Trump disbands Cyber Safety Review Board

Experts concerned about investigation into Salt Typhoon attack

Image:

US Department of Homeland Security has dismissed all members of advisory committees

The US Department of Homeland Security has dismissed all members of advisory committees, including the Cyber Safety Review Board. The board had been investigating the Salt Typhoon cyberattack on US telecoms infrastructure.

The Cyber Safety Review Board (CSRB) which was created by the Biden administration in 2022 to investigate major cybersecurity incidents has been cut as part of the Department of Homeland Security (DHS) wide push to cut costs, according to three people familiar with the matter.

An internal Jan. 20 memo from DHS Acting Secretary Benjamine Huffman said:

“In alignment with the Department of Homeland Security's (DHS) commitment to eliminating the misuse of resources and ensuring that DHS activities prioritize our national security, I am directing the termination of all current memberships on advisory committees within DHS, effective immediately...Future committee activities will be focused solely on advancing our critical mission to protect the homeland and support DHS's strategic priorities. To outgoing advisory board members, you are welcome to reapply, thank you for your service."

The CSRB was a mix of both private sector and government cybersecurity experts. Companies represented included SentinelOne and Crowdstrike.

The impact of the terminations is worrying cybersecurity experts because it will delay, or possibly end entirely, the investigation into the Salt Typhoon hacks. The hacks were uncovered last year, and the investigation had already established that he attacks were far more extensive than first thought, with as many as nine telecoms providers targeted.

Salt Typhoon also targeted the communications of high-profile political individuals, including people attached to President Trump and Vice President Vance.

One member of the CSRB was quoted in TechCrunch as follows:

“Shutting down all DHS advisory boards without consideration of the impact was horribly shortsighted. Stopping the CSRB review when China has ongoing cyberattacks into our critical infrastructure is a dangerous blunder. We need to learn from Salt Typhoon and protect ourselves better. The fact this isn’t a priority for Trump is telling.”

“You can’t stop what you don’t understand and the CSRB was arming us with understanding,” the person added.

The anonymous individual is not alone in their concern.

Daniel Cuthbert, a security researcher and co-chair of the UK government’s Cyber Security Advisory Board, said in a post on X ( formerly Twitter) that:

“[It’s] disappointing that the CSRB was disbanded, especially given their work looking into Salt Typhoon. That report would have been vitally important for not just the US but many others.”

US Senator Ron Wyden (D-Ore.) was quoted by Reuters as saying that "disbanding the Cyber Safety Review Board while it's in the middle of investigating the most damaging breach of America's phone system in recent memory is a massive gift to the Chinese spies who targeted Trump, JD Vance and other top political figures.

However, figures closer to the new administration stated that the disbanding of the CSRB is business as usual.

“This is common with any new administration. It happened in the past, and it will happen again in the future,” said Brian Harrell, a former DHS cybersecurity official in Trump’s first term. “The Trump administration is looking to safeguard the country and mitigate risks rapidly, and this requires ideological synergies."