Top US firms open to voluntary cybersecurity rules, Senate says
WASHINGTON, Jan 30 (Reuters) - Many Fortune 500 companies support the creation of federal cybersecurity standards to protect them from Internet threats like hacking as long as they are voluntary, according to a Senate survey of top U.S. chief executives released on Wednesday.
The report resulted from letters sent to Fortune 500 companies in September by Senator Jay Rockefeller, the Democrat from West Virginia who last year authored a now-expired cybersecurity bill and is now renewing his push for such legislation.
Better protection from cyber threats has taken on growing urgency in Washington, with top officials warning of the potentially devastating impact of cyber attacks that could undermine key infrastructure, which is mostly privately owned.
Some 300 top companies in a variety of industries responded to the survey, according to the report compiled by the staff of the Senate Committee on Commerce, Science, and Transportation, which Rockefeller chairs.
Reflecting that growing interest in better securing networks, computers and data from cyber attacks, the survey showed broad support of the effort to pass new cybersecurity laws and collaborate with the federal government. But the report also showed concerns that new standards would become mandatory, inflexible or duplicative.
"The concerns raised about the legislation were not about whether the government should have a role with respect to cybersecurity, but about the specifics of that role and what impact that role would have on how companies respond to their cybersecurity challenges," the report said.
One Fortune 500 company, for example, responded that it had "no fundamental concerns with a voluntary U.S. program if it is indeed voluntary, as opposed to a program developed from a regulatory or compliance perspective or by the unfortunate notion that companies should be required to disclose breaches or vulnerabilities." The quote was one of dozens cited in the report, which did not identify the firms by name.
Similar concerns helped undermine Rockefeller's efforts last year, although his bill did propose a voluntary system of rules. In particular, the influential business lobby U.S. Chamber of Commerce vehemently opposed the 2012 cyber legislation.
Wednesday's report sought to highlight some discord between the chamber's position and the generally positive comments from Fortune 500 companies about closer collaboration with the federal government and the need to update the current system, which has been criticized as ad hoc.
The chamber's Ann Beauchesne, vice president of national security and emergency preparedness, reiterated the lobby's concern on Wednesday.
"Voluntary standards sound great in theory, but the devil is in the details," she said. "Whether a new cybersecurity program is labeled regulatory or 'voluntary,' the fact is, government officials will have the final word on the standards and practices that industry must adopt, which the Chamber opposes."