Input: Cybersecurity threats, regs drive IT spending

The growing severity of cyberattacks and strictness of federal cybersecurity regulations are driving federal civilian and defense agencies’ spending on information technology, a new report states.

Federal IT spending could rise to as much as $6.3 billion by fiscal 2011, up 18.9 percent from the $5.3 billion spent in fiscal 2006, states the report from Input, a market research and analysis firm.

Widely publicized data thefts and losses from the departments of Veterans Affairs and Energy and discoveries of unsecured sensitive information on U.S. Navy Web sites and elsewhere have put a spotlight on the need to protect data, the report states. Members of Congress are questioning federal information security policies and practices, the report states.

“Information terrorism has evolved from a part-time nuisance to a full-time concern among federal information technology and network management professionals,” said Bruce Brody, Input’s vice president for information security, in a statement. “Considering the threat level, it is not surprising that federal [chief information officers] consider information security as one of their top priorities.”

Congressional hearings have suggested that technical and organizational barriers and the decentralization of most federal IT networks prevent CIOs and chief information security officers from having sufficient authority to enforce effective information security technologies and practices, the report states.

The political embarrassment and loss of public trust could push Congress to give CIOs more authority, particularly at agencies that have already suffered data losses, it states.

The Federal Information Security Management Act of 2002 continues to drive civilian agencies’ IT spending, the report states.

Criticism of lax federal IT security and the federal government’s overall FISMA grade of D+ in fiscal 2005 led Input to expect Congress to alter FISMA, the report states. Additions could include control elements based on information security best practices such as real-time network monitoring and configuration and identity and inventory management.

Homeland Security Presidential Directive 12 (HSPD-12), which mandates that federal employees and contractors use secure credentials to access federal networks and facilities, will also have more impact in the years to come, the report states.

More agencies are enacting implementation plans as more products are becoming available, the report states. Agencies must start issuing compliant credentials by Oct. 27.

“The expected increase in CIO authority and [HSPD-12] will also impact civilian agency IT security spending,” Brody said.

“To best position themselves for opportunities resulting from these spending trends, we recommend that IT security vendors monitor developments at Veterans Affairs, watch for improvement to FISMA, and monitor federal agency progress on identity management,” Brody said.

The full Input report is available at Input.com.