Cybersecurity spending estimated to grow to $7.1 billion by 2009

An information technology consulting firm predicted this week that the federal government will spend $7.1 billion on cybersecurity in fiscal 2009, an increase of 27 percent over the $5.6 billion for fiscal 2005.

The report estimates that increased attention to homeland security will cause the government cybersecurity market to grow 5 percent annually.

The forecast from the Reston, Va.-based IT consulting firm INPUT is another in a series of reports that show cybersecurity is a rising concern among agency leaders.

But some believe that even as such concerns rise, competing spending priorities and the swollen federal deficit will keep spending in check.

"There is no way people are going to give up their operational work for security," said Alan Paller, director of research at the SANS Institute, a nonprofit cybersecurity research organization. "We need to find ways of improving security at lower costs rather than saying, 'If you give us more money, we'll do a better job.' "

Paller said the $7.1 billion prediction is much higher than what he believes is realistic, and he believes cybersecurity spending will level off.

An Office of Management and Budget initiative to standardize cybersecurity business processes is expected to be announced later this month and, as with other OMB standardization programs, the goal is to lower governmentwide spending. Paller said he believes the government will find an efficient method for securing its computer systems without significant spending increases.

Marcus Fedeli, a federal contract analyst at INPUT, said the five-year $7.1 billion forecast is based on spending increases in the past on infrastructure improvements and professional IT services. Fiscal 2005 spending on cybersecurity is about $1.6 billion, or 17 percent of civilian agencies' IT budgets.

"With the federal government's initiative to improve IT, we really think it's going to improve the cybersecurity end of it," Fedeli said. "We're pretty convinced of it mainly because it is the point at which homeland security is headed."

Fedeli said cybersecurity standards set in the 2002 Federal Information Security Management Act raise the urgency for agencies to secure their computer systems. With February's FISMA report card showing several agencies' failure to comply with the act, Fedeli said agencies will work toward acquiring government IT certifications and accreditations in order to ensure that their infrastructure is secure.

Fedeli said he expects to see agencies rely heavily on outside contracts for their security needs, including hardware, software and work-hours, in order to certify and accredit systems.

"The need to satisfy legislative mandates will create opportunities for technology vendors to work in the public sector," Fedeli said.