Rep. Ritchie Torres (DN.Y.) plans to introduce a bill to codify the Cybersecurity Review Board (CSRB) in the wake of a Crowdstrike IT meltdown that led to widespread chaos across U.S. and global computer systems .
“When a cyber event happens, whether an attack or an accident, there should be an automatic process by which the federal government investigates the causes, learns from the failures, and translates the lessons learned into public policy,” Torres told The Hill.
President Biden created the Cybersecurity Review Board in 2022 through an executive order. The CSRB is modeled after the National Transportation Security Board, which investigates transportation-related incidents and issues reports, findings, and recommendations.
“In the wake of widespread outages that have rocked the global economy, I am introducing legislation that would codify the Cybersecurity Review Board into statute so that no future presidential administration could abolish it,” Torres said.
According to Torres, the codification of the CSRB will “reinforce” what the president’s executive order originally hoped to accomplish. He added that the Crowdstrike incident demonstrated that the US needs a more capable and proactive CSRB.
On Friday, Torresalso sent a letterto the Department of Homeland Security, requesting the department to conduct a joint investigation into this failed software update and the impact it has had on American civilian infrastructure.
“At a time when cyberattacks are increasing in both scope and sophistication, modernizing our local, state and federal cybersecurity systems is critical, and ensuring they are capable of not only accepting software updates, but functioning after the update is the minimum. ,” he wrote in the letter.
The CSRB has issued three reports since its creation, which Torres points to as evidence of why Congress should codify the board as a permanent body.
Much of the world’s computer infrastructure was in ruins on Friday after an update from Crowdstrike, a cybersecurity company that provides software to countless companies around the world, went wrong. The interruption affected companies and services in all sectors, grounding flights, deactivating banks and hospital systems and taking communications media offline.
The company says the issue occurred when it deployed a faulty update to computers running Microsoft Windows, noting that the issue behind the outage was not a security incident or cyberattack.
“I want to start by saying that we are deeply sorry for the impact we have had on customers, travelers and anyone affected by this, including our company,” Crowdstrike CEO George Kurtz said in an interview with NBC’s “Today” show. .
“So we know what the problem is. We are resolving and have resolved the issue. Now it’s time to recover systems that are out there.”
The U.S. Department of Homeland Security and the Cybersecurity and Infrastructure Security Agency released a statement saying they are “working with CrowdStrike, Microsoft and our federal, state, local and critical infrastructure partners to fully assess and resolve the system outages.”
This story originally appeared on thehill.com read the full story