U.S., European Union Issue Cyber AccordCooperation on Data Protection, Promoting Online Human Rights
Although leaders of the European Union expressed their concerns about the National Security Agency's surveillance programs to President Obama, that didn't prevent the United States and EU from issuing a communique highlighting cooperation on cybersecurity.
See Also: Rethinking Endpoint Security
European Council President Herman Van Rompuy, standing just feet away from Obama during a March 26 press conference at a U.S.-EU summit in Brussels, said: "Today we spoke about data flows, and I conveyed to the president European concerns after last year's revelations on surveillance programs. These concerns are shared widely by citizens in EU member states, and we welcome the recent initiatives announced by President Obama. The United States and the European Union are taking further steps to address these worries and restore trust."
Van Rompuy didn't provide further details. Obama wasn't asked about the surveillance program during the press conference that mostly focused on the conflict in Ukraine.
Larry Clinton, president of the trade group Internet Security Alliance, says the impact of the NSA meddling, such as tapping the cell phone of German Chancellor Angela Merkel, has been discounted, especially at the government level. "The fact is that some EU governments are beneficiaries of NSA intel on communication technology issues and others," Clinton says. "Their problem had been in managing public opinion, which has been generally outraged in many countries."
Van Rompuy said the EU and U.S. are cooperating on cybersecurity, and should have what he characterizes as an umbrella agreement on data protection by this summer that would be "based on equal treatment of EU and U.S. citizens."
Cyber as Foreign Policy Imperative
Christopher Painter, the State Department's cyber-issues coordinator, says the agreement is significant because it formalizes continuing collaboration between Europe and America on cyber issues, specifically on foreign policy matters of mutual concern such as international security, international cyber policy and Internet freedom.
"Cyber has become a foreign policy imperative for us and the EU, and this presidential attention to it demonstrates its importance, as evidenced by both President Obama's International Strategy for Cyberspace and the EU's cybersecurity strategy," Painter tells Information Security Media Group (see White House Unveils Int'l Cybersecurity Strategy). "This announcement is also important in its continued commitment to the initiative launched at the 2010 summit in Lisbon for cooperative work on cybersecurity and cybercrime and its achievements."
According to the White House, the new, high-level U.S.-EU cyber dialogue announced at the summit will formalize and broaden cooperation on cyber issues, building on shared commitments and achievements in key areas. This strategic dialogue will be the platform for close U.S.-EU coordination on addressing international security, such as norms of behavior in cyberspace, cybersecurity confidence building measures and application of existing international law. The EU and U.S. also will work on cybersecurity capacity building among other nations.
Countering Global Cyberthreats
The dialogue also will promote and protect human rights online.
The EU and U.S. have established several forums to address mutual cybersecurity concerns. The U.S.-EU Working Group on Cybersecurity and Cybercrime serves as a framework to counter global cybersecurity threats. The working group focuses on four areas where cooperative approaches add significant value to both regions: cyber incident management, public-private partnership on critical infrastructure cybersecurity, cybersecurity awareness raising, and cybercrime.
"The cooperation on cybersecurity and cybercrime, particularly, is greatly benefiting our interagency colleagues and, as a result, our collective stakeholders in industry and in the public writ large, both here and in Europe," Painter says. "Those efforts on incident response, critical infrastructure protection, awareness and combating criminals online address related needs of all our constituents."
Clinton says he doesn't see any immediate benefit to American or European businesses. "But they will if the U.S. and EU really do work well together on the issues and develop a common framework that assists industry to adopt cyber risk management practices consistent with their individual risk assessments," he says.
In an interview last month with ISMG, White House Cybersecurity Coordinator Michael Daniel said his talks with his counterparts among allies in Europe and elsewhere show the need for international cooperation on cybersecurity (see Obama Cyber Coordinator on Global InfoSec). "The threats in cybersecurity are global," he said. "They don't respect international borders very well, so there is a very clear need for us to be able to cybersecurity and continue making progress in that area."