Sen. Rockefeller Requests CEOs of Every Fortune 500 Company to Describe Cybersecurity Practices

Sen. Jay Rockefeller (D-WV) is sending letters to CEOs at every Fortune 500 company asking them to identify their cybersecurity practices and efforts to protect critical infrastructure. Prior efforts to enact cybersecurity legislation during the 112th Congress have been ineffective, as comprehensive cybersecurity legislation was blocked by a filibuster. Rockefeller has also urged President Obama to address cybersecurity issues through an Executive Order.

Sen. Rockefeller is requesting the CEOs to respond by October 19, 2012 to 8 questions:

  1. Has your company adopted a set of best practices to address its cybersecurity needs?
  2. If so, how were these cybersecurity practices developed?
  3. Were they developed by the company solely, or were they developed outside the company? If developed outside the company, please list the institution, association, or entity that developed them?
  4. When were these cybersecurity practices developed? How frequently have they been updated? Does your company’s board of directors or audit committee keep abreast of developments regarding the development and implementation of these practices?
  5. Has the federal government played any role, whether advisory or otherwise, in the development of these cybersecurity practices?
  6. What are your concerns, if any, with a voluntary program that enables the federal government and the private sector to develop, in coordination, best cybersecurity practices for companies to adopt as they so choose, as outlined in the Cybersecurity Act of 2012?
  7. What are your concerns, if any, with the federal government conducting risk assessments, in coordination with the private sector, to best understand where our nation’s cyber vulnerabilities are, as outlined in the Cybersecurity Act of 2012?
  8. What are your concerns, if any, with the federal government determining, in coordination with the private sector, the country’s most critical cyber infrastructure, as outlined in the Cybersecurity Act of 2012?

A list of the companies who will receive the letter is available here. While comprehensive legislation appears unlikely during this session of Congress, cybersecurity remains a top priority for certain legislators.

Tags: Privacy and Information Security