U.S. Chamber Advances Policy Priorities at Israel's Cyber Week

Key U.S. Chamber Policy Priorities:

• Harmonizing and aligning security measures for critical infrastructure, cybersecurity baselines for connected products, and cybersecurity requirements for cloud services to technical, consensus, industry-supported international standards, and frameworks such as ISO/IEC 27001, ISO/IEC 27402, ISA 62433, ISO/IEC 27002, and ISO/IEC 27017. In the case of current and future IoT security programs, governments should pursue opportunities for mutual recognition.
• Opposing the inclusion of digital sovereignty requirements in the European Union’s Draft Candidate Certification Scheme for the Cybersecurity of Cloud Service. The U.S. Chamber strongly opposed the draft scheme's inclusion of Annex J, requiring U.S. cloud service providers to certify their immunity from non-EU law and conform with strict localization requirements. Annex J’s sovereignty requirements for the highest level of cybersecurity certification would raise significant barriers to trade for non-EU headquartered companies and endanger global cybersecurity threat intelligence sharing.
• Aligning global incident reporting obligations to the U.S. Chamber Global Cyber Incident Communications Principles and, in particular, reporting significant cyber incidents to governments within a worldwide standard of not less than 72 hours.
• Amending Article 11 of the European Union's Draft Cyber Resilience Act related to coordinated vulnerability disclosure requires only reporting patched vulnerabilities to ENISA within 72 hours. This removes an obligation to report either actively exploited vulnerabilities or vulnerabilities for which a patch has not yet from developed, tested, and deployed.

About the authors

Vincent Voci

Vice President for Cyber Policy and Operations in the Cyber, Intelligence, and Supply Chain Security Division at the U.S. Chamber of Commerce

Read more

Danielle Muñoz