
* '''[[John Sherman (intelligence)|John Sherman]]''', Chief Information Officer, [[United States Department of Defense|Department of Defense]]
* '''[https://www.linkedin.com/in/bryan-vorndran-43b3025/ Bryan Vorndran]''', Assistant Director, Cyber Division, [[Federal Bureau of Investigation]]

== Former Members ==
Private sector CSRB members serve for a term of two years, which may be renewed up to three times.<ref name=":1" /><ref>{{Cite web |date=2024-05-06 |title=DHS, CISA Announce Membership Changes to the Cyber Safety Review Board {{!}} CISA |url=https://www.cisa.gov/news-events/news/dhs-cisa-announce-membership-changes-cyber-safety-review-board |access-date=2024-06-01 |website=www.cisa.gov |language=en |archive-date=2024-06-01 |archive-url=https://web.archive.org/web/20240601191102/https://www.cisa.gov/news-events/news/dhs-cisa-announce-membership-changes-cyber-safety-review-board |url-status=live }}</ref>

* '''[[John C. Inglis|Chris Inglis]]''', National Cyber Director, [[Office of the National Cyber Director]]
* '''[[Katie Moussouris]]''', Founder and CEO, [https://www.lutasecurity.com/ Luta Security]
* '''[https://www.linkedin.com/in/davidmussington/ David Mussington]''', Executive Assistant Director for Infrastructure Security, [[Cybersecurity and Infrastructure Security Agency]]
* '''[https://www.linkedin.com/in/chrisjnovak/ Chris Novak]''', Co-Founder and Managing Director, [[Verizon Communications|Verizon]] Threat Research Advisory Center
* '''[https://www.linkedin.com/in/tony-sager-56371043/ Tony Sager]''', Senior Vice President and Chief Evangelist, [https://www.cisecurity.org/ Center for Internet Security]
* '''[[John Sherman (intelligence)|John Sherman]]''', Chief Information Officer, [[United States Department of Defense|Department of Defense]]
* '''[[Kemba Walden]]''', Assistant General Counsel, Digital Crimes Unit, [[Microsoft]]
* '''[https://www.linkedin.com/in/wendiwhitmore2/ Wendi Whitmore]''', Senior Vice President, Unit 42, [[Palo Alto Networks]]


== References ==
== References ==

Latest revision as of 14:11, 28 June 2024

The Cyber Safety Review Board (also called the CSRB) was established by United States Secretary of Homeland Security Alejandro Mayorkas on February 3, 2022.[1][2][3][4] Modeled after the National Transportation Safety Board, the Board reviews significant cybersecurity incidents and issues reports.[5][6] President Joe Biden directed the Board's creation through Section 5 of Executive Order 14028, issued on May 12, 2021.[7][8]

Overview[edit]

The Board reviews and assesses significant cyber incidents and provides findings and recommendations to the United States Secretary of Homeland Security. The Board’s construction is a unique and valuable collaboration of government and private sector members, and provides a direct path to the Secretary of Homeland Security and the President to ensure the recommendations are addressed and implemented, as appropriate.

Executive Order 14028 provides that the Board is composed of up to twenty members, chosen by the Director of the Cybersecurity and Infrastructure Security Agency.[9] Those members must include representatives from various federal agencies, as well as individuals employed by the private sector.[9] The CSRB lacks subpoena power and instead relies on voluntary cooperation from organizations with relevant information, though the Biden Administration has published a legislative proposal requesting that Congress grant the CSRB subpoena power.[10]

Reports[edit]

As of 2024, the CSRB has issued three substantive reports.

Review of the December 2021 Log4j Event[edit]

On July 11, 2022, the CSRB published its first report, reviewing the Log4Shell vulnerability and associated incidents.[11]

Review of the Attacks Associated with Lapsus$ and Related Threat Groups[edit]

On July 24, 2023, the CSRB published a report reviewing the Lapsus$ international hacker group.[12]

Review of the Summer 2023 Microsoft Exchange Online Intrusion[edit]

On March 20, 2024, the CSRB published a report detailing how in May 2023, a cyber threat actor classified by Microsoft as STORM-0558 compromised the mailboxes of a broad range of victims in the United States and United Kingdom, including email accounts in the U.S. Department of State, U.S. Department of Commerce, and U.S. House of Representatives.[13] The CSRB reported that STORM-0558 was able to compromise Microsoft's corporate network using unknown means and steal a Microsoft Services Account (MSA) key, which STORM-0558 then used to sign forged authentication tokens granting it access to specific mail accounts.[13] This malicious cyber activity was eventually detected by the U.S. Department of State, rather than by Microsoft itself.

The CSRB concluded that "Microsoft’s security culture was inadequate and requires an overhaul," noting that Microsoft "failed to detect the compromise of its cryptographic crown jewels on its own, relying instead of a customer."[13] This report was widely covered by traditional media and cybersecurity trade press.[14][15][16][17]

Following the publication of the report, Microsoft CEO Satya Nadalla released a blog post acknowledging the CSRB's report and pledging to prioritize security in the future.[18]

Current Composition[edit]

The CSRB is composed of 15 highly esteemed[by whom?] cybersecurity leaders from the federal government and the private sector:[3]

Former Members[edit]

Private sector CSRB members serve for a term of two years, which may be renewed up to three times.[9][19]

References[edit]

  1. ^ Sanger, David E.; Perlroth, Nicole; Barnes, Julian E. (2021-05-10). "Biden Plans an Order to Strengthen Cyberdefenses. Will It Be Enough?". The New York Times. ISSN 0362-4331. Archived from the original on 2021-10-16. Retrieved 2021-05-13.
  2. ^ "Biden Signs Cybersecurity Executive Order Following Colonial Pipeline Hack". NPR.org. Archived from the original on 2021-06-24. Retrieved 2021-05-13.
  3. ^ a b "Cyber Safety Review Board website". Archived from the original on 2022-07-21. Retrieved 2022-08-10.
  4. ^ "DHS Launches First-Ever Cyber Safety Review Board | Homeland Security". www.dhs.gov. Archived from the original on 2024-05-31. Retrieved 2024-06-01.
  5. ^ "The New Cyber Executive Order is a Good Start, But Needs a Supercharge from Congress". Just Security. 2021-05-13. Archived from the original on 2021-09-26. Retrieved 2021-05-14.
  6. ^ Katz, Justin (May 13, 2021). "Cyber EO lays a foundation for securing government". GCN. Archived from the original on 2021-05-14. Retrieved 2021-05-14.
  7. ^ "Executive Order on Improving the Nation's Cybersecurity". The White House. 2021-05-12. Archived from the original on 2021-05-15. Retrieved 2021-05-13.
  8. ^ Macias, Kevin Breuninger,Amanda (2021-05-12). "Biden signs executive order to strengthen U.S. cybersecurity defenses after Colonial Pipeline hack". CNBC. Archived from the original on 2021-10-19. Retrieved 2021-05-13.{{cite web}}: CS1 maint: multiple names: authors list (link)
  9. ^ a b c "Cyber Safety Review Board Charter | CISA". www.cisa.gov. 2023-09-21. Archived from the original on 2024-06-14. Retrieved 2024-06-01.
  10. ^ "Is the Cyber Safety Review Board working? Lawmakers consider tweaks to CSRB". federalnewsnetwork.com. 2024-01-18. Archived from the original on 2024-06-14. Retrieved 2024-06-01.
  11. ^ Cyber Safety Review Board (11 July 2022), Review of the December 2021 Log4j Event (PDF), Cybersecurity and Infrastructure Security Agency, Wikidata Q113274848
  12. ^ "Review Of The Attacks Associated with Lapsus$ And Related Threat Groups Report | CISA". www.cisa.gov. 2023-08-10. Archived from the original on 2024-06-01. Retrieved 2024-06-01.
  13. ^ a b c "Summer 2023 Review of the Microsoft Exchange Online Intrusion | CISA". www.cisa.gov. 2024-05-24. Archived from the original on 2024-05-31. Retrieved 2024-06-01.
  14. ^ Nakashima, Ellen; Menn, Joseph (2024-04-02). "Microsoft faulted for 'cascade' of failures in Chinese hack". Washington Post. ISSN 0190-8286. Archived from the original on 2024-05-18. Retrieved 2024-06-01.
  15. ^ eliasgroll (2024-04-03). "Cyber review board blames cascading Microsoft failures for Chinese hack". CyberScoop. Archived from the original on 2024-06-01. Retrieved 2024-06-01.
  16. ^ Hendery, Simon (2024-04-03). "Review board slams Microsoft's lax security practices and culture". SC Media. Archived from the original on 2024-06-01. Retrieved 2024-06-01.
  17. ^ "U.S. Cyber Safety Review Board blames Microsoft for Chinese hack". CNBC. 2024-04-03. Archived from the original on 2024-06-01. Retrieved 2024-06-01.
  18. ^ Blogs, Microsoft Corporate (2024-05-03). "Prioritizing security above all else". The Official Microsoft Blog. Archived from the original on 2024-06-01. Retrieved 2024-06-01.
  19. ^ "DHS, CISA Announce Membership Changes to the Cyber Safety Review Board | CISA". www.cisa.gov. 2024-05-06. Archived from the original on 2024-06-01. Retrieved 2024-06-01.


Stub icon

This United States government–related article is a stub. You can help Wikipedia by expanding it.

Retrieved from "https://en.wikipedia.org/w/index.php?title=Cyber_Safety_Review_Board&oldid=1231478312"