Photo credit: Newscom
Last week, the Senate Commerce Committee issued a report to their chairman, Senator Jay Rockefeller (DâWV), claiming that most businesses supported an approach to cybersecurity similar to his Cybersecurity Act of 2012 (CSA). After reading their report, however, one thing is absolutely clearâmost businesses do not support Rockefellerâs approach and the Commerce Committee has only succeeded in twisting the truth.
In September of 2012, Rockefeller sent a letter to the CEOs of the Fortune 500 asking for each companyâs position on cybersecurity. Executed in a way that would have made Don Corleone proud, around 300 businesses responded to the Senatorâs offer. The Commerce Committee claims that most businesses that responded supported Rockefellerâs âvoluntaryâ system for public-private collaboration on cybersecurity. There are several problems, however, with the committeeâs report.
For starters, only 300 out of 500 companies responded. What about the other 200 companies? It is likely that many of these 200 companies didnât respond because they donât like Rockefellerâs approach and have no interest in being pawns in the Senatorâs game.
A more significant problem, however, is that the committee report selectively uses quotes from the companies that did respond and then falsely portrays Rockefellerâs approach to cybersecurity. The CSA has been hyped and paraded as a âvoluntaryâ and âcollaborativeâ bill and the report floats numerous quotes from businesses as evidence of this. Indeed, most businesses do support such an approach and so has The Heritage Foundation. The rub is that Senator Rockefellerâs approach is not voluntary and, as a result, is not really collaborative.
Section 103(g) of the CSA clearly states that critical infrastructure regulators âmay adopt the cybersecurity practices as mandatory requirements.â In addition, the bill would have forced regulators to explain themselves to Congress if they do not make the practices mandatory. Talk about a strong incentive to just go ahead and make the standards mandatory.
As a result, the reportâs use of cherry-picked quotes from businesses backfires and instead proves that businesses donât approve of Rockefellerâs approach. The committee report provided 49 responses focused on public-private cooperation and concerns about regulation. Of those, at least 34 are opposed to the Senatorâs approach or support it only if the standards are voluntary. Since the program isnât voluntary, that means that over two-thirds of their hand-picked businesses reject an approach similar to the CSA.
The Commerce Committee report tries to drive a wedge between businesses and the Chamber of Commerce. Instead, all it ends up doing is proving that most businesses reject the mandatory approach pushed by Senator Rockefeller. Instead of twisting the facts, the Commerce Committee would be better served if it looked for solutions that donât involve mandatory government regulation.
