Report: Federal spending on info security will outpace overall IT spending

Federal spending on information security will grow nearly 50 percent by 2014, driven by the government's clear focus on cybersecurity and the increasing threat of cyberattack, according to a report a federal IT research firm released on Friday.

Federal IT security spending will experience a compound annual growth of about 8 percent during the next five years, increasing from $7.9 billion dollars in 2009 to $11.7 billion in 2014, according to a report released by Reston, Va.-based INPUT. This is more than double the compound annual growth predicted for IT spending as a whole during the same period, which INPUT estimated at 3.3 percent.

"In an environment where the economy and budget [cuts] place increased pressure on IT spending, cyber seems to be fairly immune," said John Slye, manager of INPUT's federal industry analysis and co-author of the report, in an interview with Nextgov.com.

According to the report, between now and 2014 the government will spend $6.6 billion on professional services that support daily computer security management and operations, $3.9 billion on security software products, and $1.2 billion on computer equipment.

"We'll really see the lion's share of spending in operations, as federal agencies continue to try to get a hold of their networks," Slye said. Efforts that support the Trusted Internet Connections initiative -- aimed at reducing the number of external network connections -- will gain momentum after a temporary stall, he said, and investment in employee training and education will supplement efforts to grow the IT security workforce in the Defense and Homeland Security departments and other agencies.

A significant increase in cyberattacks will influence the spending hike, according to the report. Federal agencies reported almost 17,000 information security incidents in 2008, compared to about 5,500 in 2006. At the same time, threats have shifted from "nuisance" attacks that could temporarily take down Web sites to those with a clear intent to trigger damage either by accessing sensitive information or disrupting the country's critical infrastructure, such as the electric grid.

"The scope, frequency, complexity and variety of the attacks have increased," Slye said. "At the same time, no one feels the federal government has a good handle on the cybersecurity posture; they feel the vulnerabilities are still there. We're between a rock and a hard place."

Bills currently pending in Congress might help drive information security efforts and subsequent spending, including those introduced by Sens. Tom Carper, D-Del. , and Jay Rockefeller, D-W.Va.

"These are looking to inject cybersecurity into the broader perspective of infrastructure protection, beyond network management and beyond the IT shop," Slye said. "[But] when you have the other major initiatives like health care coming out of the administration, they can eclipse this as a front page issue."