Cyber Costs Climb

Push to secure data and systems creates multibillion-dollar market for contractors.

New cybersecurity mandates are certain to drive tech spending for the next several years. What's less certain is the kind of products and services federal agencies will be buying, as well as which agencies will be doing the buying.

In April, the Office of Management and Budget directed agencies to start monitoring continuously and automatically the status of their security controls in the fall. And Congress is pushing to update the oft-maligned 2002 Federal Information Security Management Act to eliminate its burdensome reporting, require real-time monitoring and build security into all technology acquisitions.

"At the end of the day, compliance with cybersecurity goals and initiatives will represent a multibillion-dollar opportunity for the contractor community," says Rishi Sood, a vice president at research firm Gartner Inc.

Estimates on how much the government spends on cybersecurity range from roughly $2 billion to $8 billion a year, depending on how one defines cybersecurity and its range of applications. Some analysts predict costs could grow 5 percent to 8 percent annually during the next several years.

Security concerns are affecting just about every federal information technology initiative from social networking to cloud computing, in which users subscribe to products and services on demand and online from a third party.

The transition to cloud-based servers and storage will take a decade, largely due to security obstacles. "The day when the federal government sends all the Social Security check processing to the cloud is not on the horizon," says Andrew Bartels, a vice president and principal analyst at Forrester Research.

While much of the so-called Web 2.0 technology that supports online social communities is free, agencies often need to add safeguards to comply with security regulations. "If you're participating in a networked environment it may not be exclusive to you," notes Ray Bjorklund, senior vice president and chief knowledge officer for FedSources, a market research firm. "To create a controlled tool and a controlled environment by the government, there's going to be some cost to do it."

The Obama administration and lawmakers are still debating the procedures for purchasing security tools and services. The question is which department or departments will have power over federal cybersecurity, says Stan Soloway, president and chief executive officer of the Professional Services Council, a contractor group. Today, information security responsibilities are split between the White House cyber czar and the Defense and Homeland Security departments. But Congress could rewrite their budget authorities during the next year.

"Right now the cyber requirement is disaggregated- multiple owners and thus multiple buyers. The uncertainty really is around how the cyber requirement and the architecture will look if and when there is a more centralized, coordinated policy, plan and architecture," Soloway says.

Sen. Joe. Lieberman, I-Conn., sponsored a bill to invest heavily in recruiting and retaining federal security professionals to defend against escalating threats.

"The government is going to have to find a way to do something it hasn't traditionally done-maintain high-level cyber skills. The competition for these skills is fierce," Soloway says, hinting the private sector will be supplying agencies with security specialists as well as software for some time.

Click here for the top 50 technology contractors.

Stay up-to-date with federal news alerts and analysis — Sign up for GovExec's email newsletters.
Close [ x ] More from GovExec

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

  • Cyber Risk Report: Cybercrime Trends from 2016

    In our first half 2016 cyber trends report, SurfWatch Labs threat intelligence analysts noted one key theme – the interconnected nature of cybercrime – and the second half of the year saw organizations continuing to struggle with that reality. The number of potential cyber threats, the pool of already compromised information, and the ease of finding increasingly sophisticated cybercriminal tools continued to snowball throughout the year.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • GBC Issue Brief: The Future of 9-1-1

    A Look Into the Next Generation of Emergency Services

  • GBC Survey Report: Securing the Perimeters

    A candid survey on cybersecurity in state and local governments

  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.

  • eBook: State & Local Cybersecurity

    CenturyLink is committed to helping state and local governments meet their cybersecurity challenges. Towards that end, CenturyLink commissioned a study from the Government Business Council that looked at the perceptions, attitudes and experiences of state and local leaders around the cybersecurity issue. The results were surprising in a number of ways. Learn more about their findings and the ways in which state and local governments can combat cybersecurity threats with this eBook.


When you download a report, your information may be shared with the underwriters of that document.