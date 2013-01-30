WASHINGTON Jan 30 Many Fortune 500 companies
support the creation of federal cybersecurity standards to
protect them from Internet threats like hacking as long as they
are voluntary, according to a Senate survey of top U.S. chief
executives released on Wednesday.
The report resulted from letters sent to Fortune 500
companies in September by Senator Jay Rockefeller, the Democrat
from West Virginia who last year authored a now-expired
cybersecurity bill and is now renewing his push for such
legislation.
Better protection from cyber threats has taken on growing
urgency in Washington, with top officials warning of the
potentially devastating impact of cyber attacks that could
undermine key infrastructure, which is mostly privately owned.
Some 300 top companies in a variety of industries responded
to the survey, according to the report compiled by the staff of
the Senate Committee on Commerce, Science, and Transportation,
which Rockefeller chairs.
Reflecting that growing interest in better securing
networks, computers and data from cyber attacks, the survey
showed broad support of the effort to pass new cybersecurity
laws and collaborate with the federal government. But the report
also showed concerns that new standards would become mandatory,
inflexible or duplicative.
"The concerns raised about the legislation were not about
whether the government should have a role with respect to
cybersecurity, but about the specifics of that role and what
impact that role would have on how companies respond to their
cybersecurity challenges," the report said.
One Fortune 500 company, for example, responded that it had
"no fundamental concerns with a voluntary U.S. program if it is
indeed voluntary, as opposed to a program developed from a
regulatory or compliance perspective or by the unfortunate
notion that companies should be required to disclose breaches or
vulnerabilities." The quote was one of dozens cited in the
report, which did not identify the firms by name.
Similar concerns helped undermine Rockefeller's efforts last
year, although his bill did propose a voluntary system of rules.
In particular, the influential business lobby U.S. Chamber of
Commerce vehemently opposed the 2012 cyber legislation.
Wednesday's report sought to highlight some discord between
the chamber's position and the generally positive comments from
Fortune 500 companies about closer collaboration with the
federal government and the need to update the current system,
which has been criticized as ad hoc.
The chamber's Ann Beauchesne, vice president of national
security and emergency preparedness, reiterated the lobby's
concern on Wednesday.
"Voluntary standards sound great in theory, but the devil is
in the details," she said. "Whether a new cybersecurity program
is labeled regulatory or 'voluntary,' the fact is, government
officials will have the final word on the standards and
practices that industry must adopt, which the Chamber opposes."