Last week, President Trump ordered the elimination of all DHS advisory committees, including the Cyber Safety Review Board (CSRB).
The CSRB was leading the ongoing investigation on Salt Typhoon, an unprecedented infiltration of U.S. telecom systems by Chinese hackers. The timing of this decision is particularly concerning given the CSRB's critical role in investigating Salt Typhoon, now characterized as "the worst cyber intrusion in our nation's history" by Trump’s newly appointed FCC Chair Brendan Carr.
As a result of the President’s sweeping motion, there is no clarity on the status of this crucial investigative process.
An Institutional Vacuum
The CSRB's dismissal, if not supplemented with additional resources soon, will create a void in the framework established to investigate and prevent future incidents like Salt Typhoon. Created under the Biden administration, the board brought together cybersecurity leaders including former CISA director Chris Krebs, CrowdStrike co-founder Dmitri Alperovitch, and U.S. security advisor Rob Joyce.
While committee members have been told they can "reapply," cybersecurity experts warn that reconstituting the team would essentially mean starting over, with sources close to the investigation noting, "unless they bring original members back, they'd probably have to start from scratch" — disrupting the ongoing investigation at a crucial stage.
What’s at Stake?
It remains to be seen whether or not this case will be picked up by another authority, but one thing is for sure: Abandoning the Salt Typhoon investigation creates significant national security risks. A failure to thoroughly investigate the threat will leave important questions unanswered about the full extent of the intrusion and potential ongoing vulnerabilities. Without comprehensive analysis, the U.S. remains exposed to similar sophisticated cyber campaigns, and discontinuing thorough investigations signals to potential adversaries that there are minimal consequences for cyber intrusions.
The Salt Typhoon investigation stands to provide critical learnings:
- Exactly which sophisticated methods were used by foreign actors to infiltrate telecommunications infrastructure
- Remaining vulnerabilities in our current cybersecurity frameworks
- How we can most effectively respond to similar threats in the future, in the interest of national security
Make no mistake, this was an act of cyber warfare. China is consistently targeting American entities, both public and private, including our critical infrastructure. This issue is not going away and we cannot afford to fall further behind.
Senator Ron Wyden views the disbanding the of the CSRB as “a white flag to Chinese hackers." The loss of what Sonatype CEO Brian Fox calls a critical "security blanket" removes not just an investigative body, but a guiding voice for the private sector's cybersecurity workforce. Without these dedicated resources, sophisticated state-backed threat actors could have a much easier path into the networks of American organizations.
What’s Next?
While political administrations may change, our national cybersecurity challenges remain unwavering, and our proactive measures should be, too. China's ongoing cyber campaigns underscore the need for persistent, non-partisan approaches to digital defense. Whether it be the FBI, CISA, or another DHS entity, another federal agency must pick up where the CSRB left off and determine the how behind the single biggest breach in U.S. history.
It is up to policymakers, cybersecurity professionals, and technology leaders to ensure that cyber investigations are not forgotten or left by the wayside. Our national security depends on our ability to learn, adapt, and respond to emerging digital threats.
The work of understanding and mitigating these risks must continue, regardless of organizational changes or political transitions.
/headshot2.jpeg)
