Risk
12/1/2010
12:12 PM
Connect Directly
RSS
E-Mail
50%
50%

Federal Cybersecurity Spending To Hit $13.3B By 2015

Increased threats and lack of qualified security professionals will drive a 9.1% annual growth rate over the next five years, finds Input report.

Inside DHS' Classified Cyber-Coordination Headquarters
(click image for larger view)
Slideshow: Inside DHS' Classified Cyber-Coordination Headquarters

Federal investment in cybersecurity will reach $13.3 billion by 2015, driven by a 445% increase in security incidents over the last four years and the shortage of qualified security professionals, according to a report released this week.

The size of the investment represents an annual increase of 9.1% over the next five years, according to the Federal Information Security Market, 2010-2015 report by Input. The firm based the report on its own analytics, interviews with federal IT professionals and the government's own spending forecasts, it said.

Cybersecurity has been a key goal of the Obama administration, which has launched an agency-wide effort -- led by the Department of Homeland Security, Department of Defense and National Security Agency -- to protect federal networks, as well as U.S. critical infrastructure, from cyber attacks.

Input's report supports the administration's attention to cybersecurity. The firm found that IT security represents about 15% of agency IT budgets and has produced the largest staffing increases of all IT positions in the last one to two years.

However, lack of qualified security professionals to fill positions needed to boost cybersecurity is both a key obstacle to federal cybersecurity efforts and also driving investment in the space, according to the report.

Because the government itself doesn't have the expert personnel it needs to implement security in complex IT environments like those of federal agencies, it will have to invest in training its own staff or contract work out to qualified professionals, according to Input. This represents an opportunity for federal contractors to get in on the action.

There is already evidence of the government's investment in the latter; two major federal contractors -- ManTech and BAE -- recently won significant cybersecurity contracts with the Federal Bureau of Investigation.

Increasingly relying on contractors for cybersecurity work has some risks, however, according to Input. The firm questions whether federal IT officials can write comprehensive information security contract requirements or even know exactly what they need from cybersecurity specialists.

However, the federal government has no choice but to invest in cybersecurity, as threats continue to rise and pose significant risks to the business of the federal government, according to Input.

The firm cited a variety of misfortunes -- some of which have already affected the government -- that could result from a lack of proper cybersecurity. They include theft resulting in the loss of federal resources and payments; the release of sensitive or classified government information; the disruption of critical information; and the undermining of agency missions.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6335
Published: 2014-08-26
The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for Space Management 5.x and 6.x before 6.2.5.3, 6.3.x before 6.3.2, 6.4.x before 6.4.2, and 7.1.x before 7.1.0.3 on Linux and AIX, and 5.x and 6.x before 6.1.5.6 on Solaris and HP-UX, does not preserve file permissions across backup and ...

CVE-2014-0480
Published: 2014-08-26
The core.urlresolvers.reverse function in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not properly validate URLs, which allows remote attackers to conduct phishing attacks via a // (slash slash) in a URL, which triggers a scheme-relative URL ...

CVE-2014-0481
Published: 2014-08-26
The default configuration for the file upload handling system in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 uses a sequential file name generation process when a file with a conflicting name is uploaded, which allows remote attackers to cause a d...

CVE-2014-0482
Published: 2014-08-26
The contrib.auth.middleware.RemoteUserMiddleware middleware in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3, when using the contrib.auth.backends.RemoteUserBackend backend, allows remote authenticated users to hijack web sessions via vectors relate...

CVE-2014-0483
Published: 2014-08-26
The administrative interface (contrib.admin) in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not check if a field represents a relationship between models, which allows remote authenticated users to obtain sensitive information via a to_field ...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Three interviews on critical embedded systems and security, recorded at Black Hat 2014 in Las Vegas.