Senators call on Trump admin to reinstate cyber review board for Salt Typhoon investigation

Several Senate Democrats penned a letter to Homeland Security Secretary Kristi Noem on Thursday asking her to reestablish the Cyber Safety Review Board (CSRB) after the Trump administration dismissed its members earlier this year. 

When the CSRB was disbanded, it was in the middle of an investigation into the Salt Typhoon hacks involving Chinese-linked attackers penetrating the networks of at least nine major U.S. telecommunications companies. 

The senators — Mark Warner (D-VA), Ron Wyden (D-OR), Richard Blumenthal (D-CT) and Elissa Slotkin (D-MI) — said the board’s dismissal is “depriving the public of a fuller accounting of the origin, scope, scale, and severity of” the Salt Typhoon compromises.

“It is essential that the U.S. develop a complete and thorough understanding of the factors that contributed to the success of these intrusions – including clear root-cause analyses of each successful penetration – and present key recommendations for the telecommunications sector to better protect itself against similarly complex and large-scale compromises by future threat actors,” the senators said.

The CSRB, loosely modeled after the National Transportation Safety Board, was created in 2021 and convened cybersecurity experts alongside senior government officials for investigations into important cyber incidents. The board, composed of 20 members, conducted three deep investigations on the Log4j vulnerability, the Lapsus$ hacker group and a 2023 attack on Microsoft products used by the U.S. government perpetrated by Chinese hackers. 

In December, the CSRB announced that it planned to next examine China’s Salt Typhoon campaign — which has caused alarm across the U.S. government after officials from CISA and the FBI acknowledged the China-linked spies are still inside U.S. telecom networks roughly six months after the government began investigating the breach.

But members of all DHS advisory committees, including the Cyber Safety Review Board (CSRB), were removed from their posts days after President Donald Trump’s inauguration in January. 

Despite disbanding the CSRB during its Salt Typhoon investigation, Noem has repeatedly questioned why the U.S. government does not know more about the campaign in speeches and in testimony before Congress.

The letter on Thursday said the CSRB “played a vital role in U.S. national security carrying out post-incident reviews and providing information and making recommendations to improve public and private sector cyber security.”

The senators called disbanding the CSRB “particularly confounding” in light of the Trump administration’s “repeated insistence… on the need to leverage private sector and external expertise in government.” They noted that the CSRB’s findings from the 2023 Microsoft incident were recently cited in a threat assessment by Director of National Intelligence Tulsi Gabbard.

“The January dismissal of CSRB members, and continued uncertainty about the future role of the Board, has undermined cyber defense preparations for public and private entities across the United States,” the senators said. 

The Department of Homeland Security and the Cybersecurity and Infrastructure Security Agency did not respond to requests for comment about the letter. 

In January, acting Secretary of Homeland Security Benjamine Huffman said the decision to disband the CSRB reflected the Trump administration’s “commitment to eliminating the misuse of resources and ensuring that DHS activities prioritize our national security.”

In April, Rep. Mark Green — chair of the House Homeland Security Committee — floated the idea that a Congressional oversight committee needed to take over the work the CSRB was doing.