US-EU Cyber Dialogue focuses on protecting critical infrastructure, improving security of digital products

At the 9th U.S.-EU Cyber Dialogue held in Brussels, Belgium, both the U.S. and the European Union expressed their commitment to advancing international security and stability in cyberspace and enhancing the ability of all states to reap the benefits that modern technologies provide. They also reviewed their collaborative efforts to enhance the resilience of critical infrastructure and the security of hardware and software products. The Cyber Dialogue also included sector-specific discussions on space cybersecurity and the cybersecurity of energy infrastructures.

They also exchanged updates on several key priorities set out in the January 2023 Joint Statement by Department of Homeland Security (DHS) Secretary Alejandro Mayorkas and EU Commissioner for Internal Market Thierry Breton. These priorities included the security of digital products and related cybersecurity standards, cyber resilience of critical infrastructure, impact and opportunities of emerging technologies, and cooperation between the respective cybersecurity agencies. 

The 9th Cyber Dialogue was co-chaired by Joanneke Balfoort, director for security and defense policy at the European External Action Service (EEAS); Lorena Boix Alonso, director for digital society, trust and cybersecurity, Directorate General for Communications Networks, Content and Technology (DG CONNECT) at the European Commission; and Liesyl Franz, deputy assistant secretary for international cyberspace security in the U.S. Department of State’s Bureau of Cyberspace and Digital Policy.

“Underlining the strong transatlantic partnership on cyber issues, the United States and European Union exchanged views on the global cyber threat environment, marked by Russia’s aggression against Ukraine, and expressed concern about the increase of malicious cyber activities targeting supply chains, critical infrastructure, and intellectual property, as well as a rise in ransomware attacks against businesses and citizens,” the U.S. Department of State, said in a media statement last week. “We strongly condemn these malicious activities and remain determined to strengthen cybersecurity, address cybercrime and ransomware attacks, enhance global cyber resilience, and promote responsible state behavior in cyberspace.”

“Cyber security has become an integral part of diplomacy,” according to Josep Borrell, high representative of the European Union for Foreign Affairs and Security Policy/ vice-president of the European Commission, said in a media statement. “Through EU-US cyber dialogue, we are strengthening transatlantic cooperation and our collective resilience to combat the escalating cybersecurity threats we confront globally.”

Thierry Breton, commissioner for industry, defence, and technology said ”Today’s challenging geopolitical context also manifests in intensified threats facing us in the cyberspace. It is essential that the EU and the United States work hand in hand to advance a secure cyberspace, including through protecting critical infrastructures and improving the security of digital products.”

Following the October 2023 U.S.-EU Summit, the U.S. and European Union advanced discussions on a Joint CyberSafe Products Action Plan to work together on achieving mutual recognition of their respective government-backed cybersecurity labeling programs and regulations for Internet of Things (IoT) devices, namely the EU Cyber Resilience Act and the U.S. Cyber Trust Mark.

Furthermore, building on a firm commitment to reduce the administrative burden for companies and organizations on both sides of the Atlantic, the U.S., and European Union explored possibilities to approximate, where possible, the cybersecurity incident reporting mechanisms. Also, the U.S. and European Union took stock of best practices in software security, focusing on security-by-design, open-source security, and Software Bills of Materials, and outlined priorities to deepen cooperation in the coming year.

Fortifying their partnership, the Cyber Dialogue also included exchanges on international cyber policy discussions, including in the United Nations, regional organizations such as the Organization on Security and Co-operation in Europe, the ASEAN Regional Forum, and the G7 and G20.

“Strengthening our ability to address malign behavior in cyberspace, the Cyber Dialogue included exchanges on cyber defense, and identified further action to strengthen our cooperation to hold states accountable for and to prevent, deter, and respond to malicious cyber activities,” the agencies said. “In this context, the United States and European Union seek broader cross-regional cooperation, including with states in Latin America, the Indo-Pacific, and Africa, to raise awareness and promote responsible state behavior through diplomatic action and engagement.”

Additionally, “we continue to be strongly committed to the UN framework of responsible state behavior in cyberspace, grounded in the application of international law and norms of responsible state behavior. We also continue to promote the establishment of the UN Cyber Programme of Action to advance and support states in its implementation.”

As a priority, the U.S. and European Union reaffirmed their strong commitment to enhance global cyber resilience further and to implement cyber capacity building and solidarity activities supporting partners including Ukraine and Moldova, as well as in the Western Balkans, Africa, the Indo-Pacific, and Latin America. “We are dedicated to further increasing coherence between our global actions, and to work through platforms such as the U.S.-EU High Level Consultations on the Indo-Pacific, to further strengthen our cooperation with and within regions,” they added.

The U.S. and European Union also decided to further deepen their cooperation to address cybersecurity challenges related to emerging technologies, with a specific focus on artificial intelligence (AI) and post-quantum cryptography. The cooperation between the U.S. and the European Union will seek to foster secure use of AI in critical infrastructure. Cyber Dialogue participants also discussed potential joint activities in the transition towards post-quantum cryptography, including standardization.

As a deliverable from the January 2023 Joint Statement by Mayorkas and Breton, the ‘Pilot U.S.-EU Cyber Fellowship’ was launched with representatives from the U.S. DHS and agencies meeting European and EU member state officials working in cybersecurity.

During the two-day cyber dialogue, the European Union Agency for Cybersecurity (ENISA) and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) formalized a Working Arrangement, covering themes such as cyber awareness and training, best practice exchange, and knowledge sharing for common situational awareness. 

ENISA’s International Strategy directs the Agency to be selective in engaging with international partners and to limit its overall approach to international cooperation to those areas and activities that will have high and measurable added value in achieving the Agency’s strategic objectives. 

CISA is a key partner to ENISA in achieving these objectives and by extension the EU in achieving a higher common level of cybersecurity. The Working Arrangement is both a consolidation of present areas of cooperation and opening the door to new ones. Current examples are the organization and promotion of the International Cybersecurity Challenge (ICC), exchanging best practices in the area of incident reporting, or ad hoc information exchanges on basic cyber threats.

CISA leads the United States’ effort to understand, manage, and reduce risk to cyber and physical infrastructure. “In today’s highly complex and borderless cyber threat landscape, collaboration remains key to everything we do,” Jen Easterly, CISA director, said in a media statement. “CISA’s Working Arrangement with ENISA signifies a new chapter in our collective resilience. Together we will enhance cybersecurity awareness, fortify capacity-building initiatives, and foster a robust environment for knowledge sharing and best practice exchanges, ensuring a safer digital landscape for our citizens.”

“This new Working Arrangement is an evolution and consolidation of the effective cooperation with our US counterpart,” according to Juhan Lepassaar, executive director at ENISA. “The structured collaboration will address some of our common challenges in the cyber threat landscape.”

The U.S. will host the next U.S.-EU Cyber Dialogue in Washington in 2024.

Anna Ribeiro

Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.