Marking the one-year anniversary of their 2023 Joint Statement, European Commissioner for Internal Market Thierry Breton and United States Secretary of Homeland Security Alejandro N. Mayorkas released the following updated joint statement on the cooperation between the United States and the European Union in the field of cyber resilience:
"We strongly welcome the close cooperation between the European Union and the United States to secure our people, critical infrastructure, and businesses against detrimental cyber activities. In a geopolitical and technological landscape marked by the proliferation of new threats and malicious actors, it is paramount that we continue to cooperate and join forces to promote our shared values and objectives in cyberspace.
"We celebrate the broad and effectual partnership between the European Commission's Directorate-General for Communications Networks, Content and Technology (DG CONNECT) and the United States Department of Homeland Security (DHS), as reflected in the joint workstreams introduced following our previous Joint Statement. Over the last year, these workstreams have borne robust, focused, and strategic cooperation. Notable outcomes include a commitment to compare and, where possible, align on the implementation of our cyber incident reporting requirements; intensified cooperation from our respective cybersecurity agencies following the signature of the European Union Agency for Cybersecurity-Cybersecurity and Infrastructure Security Agency Working Arrangements (ENISA-CISA); the creation of a transatlantic working group of open-source security experts; the launch of the EU-US Cyber Fellowship; and other expert exchanges on topics of cyber policy such as public-private partnerships and vulnerability management.
"In light of our fruitful cooperation, this week we decided upon further cooperation to promote our shared objectives of a secure cyberspace as we face a constantly evolving threat landscape. Specifically, we committed to:
- Work together to align, to the fullest extent possible, the requirements and guidelines we issue to drive cybersecurity and reduce the compliance burden to businesses.
- This includes publishing a joint product comparing our cyber incident reporting frameworks for critical infrastructure, including fields of information and the timing of such reporting, so as to identify areas where we are aligned and where there are divergences.
- Our shared responsibility for the safe and secure adoption of artificial intelligence, recognizing the great potential of this rapidly developing technology.
- This includes launching a dedicated cybersecurity workstream on the secure incorporation of Artificial Intelligence into critical infrastructure, situational awareness about the cybersecurity of AI models and applications, and collaboration on our approaches to the cybersecurity of AI across our shared mission space.
- Work bilaterally and with interagency partners to better prepare our collective responses to cyber incidents, including those that warrant rapid and effective support to like-minded countries.
- This includes facilitating a joint scenario-based discussion to examine cyber-related crisis response mechanisms.
- Jointly advance the cybersecurity of software and hardware in critical cyber policy fields so as to best prepare public administration, businesses, and critical infrastructures for evolving future threats.
- This includes creating or formalizing regular exchanges on open-source security, Software Bills of Materials (SBOM), and Secure-by-Design for software frameworks including as they align to efforts under the EU's Cyber Resilience Act and broader international cooperation;
- It also includes deepening exchanges on the cybersecurity aspects of emerging and disruptive technologies, including on topics such as Post Quantum Cryptography.
- Continue to deepen personnel and talent exchanges to strengthen our existing efforts and better support current and future workstreams.
- This includes continuing the 2024 EU-US Cyber Fellowship program in the United States that will bring together European and American cybersecurity officials for working-level discussions on transatlantic cyber policy issues. Building on the success of this fellowship as agreed on the need for a future exchange program whereby we will each send an expert to join one another's teams.
"These commitments and their associated deliverables reflect the ambition expressed in the joint statement between President von der Leyen and President Biden from March 2022, which called for deeper cooperation and more structured cybersecurity information exchanges on threats, and the Joint Statement of the October 2023 EU-US Summit, which called for cooperation to build a more secure cyberspace and to protect consumers and business. The deliverables are expected to be reported on at the 10th EU-US Cyber Dialogue later this year in Washington, D.C."