The Cyber Safety Review Board: Studying Incidents to Drive Systemic Change

The conference presentation discusses the findings and recommendations of the Cybersecurity and Infrastructure Security Agency (CISA) review of the Log4j vulnerability incident. The presentation highlights the importance of information flow and collaboration in addressing cybersecurity threats and emphasizes the need for software to support safety by default.

• Cyber Twitter was the center of the universe for information flow during the Log4j vulnerability incident
• CISA played a valuable role in collecting and disseminating authoritative information on remediation and mitigation
• CISA worked with security researchers to build a GitHub repo with an inventory of all software products known to have Log4j
• The report's recommendations include the need for software to support safety by default
• The report also emphasizes the importance of cybersecurity hygiene and asset management
• The final section of the report focuses on the future of software and the need for more automated and self-defending software

During the Log4j vulnerability incident, Cyber Twitter was the primary source of real-time information flow, but it was also overwhelming and ephemeral. CISA played a crucial role in collecting and disseminating authoritative information on remediation and mitigation. CISA also worked with security researchers to build a GitHub repo with an inventory of all software products known to have Log4j, which was a highly innovative solution to a challenging problem.

Join Rob Silvers (DHS Undersecretary for Policy and Chair of the Cyber Safety Review Board) and Heather Adkins (Deputy Chair and Vice President, Security Engineering, Google) for a discussion about the Cyber Safety Review Board’s inaugural review of the Log4j vulnerability. Rob and Heather will talk about key report findings, how industry and government can implement the recommendations, and how the Board is changing the cyber ecosystem.