The Department of Homeland Security (DHS) has dissolved the current memberships of all its advisory committees, casting doubt on the future of the Cyber Safety Review Board (CSRB) and its ongoing investigations.
The directive, issued by Acting DHS Secretary Benjamin Huffman, mandates the immediate cessation of all existing advisory committee memberships as part of a broader effort to reallocate resources and focus on national security concerns. This move has particularly significant implications for the CSRB, established in 2022 under the Biden administration to enhance cyber safety protocols.
Recently, the CSRB initiated a probe into the breaches of nine U.S. telecom companies by Salt Typhoon, a hacking group believed to be supported by the People’s Republic of China. The investigation aims to uncover vulnerabilities and prevent future incidents, but its continuation under the new DHS directive remains uncertain.
Annie Fixler, director of the Center on Cyber and Technology Innovation at the Foundation for Defense of Democracies, noted that while changes in committee memberships are common with administration shifts, the timing is critical. "The investigation into the Salt Typhoon's attacks is crucial for understanding and mitigating cyber threats effectively," she stated.
Concerns have also been voiced by Bennie Thompson, the ranking member of the House Committee on Homeland Security. In a recent hearing, Thompson criticized what he perceives as an attempt by the administration to populate the CSRB with allies, potentially hindering the board's crucial work on the Salt Typhoon case.
Moreover, Chris Krebs, a former member of the CSRB who was dismissed by former President Trump for defending the integrity of the 2020 election results, resigned just days before the DHS memo was released. The CSRB had previously issued a critical report in early 2024 on state-sponsored hacks of Microsoft Exchange Online, accusing Microsoft of cybersecurity negligence driven by commercial priorities.