The US regulators will perform a review of the recent intrusion of government email systems provided by Microsoft, whose handling of the cyber security breach drew scrutiny from federal lawmakers.
Secretary of Homeland Security, Alejandro N. Mayorkas, announced late on Friday that the Cyber Safety Review Board (CSRB) will conduct its next review on the malicious targeting of cloud computing environments.
“The review will focus on approaches government, industry, and Cloud Service Providers (CSPs) should employ to strengthen identity management and authentication in the cloud,” said the Department of Homeland Security (DHS).
The CSRB will assess the recent Microsoft Exchange Online intrusion, initially reported in July 2023, and conduct a broader review of issues relating to cloud-based identity and authentication infrastructure affecting applicable CSPs and their customers.
The Board will develop actionable recommendations that will advance cybersecurity practices for both cloud computing customers and CSPs themselves.
Once concluded, the report will be transmitted to President Joe Biden.
Mayorkas said that “Cloud security is the backbone of some of our most critical systems, from our e-commerce platforms to our communication tools to our critical infrastructure”.
“In its reviews of the Log4j vulnerabilities and activities associated with Lapsus$, the CSRB has proven itself to be ready to tackle and examine critical and timely issues like this one. Actionable recommendations from the CSRB will help all organisations better secure their data and further cyber resilience,” the Secretary emphasised.
The CSRB’s first review focused on vulnerabilities discovered in late 2021 in the widely used Log4j open-source software library.
Its second review examined the recent attacks associated with Lapsus$, a global extortion-focused hacker group.
The board found that Lapsus$ leveraged simple techniques to evade industry-standard security tools that are a lynchpin of many corporate cybersecurity programmes.
“The Cyber Safety Review Board is designed to assess significant incidents and ecosystem vulnerabilities and make recommendations based on the lessons learned. To do this work, we bring together the best expertise from industry and government. The Board will undertake a thorough review,” said Rob Silvers, CSRB Chair and DHS Under Secretary for Policy.
