Critical Read

Study pegs security benefits of new IT spending

dollar signs 

WHAT: "Security Breaches in the U.S. Federal Government" by Min-Seok Pang, associate professor, Fox School of Business at Temple University, and Huseyin Tanriverdi, associate professor, McCombs School of Business at the University of Texas, Austin.

WHY: The federal IT community has long recognized the importance of moving from legacy support spending to investment in new IT to get more value for the taxpayer and to improve performance and security. But just what kind of improvement does a shift from spending on operations and maintenance (O&M) to development modernization and enhancement (DME) yield for agencies making the move?

A study from two business school professors offers some early insight. The direction of the findings won't be a major surprise, but numbers always make a good talking point. Based on five years' worth of data on security incidents from Federal Information Security Management Act reports, spending data from the IT Dashboard, federal human capital data and other sources, it appears that agencies can expect a 5 percent decrease in the number of security breaches for every 1 percent in funding that moves from O&M to DME or to managed services.

The data also suggests that agencies with geographically far-flung operations experience fewer breaches than those with a large primary footprint.

This isn't Pang's first foray into the weeds of federal IT spending data. His research has also led him to posit a link between united government, when both houses of Congress and the presidency are held by a single party, and spending on new IT initiatives.

In an interview with FCW, Pang said that he's interested in federal IT spending in part because there isn't a lot of empirical research available on the topic, despite the $80 billion-plus in annual spending, and the availability of data on performance. He also noted that he's working independently and is not sponsored by any vendors in the IT space.

VERBATIM: "We find that agencies that invest more in new IT development and modernization experience fewer security breaches than ones that invest more in maintenance of legacy systems. Outsourcing legacy systems to the cloud also reduces the frequency of security breaches. Our results also find that effective IT governance, risk, and control mechanisms also mitigate security risks of the legacy systems. Finally, federal agencies that are geographically or functionally dispersed experience security breaches less frequently than centralized agencies."

Click here to read the full study.

About the Author

Adam Mazmanian is executive editor of FCW.

Before joining the editing team, Mazmanian was an FCW staff writer covering Congress, government-wide technology policy and the Department of Veterans Affairs. Prior to joining FCW, Mazmanian was technology correspondent for National Journal and served in a variety of editorial roles at B2B news service SmartBrief. Mazmanian has contributed reviews and articles to the Washington Post, the Washington City Paper, Newsday, New York Press, Architect Magazine and other publications.

Click here for previous articles by Mazmanian. Connect with him on Twitter at @thisismaz.


  • Workforce
    online collaboration (elenabsl/

    Federal employee job satisfaction climbed during pandemic

    The survey documents the rapid change to teleworking postures in government under the COVID-19 pandemic.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    OPM nominee plans focus on telework, IT, retirement

    Kiran Ahuja, a veteran of the Office of Personnel Management, told lawmakers that she thinks that the lack of consistent leadership in the top position at OPM has taken a toll on the ability of the agency to complete longer term IT modernization projects.

Stay Connected