Top U.S. firms open to voluntary cybersecurity rules: Senate

WASHINGTON Wed Jan 30, 2013 1:33pm EST

U.S. Marine Sergeant Michael Kidd works on a computer at ECPI University in Virginia Beach, Virginia, February 7, 2012. REUTERS/Samantha Sais

U.S. Marine Sergeant Michael Kidd works on a computer at ECPI University in Virginia Beach, Virginia, February 7, 2012.

Credit: Reuters/Samantha Sais

Related Topics

WASHINGTON (Reuters) - Many Fortune 500 companies support the creation of federal cybersecurity standards to protect them from Internet threats like hacking as long as they are voluntary, according to a Senate survey of top U.S. chief executives released on Wednesday.

The report resulted from letters sent to Fortune 500 companies in September by Senator Jay Rockefeller, the Democrat from West Virginia who last year authored a now-expired cybersecurity bill and is now renewing his push for such legislation.

Better protection from cyber threats has taken on growing urgency in Washington, with top officials warning of the potentially devastating impact of cyber attacks that could undermine key infrastructure, which is mostly privately owned.

Some 300 top companies in a variety of industries responded to the survey, according to the report compiled by the staff of the Senate Committee on Commerce, Science, and Transportation, which Rockefeller chairs.

Reflecting that growing interest in better securing networks, computers and data from cyber attacks, the survey showed broad support of the effort to pass new cybersecurity laws and collaborate with the federal government. But the report also showed concerns that new standards would become mandatory, inflexible or duplicative.

"The concerns raised about the legislation were not about whether the government should have a role with respect to cybersecurity, but about the specifics of that role and what impact that role would have on how companies respond to their cybersecurity challenges," the report said.

One Fortune 500 company, for example, responded that it had "no fundamental concerns with a voluntary U.S. program if it is indeed voluntary, as opposed to a program developed from a regulatory or compliance perspective or by the unfortunate notion that companies should be required to disclose breaches or vulnerabilities." The quote was one of dozens cited in the report, which did not identify the firms by name.

Similar concerns helped undermine Rockefeller's efforts last year, although his bill did propose a voluntary system of rules. In particular, the influential business lobby U.S. Chamber of Commerce vehemently opposed the 2012 cyber legislation.

Wednesday's report sought to highlight some discord between the chamber's position and the generally positive comments from Fortune 500 companies about closer collaboration with the federal government and the need to update the current system, which has been criticized as ad hoc.

The chamber's Ann Beauchesne, vice president of national security and emergency preparedness, reiterated the lobby's concern on Wednesday.

"Voluntary standards sound great in theory, but the devil is in the details," she said. "Whether a new cybersecurity program is labeled regulatory or 'voluntary,' the fact is, government officials will have the final word on the standards and practices that industry must adopt, which the Chamber opposes."

(Reporting by Alina Selyukh; Editing by Philip Barbara)

We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see
Comments (1)
Burns0011 wrote:
The standards must be *in*voluntary, or companies *will* skimp, cut corners, and otherwise evade the standards.

Jan 30, 2013 1:59pm EST  --  Report as abuse
This discussion is now closed. We welcome comments on our articles for a limited period after their publication.