The Public Eye with Eric Chabrow

Cybersec Exec Order: Making It Happen

Could Bill's 'Loose Language' Fund Volunantary Standards Order?

Congressional opponents who have blocked legislation to establish voluntary IT security standards for mostly privately owned critical information networks could end up funding such an initiative anyway.

See Also: Live Discussion | Securing Business Growth: The Road to 24/7 Threat Detection and Response

Language in a pending continuing resolution - a bill to temporarily fund the federal government, if enacted - might be construed to allow the Department of Homeland Security to set up the process to promote the voluntary standards that many opponents, mostly Republicans, fear could lead to government regulations.

The language is so loose that the only real stipulation is that it be used for operations necessary to establish and sustain essential operations. 

The Obama White House has hinted since the Senate failed last month to enact the Cybersecurity Act of 2012 that it might issue an executive order that reportedly mirrors some provision of the bill regarding security standards, which DHS would oversee [see Senate Votes to Block Cybersecurity Act Action].

House Joint Resolution 117 would appropriate $1.17 billion to DHS's Infrastructure Protection and Information Security program, including $328 million for network security deployment and $218 million for federal network security. That leaves more than $600 million unaccounted for, Paul Rosenzweig writes in a blog posted on the website of the Heritage Foundation, a conservative think tank where he's a visiting fellow.

"The language is so loose that the only real stipulation is that it be used for operations necessary to establish and sustain essential cybersecurity operations," says Rosenzweig, an opponent of regulating owners of critical IT security networks. "As a result of such broad language, over $820 million [which includes the $218 million for federal network security] would be made available for implementing an executive order, even though only a draft is being circulated."

Rosenzweig says it's unlikely that the money was added for the explicit purpose of funding an executive order. His interpretation of the resolution's language has alerted Republican sponsors, who one would expect either to remove the funding or specify how it could not be used for such an executive order.

Still, don't be surprised if President Obama issues the executive order, money could be found somewhere in the federal coffers to fund it, regardless of how sponsors amend the continuing resolution.

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.