Data leakage, data integrity, identity authentication and management are top concerns of agency leaders. Learn how to boost security spending despite budget pressures and how find out how a security ecosystem keeps attacks at bay and fits into the cloud-first movement.
Cybersecurity spending gets boosts despite budget pressures
Federal spending on cybersecurity will outpace overall spending on IT during the next several years, increasing 9 percent annually, from an estimated $9.5 billion in 2011 to about $13.5 billion in 2015, according to estimates by IT research and consulting firm Input. This is nearly double the expected 5 percent growth in federal IT spending during that same period.
“The lion’s share of cybersecurity spending is for day-to-day operational information security activities, such as network security and network monitoring,” said John Slye, principal research analyst at Input. Slye estimated that as much as 90 percent of the cybersecurity budget covers operational information security while the rest is allocated for programs such as education, training and compliance with federal security requirements, such as the Federal Information Security Management Act.
Ray Bjorklund, senior vice president and chief knowledge officer at Deltek FedSources, said the increases in cybersecurity spending reflect the growing challenges that the government faces. "The threats are expanding in size and complexity, requiring a response that grows faster than other IT requirements," he said.
Government depends heavily on industry for cybersecurity solutions and personnel. Spending on cybersecurity services is expected to reach about $7.5 billion in 2015, while spending on software will be $4.5 billion and hardware about $1.4 billion.
Cybersecurity encompasses a broad range of products, services and activities. One critical area is the automation of cybersecurity activities. “We have to get to a place where people do the things that people do well and machines do the things that they do well and then have all of them work together more effectively,” said Philip Reitinger, deputy undersecretary of the Homeland Security Department's National Protection and Programs Directorate.
Reitinger’s office recently released a white paper, “Enabling Distributed Security in Cyberspace: Building a Healthy and Resilient Cyber Ecosystem with Automated Collective Action,” that explores the feasibility and implications of automated and collaborative monitoring and response.
“I see real opportunities in software to automate traditional network management and network security, areas of intrusion prevention and defensive countermeasures, and remediation,” Slye said. “Where we can, we need to automate monitoring and response for the bread and butter attacks, so we can free up people to make decisions on the anomalies.”
Cloud computing and security
The federal government could migrate as much as $20 billion in annual IT spending to cloud computing, Federal CIO Vivek Kundra has said. But as agencies shift more data, applications and services to the cloud as part of the administration’s cloud-first initiative, agency leaders will want assurances that their information remains secure.
“The transition to an outsourced, cloud computing environment is in many ways an exercise in risk management,” Kundra wrote in the Federal Cloud Computing Strategy released in February. Cloud security risks must be carefully balanced against the security and privacy controls available and the expected benefits, he said.
Back to Top