Cyber Costs Climb

Push to secure data and systems creates multibillion-dollar market for contractors.

New cybersecurity mandates are certain to drive tech spending for the next several years. What's less certain is the kind of products and services federal agencies will be buying, as well as which agencies will be doing the buying.

In April, the Office of Management and Budget directed agencies to start monitoring continuously and automatically the status of their security controls in the fall. And Congress is pushing to update the oft-maligned 2002 Federal Information Security Management Act to eliminate its burdensome reporting, require real-time monitoring and build security into all technology acquisitions.

"At the end of the day, compliance with cybersecurity goals and initiatives will represent a multibillion-dollar opportunity for the contractor community," says Rishi Sood, a vice president at research firm Gartner Inc.

Estimates on how much the government spends on cybersecurity range from roughly $2 billion to $8 billion a year, depending on how one defines cybersecurity and its range of applications. Some analysts predict costs could grow 5 percent to 8 percent annually during the next several years.

Security concerns are affecting just about every federal information technology initiative from social networking to cloud computing, in which users subscribe to products and services on demand and online from a third party.

The transition to cloud-based servers and storage will take a decade, largely due to security obstacles. "The day when the federal government sends all the Social Security check processing to the cloud is not on the horizon," says Andrew Bartels, a vice president and principal analyst at Forrester Research.

While much of the so-called Web 2.0 technology that supports online social communities is free, agencies often need to add safeguards to comply with security regulations. "If you're participating in a networked environment it may not be exclusive to you," notes Ray Bjorklund, senior vice president and chief knowledge officer for FedSources, a market research firm. "To create a controlled tool and a controlled environment by the government, there's going to be some cost to do it."

The Obama administration and lawmakers are still debating the procedures for purchasing security tools and services. The question is which department or departments will have power over federal cybersecurity, says Stan Soloway, president and chief executive officer of the Professional Services Council, a contractor group. Today, information security responsibilities are split between the White House cyber czar and the Defense and Homeland Security departments. But Congress could rewrite their budget authorities during the next year.

"Right now the cyber requirement is disaggregated- multiple owners and thus multiple buyers. The uncertainty really is around how the cyber requirement and the architecture will look if and when there is a more centralized, coordinated policy, plan and architecture," Soloway says.

Sen. Joe. Lieberman, I-Conn., sponsored a bill to invest heavily in recruiting and retaining federal security professionals to defend against escalating threats.

"The government is going to have to find a way to do something it hasn't traditionally done-maintain high-level cyber skills. The competition for these skills is fierce," Soloway says, hinting the private sector will be supplying agencies with security specialists as well as software for some time.

Click here for the top 50 technology contractors.

Stay up-to-date with federal news alerts and analysis — Sign up for GovExec's email newsletters.
Close [ x ] More from GovExec

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Sponsored by G Suite

    Cross-Agency Teamwork, Anytime and Anywhere

    Dan McCrae, director of IT service delivery division, National Oceanic and Atmospheric Administration (NOAA)

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Federal IT Applications: Assessing Government's Core Drivers

    In order to better understand the current state of external and internal-facing agency workplace applications, Government Business Council (GBC) and Riverbed undertook an in-depth research study of federal employees. Overall, survey findings indicate that federal IT applications still face a gamut of challenges with regard to quality, reliability, and performance management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security


When you download a report, your information may be shared with the underwriters of that document.