CybersecuritySen. Rockefeller asks Fortune 500 CEOs for cybersecurity best practices

Published 18 October 2012

Last month, Senator Jay Rockefeller (D-West Virginia) sent a letter to the CEOs of fortune 500 companies asking them what cybersecurity practices they have adopted, how these practices were adopted, who developed them, and when they were developed; many saw Rockefeller’s letter as an admission that the Obama administration does not have a basis for trying to impose cybersecurity practices on the private sector through the Cybersecurity Act of 2012, now stalled in Congress

A network security monitoring group // Source: annabaa.org

Last month, Senator Jay Rockefeller (D-West Virginia) sent a letter to the CEOs of fortune 500 companies asking them what cybersecurity practices they have adopted, how these practices were adopted, who developed them, and when they were developed.

Many saw Rockefeller’s letter as an admission that the Obama administration does not have a basis for trying to impose cybersecurity practices on the private sector through the Cybersecurity Act of 2012.

When the act failed to get through the house in early August, the Obama administration said it would consider an executive order to mandate the main clauses in the stalled act, but this has not happened yet. Forbes reports that late last month, DHS secretary Janet Napolitano said that the executive order was close to completion.

Lawmakers who favor the act are concerned about the vulnerability of U.S. critical infrastructure. General. Martin Dempsey, chairman of the Joint Chiefs of Staff, and General Keith Alexander, director of the National Security Agency(NSA) and commander of the U.S. Cyber Command, share these concerns.

The cyberthreat is real and demands immediate action,” General Alexander wrote in a letter to Senate Majority Leader Harry Reid in late July. “The time to act is now; we simply cannot afford further delay.”

None of the companies that Rockefeller wrote to had to reply to him, but he said he would be happy if those companies shared their knowledge and protection methods.

“I am writing to our country’s five hundred largest companies because the filibuster of the legislation in the Senate was largely due to opposition from a handful of business lobbying groups and trade associations, most notably the United States Chamber of Commerce,” Rockefeller wrote. “I would like to hear more — directly from the chief executives of leading American companies about their views on cybersecurity, without the filter of Beltway lobbyists.”

Forbes notes that recently, a 19-page PDF has been circulating on the Internet, which appears to be a draft document of the executive order. According to the document, two coordination centers would be set up under DHS. One would be for physical infrastructure and another for cyber infrastructure. The document also outlines strategic goals, including an overhaul of government computer systems to “enhance the protection and resilience of critical infrastructure.”

While the military, intelligence, and security experts worry about the cybersecurity aspects of the U.S. critical infrastructure, the issue has not been a significant topic in the presidential race, and it was barely mentioned in the two presidential debates between President Barack Obama and Governor Mitt Romney.