The Hill

Business community open to cybersecurity legislation

US Capitol

Congress will get another chance to pass cybersecurity legislation, but exactly what shape it will take is not clear.

Last fall, cybersecurity legislation champion Sen. John Rockefeller (D-W.V.) wrote a letter to the 500 largest companies in the United States, querying their CEOs on their cybersecurity practices and views. Now, a report outlining findings from the responses shows a majority in favor of government action – but with caveats.

Rockefeller’s letter came after Congress failed to pass the Cybersecurity Act of 2012. Lawmakers were divided over certain measures, such as programs being voluntary or compulsory for critical infrastructure operators. But the report also suggests that objections from the U.S. Chamber of Commerce, which were a primary hurdle to moving the legislation forward, may not have been shared by as many companies as originally thought.

"Overall, the companies’ responses showed that the private sector is supportive of Congress’s interest in passing cybersecurity legislation," a Jan. 28 memo to Rockefeller from the Senate Committee on Commerce, Science and Transportation majority staff noted. "Further, in contrast to the Chamber of Commerce’s characterization of the legislation as creating an ‘adversarial relationship’ between the federal government and the private sector, many companies recognized the importance of increased collaboration ... and, consequently, supported the aims of a voluntary federal program for the development of cybersecurity best practices, as envisioned in the legislation."

The memo, which outlined responses from roughly 300 of the 500 companies surveyed, could provide grist for the legislative mill, as the new Congress is expected to take up cybersecurity again sometime this year. The findings bolster the case for taking action and highlight chief concerns and priorities for lawmakers to consider.

"The concerns raised about the legislation were not about whether the government should have a role with respect to cybersecurity, but about the specifics of that role and what impact that role would have on how companies respond to their cybersecurity challenges," the memo noted.

Questions posed to the companies included inquiries on whether and how the companies had adopted best practices, what the role of government should be and what the CEOs’ concerns were.

Specifically, most said they do support cyber legislation – on a voluntary basis. CEOs who responded were particularly interested in information-sharing, best practices and standardized risk assessments. Uncertainties largely centered on implementation, including mandatory requirements that could be inflexible or duplicative of security efforts already in place.

"What this letter does is indicate that the Senate commerce committee now has an additional set of inputs from a broad cross-section of large U.S. companies. It helps further the dialog," said Harriet Pearson, partner in Hogan Lovells’ privacy and information management practice. "This is new Congress; one thing we’re sure of is that cybersecurity will be on the agenda. What everyone is unsure of still is how will the nature of that debate go? There are important players who haven’t weighed in yet, notably the administration. Will it play out to be the same discussion around the same proposals, or will there be new approaches?"

Jay Rockefeller

Sen. Jay Rockefeller

The Obama administration is expected to soon issue a long-awaited executive order. According to The Hill, Sen. Tom Carper (D-Del.) indicated the EO will come later this month, after the State of the Union address. Carper also said he does not expect the same cyber bill to be re-introduced in the new Congress.

A Chamber of Commerce spokesperson directed questions to a blog post from leadership calling for continued conversation on the issue. The Chamber also is voicing ongoing support for information security bills that failed to gain traction last year as well, CISPA and the SECURE IT Act, the latter of which was a Republican-backed response to the bipartisan Cybersecurity Act of 2012.

Posted on Jan. 31, the blog seems to dispute the Senate committee’s stipulation that very few companies actually shared the Chamber’s views.

"The Chamber represents the interests of more than 3 million businesses of all sizes, sectors, and regions, as well as state and local chambers and industry associations. Over the course of the past three years we have engaged our members with weekly calls to discuss cybersecurity and decide on a workable solution," Bruce Josten, the Chamber’s executive vice president for government affairs, wrote in the blog. "In our view, industry had concerns that the bill would – in practice – establish a new regulatory regime, fostering rigid adherence to rules and procedures rather than fostering the speed and creativity necessary to protect our nation’s infrastructure."

There does seem to be at least one area of consensus, though: the need for action on cybersecurity from Washington, sooner rather than later.

"We need to focus on legislation that can make a difference right away – improvements to information sharing and other effective measures that have earned broad stakeholder support," Josten wrote.

About the Author

Amber Corrin is a former staff writer for FCW and Defense Systems.

FCW in Print

In the latest issue: Looking back on three decades of big stories in federal IT.


  • Anne Rung -- Commerce Department Photo

    Exit interview with Anne Rung

    The government's departing top acquisition official said she leaves behind a solid foundation on which to build more effective and efficient federal IT.

  • Charles Phalen

    Administration appoints first head of NBIB

    The National Background Investigations Bureau announced the appointment of its first director as the agency prepares to take over processing government background checks.

  • Sen. James Lankford (R-Okla.)

    Senator: Rigid hiring process pushes millennials from federal work

    Sen. James Lankford (R-Okla.) said agencies are missing out on younger workers because of the government's rigidity, particularly its protracted hiring process.

  • FCW @ 30 GPS

    FCW @ 30

    Since 1987, FCW has covered it all -- the major contracts, the disruptive technologies, the picayune scandals and the many, many people who make federal IT function. Here's a look back at six of the most significant stories.

  • Shutterstock image.

    A 'minibus' appropriations package could be in the cards

    A short-term funding bill is expected by Sept. 30 to keep the federal government operating through early December, but after that the options get more complicated.

  • Defense Secretary Ash Carter speaks at the TechCrunch Disrupt conference in San Francisco

    DOD launches new tech hub in Austin

    The DOD is opening a new Defense Innovation Unit Experimental office in Austin, Texas, while Congress debates legislation that could defund DIUx.

Reader comments

Tue, Feb 5, 2013

Cybersecurity Legislation is a LIE. It is all about supressing the First Admendment - Freedom of Speech. Our leaders have come to fear their people, so they feel that they must remove this freedom. Benjamin Franklin warned, "Those who sacrifice Liberty for some security, shall have neither."

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group