What's driving cyber spending in the federal market?

To take advantage of the growing cybersecurity opportunities, you first need to understand what is driving agency buying decisions. ImmixGroup analyst Lloyd McCoy offers his exclusive insights.

For cybersecurity companies mapping out federal sales strategies in 2016 and beyond, it’s important to understand the nature and extent of the threat landscape that will influence buying decisions. And what’s driving those decisions today more than anything is the velocity by which the cyber threat is expanding as well as the ways in which government systems and networks become vulnerable.

Consider last year’s Government Accountability Office report on cyber threats and data breaches, which states that 14 percent of all security incidents in the government are due to malicious code and suspicious network activity. Just as much can be attributed to equipment or improper use. Consequently, government agencies are not just looking to purchase tools that address outside attacks or insider threats, but also solutions that can make their networks resilient to inadvertent misuse of data.

Good cyber hygiene and best practices only go so far though, and stated priorities from the fiscal 2016 and 2017 budgets reflect an emphasis on fortifying IT ecosystems (both high-value assets and enterprise architectures) with built-in security. Let’s examine the major trends and drivers affecting cybersecurity procurement in the government, and the unique challenges facing civilian and defense sectors.


Department of Homeland Security

In terms of scope and budget, the Department of Homeland Security is the lead civilian element for cybersecurity, charged with protection of the .gov domain, which it accomplishes through the Einstein and Continuous Diagnostics and Mitigation programs. Einstein looks for threats from the outside and CDM monitors what’s happening inside an agency’s network.

Einstein is one of the key pillars of the White House’s Cybersecurity Strategy and Implementation Plan, which calls for expanding the latest iteration, Einstein 3A, to all civilian agencies. Adoption of Einstein 3A has been slow at best and because Einstein 3A is signature-based, meaning it blocks threats based on known identifiers, it’s inherently limited due to rapidly evolving threats. As the gatekeeper for the .gov domain, DHS needs a lot of help from industry with defensive technologies that are more reactive and predictive.

Furthermore, DHS has a mandate in the protection of critical infrastructure. DHS’s critical infrastructure and advisory groups bring support and guidance to the owners of infrastructure. Vendors who can provide cyber training support tools and help manage communications with stakeholders across the U.S. should focus on these efforts.

Veterans Affairs

One of the biggest cybersecurity steps for the Department of Veteran’s Affairs is the establishment of the Enterprise Cybersecurity Team. The two main focuses for 2016 and beyond are medical cyber and privacy. Vendors selling security tools geared towards protecting networked medical devices will find a receptive ear in the VA.

In an effort to better focus on specialized care for veterans, the VA will also need help building an infrastructure to share health data. This challenge is going to present opportunities for vendors who can help ensure a seamless transfer of information between the VA and the Department of Defense, as well as private health care providers, There will be pressure to make interoperability a success.

Justice Department

According to Department of Justice budget documents, the top cybersecurity priorities for fiscal 2017 and the foreseeable future are addressing insider threats and Advanced Persistent Threat Defense. There continues to be a consolidation at the Office of the Chief Information Officer for certain types of product buys, particularly cybersecurity. Vendors should target the headquarter’ s CIO and, of course, the FBI. Within the FBI, the Information Assurance Division and the Enterprise Security Operations Center, both in the office of the CIO, are good starting points.

Commerce Department

The Patent and Trademark office is in the middle of a significant capital expenditure investment on its in-house network infrastructure. This year’s focus is mostly on network management and firewalls. In addition, the Census Bureau will also have new on-premises infrastructure and applications that need to be secured as it prepares for Census 2020. With the new Commerce Department CIO’s emphasis on improving cybersecurity, technology companies should increase communication with this group.



One of the biggest Naval developments on the cybersecurity front was the Task Force Cyber Awakening (TFCA), which helped rank and prioritize where the Navy’s cyber dollars should go, all in an effort to harden the Navy’s IT ecosystem and better manage risks. The new Navy Cybersecurity Division will have a big say in how hundreds of millions of Navy dollars get allocated based on those TFCA assessments. It’s worth having conversations with this office because the systems and networks that make up the Navy’s high-value assets will heavily influence which program offices get priority status when it comes to capital expenditures.

The biggest pockets for Navy cyber spending are in NextGen (NGEN) and Consolidated Afloat Networks and Enterprise Services (CANES), the Navy’s ashore and afloat networks respectively. HP runs NGEN, while seven different companies operate under the CANES IDIQ to equip Navy ships with one secure network. This is an example of a common theme within DOD where you can find significant cybersecurity funding nested within major infrastructure programs.

Defense Information Systems Agency

For DISA, the emphasis is on getting vulnerabilities out of its inventory, many of which are DOD-wide systems and enterprise services. Cyber vendors should also note that DISA is looking to inject more automation in security and has specifically called out automated compliance, scanning and monitoring. Fiscal 2016 and 2017 will also see a sustained focus on bringing together cybersecurity and analytics to study changes and forecast over-the-horizon threats.


The Army’s Cyber Command is looking to pilot programs to improve how cyber teams can communicate and become better integrated into tactical operations. In an attempt to be more innovative when it comes to cybersecurity, the Army has launched an initiative called Cyber Consortium, which consists of three PEOs – Enterprise Information Systems (PEO-EIS), Intelligence Electronic Warfare & Sensors and (PEO-IEW&S), and Command, Control and Communications-Tactical (PEO-C3T). The biggest cyber gaps it is trying to close, and where it needs help from industry, are solutions around increasing network visibility and cyber threat awareness for battlefield commanders, continuous monitoring, and risk assessment. These priorities are in sync and a critical component of the Army’s focus on integrating cyber into tactical operations.

Air Force

The Air Force has started to pay more attention to cybersecurity for its weapons systems and protecting command and control systems with cradle-to-grave security. It will also need help identifying and categorizing risks, as it recognizes the futility of hardening all its assets. A big priority in 2016 and 2017 will be fusing together cyber and intelligence. In fact, the Air Force’s cyber mission forces are a mixture of cyber and intelligence professionals. This approach will generate requirements for more defensive, and even offensive, cybersecurity capabilities as well as threat assessment, risk analysis, and intrusion detection solutions.

Major programs and initiatives like CDM, Einstein, and the DOD cyber task forces reflect an emphasis across all federal agencies in taking smarter, risk-management based, approaches to protecting their most critical networks and systems.

Major infrastructure overhauls in organizations like the Census Bureau and the Navy, to name a few, point to the need to bake cybersecurity in the underlying infrastructure enabling the government to carry out its mission.

Take these priorities into consideration while emphasizing information protection, secure storage and availability to develop a winning sales strategy that will resonate across the federal government.