RESTON, Va. -- Federal civilian and defense information technology (IT) security spending is expected to increase from $5.1 billion in fiscal year 2006 (FY06) to $6.3 billion by FY11, according to a report released by INPUT, the authority on government business. As information becomes increasingly valuable and the number of cyber terrorist attacks rise, the requirement to secure federal networks has become a government priority.
Information terrorism has evolved from a part-time nuisance to a full-time concern among federal information technology and network management professionals, said Bruce Brody, vice president, information security at INPUT. Recently, a federal Chief Information Officer (CIO) stated that his Departments network registered 300 million attacks over a period of one year. Considering the threat level, it is not surprising that federal CIOs consider information security as one of their top priorities.
Recent data thefts and losses at the Department of Veterans Affairs and the Department of Energy have forced Congress to question government-wide information security processes and policies. Initial findings from Congressional hearings suggest that CIOs and Chief Information Security Officers (CISOs) in general have little authority to implement, monitor, and enforce information security technologies and polices, due to the decentralization of federal IT networks within their respective departments. Most CIOs and CISOs face numerous organizational and technical challenges hindering centralized control.
The Federal Information Security Management Act (FISMA) of 2002 continues to be a market driver for IT security spending within civilian agencies. In OMBs FY05 report to Congress and resulting Federal Computer Security Report Card, the government received an overall grade of D plus for the second year in a row. As a result, and in light of major criticism, INPUT expects legislators to re-evaluate FISMA and consider including additional control elements based on information security best practices such as real-time network monitoring, inventory management, configuration management, and identity management.
The expected increase in CIO authority and the Homeland Security Presidential Directive 12 (HSPD-12) will also impact civilian agency IT security spending, stated Brody. To best position themselves for opportunities resulting from these spending trends, we recommend that IT security vendors monitor developments at Veterans Affairs, watch for improvement to FISMA, and monitor federal agency progress on identity management.