Full Report
Troy Edgar told lawmakers that the Cyber Safety Review Board, which was investigating the Salt Typhoon hack, was “going in the wrong direction.” The post Purging cyber review board was ‘a great idea,’ DHS deputy secretary nominee says appeared first on CyberScoop.
Analysis Summary
# Industry News: DHS Nominee Endorses Dissolution of Cyber Safety Review Board
## Summary
Troy Edgar, the nominee for Deputy Secretary of Homeland Security, publicly endorsed the recent decision by the Trump administration to dismiss all members of the independent Cyber Safety Review Board (CSRB) while it was investigating the significant Salt Typhoon telecommunications breach. Edgar justified the purge by stating the board was "going in the wrong direction" due to previous leadership, indicating a strategic shift in how high-level cyber incident reviews will be managed under the new administration. The investigation into Salt Typhoon has now been transferred to CISA.
## Key Details
- Date: February 25, 2025 (Testimony date)
- Companies Involved: Department of Homeland Security (DHS), Cybersecurity and Infrastructure Security Agency (CISA), Cyber Safety Review Board (CSRB)
- Category: Government Policy/Restructuring
## The Story
During his confirmation hearing before the Senate Homeland Security and Governmental Affairs Committee, DHS Deputy Secretary nominee Troy Edgar confirmed his support for the abrupt dissolution of the CSRB, which was mandated under a prior Executive Order but established as an independent advisory body. The dismissal occurred while the board was actively investigating the massive, ongoing cyber intrusion attributed to the Chinese-linked group, Salt Typhoon, targeting U.S. and global telecommunications infrastructure. Edgar stated that the decision was made because the board's previous structure and leadership were flawed, deeming the purge a "great idea." Consequently, the investigation into Salt Typhoon has been reassigned to CISA, though the FBI's separate investigation into the persistent threat actor's activities continues.
## Business Impact
### For the Companies Involved
- **DHS/CISA:** The administration gains immediate control over sensitive incident reviews, aligning investigative oversight directly under executive branch operational control, minimizing potential external or independent critique of federal response efforts.
- **CSRB Members:** Complete loss of the mandated advisory and review function, signaling instability for formerly independent federal oversight mechanisms.
### For Competitors
- **Consulting/Advisory Firms:** May see increased demand for independent, non-government affiliated incident review and remediation services, as guaranteed government objectivity is now viewed as less certain.
### For Customers
- **Telecommunications Providers (Affected by Salt Typhoon):** The move could cause initial uncertainty regarding the continuity and focus of internal government review efforts, potentially slowing down the consolidated understanding of the full scope of the breach across federal agencies.
### For the Market
- **Federal Cybersecurity Oversight Market:** Signals a significant shift in governance philosophy from independent, multi-stakeholder review (as established under the Biden administration's EO) toward centralized, administration-controlled oversight, which could impact future federal contracts related to incident response reviews.
## Technical Implications
The technical depth of the Salt Typhoon investigation will now rely on CISA's internal steering committee structure, rather than the CSRB's mix of federal and private-sector experts. This may shift the balance of expertise guiding future reporting and recommendations derived from major national incidents.
## Strategic Analysis
- **Market Positioning:** The administration is visibly consolidating power and ensuring that cybersecurity response and review aligns strictly with its current policy direction, prioritizing executive control over mandated independent evaluation.
- **Competitive Advantage:** For the current administration, dissolving the perceived "wrong direction" allows for the immediate application of their preferred strategic framework to critical investigations like Salt Typhoon, bypassing potential friction with the previous board's recommendations or structure.
- **Challenges:** Disbanding a bipartisan/multi-sector board during a major ongoing incident risks criticism regarding transparency and potential loss of expertise not housed within CISA, potentially damaging public trust in the government's unbiased assessment capabilities.
## Industry Reactions
- **Analyst Opinions:** The move is viewed as a decisive, partisan reshaping of federal cybersecurity governance, moving away from the multi-stakeholder consensus approach favored by the previous administration.
- **Expert Commentary:** There is concern that removing independent oversight bodies during a major breach investigation could hinder crucial lessons learned and hinder the necessary friction required for robust security recommendations.
- **Market Response:** Initial market reaction suggests increased scrutiny on CISA's subsequent investigative output regarding Salt Typhoon to gauge the effectiveness of the centralized approach.
## Future Outlook
- **Predictions and Expectations:** Expect the newly reconstituted CISA steering committee to produce findings or recommendations that align closely with the current administration's stated security priorities, potentially moving away from broader statutory mandates.
- **What to watch for:** Key indicators will be the structure and composition of the "reconstituted" CISA steering committee and how swiftly and comprehensively they address the ongoing Salt Typhoon exploitation.
## For Security Professionals
Cybersecurity practitioners, particularly those in the telecom sector supporting federal critical infrastructure, must be prepared for communication and compliance structures dictated by the newly streamlined CISA review process. Expertise previously shared through the CSRB may now need to be funneled directly through CISA channels, emphasizing the need to maintain strong relationships with the agency's operational leadership.