Cybersecurity spending projected to be flat in 2005

Despite dire warnings about the nation's ineffective cybersecurity, the federal government's spending on information technology security will remain relatively flat in fiscal 2005, according to a new study from a private IT consulting firm.

Virginia-based consulting firm INPUT said in the report that government spending on IT security products and services is on track to increase by 2 percent from fiscal 2004 to fiscal 2005. By comparison, the same category increased 10 percent from 2003 to 2004, 50 percent from 2002 to 2003 and 100 percent from 2001 to 2002.

The report comes after repeated warnings from Congress that the government's IT security is weak and poorly managed.

"Make no mistake. The threat is serious. The vulnerabilities are extensive. And the time for action is now," said Rep. Adam Putnam, R-Fla., chairman of the House Government Reform Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census, at a hearing earlier this month.

Rep. Tom Davis, R-Va., chairman of the Government Reform Committee, also has kept pressure on federal agencies to increase IT security; he has warned of a "cyber Pearl Harbor" if defenses are not improved.

In its study, INPUT concluded that IT security shortfalls happen as agencies fail to follow cybersecurity guidance from the Office of Management and Budget.

Annual security reviews by OMB and Congress "have revealed a number of security lapses, unresolved from previous years, leaving many legacy systems vulnerable to attacks," said Chris Campbell, a senior analyst at Input. Campbell said the fiscal 2005 spending level will most likely be an aberration.

"The low spending level increases we're seeing today will be short-lived … By 2006, we expect IT security spending to return to a growth curve in line with the overall federal IT budget," Campbell said.