Skip to main content
close search
site logo
Dive Brief

Log4j was the right incident for inaugural review, safety board says

The Cyber Safety Review Board worked with 80 different global stakeholders to better understand the Log4j incident — and its downstream potential.

Published Aug. 11, 2022
David Jones's headshot
Reporter
close up programmer man hand typing on keyboard laptop for register data system or access password at dark operation room , cyber security concept - stock photo
Chainarong Prasertthai via Getty Images
This audio is auto-generated. Please let us know if you have feedback.

Dive Brief:

  • Two leading members of the Cyber Safety Review Board, speaking at the Black Hat USA conference in Las Vegas Wednesday, praised the inaugural investigation of the Log4j vulnerability.
  • Robert Silvers, CSRB chair and under secretary for strategy, policy and plans at the Department of Homeland Security, said Log4j was the right incident for the board’s first investigation in February. It was a fresh event that was disclosed in December 2021 and has major implications for a number of stakeholders, particularly the open source community. 
  • The board got widespread cooperation from about 80 different stakeholders across the world, including input from multiple foreign governments, ranging from traditional western allies as well as participation from government officials in the People’s Republic of China. Silvers called the overall level of public-private participation with the review as “remarkable.”

Dive Insight:

DHS created the CSRB in February, as part of a larger plan by the Biden administration to strengthen the nation’s cybersecurity infrastructure and defend against a wave of high-profile cyberattacks. Major incidents include the 2020 SolarWinds supply chain attack and the May 2021 ransomware attack against Colonial Pipeline. 

The 15-member board was designed, in part, based on how aviation and rail accidents are reviewed in the U.S. In such cases, safety experts investigate commercial airline and train crashes in order to find the cause of those accidents and recommend steps to prevent future incidents.  

The report, released in July, called Log4j an “endemic vulnerability” that was exploited at lower levels than initially feared, but would have lingering impacts well into the future. 

Heather Adkins, deputy CSRB chair and vice president of security engineering at Google, agreed the Log4j vulnerability was the right incident for the board to review as part of its initial investigation. 

“I think Log4j is probably one of the most impactful events I can remember in terms of cybersecurity,” Adkins said at Black Hat.

Filed Under: Vulnerability

Editors' picks

Company Announcements

View all | Post a press release
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
Mystic Valley Elder Services Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
CUSO Financial Services, LP Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
Editors' picks
Latest in Vulnerability
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell