The U.S. Chamber of Commerce released a report, Transatlantic Cybersecurity: Forging a United Response to Universal Threats, which proposes a set of recommendations that would more closely align the approaches of the United States and European Union regarding frameworks, standards, and practices for cybersecurity. The report was released as part of a business delegation led by the U.S. Chamber to Tallinn, Berlin, and Brussels to discuss transatlantic cybersecurity efforts.
“Cybersecurity is a transnational threat, so it requires a transnational solution. By working together, the United States and the European Union can create a globally relevant cybersecurity framework that strengthens security across borders,” said Sean Heather, vice president of the U.S. Chamber’s Center for Global Regulatory Cooperation (GRC).
The report, written in partnership with Sidley Austin, offers recommendations to more closely align the approach taken in the National Institute of Standards and Technology (NIST) Cybersecurity Framework, used in the U.S., and the approach taken in the EU, through the Network and Information Systems (NIS) Directive and the General Data Protection Regulation (GDPR).
“The EU and U.S. contain the hubs for more than half of the internet traffic in the world, and these networks provide vital infrastructure for nearly half of the world’s GDP. Common cybersecurity frameworks and sharing of information and best practices will help strengthen security for everyone,” said Cameron Kerry, Senior Counsel at Sidley Austin and lead author of the report. Kerry is the former General Counsel and Acting Secretary of the U.S. Department of Commerce, which includes NIST.
“The NIST Framework has proven to be inclusive and flexible for all sizes and sectors alike, and it could be easily adapted to the NIS Directive and GDPR. There is already overlap between the U.S. and EU policies, and building on this agreement could make both frameworks stronger and more resilient,” said Ann Beauchesne, senior vice president for national security and emergency at the U.S. Chamber of Commerce.
The report recommends developing a shared approach to addressing cybersecurity threats through:
- Recognition of the NIST Framework by NIS Directive competent authorities
- Expanding the role of the European Union Agency for Network and Information Security (ENISA) as a convener
- Promoting EU engagement in refining the NIST Framework
- Providing opportunities for NIST and other U.S. participation in the EU cybersecurity Cooperation Group
- Recognition of the NIST Framework by GDPR authorities
- Development of transnational Information Sharing and Analysis Centers and Information Sharing and Analysis Organizations
- Increasing usage of the NIST Framework by EU businesses and industry groups
- Expanding ENISA’s engagement with European data protections institutions
- Strengthening and broadening the EU-US cybersecurity dialogue
To read the full report Transatlantic Cybersecurity: Forging a United Response to Universal Threats – click here