A new report issued by the US Chamber of Commerce, Transatlantic Cybersecurity: Forging a United Response to Universal Threats, “proposes a set of recommendations that would more closely align the approaches of the United States and European Union regarding frameworks, standards, and practices for cybersecurity,” the chamber said in announcing the report, which was released as part of a business delegation led by the US Chamber to Tallinn, Berlin and Brussels to discuss transatlantic cybersecurity efforts.
“Cybersecurity is a transnational threat, so it requires a transnational solution. By working together, the United States and the European Union can create a globally relevant cybersecurity framework that strengthens security across borders,” said Sean Heather, vice president of the US Chamber’s Center for Global Regulatory Cooperation (GRC).
The report “offers recommendations to more closely align the approach taken in the National Institute of Standards and Technology (NIST) Cybersecurity Framework used in the US and the approach taken in the EU through its Network and Information Systems (NIS) Directive and the General Data Protection Regulation (GDPR),” the announcement said.
“The EU and US contain the hubs for more than half of the internet traffic in the world, and these networks provide vital infrastructure for nearly half of the world’s GDP. Common cybersecurity frameworks and sharing of information and best practices will help strengthen security for everyone,” said Cameron Kerry, Senior Counsel at Sidley Austin and lead author of the report. Kerry is the former General Counsel and Acting Secretary of the US Department of Commerce, which includes NIST.
“The NIST Framework has proven to be inclusive and flexible for all sizes and sectors alike, and it could be easily adapted to the NIS Directive and GDPR. There is already overlap between the US and EU policies, and building on this agreement could make both frameworks stronger and more resilient,” said Ann Beauchesne, senior vice president for national security and emergency at the US Chamber of Commerce.
The report recommends developing a shared approach to addressing cybersecurity threats through:
- Recognition of the NIST Framework by NIS Directive competent authorities;
- Expanding the role of the European Union Agency for Network and Information Security (ENISA) as a convener;
- Promoting EU engagement in refining the NIST Framework;
- Providing opportunities for NIST and other US participation in the EU Cybersecurity Cooperation Group;
- Recognition of the NIST Framework by GDPR authorities;
- Development of transnational Information Sharing and Analysis Centers and Information Sharing and Analysis Organizations;
- Increasing usage of the NIST Framework by EU businesses and industry groups;
- Expanding ENISA’s engagement with European data protections institutions; and
- Strengthening and broadening the EU-US cybersecurity dialogue