Skip Links

Senator takes cybersecurity law fight to CEOs

Letter to execs includes eight questions about whether their companies have adopted a set of best practices on cybersecurity

By Taylor Armerding, CSO
September 21, 2012 08:20 AM ET

CSO - Sen. Jay Rockefeller (D-WVa.) hopes cybersecurity legislation can be revived in Congress by avoiding "the filter of beltway lobbyists," and connecting directly with the nation's top business leaders.

Obama's exec order draft on cybersecurity stirs debate

His critics say if he really wanted to get the view of business on the topic, he could have done so long ago.

Rockefeller, who said he is "profoundly disappointed" at the failure of the proposed Cyber Security Act of 2012 (CSA) last month, recently urged President Obama in a letter to implement provisions of the bill through an executive order.

A draft of an executive order is now reportedly circulating within the administration, stirring debate

But an end-run around Congress by the president will not be enough to secure the nation's critical infrastructure from cyberattack, in Rockefeller's view. In a letter dated Sept. 19 to all the CEOs of the Fortune 500, Rockefeller said, "legislation will still be needed and I would like to hear directly from our nation's business community to understand their views on cybersecurity."

Jacob Olcott, principal at Good Harbor Consulting and past counsel and lead negotiator on comprehensive cybersecurity legislation to Rockefeller, said in the years he worked on the Hill, "I cannot recall a letter that was sent to as many companies."

[In depth: Organized cybercrime revealed]

Rockefeller, who chairs the Senate Committee on Commerce, Science, and Transportation, said in the letter that the filibuster against the CSA in the Senate, "was largely due to opposition from a handful of business lobbying groups and trade associations, most notably the United States Chamber of Commerce."

He said he would be surprised if most American companies are as "intransigently opposed" to the CSA as the Chamber. "I would like to hear more -- directly from the chief executives of leading American companies about their views on cybersecurity, without the filter of beltway lobbyists," he wrote.

The letter includes eight questions to the CEOs about whether their companies have adopted a set of best practices on cybersecurity, how they were developed and what their concerns are about government involvement in private-sector cybersecurity. Rockefeller asked for responses by Oct. 19.

Not everybody is impressed. Jody Westby, CEO of Global Cyber Risk and a consultant on privacy, security and IT governance, said Rockefeller's letter is an admission that, "he was trying to force cybersecurity legislation upon the business community when he did not have the basic information to support the need for such legislation."

"At least he admits he does not understand the business community's position, but seeking information that only he and his staff will have access to is not a transparent means of substantiating regulations that he continues to call 'voluntary,'" she said.

Matthew Eggers, national security and emergency preparedness director of the Chamber, said Rockefeller misstates both the Chamber's stance and its role. "There's little disagreement about the challenges the United States faces in cyberspace or the need for federal legislation," Eggers said in a statement. "However, disagreement exists over the legislative solutions."

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News