On 15-16 December 2022, the European Union and United States held the eighth EU-U.S. Cyber Dialogue in Washington, DC. This took place in the context of a dramatically deteriorated cyber threat environment due to Russia’s illegal military aggression against Ukraine, which has underlined the need for enhanced transatlantic cooperation and coordination to prevent, detect and respond to malicious cyber activities and highlighted the need to ensure that critical infrastructure is secure and resilient.
Respective current and future cyber strategies, policies and legislation as well as cyber diplomacy, crisis management and crisis response, were also discussed. Notably, the EU informed on the EU cyber posture and new cyber defence policy developed in 2022 with the aim to strengthen the EU’s cyber resilience and capacities to detect, deter and respond, increasing cooperation among EU’s cyber actors and developing mechanisms for leveraging joint capabilities at the EU level.
The EU and the US also reaffirmed their continued commitment to promoting a global, open, free, stable and secure cyberspace where international law, including respect for human rights and fundamental freedoms, fully apply, supporting social, political and economic development of the EU, the US and our partners, including Ukraine and Western Balkans.
Strengthening Cyber capacity building
Cyber capacity building is a priority for the EU and the US and includes support in monitoring the threat landscape, strengthening governmental structures to address cyber threats, detecting and mitigation of cyberattacks, supporting crisis management and cyber resilience. To this effect, sides discussed the ways to cooperate on situational awareness and information sharing as well as crisis management at technical, operational and political levels.
Following a dedicated session on lessons learned from coordination on support for Ukraine and Western Balkans, the EU and the US agreed to further deepen cooperation and coordination on capacity building and cyber crisis management support to third countries.
Stable Cyberspace
In order to keep cyberspace stable and secure, the EU and the US are committed to hold states accountable for actions that are contrary to the growing consensus on responsible state behaviour in cyberspace. Parties exchanged respective posture strategies and cyber toolboxes to ensure aggregated effects of our collective efforts to counter cyber threats.
The EU and the US underscored the importance of the UN framework on responsible state behaviour in cyberspace as well as their commitment to address common challenges on cyber-related issues, building on the framework for responsible state behaviour. Beyond cooperation in the UN, the EU and the US expressed interest in cooperating more closely in other international organisations and regional fora, including the OSCE, International Telecommunication Union (ITU), Internet Governance Forum (IGF), G20 as well with like-minded partners.
Enhancing Cyber Resilience
With both sides acknowledging the need to take action to improve cybersecurity of hardware and software, the EU and United States discussed the proposed EU Cyber Resilience Act concerning software and hardware products, the US IOT labelling scheme and the Executive Order on Software as well as the associated standardisation work.
The EU and the US exchanged views and best practices for the protection of critical infrastructure, including the EU NIS2 Directive and the US Cyber Incident Reporting for Critical Infrastructure Act in areas such as risk evaluations and incident reporting. A dedicated session on Public Private Partnerships was also held with European and American industry, exploring avenues to further strengthening the role of the private sector to keep cyberspace secure.
Finally, the EU and the US also expressed their interest in strengthening cooperation and exchanges in the field of the cybersecurity of space critical infrastructure. In line with the Joint Statement by President von der Leyen and President Biden of March 2022, further progress has been made to establish structured cybersecurity information exchange on threats and threat actors between the EU and US entities, as well as to exchange on posture, respective toolboxes for cooperation with international organizations and like-mined partners.
Both sides committed to intensify cooperation in the fields of critical infrastructure protection, cybersecurity of digital products (including standardisation), and information exchange. In that respect, both sides discussed establishing a new EU-U.S. cyber fellowship to enable EU and US staff to intensify exchanges and strengthen trust and understanding in cybersecurity.
Joanneke Balfoort, Director for Security and Defence, European External Action Service (EEAS) and Lorena Boix Alonso, Director for Digital Society, Trust and Cybersecurity, Directorate General for Communications Networks, Content and Technology (DG CONNECT), European Commission co-chaired the dialogue on the EU-side. The EU Agency for Cybersecurity (ENISA), represented by Executive Director Juhan Lepassaar, as well Deputy Head of CERT-EU Rogier Holla, Deputy Head of the CERT-EU formed part of the EU Delegation and was able to explore cooperation possibilities with their counterparts. On the United States side, the dialogue was hosted by Jennifer Bachus, Principal Deputy Assistant Secretary for the Bureau of Cyberspace and Digital Policy at State Department. A number of EU Member States took part as observers.