DHS to conduct cyber safety review of cloud security

Through the Cyber Safety Review Board (CSRB), the United States Department of Homeland Security (DHS) intends to review the targeting of cloud computing, providing recommendations for security among government, industry, and Cloud Service Providers (CSPs).

“Organizations of all kinds are increasingly reliant on cloud computing to deliver services to the American people, which makes it imperative that we understand the vulnerabilities of that technology,” Secretary of Homeland Security Alejandro Mayorkas said. “Cloud security is the backbone of some of our most critical systems, from our e-commerce platforms to our communication tools to our critical infrastructure. In its reviews of the Log4j vulnerabilities and activities associated with Lapsus$, the CSRB has proven itself to be ready to tackle and examine critical and timely issues like this one. Actionable recommendations from the CSRB will help all organizations better secure their data and further cyber resilience.”

This will be the third CSRB review, and as part of it, the group will analyze the July Microsoft Exchange Online Intrusion. Actionable recommendations will be the goal and follow similar reviews and suggestions on Log4j vulnerabilities and the hacker group Lapsus$.

“We must as a country acknowledge the increasing criticality of cloud infrastructure in our daily lives and identify the best ways to secure that infrastructure and the many businesses and consumers that rely on it,” said Rob Silvers, CSRB chair and DHS Under Secretary for Policy. “The Cyber Safety Review Board is designed to assess significant incidents and ecosystem vulnerabilities and make recommendations based on the lessons learned. To do this work, we bring together the best expertise from industry and government. The Board will undertake a thorough review.”

These reviews and recommendations will not be regarded as law or enforceable. The Board is neither a regulator nor enforcer, merely an advisor, so it will identify relevant lessons learned and seek to inform future improvements in a report to President Joe Biden, Mayorkas, and Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly.