CISA and ENISA enhance their Cooperation
December 2023 by Marc Jacob
The European Union Agency for Cybersecurity (ENISA) has signed a Working Arrangement with the Cybersecurity and Infrastructure Security Agency (CISA) of the US, in the areas of capacity-building, best practices exchange and boosting situational awareness.
Geopolitics have shaped the cyber threat landscape, bringing like-minded partners closer together in the wake of common cyber challenges and advances in digital technologies. Today at the EU-US Cyber Dialogue, ENISA and CISA announced the signing of their Working Arrangement as an important milestone in the overall cooperation between the United States and the European Union in the field of cybersecurity, also following the Joint Statement of European Commissioner Thierry Breton and U.S. Secretary for Homeland Security Alejandro Mayorkas of January 2023.
ENISA’s International Strategy directs the Agency to be selective in engaging with international partners and to limit its overall approach in international cooperation to those areas and activities that will have high and measurable added value in achieving the Agency’s strategic objectives. CISA is a key partner to ENISA in achieving these objectives and by extension the EU in achieving a higher common level of cybersecurity. The Working Arrangement is both a consolidation of present areas of cooperation, as well as opening the door to new ones. Current examples are the organisation and promotion of the International Cybersecurity Challenge (ICC), exchanging best practices in the area of incident reporting or ad hoc information exchanges on basic cyber threats.
High Representative of the European Union for Foreign Affairs and Security Policy / Vice-President of the European Commission, Josep Borrell said: "Cyber threats have no borders. This is why international cooperation with our partners is a must. The working arrangement between ENISA and CISA is an important deliverable from the EU-US Cyber Dialogue. It will enable us to effectively combat the escalating cybersecurity threats we confront. By fostering deeper cooperation, we can facilitate information sharing, develop collaborative strategies, and bolster our collective resilience against cyberattacks.”
European Commissioner for Industry, Defence and Technology, Thierry Breton said: "Today’s challenging political context also manifests in intensified threats facing us in the cyberspace. It is essential that the EU and the United States work hand in hand to advance a secure cyberspace, including through protecting critical infrastructures and improving the security of digital products.”
CISA leads the United States’ effort to understand, manage, and reduce risk to cyber and physical infrastructure. “In today’s highly complex and borderless cyber threat landscape, collaboration remains key to everything we do,” said CISA Director Jen Easterly. “CISA’s Working Arrangement with ENISA signifies a new chapter in our collective resilience. Together we will enhance cybersecurity awareness, fortify capacity building initiatives, and foster a robust environment for knowledge sharing and best practice exchanges, ensuring a safer digital landscape for our citizens.”
European Union Agency for Cybersecurity (ENISA), Executive Director, Juhan Lepassaar, said: “This new Working Arrangement is an evolution and consolidation of the effective cooperation with our US counterpart. The structured collaboration will address some of our common challenges in the cyber threat landscape.”
This arrangement is broad in nature and covers both short-term structured cooperation actions, as well as paving the way for longer-term cooperation in cybersecurity policies and implementation approaches. Cooperation will be sought in the areas of:
• Cyber Awareness & Capacity Building to enhance cyber resilience: including facilitating the participation as third country representatives in specific EU-wide cybersecurity exercises or trainings and the sharing and promotion of cyber awareness tools and programmes.
• Best practice exchange in the implementation of cyber legislation; including on key cyber legislation implementation such as the NIS Directive, incident reporting, vulnerabilities management and the approach to sectors such as telecommunications and energy.
• Knowledge and information sharing to increase common situational awareness: including a more systematic sharing of knowledge and information in relation to the cybersecurity threat landscape to increase the common situational awareness to the stakeholders and communities and in full respect of data protection requirements.
A work plan will operationalise the Working Arrangement and regular reporting at the EU-US Cyber Dialogues is foreseen.