Sen. Commerce Staff: Many Companies Not Opposed to Cybersecurity Guidelines

Dems conclude that analysis of Fortune 500 responses finds more agreement than was suggested

By John Eggerton -- Broadcasting & Cable, 1/30/2013 12:02:30 PM

According to a Senate Commerce Committee Democratic staff analysis, "many" of the 300 Fortune 500 companies who responded to a congressional call for input on cybersecurity legislation "support the aims of a voluntary federal program for the development of cybersecurity best practices," so long as it remains just that -- voluntary.

But that "voluntary" caveat has always been the stumbling block to a compromise cybersecurity bill, so it is unclear how much distance there is between that finding and the stances of ISPs and other industry players in opposing Democratic legislation.

That is from a memo to committee chairman Jay Rockefeller (D-W.Va.), who sent letters to all 500 companies last fall asking for input on cybersecurity legislation he supported that ultimately stalled in the face of primarily Republican opposition to a voluntary best practices regime they feared would become a government mandate.

In the letter, Rockefeller said he wanted to hear from the companies about their views of cybersecurity -- "without the filter of Beltway lobbyists." He says he is not sure that American companies are as "intransigently opposed" to the cybersecurity legislation he favors as the Chamber of Commerce, which pushed back hard against the Act, has indicated.

"Our review of the companies' answers to these questions shows that the Chamber of Commerce's vehement opposition to the legislation was not shared by many companies in the private sector," the staffers said in the memo. The individual companies' responses were not included, and there was no quantification of how many "many" represented.

According to the staffers, "many companies supported an increased government role and many supported the voluntary federal program envisioned in the Cybersecurity Act of 2012 (the Democratic version of the bill backed by Rockefeller). However, many companies also raised concerns about any new federal program that would set mandatory cybersecurity requirements, create obligations that would impact their ability to address cybersecurity issues in a flexible manner, or duplicate efforts already underway."

"Companies understand that the cyber threats we face are real and they understand that the federal government must play an important role in the nation's cybersecurity moving forward," is how Sen. Rockefeller read the responses. "The companies' responses will be a great resource as we refine much-needed cybersecurity legislation to improve and deepen the collaboration between our government and private sector."

Perhaps, but the answers also still appear to reflect the same industry stance as during the debate when the Democratic bill failed to pass. That stance was that ISPs and others recognized the need for cybersecurity protections and even legislation (like that proposed by Republicans}, but that it should focus on information sharing -- a point many companies volunteered in their responses to Rockefeller, the staffers said, even though he didn't ask. Those companies have also not been opposed in principle to voluntary guidelines if there were some way to assure they did not become "one-size-fits all" government mandates.