EU and US forge cybersecurity alliance to tackle common threats

Geopolitical shifts and new tech are major cybersecurity concerns

The European Union Agency for Cybersecurity (ENISA) and the Cybersecurity and Infrastructure Security Agency (CISA) of the United States have formalised a cybersecurity pact in the face of shared challenges posed by the evolving cyber threat landscape, shaped by geopolitical shifts and technological advancements.

The agreement, announced on December 7, 2023, during the EU-US Cyber Dialogue, aims to strengthen ties between the two entities in capacity-building, best practices exchange and heightened situational awareness.

The collaboration is being hailed as a pivotal milestone in the ongoing cooperation between the European Union and the United States in the field of cybersecurity, echoing the sentiments expressed in the Joint Statement of European Commissioner Thierry Breton and US Secretary for Homeland Security Alejandro Mayorkas in January 2023.

High Representative of the European Union for Foreign Affairs and Security Policy and Vice-President of the European Commission, Josep Borrell, said: “Cyber threats have no borders. This is why international cooperation with our partners is necessary.

Enhanced cooperation

“The working arrangement between ENISA and CISA is an important deliverable from the EU-US Cyber Dialogue. It will enable us to combat the escalating cybersecurity threats we confront effectively. By fostering deeper cooperation, we can facilitate information sharing, develop collaborative strategies, and bolster our collective resilience against cyberattacks.”

European Commissioner for Industry, Defence and Technology, Thierry Breton, said: “The challenging geopolitical context also manifests in intensified threats facing us in cyberspace. The EU and the United States must work hand in hand to advance a secure cyberspace, including protecting critical infrastructures and improving the security of digital products.”

Guided by its International Strategy, ENISA emphasises selective engagement with international partners, focusing on areas and activities that deliver high and measurable added value in achieving strategic objectives. In this context, CISA has emerged as a key ally in advancing these objectives, contributing significantly to the EU’s goal of attaining a higher level of cybersecurity.

The new partnership encompasses the consolidation of existing collaborative efforts and the exploration of new avenues for cooperation. Noteworthy initiatives include the organisation and promotion of the International Cybersecurity Challenge (ICC), the exchange of best practices in incident reporting, and ad hoc information sharing on fundamental cyber threats.

US role

CISA leads the United States’ effort to understand, manage, and reduce cyber and physical infrastructure risk.

“In today’s highly complex and borderless cyber threat landscape, collaboration remains key to everything we do,” said CISA Director Jen Easterly.

“CISA’s Working Arrangement with ENISA signifies a new chapter in our collective resilience. We will enhance cybersecurity awareness, fortify capacity-building initiatives, and foster a robust environment for knowledge sharing and best practice exchanges, ensuring a safer digital landscape for our citizens.”

European Union Agency for Cybersecurity (ENISA) Executive Director Juhan Lepassaar said: “This new Working Arrangement is an evolution and consolidation of the effective cooperation with our US counterpart. The structured collaboration will address some common challenges in the cyber threat landscape.”

The collaboration is broad in scope, spanning short-term structured actions and laying the groundwork for long-term cybersecurity policies and implementation approaches. The key areas of cooperation include:

1. Cyber awareness and capacity building: Enhancing cyber resilience through third-country participation in EU-wide cybersecurity exercises and training and sharing and promoting cyber awareness tools and programmes.

2. Best practice exchange: Facilitating the implementation of cyber legislation, including the NIS Directive, incident reporting, vulnerability management, and sector-specific approaches such as those for telecommunications and energy.

3. Knowledge and information sharing: Systematically sharing knowledge and information related to the cybersecurity threat landscape to increase situational awareness among stakeholders and communities while respecting data protection requirements.

The collaboration will be operationalised through a comprehensive work plan, with regular reporting scheduled at the EU-US Cyber Dialogues.

Featured image: Geopolitical shifts and technological advancements are spearheading cyber threats. Image: FLY:D