Rockefeller Report Shows Industry Gave Mixed Feedback on Cybersecurity

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

A new staff report memorandum unveiled Jan. 30 by Senate Commerce Committee Chairman John D. Rockefeller IV (D-W.Va.) said that Fortune 500 companies have mixed views about a controversial cybersecurity bill that he co-sponsored in the previous Congress.

In response to an inquiry launched by Rockefeller, many companies expressed support for the goals of the bill (S. 3414), which called for a voluntary federal cybersecurity program, but concerns were raised about the possibility of such legislation leading to mandatory requirements for the private sector, according to the report, which was prepared by committee staff.

“The companies' responses will be a great resource as we refine much-needed cybersecurity legislation to improve and deepen the collaboration between our government and private sector,” Rockefeller said in a Jan. 30 statement announcing the report.

Democrats Renew Legislative Effort

Rockefeller and other key Senate Democrats recently reaffirmed their commitment to getting some form of comprehensive cybersecurity legislation enacted (12 PVLR 142, 1/28/13), after failing to do so in the previous Congress (11 PVLR 1711, 12/3/12).

Meanwhile, in light of congressional inaction thus far, the White House has said that it is considering the possibility of an executive order on cybersecurity (12 PVLR 136, 1/28/13).

In September 2012, Rockefeller sent letters to 500 of the nation's largest businesses, seeking input on the cybersecurity bill that he was pushing at the time (11 PVLR 1434, 9/24/12). S. 3414, dubbed the Cybersecurity Act, called for a government-administered program to encourage U.S. “critical infrastructure” operators to adopt voluntary best practices. The Chamber of Commerce actively lobbied against the proposal, arguing that the proposed standards could lead to government regulations. Ultimately, Republicans and Democrats were unable to reach agreement on the legislation.

According to Rockefeller's staff, 300 firms responded to the senator's inquiry. Very few were in “outright opposition” to the Cybersecurity Act, and only a subset of those explicitly characterized their positions as “in line with the Chamber of Commerce.”

“Our review … shows that the Chamber of Commerce's vehement opposition to the legislation was not shared by many companies in the private sector,” the staff report says.

In a statement reacting to the Senate report, Ann Beauchesne, the Chamber's vice president of national security and emergency preparedness, reiterated objections the group has expressed in the past about the Cybersecurity Act.

“Whether a new cybersecurity program is labeled regulatory or 'voluntary,' the fact is government officials will have the final word on the standards and practices that industry must adopt, which the Chamber opposes,” she said.

By Alexei Alexis  

Full text of the staff report memorandum is available at