Printed from

Top U.S. firms open to voluntary cyber security rules, Senate says

Posted On: Jan. 31, 2013 12:00 AM CST

(Reuters) — Many Fortune 500 companies support the creation of federal cyber security standards to protect them from Internet threats like hacking as long as they are voluntary, according to a Senate survey of top U.S. chief executives released on Wednesday.

The report resulted from letters sent to Fortune 500 companies in September by Sen. Jay Rockefeller, the Democrat from West Virginia who last year authored a now-expired cyber security bill and is now renewing his push for such legislation.

Better protection from cyber threats has taken on growing urgency in Washington, with top officials warning of the potentially devastating impact of cyber attacks that could undermine key infrastructure, which is mostly privately owned.

Some 300 top companies in a variety of industries responded to the survey, according to the report compiled by the staff of the Senate Committee on Commerce, Science, and Transportation, which Sen. Rockefeller chairs.

Reflecting that growing interest in better securing networks, computers and data from cyber attacks, the survey showed broad support of the effort to pass new cyber security laws and collaborate with the federal government. But the report also showed concerns that new standards would become mandatory, inflexible or duplicative.

"The concerns raised about the legislation were not about whether the government should have a role with respect to cyber security, but about the specifics of that role and what impact that role would have on how companies respond to their cyber security challenges," the report said.


One Fortune 500 company, for example, responded that it had "no fundamental concerns with a voluntary U.S. program if it is indeed voluntary, as opposed to a program developed from a regulatory or compliance perspective or by the unfortunate notion that companies should be required to disclose breaches or vulnerabilities." The quote was one of dozens cited in the report, which did not identify the firms by name.

Similar concerns helped undermine Sen. Rockefeller's efforts last year, although his bill did propose a voluntary system of rules. In particular, the influential business lobby U.S. Chamber of Commerce vehemently opposed the 2012 cyber legislation.

Wednesday's report sought to highlight some discord between the chamber's position and the generally positive comments from Fortune 500 companies about closer collaboration with the federal government and the need to update the current system, which has been criticized as ad hoc.

The chamber's Ann Beauchesne, vice president of national security and emergency preparedness, reiterated the lobby's concern on Wednesday.

"Voluntary standards sound great in theory, but the devil is in the details," she said. "Whether a new cyber security program is labeled regulatory or 'voluntary,' the fact is, government officials will have the final word on the standards and practices that industry must adopt, which the Chamber opposes."