Looking to better align approaches to cyber incidents on both sides of the Atlantic, the U.S. Department of Homeland Security (DHS) and the European Commission’s Directorate General for Communications, Networks, Content, and Technology (DG CONNECT) recently launched a new comparison initiative.
For this, the two agencies compared cyber incident reporting elements to better inform reporting requirements by both the United States and European Union (EU).
“Cyber incidents do not recognize borders, and multinational companies are often required to report incidents across numerous jurisdictions,” Robert Silvers, DHS Under Secretary for Policy and Chair of the Cyber Incident Reporting Council, said. “We are committed to harmonizing incident reporting rules domestically and with like-minded partners like the European Union whenever feasible. Our approach will allow governmental authorities to get the information they need to provide cyber defense while streamlining the process for victim organizations.”
To begin this relationship, the pair produced a joint report with support from their respective cybersecurity agencies, the Cybersecurity and Infrastructure Security Agency (CISA) and the European Agency for Cybersecurity (ENISA). It assessed proceedings from both organizations to identify their main similarities and differences, splitting items into six main areas:
This new ground for U.S.-EU relations gained steam as a result of the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA), signed into law by President Joe Biden in 2022. This created the Cyber Incident Reporting Council under DHS, which outlined various actions the government could take to streamline and harmonize the reporting of cyber incidents and protect critical infrastructure.
That push has been echoed by Europe in recent years.
“Across the Atlantic, we seek to work together to compare relevant reporting requirements, including the form or format of information requested seeking ways to minimize the administrative burden on reporting entities,” Roberto Viola, EC Director-General for Communications Networks, Content and Technology, said.
The two sides have invited private industry to share their inputs and reactions on such a collaboration and their ongoing approach to evaluating cyber incident reporting processes. This is, however, only the beginning.
“Over the next year, our teams plan to continue our cooperation on a more technical level, including by mapping elements such as cybersecurity incident taxonomies, reporting templates, and the content of reports and formats,” Iranga Kahangama, DHS Assistant Secretary for Cyber, Infrastructure, Risk and Resilience, said. “We will conduct an in-depth crosswalk of the DHS-developed Model Reporting Form against the NIS 2 required contents of reports to identify where there is overlap and disparities in the types of data being requested. As we continue these efforts moving forward, we must remain agile and adapt to the quickly evolving cyber threat landscape as nothing remains static in our digital world for long.”
The ByteDance-owned TikTok faces an uphill battle in the United States after President Joe Biden…
Promising to grow space for integrating and delivering on critical defense programs by more than…
In unsealing a 13-page indictment this week, the U.S. Department of Justice (DOJ) revealed charges…
A bill targeting the illicit fentanyl supply chain, the Fentanyl Eradication and Narcotics Deterrence (FEND)…
In order to move the state closer to federal standards and allow reporting of local…
For the next round of participants in a pilot program to Accelerate the Procurement and…
This website uses cookies.