The Cyber Safety Review Board has launched an investigation into the cybersecurity threats facing cloud service providers.

The probe by the CSRB was first reported by Bloomberg late Thursday and confirmed today. As part of its investigation, the CSRB plans to look into a high-profile breach that hit Microsoft Corp.’s Exchange Online email platform earlier this year. During the cyberattack, a hacking group believed to be affiliated with China accessed the inboxes of several U.S. government officials.

“We must as a country acknowledge the increasing criticality of cloud infrastructure in our daily lives and identify the best ways to secure that infrastructure and the many businesses and consumers that rely on it,” said CSRB Chair and DHS Under Secretary for Policy Rob Silvers. 

The CSRB, which launched last year, was formed by the U.S. Department of Homeland Security in accordance with an executive order that President Joe Biden signed in 2021. Its mission is to investigate large-scale cybersecurity incidents. The CSRB is composed of 15 government officials and private sector experts.

The first focus of the board’s new investigation is the recent cyberattack against Microsoft’s Exchange Online platform, which came to light last month. During the breach, a hacking group suspected to be based in China gained access to the email accounts of Commerce Secretary Gina Raimondo and multiple State Department officials.

The hackers breached the accounts using forged authentication tokens. Those are pieces of data that a computer uses to verify the login request it sends to an application, in this case Exchange Online, is legitimate. The hackers forged the authentication tokens by exploiting an encryption key stolen from Microsoft and a since-patched flaw in one of the software giant’s cybersecurity systems.

The CSRB’s probe comes about two weeks after Senator Ron Wyden asked federal agencies to review the Exchange Online breach. In a letter, the Senator requested that the CSRB “investigate whether lax security practices by Microsoft enabled” the hack.

As part of its investigation, the board also plans to review “issues relating to cloud-based identity and authentication infrastructure.” Additionally, the board will focus on “approaches government, industry, and Cloud Service Providers (CSPs) should employ to strengthen identity management and authentication in the cloud.”

The probe is the third that the CSRB has launched to date. The board’s first investigation focused on Log4j, a software vulnerability that came to light in late 2020 and was subsequently used by hackers to launch a large number of cyberattacks. The CSRB also conducted a review of the data breaches carried out by the Lapsus$ hacking group.

Photo: Unsplash