The European Union Agency for Cybersecurity (ENISA) has signed a new arrangement with the US Cybersecurity and Infrastructure Security Agency (CISA), promising greater cross-border information sharing in a bid to tackle growing security threats.
The plan is to share best practice around incident reporting and exchange ad hoc information on basic cyber threats. It's a broad arrangement, the organizations said, covering short-term structured action, as well as paving the way for longer-term cooperation on cyber security policy and implementation approaches.
CISA director Jen Easterly said the agreement will foster closer ties between the two agencies, enabling a more aligned approach on tackling emerging global cyber threats.
"In today’s highly complex and borderless cyber threat landscape, collaboration remains key to everything we do," she said.
"CISA’s working arrangement with ENISA signifies a new chapter in our collective resilience. Together we will enhance cyber security awareness, fortify capacity building initiatives, and foster a robust environment for knowledge sharing and best practice exchanges, ensuring a safer digital landscape for our citizens."
Under the deal, CISA will be involved as a third party in specific EU-wide cyber security exercises or training exercises, and cyber awareness tools and programs will be shared between the two.
The organizations will share best practice on the implementation of cyber security regulations, including the implementation of key legislation such as the NIS Directive, which provides a common level of security for network and information systems.
They will also cooperate on incident reporting, vulnerability management, and the approach to sectors such as telecommunications and energy.
Greater knowledge and information sharing will be a key focus in the deal, which ENISA said aims to increase common situational awareness, including a more systematic sharing of knowledge and information around the threat landscape.
"This new working arrangement is an evolution and consolidation of the effective cooperation with our US counterpart," said ENISA executive director Juhan Lepassaar.
"The structured collaboration will address some of our common challenges in the cyber threat landscape."
Closer EU-US security ties
The agreement stems from a joint statement by President Biden and EU President von der Leyen in March 2022, which called for deeper cooperation and more structured cyber security information exchanges on threats.
The first steps are likely to include deepening structured information exchanges on threats, threat actors, vulnerabilities, and incidents. The aim is to support a collective response to defend against global threats, including crisis management and support of diplomatic responses.
The working arrangement between ENISA and CISA to foster cooperation and sharing of best practices will be finalized, and guidelines and templates will be created for cyber incident reporting for critical national infrastructure.
There will also be an initial focus on software and hardware security, along with work to better protect civilian space systems.
Discover how malicious actors target the attack surface
DOWNLOAD NOW
"Cyber threats have no borders. This is why international cooperation with our partners is a must. The working arrangement between ENISA and CISA is an important deliverable from the EU-US Cyber Dialogue," said Josep Borrell, vice president of the European Commission.
"It will enable us to effectively combat the escalating cyber security threats we confront. By fostering deeper cooperation, we can facilitate information sharing, develop collaborative strategies, and bolster our collective resilience against cyber attacks."
