- The Foundry: Conservative Policy News Blog from The Heritage Foundation - http://blog.heritage.org -
A Cybersecurity Offer Companies Can’t Refuse
Posted By Paul Rosenzweig On September 24, 2012 @ 10:07 am In Security | Comments Disabled
In a remarkable letter  to all Fortune 500 CEOs, Senator Jay Rockefeller (D–WV) bemoans the business community’s opposition to his cybersecurity legislation, the Cybersecurity Act of 2012. He is shocked—simply shocked, as was Captain Renaut in Casablanca—that any business institution could possibly oppose more government red tape when “security” is on the line.
Though he says that the opposition is “for some reason I cannot understand,” this lack of understanding is transparently political. The not-so-subtle threat in the letter, of course, is that if anything bad ever happens in cybersecurity, the Senator plans to blame the business community, whether they are truly responsible or not.
In August, the Senate considered Senator Rockefeller’s extensive cybersecurity bill . Most of the bill was uncontroversial and attracted widespread bipartisan support. Everyone agrees, for example, that the federal information security system needs to be modernized and that we can benefit from a great focus on cyber education.
What divided the Senate (and continues to divide it today) is the belief by some that a new regulatory program is necessary. According to its supporters, the private sector has failed to adequately protect the cyber networks, so the federal government needs to set national cybersecurity standards for the private sector. Opponents have many questions  about this approach and think it is fundamentally inconsistent with basic principles of free markets and good governance. Their efforts sidetracked the bill before the August recess.
Undeterred by this, the Obama Administration is reportedly considering the issuance of an Executive Order that would do as much in the way of mandates  as it can under existing law. And now one of the lead sponsors of the regulatory measure, Senator Rockefeller (D-WV) has returned to the fray.
An even more notable aspect of the Senator’s letter is the deeply detailed set of questions about the Fortune 500 company’s cybersecurity polices. He asks each company whether it has cybersecurity practices, when they were developed, how they were developed, how frequently they are updated and whether the federal government played any role in developing them. The Senator also asks three questions that can best be paraphrased as “please tell me what could possibly be wrong with my highly reasonable legislation and why you disagree with me when I am so obviously right?” There are a number of points one can make about this letter:
Article printed from The Foundry: Conservative Policy News Blog from The Heritage Foundation: http://blog.heritage.org
URL to article: http://blog.heritage.org/2012/09/24/a-cybersecurity-offer-companies-cant-refuse/
URLs in this post:
 remarkable letter: http://commerce.senate.gov/public/?a=Files.Serve&File_id=396eb5d5-23a4-4488-a67c-d45f62bbf9e5
 extensive cybersecurity bill: http://www.heritage.org/research/reports/2012/07/cybersecurity-act-of-2012-revised-cyber-bill-still-has-problems
 many questions: http://www.heritage.org/research/reports/2012/07/questions-on-cybersecurity-that-need-to-be-answered
 mandates: http://blog.heritage.org/2012/09/12/a-cybersecurity-executive-order-could-harm-security/
 voluntary is really a misnomer: http://www.lawfareblog.com/2012/09/senator-rockefeller-says-voluntary-cybersecurity-regulations-really-mandatory/
Copyright © 2011 The Heritage Foundation. All rights reserved.