From: The Wall Street Journal
By SIOBHAN GORMAN
Fortune 500 companies in a range of industries back a system of voluntary cybersecurity standards, according to a Senate survey by a strong backer of a new legislative push to protect computer networks.
The findings suggest there might be a disagreement between the U.S. Chamber of Commerce and many of the nearly 300 companies that responded to questions from the Senate Commerce Committee chairman. The Chamber worked aggressively last year to defeat a bill to create a voluntary-standards regime and faulted the new survey.
Companies from sectors including financial services, communications, transportation and energy voiced support for voluntary standards, coordinated between the U.S. and industry.
These responses come as a growing number of financial-services companies have come under assault from what Pentagon officials say are Iranian-backed hackers, prompting banks to press the federal government for action to stop the assaults.
The companies responded to a letter from Sen. Jay Rockefeller (D., W.Va.), who in September wrote to all Fortune 500 chief executives to ask about their handling of cybersecurity and their positions on policy proposals such as voluntary standards.
Mr. Rockefeller was seeking to gather data that might show a split between the Chamber and individual companies. He plans to use the responses to his query to bolster his case for a revamped version of the bill.
Chamber officials said on Tuesday that companies voicing support for voluntary standards likely didn’t understand how those could play out. “They probably didn’t fully understand the implications of it. I think they were thinking, ‘In theory, that sounds great,’ ” said Ann Beauchesne, the Chamber’s vice president for national security. “In practice, it can be standards-driven compliance.”
The Wall Street Journal reviewed a copy of the committee report outlining the survey results. The report, written by Democratic committee staff, doesn’t identify responses with named companies, so company positions could not be independently verified. Companies responded to the letters with the understanding their answers wouldn’t be made public.