It’s a key part of President Joe Biden’s plans to fight major ransomware attacks and digital espionage campaigns – creating a board of experts that would investigate major incidents to see what went wrong and try to prevent the problems from happening again, much as a transportation safety board does with plane crashes.
But eight months after Biden signed an executive order creating the Cyber Safety Review Board, it still hasn’t been set up.
That means critical tasks haven’t been completed, including an investigation of the massive SolarWinds espionage campaign first discovered more than a year ago. Russian hackers stole data from several federal agencies and private companies.
Some supporters of the new board say the delay could hurt national security and comes amid growing concerns of a potential conflict with Russia about Ukraine that could involve nation-state cyberattacks.
“We will never get ahead of these threats if it takes us nearly a year to simply organize a group to investigate major breaches like SolarWinds,” said Sen. Mark Warner, a Virginia Democrat who leads the Senate Intelligence Committee. “Such a delay is detrimental to our national security and I urge the administration to expedite its process.”
Biden’s order, signed in May, gives the board 90 days to investigate the SolarWinds hack once it’s established. But there’s no timeline for creating the board itself, a job designated to Department of Homeland Security Secretary Alejandro Mayorkas.
In response to questions from the Associated Press, DHS said in a statement it was far along in setting it up and anticipated a “near-term announcement,” but did not address why the process has taken so long.