The Hill

Business community open to cybersecurity legislation

US Capitol

Congress will get another chance to pass cybersecurity legislation, but exactly what shape it will take is not clear.

Last fall, cybersecurity legislation champion Sen. John Rockefeller (D-W.V.) wrote a letter to the 500 largest companies in the United States, querying their CEOs on their cybersecurity practices and views. Now, a report outlining findings from the responses shows a majority in favor of government action – but with caveats.

Rockefeller’s letter came after Congress failed to pass the Cybersecurity Act of 2012. Lawmakers were divided over certain measures, such as programs being voluntary or compulsory for critical infrastructure operators. But the report also suggests that objections from the U.S. Chamber of Commerce, which were a primary hurdle to moving the legislation forward, may not have been shared by as many companies as originally thought.

"Overall, the companies’ responses showed that the private sector is supportive of Congress’s interest in passing cybersecurity legislation," a Jan. 28 memo to Rockefeller from the Senate Committee on Commerce, Science and Transportation majority staff noted. "Further, in contrast to the Chamber of Commerce’s characterization of the legislation as creating an ‘adversarial relationship’ between the federal government and the private sector, many companies recognized the importance of increased collaboration ... and, consequently, supported the aims of a voluntary federal program for the development of cybersecurity best practices, as envisioned in the legislation."

The memo, which outlined responses from roughly 300 of the 500 companies surveyed, could provide grist for the legislative mill, as the new Congress is expected to take up cybersecurity again sometime this year. The findings bolster the case for taking action and highlight chief concerns and priorities for lawmakers to consider.

"The concerns raised about the legislation were not about whether the government should have a role with respect to cybersecurity, but about the specifics of that role and what impact that role would have on how companies respond to their cybersecurity challenges," the memo noted.

Questions posed to the companies included inquiries on whether and how the companies had adopted best practices, what the role of government should be and what the CEOs’ concerns were.

Specifically, most said they do support cyber legislation – on a voluntary basis. CEOs who responded were particularly interested in information-sharing, best practices and standardized risk assessments. Uncertainties largely centered on implementation, including mandatory requirements that could be inflexible or duplicative of security efforts already in place.

"What this letter does is indicate that the Senate commerce committee now has an additional set of inputs from a broad cross-section of large U.S. companies. It helps further the dialog," said Harriet Pearson, partner in Hogan Lovells’ privacy and information management practice. "This is new Congress; one thing we’re sure of is that cybersecurity will be on the agenda. What everyone is unsure of still is how will the nature of that debate go? There are important players who haven’t weighed in yet, notably the administration. Will it play out to be the same discussion around the same proposals, or will there be new approaches?"

Jay Rockefeller

Sen. Jay Rockefeller

The Obama administration is expected to soon issue a long-awaited executive order. According to The Hill, Sen. Tom Carper (D-Del.) indicated the EO will come later this month, after the State of the Union address. Carper also said he does not expect the same cyber bill to be re-introduced in the new Congress.

A Chamber of Commerce spokesperson directed questions to a blog post from leadership calling for continued conversation on the issue. The Chamber also is voicing ongoing support for information security bills that failed to gain traction last year as well, CISPA and the SECURE IT Act, the latter of which was a Republican-backed response to the bipartisan Cybersecurity Act of 2012.

Posted on Jan. 31, the blog seems to dispute the Senate committee’s stipulation that very few companies actually shared the Chamber’s views.

"The Chamber represents the interests of more than 3 million businesses of all sizes, sectors, and regions, as well as state and local chambers and industry associations. Over the course of the past three years we have engaged our members with weekly calls to discuss cybersecurity and decide on a workable solution," Bruce Josten, the Chamber’s executive vice president for government affairs, wrote in the blog. "In our view, industry had concerns that the bill would – in practice – establish a new regulatory regime, fostering rigid adherence to rules and procedures rather than fostering the speed and creativity necessary to protect our nation’s infrastructure."

There does seem to be at least one area of consensus, though: the need for action on cybersecurity from Washington, sooner rather than later.

"We need to focus on legislation that can make a difference right away – improvements to information sharing and other effective measures that have earned broad stakeholder support," Josten wrote.

About the Author

Amber Corrin is a former staff writer for FCW and Defense Systems.

The Fed 100

Read the profiles of all this year's winners.


  • Then-presidential candidate Donald Trump at a 2016 campaign event. Image: Shutterstock

    'Buy American' order puts procurement in the spotlight

    Some IT contractors are worried that the "buy American" executive order from President Trump could squeeze key innovators out of the market.

  • OMB chief Mick Mulvaney, shown here in as a member of Congress in 2013. (Photo credit Gage Skidmore/Flickr)

    White House taps old policies for new government makeover

    New guidance from OMB advises agencies to use shared services, GWACs and federal schedules for acquisition, and to leverage IT wherever possible in restructuring plans.

  • Shutterstock image (by Everett Historical): aerial of the Pentagon.

    What DOD's next CIO will have to deal with

    It could be months before the Defense Department has a new CIO, and he or she will face a host of organizational and operational challenges from Day One

  • USAF Gen. John Hyten

    General: Cyber Command needs new platform before NSA split

    U.S. Cyber Command should be elevated to a full combatant command as soon as possible, the head of Strategic Command told Congress, but it cannot be separated from the NSA until it has its own cyber platform.

  • Image from Shutterstock.

    DLA goes virtual

    The Defense Logistics Agency is in the midst of an ambitious campaign to eliminate its IT infrastructure and transition to using exclusively shared, hosted and virtual services.

  • Fed 100 logo

    The 2017 Federal 100

    The women and men who make up this year's Fed 100 are proof positive of what one person can make possibile in federal IT. Read on to learn more about each and every winner's accomplishments.

Reader comments

Tue, Feb 5, 2013

Cybersecurity Legislation is a LIE. It is all about supressing the First Admendment - Freedom of Speech. Our leaders have come to fear their people, so they feel that they must remove this freedom. Benjamin Franklin warned, "Those who sacrifice Liberty for some security, shall have neither."

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group