The Cybersecurity and Infrastructure Security Agency’s Cyber Safety Review Board will conduct a study on private and public sector approaches to protecting cloud-based identity management and authentication.
The review marks the third such audit initiated by CSRB to address attacks on cloud computing environments, the Department of Homeland Security said Friday.
The board will investigate the malicious targeting of Microsoft Exchange Online in July 2023, which affected accounts owned by U.S. government agencies. After the review, CSRB is expected to make recommendations to improve cyber defense practices of government, industry and cloud service providers.
“Cloud security is the backbone of some of our most critical systems, from our e-commerce platforms to our communication tools to our critical infrastructure,” DHS Secretary Alejandro Mayorkas commented. “Actionable recommendations from the CSRB will help all organizations better secure their data and further cyber resilience,” the previous Wash100 award winner added.
CISA Director Jen Easterly, another Wash100 inductee, echoed Mayorkas’ remarks. “The Board’s findings and recommendations from this assessment will advance cybersecurity practices across cloud environments and ensure that we can collectively maintain trust in these critical systems,” she said.
Earlier this month, the board released a report and corresponding actions needed in response to the hacking of federal and business accounts by ransomware group Lapsus$, which occurred between 2021 and 2022.
