Congressional Cybersecurity Funding Clarified

Paul Rosenzweig /

In an Issue Brief published yesterday, Heritage raised some questions about the wording of funding language in the continuing resolution (CR) pending before the House of Representatives that might permit President Obama to fund the implementation of his proposed cybersecurity executive order, instead of more clearly necessary and appropriate activities, such as the implementation of a federal intrusion detection system. The matter has now been completely clarified.

In a colloquy on the floor of the House yesterday, Representative Hal Rogers (R–KY), chair of the House Appropriations Committee, made it clear:

The language in section 137 of this CR regarding cybersecurity is explicit and clear—the phrase that is apparently in question refers solely to the Federal Network Security program. Federal Network Security is a limited program that provides security systems on government networks. So, no funds are for any new executive order. No funds or language expand any DHS [Department of Homeland Security] authorities. And, none of the funds or language in this section have anything to do with regulation of private sector infrastructure…and we have confirmed that in writing with DHS.

His colleague, ranking minority member Norm Dicks (D–WA), echoed his view:

I completely concur with his stated clarification on this CR’s funding and language regarding cybersecurity.…This provision does not intrude upon the authorizers’ jurisdiction or enable a new Executive Order in any way.

And just in case anyone wondered whether the Administration might choose to read the provision differently than the House did, notwithstanding the clarification by the House managers, the Office of Management and Budget weighed in with its own acknowledgement:

I understand you may have received some requests for clarification from offices that have mistaken the DHS Federal network security cyber funding anomalies in the CR with unrelated cybersecurity issues involving critical infrastructure. Please feel free to say that OMB has confirmed that these DHS cyber funding anomalies are exclusively for Federal network security programs consistent with the President’s FY 2013 budget request and are not related to cybersecurity for critical infrastructure or the private sector. We appreciate your clarifying this issue with those offices.

With those assurances in hand, any possibility that the requested funding would be used for the implementation of the draft executive order seems remote indeed. Congress has done well to draw the line on its spending appropriation clearly and is to be commended for making its intent clear.