In its report, Federal Information Security Market 2010–2015, INPUT cites a number of factors contributing to the growth in government cybersecurity spending: a 445% increase in government cybersecurity incidents since 2006, a shortage of qualified security professionals, an increasingly complex and interconnected technology environment, sweeping legislative remedies aimed at patching holes in federal agencies’ cybersecurity efforts, and the setting up of the White House’s Cybersecurity Coordinator and the Department of Defense's (DoD) Cyber Command.
John Slye, principal analyst and co-author of the report, said that federal cybersecurity spending is expected to be greatest among intelligence agencies and the DoD. Also, the Department of Homeland Security, as the lead agency for cybersecurity among the civilian federal government, is expected to see a significant increase in cybersecurity spending, Slye told Infosecurity.
Regarding investment in specific cybersecurity sectors, Slye said he expects much of the federal spending to go toward infrastructure security and operations. “That is where the rubber meets the road in terms of securing the critical information infrastructure of government. It is also an area where the government continues to struggle to get enough people and technology to get the job done.”
The federal government is also expected to significantly increase spending on cybersecurity training and education. “That ranges from specific cybersecurity training to basic user training that helps people not introduce additional security risk by foolish activities”, he said.
To address the shortage of federal cybersecurity workers, Slye said that the federal government will have to invest more resources in education and training. “Education at the technical area is a major area of concern. This is true for the government and the commercial sectors.”
Another strategy to address the cybersecurity workforce shortage is through technologies to handle the labor-intensive activities of network policing, management, and monitoring. “There are federal CIOs [chief information officers] who see this technology as an opportunity to save money so they can put their people on activities that really require a human being at the console”, he explained.
There will also be significant spending in the area of cybersecurity regulatory compliance. “The government has to meet compliance regulations, either sent out through OMB and the Cybersecurity Coordinator, or compliance mandates that might be instituted via legislation, such as FISMA [Federal Information Security Management Act]”, Slye noted.
Slye offered the following advice to companies looking to offer cybersecurity products and services to the federal government. “Because cybersecurity products and services are purchased throughout the federal government, it’s not just a one-stop purchase. Companies that can offer a modular or scalable approach stand to benefit because that allows them to win large contracts and also offer scaled-down version to smaller agencies, enabling them to compete at several different levels.”
In addition, companies that can offer software that replaces the need for human involvement will benefit. “Software companies that can enable agencies to leverage the people that they have and extend their reach stand to gain, because CIOs are looking for that”, Slye said.
Finally, Slye advised companies to monitor policy developments. “Much of what will go on in the federal government around cybersecurity will be policy driven. We see that around compliance reporting, such as FISMA. If you have a product that helps [CIOs] meet regulatory compliance requirements, there is a cottage industry for you.”