Commentary Addressing Risks and Opportunities Through the Lifecycle of Data, Technology, Advertising and Innovation

Data Counsel

Home | Data Counsel

Back in September, I posted <a href="https://www.dataprivacymonitor.com/federal-legislation/rockefeller-questions-fortune-500-on-cybersecurity-act-data-security-practices/">here</a> about Senate Commerce Committee Chairman John D. Rockefeller&rsquo;s (D-WV) letters to all FORTUNE 500 companies inquiring about business opposition to cybersecurity legislation.&nbsp; This morning, Rockefeller <a href="http://commerce.senate.gov/public/?a=Files.Serve&amp;File_id=5a85f211-a5c9-4306-9c84-d3a6b88024f6">released a report by his staff summarizing the gist of the roughly 300 responses he&rsquo;s received to date</a>.&nbsp; The report does not mention any companies or executives by name, but, <a href="http://commerce.senate.gov/public/?a=Files.Serve&amp;File_id=03ecf11a-8194-4ace-bac8-06a11fcd4724">together with an illustrative table</a>, quotes anonymously and selectively from the responses received.&nbsp; Following is an overview of the report&rsquo;s findings.
<ul>
<li>Over 80 of the Fortune 100 responded, with the rate falling off after that.&nbsp; Staff views the overall response rate as a &ldquo;very positive sign that America&rsquo;s largest companies and top business executives are taking the issue of cybersecurity seriously.&rdquo;&nbsp; </li>
<li>All responses stated that they have developed cybersecurity practices to protect their infrastructure from cyber attacks, often based on legal compliance requirements.&nbsp; Many companies rely on audit firms and sector-focused trade groups to benchmark and develop their practices.&nbsp; Responses illustrated the federal government&rsquo;s &ldquo;ad hoc&rdquo; approach to cybersecurity, involving sector-specific agencies and programs in the areas of chemicals, financial services, telecommunications and defense.</li>
<li>Staff&rsquo;s review found that opposition to the legislation by the US Chamber of Commerce and other groups, while shared by some, was not shared by many companies; that overall, the private sector is supportive of passing cybersecurity legislation.&nbsp; Many companies support an increased government role, a voluntary federal program, and increased information-sharing between the private sector and the government.&nbsp; A variety of companies support greater cybersecurity R&amp;D and workforce training.</li>
<li>Concerns raised about the legislation were about the specifics of the government&rsquo;s role and what impact it would have on companies, such as whether voluntary requirements could become mandatory and would impact the ability to address cybersecurity issues in a flexible manner, or duplicate efforts already underway.&nbsp; Another common concern was the need to adequately protect the confidentiality of information shared with the federal government during cyber threat assessments.&nbsp; Companies in the financial and electric sectors expressed concern that existing regulatory relations would be disrupted.</li>
</ul>
It&rsquo;s clear from today&rsquo;s release and the aspirational measure Rockefeller introduced with fellow Democratic Committee Chairmen last week, <a href="http://www.gpo.gov/fdsys/pkg/BILLS-113s21is/pdf/BILLS-113s21is.pdf">S. 21, the Cybersecurity and American Cyber Competitiveness Act of 2013</a> that he and his colleagues intend to pursue legislation this year.&nbsp; It&rsquo;s quite unclear how or when that will happen.&nbsp; Readers will recall that last year the Senate failed to advance legislation repeatedly, prompting the President to consider issuing an Executive Order.&nbsp; While it&rsquo;s still quite early in the 113th Congress, the political calculus post-November seems to favor a continued stalemate:&nbsp; Democrats gained only a couple seats in the Senate, five votes short of a 60-vote, filibuster-proof majority.&nbsp; Also, unlike certain other issues, arguably, the election was hardly a referendum on or endorsement of the Senate bill or the President&rsquo;s plan for cybersecurity.&nbsp; Nonetheless, hope springs eternal on Capitol Hill so we&rsquo;ll continue to stay abreast of developments.

Rockefeller Releases Results of Fortune 500 Survey on Cybersecurity