Dem Senators Pen Stern Letter Urging Noem To Reinstate Cyber Review Board

A group of Democratic senators has urged Homeland Security Secretary Kristi Noem to reestablish the Cyber Safety Review Board (CSRB), which had been investigating how China's Salt Typhoon hacked US government and telecommunications networks.

President Donald Trump, on his first day in office, axed the review board's members, along with all those on all advisory committees that report to the Department of Homeland Security.

"The CSRB played a vital role in US national security carrying out post-incident reviews and providing information and making recommendations to improve public and private sector cyber security," wrote Senators Mark Warner (D-VA), Richard Blumenthal (D-CT), Elissa Slotkin (D-MI), and Ron Wyden (D-OR) in a letter sent to Noem. "Therefore, we urge you to swiftly reconstitute the Board with qualified leaders to shape our nation's cyber response."

All four of the senators are members of the Senate Select Committee on Intelligence (Warner and Wyden) or the Senate Committee on Homeland Security and Governmental Affairs (Blumenthal and Slotkin).

DHS established the CSRB in 2022 under then-president Joe Biden, and tasked it with investigating major cybersecurity incidents.

In addition to investigating the Salt Typhoon intrusions into American telecommunications and government networks, the board previously issued a blistering report that held Microsoft responsible for a "cascade" of avoidable security failures that allowed Chinese spies to break into senior US officials' email accounts.

Prior to its dissolution, the board members — a mix of government and private cybersecurity experts — included former National Cyber Director Chris Inglis, former National Security Agency director of cybersecurity Rob Joyce, Google security engineering VP Heather Adkins, and former SentinelOne chief intelligence and public policy officer Chris Krebs.

Trump famously fired Krebs via tweet after the then-CISA boss disputed Trump's false claims of election interference in the 2020 presidential race. Krebs resigned from the CSRB just days before the second Trump administration disbanded the review board, and also left his role at SentinelOne shortly after the president targeted Krebs in an executive order and revoked his security clearance, vowing to give the fight against Trump his "complete focus and energy."

Disbanding the CSRB, according to many infosec pros and policymakers, appeared politically motivated — and was certainly bad for national security — especially as the group conducted its probe into the Salt Typhoon hacks.

• Trump 'waved a white flag to Chinese hackers' as Homeland Security axed cyber advisory boards
• Homeland Security boss says CISA has gone off the rails, vows to set it right
• Why is China deep in US networks? 'They're preparing for war,' HR McMaster tells lawmakers
• Trump admin's purge of US cyber advisory boards was 'foolish,' says ex-Navy admiral

"No one was kicked off the NTSB, the National Transportation Safety Board, in the middle of investigating a flight that crashed here, or a flight that crashed there," retired US Navy Rear Admiral Mark Montgomery told The Register at the time.

"CSRB is, in practice, like the NTSB," he said in January. "To cancel it was a foolish thing to do, when they're investigating Salt Typhoon, the Chinese espionage penetration of our telecommunications and ISP networks. This was absolutely the wrong time to shut that down."

"Within his first two days in office, Donald Trump has already waved a white flag to Chinese hackers," Wyden told The Register in January about the move to gut cybersecurity advisory boards.

In a letter sent to Noem on Friday, the four senators made the same argument, and said terminating the CSRB's investigation into the Chinese spies' network breaches deprives "the public of a fuller accounting of the origin, scope, scale, and severity of these compromises."

The letter continued:

Noem herself made the same point during her keynote address at this year's annual RSAC security conference in San Francisco.

Referring to the Salt Typhoon and Volt Typhoon intrusions, Noem told the audience that, "One of the things that had alarmed me … was that we don't necessarily know exactly how it happened, and we don't know how to prevent it in the future."

She added that her "goal is to make sure that we are able to have more of those answers," along with tools to "stop and prevent those kinds of invasions into our country."

When asked if Noem plans to reestablish the review board, a senior DHS official told The Register, "DHS is focused on getting CISA back on-mission of being a cybersecurity agency that will protect critical infrastructure. DHS responds to official correspondence through official channels." ®