In the wake of the Senate’s failure to pass comprehensive cybersecurity legislation in August and amid continued discussion about the possibility of a cybersecurity executive order, Senator Jay Rockefeller has sought information directly from Fortune 500 companies. 

Senator Rockefeller has urged President Obama to issue a cybersecurity executive order, but in a letter sent to Fortune 500 CEOs on September 19, Senator Rockefeller explained his belief that legislation will be still be necessary.  His letter noted that he would like to hear “directly from the chief executives of leading American companies about their views on cybersecurity.”

Specifically, Senator Rockefeller requested answers to eight questions by October 19.   The questions include whether each company has adopted cybersecurity best practices; how such practices were developed, including whether the company received outside input; how frequently the company’s cybersecurity practices are updated; and whether the federal government played a role in developing the practices.  To address particular features of the proposed Cybersecurity Act of 2012 (S. 3414), of which Senator Rockefeller is a co-sponsor, the Senator asked each CEO to explain any concerns his or her company has with a voluntary program for the federal government and private sector to develop cybersecurity best practices, with the federal government conducting cyber risk assessments, and with the federal government determining, in consultation with the private sector, what counts as critical cyber infrastructure.

A complete list of recipients of Senator Rockefeller’s letter is available on the website of the Senate Committee on Commerce, Science, & Transportation, which Senator Rockefeller chairs.