The Department of Homeland Security has partnered with the European Commission’s Directorate General for Communications, Networks, Content, and Technology, a.k.a. DG CONNECT, to compare cyber incident reporting elements to inform the alignment of transatlantic approaches to security and incident reporting.
The Potomac Officers Club will host the 2024 Cyber Summit on June 6 to hear from government and industry experts about the dynamic and ever-evolving role of cyber in the public sector. Register here!
Under the agreement, DHS and DG CONNECT conducted a comparative assessment of the recommendations outlined in the 2023 DHS report on how the federal government can streamline and harmonize the reporting of cyber incidents and the cybersecurity incident reporting measures included in the European Union’s NIS 2 Directive, DHS said Wednesday.
The joint report focuses on six main areas for comparative analysis: definitions and reporting thresholds; timelines, triggers and types of cyber incident reporting; contents of cyber incident reports; reporting mechanisms; aggregation of incident data; and public disclosure of cyber incident information.
Each area includes a schematic comparison of the cybersecurity incident reporting frameworks and general conclusions on their similarities and differences.
DHS’ Cybersecurity and Infrastructure Security Agency and the European Agency for Cybersecurity supported the development of the report to help inform their future approach to evaluating cyber incident reporting processes.
“Our approach will allow governmental authorities to get the information they need to provide cyber defense while streamlining the process for victim organizations,” said Robert Silvers, under secretary for policy at DHS and chair of the Cyber Incident Reporting Council.
