Last week, the Senate Commerce Committee issued a report to their chairman, Senator Jay Rockefeller (D–WV), claiming that most businesses supported an approach to cybersecurity similar to his Cybersecurity Act of 2012 (CSA). After reading their report, however, one thing is absolutely clear—most businesses do not support Rockefeller’s approach and the Commerce Committee has only succeeded in twisting the truth.
In September of 2012, Rockefeller sent a letter to the CEOs of the Fortune 500 asking for each company’s position on cybersecurity. Executed in a way that would have made Don Corleone proud, around 300 businesses responded to the Senator’s offer. The Commerce Committee claims that most businesses that responded supported Rockefeller’s “voluntary” system for public-private collaboration on cybersecurity. There are several problems, however, with the committee’s report.
For starters, only 300 out of 500 companies responded. What about the other 200 companies? It is likely that many of these 200 companies didn’t respond because they don’t like Rockefeller’s approach and have no interest in being pawns in the Senator’s game.
A more significant problem, however, is that the committee report selectively uses quotes from the companies that did respond and then falsely portrays Rockefeller’s approach to cybersecurity. The CSA has been hyped and paraded as a “voluntary” and “collaborative” bill and the report floats numerous quotes from businesses as evidence of this. Indeed, most businesses do support such an approach and so has The Heritage Foundation. The rub is that Senator Rockefeller’s approach is not voluntary and, as a result, is not really collaborative.
Section 103(g) of the CSA clearly states that critical infrastructure regulators “may adopt the cybersecurity practices as mandatory requirements.” In addition, the bill would have forced regulators to explain themselves to Congress if they do not make the practices mandatory. Talk about a strong incentive to just go ahead and make the standards mandatory.
As a result, the report’s use of cherry-picked quotes from businesses backfires and instead proves that businesses don’t approve of Rockefeller’s approach. The committee report provided 49 responses focused on public-private cooperation and concerns about regulation. Of those, at least 34 are opposed to the Senator’s approach or support it only if the standards are voluntary. Since the program isn’t voluntary, that means that over two-thirds of their hand-picked businesses reject an approach similar to the CSA.
The Commerce Committee report tries to drive a wedge between businesses and the Chamber of Commerce. Instead, all it ends up doing is proving that most businesses reject the mandatory approach pushed by Senator Rockefeller. Instead of twisting the facts, the Commerce Committee would be better served if it looked for solutions that don’t involve mandatory government regulation.