A group of U.S. Senate Democrats is urging Kristi Noem, the Homeland Security Secretary, to bring back the Cyber Safety Review Board, which was abruptly disbanded by the administration of President Donald Trump earlier this year. In a letter sent Thursday, lawmakers called for the board’s reinstatement, noting that its dismissal interrupted a critical investigation into the Salt Typhoon cyberattacks. That probe was examining how hackers linked to China breached the systems of at least nine major telecom providers.
“The CSRB has spearheaded crucial fact-finding efforts following cyber incidents, and developed recommendations and reports reflecting lessons learned following some of the most serious cyber incidents of the past few years, such as the Microsoft Exchange Online intrusion, the SolarWinds hack, and most recently (until the CSRB’s dissolution) the Salt Typhoon campaign against U.S telecommunications infrastructure,” Mark Warner, a Virginia Democrat, Ron Wyden, an Oregon Democrat, Richard Blumenthal, a Connecticut Democrat, and Elissa Slotkin, a Michigan Democrat, wrote in their letter to Noem last week. “These comprehensive and incredibly fact-intensive investigations have provided invaluable transparency and lessons for the wider software and IT sectors.”
The lawmakers identified that it is essential that the U.S. develop a complete and thorough understanding of the factors that contributed to the success of these intrsions, including clear root-cause analyses of each successful penetration, and present key recommendations for the telecommunications sector to better protect itself against similarly complex and large-scale compromises by future threat actors.
For instance, they noted that the CSRB’s review of the 2023 Microsoft cyber incident, recently cited by Director of National Intelligence Tulsi Gabbard when presenting the Annual Threat Assessment at the March 25, 2025 SSCI open hearing, identified several operational and strategic lapses that contributed to this intrusion, with recommendations around authentication, logging, and public communication around security incidents that benefited the entire ecosystem.
The senators highlighted that the CSRB had been actively investigating, potentially the most expansive and impactful cybersecurity breach in U.S. history: the unprecedented compromises of U.S. and global telecommunications infrastructure by threat actors associated with the People’s Republic of China, widely referred to as ‘Salt Typhoon.’ “However, the CSRB’s investigation into the Salt Typhoon compromises of U.S. telecommunication firms, launched in 2024, was effectively terminated on January 20, 2025, and is depriving the public of a fuller accounting of the origin, scope, scale, and severity of these compromises.”
“As we have said before, inadequate cyber security practices put our economy, our national security, and even lives at risk,” the senators added. “The January dismissal of CSRB members and continued uncertainty about the future role of the Board, has undermined cyber defense preparations for public and private entities across the United States. In this age of great innovation, we cannot afford to see our private or public systems compromised by malicious actors.”
They further pointed out, “You have had more than four months to reestablish this Board to conduct this critical work – DHS leadership and CISA must work together to immediately reinstate the Board as a crucial part of America’s cyber defense infrastructure.”
The move by the Trump administration was recognized in January by Benjamine C. Huffman, Acting Secretary at the time, as being “in alignment with the Department of Homeland Security’s (DHS) commitment to eliminating the misuse of resources and ensuring that DHS activities prioritize our national security, I am directing the termination of all current memberships on advisory committees within DHS, effective immediately.”
