This morning Senator Jay Rockefeller (D-WV) released a staff memorandum summarizing the responses he received from the CEOs of Fortune 500 companies about their cybersecurity practices.1 The memorandum contends that the roughly 300 responses Senator Rockefeller received to his September 19, 2012 letter suggest that many companies support increased information-sharing between companies and between the private sector and the government, voluntary programs to protect critical infrastructure and to develop cybersecurity best practices, and creation of a single, coordinated framework that will combine or coordinate existing federal requirements.2 While the memorandum suggests that companies are wary of mandatory cybersecurity requirements and inflexible “one-size-fits-all” solutions or “check-the box” compliance regimes, its release seems designed to help build support for enactment of new cybersecurity legislation of the kind that failed during the last session of Congress.
During the 2012 congressional session, Senators Lieberman (D-CT) and Collins (R-ME), with the support of Senator Rockefeller and the Democratic leadership, introduced omnibus cybersecurity legislation with the support of the Democratic leadership.3 A group of Republican Senators responded with their own bill. Efforts to pass the Lieberman-Collins bill failed twice, last August and last November. We now anticipate that President Obama will issue an executive order during the first half of 2013 on improving cybersecurity practices in critical infrastructure sectors.4 But Senator Rockefeller’s staff memorandum indicates that efforts to try again for cybersecurity legislation are under way. Just a few weeks ago, Senator Rockefeller introduced S. 21, a brief sense-of-Congress bill on the need for more federal cybersecurity initiatives, including greater efforts to promote private-public information-sharing.5
1 The staff memorandum and a table of examples of responses from the Fortune 500 companies can be found at http://commerce.senate.gov/public/index.cfm?p=PressReleases&ContentRecord_id=a7724495-5435-438d-8fc6-286219a5cf1d.
2 Senator Rockefeller’s letter can be found here.
3A summary and analysis of that bill can be found here.
4 The most recent publicly released draft of the executive order can be found here.
5 S. 21 is available here: http://www.gpo.gov/fdsys/pkg/BILLS-113s21is/pdf/BILLS-113s21is.pdf. Its other co-sponsors are Senators Tom Carper (D-DE), Dianne Feinstein (D-CA), Carl Levin (D-MI), Barbara Mikulski (D-MD), Sheldon Whitehouse (D-RI), and Chris Coons (D-DE).
