Troy Edgar, President Donald Trump’s nominee to be deputy secretary at the Department of Homeland Security (DHS), told lawmakers today that he backs the administration’s decision to disband the Cyber Safety Review Board (CSRB), adding that the board will be reinstated “at the right time.”
DHS dismissed the members of the CSRB, along with all other members on advisory committees within the department, on the first day of the Trump administration.
The CSRB was created as a public-private initiative to bring together government and industry leaders to better understand significant cybersecurity events. The board has investigated root causes, mitigations, and responses, and it then issues recommendations based on its findings.
DHS’s Cybersecurity and Infrastructure Security Agency (CISA) was charged with managing, supporting, and funding the board.
The CSRB had been actively investigating Salt Typhoon’s recent hacks into commercial telecommunications infrastructure in the United States. The China-linked hacking group infiltrated infrastructure to target President Trump, Vice President JD Vance, and associates of former Vice President Kamala Harris.
Some lawmakers, including Sen. Mark Warner, D-Va., have referred to Salt Typhoon as “one of the biggest breaches potentially ever.”
During Edgar’s nomination hearing on Tuesday before the Senate Committee on Homeland Security and Governmental Affairs, Sen. Andy Kim, D-N.J., asked the nominee whether he thought disbanding the CSRB “was a good idea” amid the Salt Typhoon review.
Notably, Edgar is already serving at DHS as a senior advisor to the secretary.
“I didn’t make the decision to do it, but I think it was a great idea,” Edgar responded. “I think that CISA has overstepped its boundaries and authorities. I think it needs to be reeled in, and it starts with that steering committee. I think they need to be reconstituted.”
Sen. Kim further pressed Edgar on who is currently conducting the investigation into Salt Typhoon, to which the nominee replied “CISA.”
“At this point, that review board will be reconstituted at the right time, but as an organization that continues with its priorities,” Edgar said.
“Well, if it’s going to be reconstituted, why was it decommissioned? At least, why were the members [dismissed]?” the senator asked.
“It was decommissioned because it was going in the wrong direction. It starts with the leadership there,” Edgar replied.
The CSRB is composed of up to 20 members, who are appointed by the director of CISA. The members include private and public sector experts, whose appointments are “made without regard to political affiliation,” according to the board’s charter.
The advisory board was established under President Joe Biden’s 2021 cybersecurity executive order, meaning all of the previous members were appointed by former CISA Director Jen Easterly.
Cyber experts have previously testified before Congress to call for more transparency around how people are appointed to the CSRB. Additionally, the experts said that while private sector members have a lot to add to the board, there should be a clear “process for recusal” when necessary.
Aside from the CSRB’s paused investigation into Salt Typhoon, the board has conducted three reviews.
The CSRB’s first review focused on vulnerabilities discovered in late 2021 in the widely used Log4j open-source software library. Its second review examined the 2021 to 2022 attacks associated with Lapsus$, a global extortion-focused hacker group.
The CSRB’s third and most recent review analyzed the summer 2023 Microsoft Exchange Online intrusion, attributing the success of the China-based hack to “a cascade of security failures at Microsoft” and an “inadequate” security culture at the company.
