WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence, joined by U.S. Sens. Ron Wyden (D-OR), a member of the Senate Select Committee on Intelligence, and Richard Blumenthal (D-CT) and Elissa Slotkin (D-MI), both members of the Senate Committee on Homeland Security & Governmental Affairs, wrote to Department of Homeland Security Secretary Kristi Noem urging her to reestablish the Cyber Safety Review Board (CSRB) after the Trump administration dismissed members earlier this year.

The CSRB, established in 2022 under President Biden, convenes cybersecurity experts from across multiple government agencies and the private sector to investigate serious cybersecurity breaches and make recommendations for businesses, government agencies, and individuals to better protect themselves. In January of this year, the board was disbanded.

The senators wrote, “The CSRB played a vital role in U.S. national security carrying out post-incident reviews and providing information and making recommendations to improve public and private sector cyber security. Therefore, we urge you to swiftly reconstitute the Board with qualified leaders to shape our nation’s cyber response.”

In their letter, the senators highlighted the key work that CSRB has done to investigate some of the most serious cyber incidents our country has faced, including Salt Typhoon, a breach believed to be perpetrated by the People’s Republic of China (PRC) that compromised U.S. and global telecommunications infrastructure.

“Against the backdrop of repeated insistence by this Administration on the need to leverage private sector and external expertise in government, the decision to dismantle this successful collaboration between the federal government and the private sector is particularly confounding,” the senators continued. “The CSRB has spearheaded crucial fact-finding efforts following cyber incidents, and developed recommendations and reports reflecting lessons learned following some of the most serious cyber incidents of the past few years, such as the Microsoft Exchange Online intrusion, the SolarWinds hack, and most recently (until the CSRB’s dissolution) the Salt Typhoon campaign against U.S telecommunications infrastructure.”

The senators concluded, “As we have said before, inadequate cyber security practices put our economy, our national security and even lives at risk. The January dismissal of CSRB members, and continued uncertainty about the future role of the Board, has undermined cyber defense preparations for public and private entities across the United States. In this age of great innovation, we cannot afford to see our private or public systems compromised by malicious actors. You have had more than four months to reestablish this Board to conduct this critical work – DHS leadership and CISA must work together to immediately reinstate the Board as a crucial part of America’s cyber defense infrastructure.”

A copy of letter is available here and text is below.

Dear Secretary Noem:

We write to you today with regard to the need to act to reestablish the Cyber Safety Review Board (“CSRB” or “Board”). As members of the Senate Select Committee on Intelligence or the Senate Committee on Homeland Security and Governmental Affairs, we extremely concerned with ensuring that America’s intelligence community, law enforcement agencies, state and local governments, and businesses have access to the best tools and resources to prepare for, and protect themselves against, ongoing cyber threats facing our nation. The CSRB played a vital role in U.S. national security carrying out post-incident reviews and providing information and making recommendations to improve public and private sector cyber security. Therefore, we urge you to swiftly reconstitute the Board with qualified leaders to shape our nation’s cyber response.

As chartered, the CSRB is composed of 20 standing members, with additional members appointed on a case-by-case basis for the purpose of specific investigations. All members bring expertise from both the public and private sector, and are to be selected on the basis of significant professional and technical expertise and regardless of political affiliation. This structure serves to create a body with a deep well of cyber security capabilities and knowledge that can conduct thorough reviews of cyber incidents and provide trusted, fact-based recommendations on how businesses, individuals, and agencies across all layers of government can better protect themselves.

When building cyber security capabilities, the software and IT ecosystem benefits tremendously from transparent, accessible, and rigorous research and forensics. Against the backdrop of repeated insistence by this Administration on the need to leverage private sector and external expertise in government, the decision to dismantle this successful collaboration between the federal government and the private sector is particularly confounding.

The CSRB has spearheaded crucial fact-finding efforts following cyber incidents, and developed recommendations and reports reflecting lessons learned following some of the most serious cyber incidents of the past few years, such as the Microsoft Exchange Online intrusion, the SolarWinds hack, and most recently (until the CSRB’s dissolution) the Salt Typhoon campaign against U.S telecommunications infrastructure.  

These comprehensive and incredibly fact-intensive investigations have provided invaluable transparency and lessons for the wider software and IT sectors. For instance, the CSRB’s review of the 2023 Microsoft cyber incident, recently cited by Director of National Intelligence Tulsi Gabbard when presenting the Annual Threat Assessment at the March 25, 2025 SSCI open hearing, identified several operational and strategic lapses that contributed to this intrusion, with recommendations around authentication, logging, and public communication around security incidents that benefited the entire ecosystem.

As we have noted, the CSRB had been actively investigating potentially the most expansive and impactful cyber security breach in U.S. history: the unprecedented compromises of U.S. and global telecommunications infrastructure by threat actors associated with the People’s Republic of China, widely referred to as “Salt Typhoon.” However, the CSRB’s investigation into the Salt Typhoon compromises of U.S. telecommunication firms, launched in 2024, was effectively terminated on January 20, 2025 and is depriving the public of a fuller accounting of the origin, scope, scale, and severity of these compromises. It is essential that the U.S. develop a complete and thorough understanding of the factors that contributed to the success of these intrusions – including clear root-cause analyses of each successful penetration – and present key recommendations for the telecommunications sector to better protect itself against similarly complex and large-scale compromises by future threat actors.

As we have said before, inadequate cyber security practices put our economy, our national security and even lives at risk. The January dismissal of CSRB members, and continued uncertainty about the future role of the Board, has undermined cyber defense preparations for public and private entities across the United States. In this age of great innovation, we cannot afford to see our private or public systems compromised by malicious actors. You have had more than four months to reestablish this Board to conduct this critical work – DHS leadership and CISA must work together to immediately reinstate the Board as a crucial part of America’s cyber defense infrastructure.

Thank you in advance for your prompt attention to this important issue. It is our hope that we can work together to continue developing a robust cyber security infrastructure that protects all Americans.

Sincerely,

###