Yesterday, Senate Commerce, Science & Technology Chairman John D. Rockefeller IV sent letters to the CEOs of the Fortune 500 companies expressing his disappointment in the Senate’s stalemate on cybersecurity legislation, as well as his desire for President Obama to issue an Executive Order. In the identical letters, which were sent to companies ranging from Exxon to IBM to Toys R US to Hormel Foods, the chairman blamed business lobbying groups and trade association (singling out the Chamber of Commerce) as being behind the stalled legislation.
Rockefeller asked each CEO eight questions about his or her company’s view on cybersecurity and what their specific concerns are with particular issues contained in the legislation. He asked about the company’s own cyber best practices and how they came about. He also asked whether the federal government assisted in the development and what concerns the company may have with a voluntary public-private sector regime for developing best practices, as described in the Senate legislation. He also asked what the company’s concerns are with the federal government conducting risk assessments of cyber vulnerabilities and determining the most critical cyber infrastructure.
The letters send a clear message to corporate America – the Senators pushing for comprehensive cybersecurity legislation that includes some form of federal government role in best practices and critical infrastructure risk assessments aren’t giving up on the legislation yet. Rockefeller is pushing that message outside of Washington by circumventing the associations and trade groups that have led the charge against the legislation and going directly to corporate executives. Maybe he wants to better understand their reasoning for opposing the legislation. Maybe he wants to educate them on what is happening in D.C. Or perhaps he wants to put each of the corporations on the spot. It is an interesting tactic, whatever the reason.
During the past several weeks, we’ve seen more senators call for a cybersecurity Executive Order. We’ve seen renewed calls for legislation. We’ve also seen both parties include cyber in their platforms for the first time. It is clear that cybersecurity is not going away as an issue in Washington or, if Senator Rockefeller and others have their way, as an economic issue. I expect that the national security messaging around cybersecurity may soon be expanded to include economic security, something we have seen less of in the recent debates. When the Pet Smarts, Bed Bath & Beyonds, and Kelloggs of the world are getting pulled into the debate, as they are with letters from Senator Rockefeller, it is hard to see cybersecurity policymaking as either a fading issue or one that any part of corporate America can ignore.