October 14, 2015 By Douglas Bonderud 2 min read

It’s taken four years and some serious negotiating, but the joint data protection agreement spearheaded by the U.S. and the European Union — also known as the Umbrella Agreement — is finally moving forward. According to SC Magazine, both American and European officials have now signed off on the agreement. If the bill passes ratification in the U.S., it represents a solid first step in cleaning up the often confusing mess of capturing and prosecuting global cybercriminals and malware creators.

One critical aspect of the new agreement is reciprocal extradition. Ideally, this developing Umbrella legislation should help force more bad guys out of hiding in other countries and into the driving wind and rain of U.S. courtrooms.

The Off-Soil Issue

Tackling the issue of extradition helps mitigate one of the biggest problems with existing cybersecurity laws: They only work if attackers are physically located in the U.S. As noted by CSO Online, lawmakers often make the mistake of designing laws to deter cybercrime but have no viable way to deal with attackers who live outside American borders.

Thanks to the new Umbrella Agreement, however, cybercriminals captured in other nations will now be extradited to the U.S., where they’ll face justice for their crimes as if they occurred on U.S. soil. Congress needs to reciprocate these privileges for EU governments, but this is an excellent starting point.

Under the Umbrella

Extradition isn’t the only thing covered by the Umbrella Agreement. According to the European Commission, the new legislation includes a number of provisions to safeguard personal data:

  • There are limitations on data use when transferred between government agencies; data may only be used for “preventing, investigating, detecting or prosecuting criminal offenses.”
  • There are specific and limited data retention periods that must be made publicly available.
  • There must be notification of all data breaches by agencies to the affected parties.

The agreement also creates a kind of equity between American and European citizens: Under the new Umbrella, residents of the EU will be able to seek judicial redress in U.S. courts if their data is misused or incorrectly processed.

Necessary Collaboration

Dropping the hammer on malware-makers is a necessary step for both the U.S. and Europe, which in many respects lag behind when it comes to sharing information about malicious code and high-profile attackers. Consider the emergence of new malware strains such as Ghost Push, which hides inside popular mobile apps sold in official app stores. Once installed, Ghost Push can both root devices and install unwanted apps. And as noted by the International Business Times, private companies like Visa and FireEye have now partnered to create a malware sharing Web portal designed to “increase threat awareness between merchants and the cybersecurity company” and detect just these kinds of emerging threats.

The Umbrella Agreement represents the first of many catch-up steps from both the American and EU governments since it effectively levels the playing field by giving malicious actors no safe place to hide. While this new agreement isn’t perfect, beefed-up extradition agreements and better data protection should help keep out the worst of any mal-weather.

More from

Research finds 56% increase in active ransomware groups

4 min read - Any good news is welcomed when evaluating cyber crime trends year-over-year. Over the last two years, IBM’s Threat Index Reports have provided some minor reprieve in this area by showing a gradual decline in the prevalence of ransomware attacks — now accounting for only 17% of all cybersecurity incidents compared to 21% in 2021.Unfortunately, it’s too early to know if this trendline will continue. A recent report released by Searchlight Cyber shows that there has been a 56% increase in active…

Cybersecurity dominates concerns among the C-suite, small businesses and the nation

4 min read - Once relegated to the fringes of business operations, cybersecurity has evolved into a front-and-center concern for organizations worldwide. What was once considered a technical issue managed by IT departments has become a boardroom topic of utmost importance. With the rise of sophisticated cyberattacks, the growing use of generative AI by threat actors and massive data breach costs, it is no longer a question of whether cybersecurity matters but how deeply it affects every facet of modern operations.The 2024 Allianz Risk…

Autonomous security for cloud in AWS: Harnessing the power of AI for a secure future

3 min read - As the digital world evolves, businesses increasingly rely on cloud solutions to store data, run operations and manage applications. However, with this growth comes the challenge of ensuring that cloud environments remain secure and compliant with ever-changing regulations. This is where the idea of autonomous security for cloud (ASC) comes into play.Security and compliance aren't just technical buzzwords; they are crucial for businesses of all sizes. With data breaches and cyber threats on the rise, having systems that ensure your…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today