Cybersecurity bill: Why senator is taking his case straight to top CEOs

Amid opposition from business groups to a cybersecurity bill, Sen. Jay Rockefeller is writing CEOs of the nation's top 500 companies for their views 'without the filter of Beltway lobbyists.'

|
J. Scott Applewhite/AP/FILE
In this 2011 photo, Senate Commerce Committee Chairman Sen. Jay Rockefeller, D-W.Va., gestures during a committee hearing on Capitol Hill in Washington.

Seeking to overcome opposition from the US Chamber of Commerce and other business groups to a cybersecurity bill, Sen. Jay Rockefeller (D) of West Virginia took the unusual step Wednesday of writing the CEOs of the 500 largest US companies to request their views on cybersecurity and the legislation aimed at protecting the nation’s critical infrastructure from computer attacks.

Senator Rockefeller wrote a day after two other Senate Democrats, Chris Coons of Delaware and Richard Blumenthal of Connecticut, wrote a joint letter to President Obama calling on him to issue an executive order aimed at protecting critical infrastructure from cyberattack. Rockefeller and Sen. Diane Feinstein (D) of California also have called for presidential action.

Speculation that the president might be weighing such an order emerged less than a week after the Senate on Aug. 2 failed to pass cybersecurity legislation, effectively filibustering the bill by falling short (52-46) of the 60 votes needed to cut off debate.

Frustration has grown on Capitol Hill, in no small part due to explicit warnings about the growing cyberthreat from the nation's top military leaders, Gen. Martin Dempsey, chairman of the Joint Chiefs of Staff, and Gen. Keith Alexander, director of the National Security Agency, who also leads the Pentagon's new US Cyber Command.

"The cyberthreat is real and demands immediate action," General Alexander wrote in a letter to Senate Majority Leader Harry Reid in late July. "The time to act is now; we simply cannot afford further delay."

Recipients of Rockefeller’s letter included Virginia Rometty, CEO of IBM, as well as the chiefs of ExxonMobil, Wal-Mart, General Electric, Ford and big utility companies. But the mailing list also sent it to many company chieftans whose cybernetworks are unlikely to be vital to the nation's welfare.

While Rockefeller has in the past polled small groups of businesses, it was apparently the first time detailed views on this subject were being requested en masse. Responses to such letters are purely voluntary, but usually receive thoughtful replies, according to a spokesman for the Senate Commerce, Science and Transportation committee where Rockefeller serves as chairman.

Rockefeller's letter appeared aimed at building an independent assessment of business viewpoints that might defuse lobbying that many blamed for the failed vote.

"I am writing to our country's five hundred largest companies because the filibuster of the legislation in the Senate was largely due to opposition from a handful of business lobbying groups and trade associations, most notably the United States Chamber of Commerce," Rockefeller wrote. "I would like to hear more – directly from the chief executives of leading American companies about their views on cybersecurity, without the filter of Beltway lobbyists."

The letter includes eight questions including insight into whether cybersecurity best practices have been adopted, where they come from, and what concerns, if any, the company might have in working with the federal government in a voluntary program that includes information sharing on cyberthreats.

"I would be surprised to learn that many other American companies," he continues, "are as intransigently opposed to our cybersecurity legislative efforts as the Chamber of Commerce has indicated they are."

Chamber officials have said cybersecurity legislation would inevitably devolved into a "government-managed process," wrote R. Bruce Josten, executive vice president of the Chamber in a July open letter to the Senate. Even voluntary federal guidelines would "impose new obligations on participating companies," he wrote.

Amid the Capitol Hill ferment, the White House has appeared to be quite serious about developing an executive order to boost cybersecurity in the absence of congressional action and amid public calls for action.

One possible indication the president might be willing to take such action is a 19-page PDF document circulating on the Internet that appears to be a draft document detailing steps the government could take on its own if Congress doesn't act.

According to that document, two coordination centers – one for physical infrastructure and another for cyber – would be set up under the Department of Homeland Security. In addition to developing a "near-real time common operating picture for critical infrastructure that includes actionable information about imminent and emergency threats," the document also outlines strategic goals, including an overhaul of government computer systems to "enhance the protection and resilience of critical infrastructure."

Such an executive order, however, could only mandate federal agencies to obey and would work only on a voluntary basis with private business – which actually own and operate 85 percent of the nation's vital networks. The government would share threat information with business – and offer up new "metrics" provided by government agencies to help them protect their systems from cyber attack.

One inducement for private industry to partner with the federal government under the Senate legislation would be immunity from liability in the event of a cyberattack. Any order the president offers can't offer such a guarantee.

Cybersecurity experts are similarly skeptical of any measures that are purely voluntary, noting that voluntary standards put forward by the utility industry and by the federal National Institute of Standards and Technology already exist, yet have done little to bolster cybersecurity.

"We know how to make networks more secure, that's not the issue," says James Lewis, a cybersecurity expert at the Center for Strategic and International Studies in Washington. "We have voluntary standards that have been laid out. But we won't be secure until someone has the nerve to require that people use these standards."

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to Cybersecurity bill: Why senator is taking his case straight to top CEOs
Read this article in
https://www.csmonitor.com/USA/Politics/2012/0919/Cybersecurity-bill-Why-senator-is-taking-his-case-straight-to-top-CEOs
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe