Senate Commerce Committee’s Probe of Fortune 500 Corporate Cybersecurity is Unprecedented; Responses Requested Oct. 19
On 19 September, Senator Jay Rockefeller (D-WV) sent an unprecedented letter to the chief executives of the 500 largest companies in the United States, asking probing questions. The letter is noteworthy in several respects:
Complexity of the topic – Several of the eight questions posed by the letter ask for information on the “best practices” used by the recipient company to address “its own cybersecurity needs.”
The letter requests a description of such practices, their provenance (i.e., whether based on ISO or other standards, or developed in-house), and the board-level and enterprise-wide governance used to oversee their implementation.
When asked of complex and large organizations such as the Fortune 500, such questions while seemingly simple require considerable work to answer meaningfully and accurately. Organizations of scale typically employ multiple approaches and practices — technological, management and policy — to assess and manage cybersecurity and related risks.
Sensitivity of the information – While the Commerce Committee intends to maintain the confidentiality of individual corporate responses, given the sensitivity of the topic it is also prudent to draft such responses so as to minimize risk if confidentiality is unexpectedly compromised.
Complexity of the politics – Government and business leaders uniformly agree that cybersecurity risk has increased and additional efforts by government, industry, and individuals are needed. Substantial disagreement exists, however, as to the role of government to help industry ― which owns and operates over 80 percent of the United States’ critical infrastructure ― protect its key operations.
Much of the letter ― four out of the eight questions ― probes its recipients directly for their views on the appropriate role of government in this area.
Any responses to the Rockefeller letter should be informed by an understanding of the extremely complex global political environment involving the White House (which recently indicated it is preparing an Executive Order on this topic), Congress (which is divided as to the scope of needed legislation and executive branch action), key business groups such as the U.S. Chamber of Commerce, and other governments (such as the European Union) with an interest in developing policy on this subject.
Hogan Lovells lawyers are providing complementary briefings for firm clients to provide current insights on the Commerce Committee letter and relevant considerations. To request a briefing, contact Sonya Snyder Erickson at firstname.lastname@example.org.
On 26 September 2016, a new EU-US collaboration between the European Medicines Agency (EMA) and the United States Food and Drug Administration (FDA) was announced. This new collaboration is ...06 October 2016
On 1 September 2016, the European Medicines Agency ("EMA") opened for public consultation a Draft revision to its Guideline on the assessment of clinical safety and efficacy in the...08 September 2016