WASHINGTON—The Biden administration has formed a panel of senior administration officials and private-sector experts to investigate major national cybersecurity failures, and it will probe as its first case the recently discovered Log4j internet bug, officials said.

The new Cyber Safety Review Board is tasked with examining significant cybersecurity events that affect government, business and critical infrastructure. It will publish reports on security findings and recommendations, officials said. Details of the board will be announced Thursday.

The board, officials have said, is modeled loosely on the National Transportation Safety Board, which investigates and issues public reports on airplane crashes, train derailments and other transportation accidents. The new panel’s authority derives from an executive order that President Biden signed in May to improve federal cybersecurity defenses.

The cyber board isn’t an independent agency like the transportation board and will instead reside within the Department of Homeland Security. It will have 15 members—three times as many as the full complement of the transportation board—from government and the public sector who don’t need to be confirmed by the Senate. It lacks subpoena power, unlike the transportation board.

Homeland Security Secretary Alejandro Mayorkas said in an interview that the cyber board was intended to draw solutions to future problems from past cybersecurity crises, rather than casting blame where shortcomings are identified.

“It is not a regulatory authority, it is not a board that is searching for or focused upon accountability or fault,” Mr. Mayorkas said. “We are going to be looking at ourselves, we are going to be looking at one another, and that really underscores the purpose of this board—to not focus on fault.”

Rob Silvers, the undersecretary for policy at DHS and a lawyer with experience in cybersecurity issues, will chair the review board. Heather Adkins, senior director of security engineering at Alphabet Inc.’s Google, has been tapped as the vice chair.

Long lines formed at gas stations along the East Coast as drivers made a run on gasoline in the midst of fears of shortages related to the shutdown of the U.S.’s largest fuel pipeline following a cyberattack. Photo: Robin Rayne/ZUMA (May 2021 video)

Several government agencies, including the National Security Agency and other parts of DHS, have expansive cybersecurity missions that include protecting the federal government and assisting the private sector. Officials said the new board was necessary to combine the expertise of government officials and private-sector researchers to study high-profile cybersecurity episodes and share comprehensive findings with the public.

“This is something that has been missing from the ecosystem until now,” Mr. Silvers said of the Cyber Safety Review Board, which he said will draw personnel support and funding from the Cybersecurity and Infrastructure Security Agency, DHS’s cybersecurity wing.

Mr. Silvers said the board expects to finish by May its probe of the vulnerabilities related to the open-source software logging tool called Log4j. It is a free piece of code that logs activity in computer networks and applications, and officials have warned that it is likely one of the gravest cybersecurity vulnerabilities on record.

Researchers have said the Log4j flaw, publicly disclosed in December after its discovery by a Chinese security team, was particularly worrying because the free Java-based software is used in a range of products including security software, networking tools and videogame servers. The exact number of users of Log4j is probably impossible to know, but the software has been downloaded millions of times, according to the organization that builds it, Apache Software Foundation.

SHARE YOUR THOUGHTS

What should be the priorities of the cybersecurity review board? Join the conversation below.

Other members of the 15-person board include Rob Joyce, the top cybersecurity official at the National Security Agency; John Carlin, principal associate deputy attorney general; National Cyber Director Chris Inglis ; Dmitri Alperovitch, co-founder of the Washington-based Silverado Policy Accelerator think tank; and Katie Moussouris, a security researcher who pioneered bug-bounty programs as an incentive for reporting computer flaws. Kemba Walden, assistant general counsel for Microsoft Corp. , and Wendi Whitmore, senior vice president of Palo Alto Networks Inc.’s cyber threat team, are also on the board.

Democratic Sen. Mark Warner of Virginia, chairman of the Senate Intelligence Committee and co-chairman of the Senate cybersecurity caucus, had pushed for the creation of such a review board to probe major cybersecurity crises.

“It’s only a matter of when, not if, we face another widespread cyber breach that threatens our national security,” Mr. Warner said. “I was glad to see this NTSB-like function included in the president’s May 2021 executive order on cybersecurity, and this is a good first step to establishing such a capability.”

Write to Dustin Volz at [email protected]

Copyright ©2022 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8

This post first appeared on wsj.com

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

How to Have the Best Record Store Day

Vinyl records are everywhere now. What was once considered a niche hobby…

What the DNA of Ancient Humans Reveals About Pandemics

After Hunt’s unusual flight home, Shanidar Z made it safely to the…

Ariana Grande Fortnite event: When is Rift Tour concert and how to watch it

WANT to watch Ariana Grande’s virtual performance in Fortnite this week? The…

Ring Doorbell hikes its prices for millions of UK customers: Basic plan jumps by 42% to £49.99 – and furious users say it’s ‘outrageous’

It’s the go-to smart doorbell for millions of users around the world. …