Using a barrage of Presidential Executive Orders, the Trump administration has dramatically altered the face of several critical federal government agencies, which could severely impact cybersecurity initiatives and homeland security safeguards in its first week in power.
In a controversial move, the Trump administration has dissolved the Cyber Safety Review Board (CSRB), a bipartisan initiative credited with pivotal cybersecurity advancements. Established in 2022 by the Biden administration under Executive Order 14028, the CSRB was designed to analyze major cyber incidents and provide recommendations to strengthen public and private sector defenses. Its abrupt termination, along with other DHS advisory committees, has raised alarms across the cybersecurity community.
Red Flag Warnings
Acting DHS Secretary Benjamine Huffman justified the decision in a memo, citing the need to "eliminate misuse of resources" and prioritize national security efforts. Yet, critics argue that the disbandment undermines progress in cybersecurity during escalating digital threats.
“This will affect the ability to learn from incidents as it will disrupt current investigations, leaving a big gap relative to learning,” warns Kasia Hanson, CEO and Founder of KFactor Global Security Advisory and the former Global Senior Director of Physical and Cybersecurity Ecosystems at Intel for more than two decades. “This leaves a huge gap in information sharing about learnings, reduces trust, and reduces CISA's specialized expertise. It also leaves big gaps relative to policy recommendations.”
The CSRB’s accomplishments underscored its importance. The board's inaugural report addressed the critical Log4Shell vulnerability, providing actionable mitigation strategies lauded by experts. Its investigation into the Microsoft Storm-0558 breach exposed systemic failures and pushed for improved accountability among tech giants. Similarly, its analysis of the LAPSUS$ cybercrime group offered practical defenses against evolving hacker tactics.
"Over the past 15 years, the U.S. government has been in a defensive cyber position guided by CISA and the aligned organizations DHS, NSA, NCIJ, and the Cyber Threat Intelligence Integration Center. Within the last three years, the CSRB was added to determine the effect of cyberattacks on U.S. private organizations such as Microsoft,” says Pierre Bourgeix, CEO Founder of ESI Convergent.
The CSRB’s latest undertaking—a probe into Salt Typhoon, a Chinese state-sponsored hacking group targeting U.S. telecommunications infrastructure—was abruptly halted. Experts believe the insights from this investigation could have been instrumental in mitigating future cyber threats.
According to Willy Leichter, the CMO for AppSOC, dismantling these expert boards will delay progress on key cybersecurity issues by years in the best case. In the worst case, it will be disastrous.
“The Trump/Musk administration seems to conflate disinformation (which they view as unfettered free speech) with cybersecurity. However, the impact of turning Twitter into an unregulated free-for-all is trivial compared to the effects of coordinated attacks on our financial, business, and critical infrastructure. We should expect any cyber leadership from the U.S. to disappear in the foreseeable future. This leaves it up to the private sector and independent organizations like OWASP to help keep us safe,” Leichter adds.
In an interview with SecureWorld News, a retired U.S. Air Force Colonel and military analyst Cedric Leighton warned of the potentially lethal impact of disbanding the CSRB, saying that with China conducting an extensive cyber campaign against our critical infrastructure, with the Salt Typhoon and Volt Typhoon operations targeting both commercial and military systems in highly advanced ways, the new administration's apparent inability to grasp the scale and implications of China's cyber espionage efforts reflects a profound misunderstanding of the serious threats facing the nation. Leighton fears this oversight could result in significant data breaches and severe consequences if tensions escalate into conflict between the two countries.
“Disbanding the CSRB is a short-sighted and reckless decision,” concludes Col. Leighton. “In dismantling such protections, we are leaving critical vulnerabilities exposed at a time when the nation cannot afford it.”
Adding to the uncertainty, the leadership of the Cybersecurity and Infrastructure Security Agency (CISA)—the nation’s primary cybersecurity agency—has been shaken by the departure of key officials, including Director Jen Easterly. CISA, often hailed as a linchpin in federal cybersecurity, is now scrutinized for its effectiveness amid budgetary challenges and evolving threats.
The dissolution of the CSRB has prompted calls for bipartisan action to restore or reimagine the board. Many argue that public-private collaboration is essential to addressing sophisticated cyber threats and safeguarding the nation’s digital infrastructure.
Many cybersecurity professionals suggest ensuring continuity in oversight and response mechanisms is paramount as cyberattacks grow in frequency and complexity. Without entities like the CSRB, the U.S. risks losing ground in the critical battle to protect its cyber landscape.
Others Look to the Private Sector for Answers
While the alarm has sounded regarding the U.S. cybersecurity vulnerabilities under the current and previous Trump administrations, some feel the group never gained traction and its influence was not as broad-based as it should have been.
“The CSRB was chartered in October 2022, so it was only around for a few years. During that time, they sponsored some investigations into threat groups (e.g., Lapsus$) and vulnerabilities (e.g., Log4j). However, based on publicly available information, it doesn't appear they performed any unique research that private threat intelligence organizations have also investigated,” points out John Cusimano, Vice President of OT Cybersecurity for Armexa. “Additionally, there are no indications that the CSRB had any particular focus on OT cybersecurity. I don't think the CSRB gained much traction in its short existence. Therefore, I don't believe disbanding it will be a significant setback for OT cybersecurity. On the other hand, we'll never know the valuable contributions they might have made.”
Cybersecurity experts like Evan Dornbush, a former NSA cybersecurity professional, view the CSRB's abrupt demise as collateral damage of political-administrative change.
“Dismissing the executive committees is ordinary during a change of presidential administration, and overreacting to the CSRB simply because it focuses on China is unproductive. China isn't going to change its behavior because of CSRB's operating status,” Dornbush says. “Critical infrastructure providers are still responsible for owning and operating their environments. Information sharing to aid monitoring, detection, and remediation is still happening.
Dornbush adds that it is too early to know if CSRB will be reconstituted, with different players, or swept away in overall shifts in resource allocation prioritization. “But remember, CSRB was not involved directly in remediation or international diplomacy. Its function is/was to analyze the attacks and assess the effectiveness of the victims' response actions. That data still exists and can continue to be studied if so desired,” he says.
Casey Ellis, Founder of Bugcrowd, a San Francisco, Calif.-based crowdsourced cybersecurity company, surmises that what’s happening at CSRB follows a similar pattern to previous administration changes and isn't a huge surprise.
“What will be interesting to see is how the issue of continuity of mission gets resolved. While administrations change, the vulnerabilities, risks, and threat actors taking advantage of them do not,” adds Ellis.
P3 Initiatives May Not Survive Trump
Public-private partnerships with the Cybersecurity and Infrastructure Security Agency (CISA) appear to be at risk due to several recent developments under the new administration. A significant factor is the disbandment of advisory committees such as the CSRB, which served as key mechanisms for collaboration between government and private sector cybersecurity experts, providing platforms for shared expertise, actionable recommendations, and mutual coordination on addressing major cybersecurity threats.
Additionally, the administration's focus on streamlining and centralizing operations within the Department of Homeland Security (DHS) has narrowed priorities, emphasizing direct national security measures over broader cooperative efforts. The termination of these advisory bodies signals a shift away from fostering external partnerships in favor of internally driven initiatives, which may limit opportunities for collaboration with private sector stakeholders.
Critics argue that this approach demonstrates a diminished appreciation for the value of public-private partnerships, particularly in the cybersecurity domain, where effective threat mitigation often relies on both sectors' collective resources, insights, and innovation. Without these partnerships, the government may face more significant challenges in addressing sophisticated and rapidly evolving cyber threats.
John Bambenek, President of Bambenek Consulting, concludes that while some previous commentary indicated a desire to continue public-private partnerships, it appears, at least as far as CISA is concerned, that will not happen.
“With the overwhelming majority of critical infrastructure being owned and operated by the private sector, it’s hard to see how national security can be managed without this outreach and engagement. I hope to hear more in the near future about what CISA plans to do to accomplish that in the future,” says Bambenek.
Kasia Hanson summed up the uncertainty by adding: “No alternatives have been recommended just yet. Many in the cyber circles are discussing what could happen, but whether an alternative has been brought to the table is unclear.”
