U.S. gov't cybersecurity spending to grow significantly, study says

IDG News Service - U.S. government spending on cybersecurity will grow at a compound rate of 8.1 percent a year between 2009 and 2014, outpacing general IT spending, according to the government analyst firm Input.

Spending on vendor-supplied information security products and services will increase from $7.9 billion in 2009 to $11.7 billion in 2014, Input predicted. General IT spending by the U.S. government will increase by 3.5% a year during the same time frame, said Kevin Plexico, Input's senior vice president of research and analysis.

Even if those increases happen, there will be questions about whether the U.S. government is doing enough, he said. "The challenge is, how good is good enough?" Plexico added. "There's no authority or organization that can tell you when you've done enough and are 'secure.'"

A number of factors will drive information security spending, Plexico said. First, President Obama and lawmakers have paid significant attention to cybersecurity this year, with several bills focused on improving cybersecurity in the U.S. government or private organizations.

In addition, cyberattacks on the federal government have increased substantially in recent years, and attacks are becoming more sophisticated, according to many cybersecurity experts.

"It's a recognition across parties and the administration and Congress that more needs to be done within the federal government," Plexico said. "With that comes broad support for extraordinary levels of funding."

Plexico expects a "higher bar" to be set for federal cybersecurity when Obama appoints his long-awaited cybersecurity coordinator. In May, Obama announced a new direction for federal cybersecurity efforts and promised to appoint a cybersecurity coordinator in the White House.

Vendors that want to market their information security products to federal agencies should be aware of some key trends, Plexico said. The U.S. government is moving toward consolidation of cybersecurity efforts, with a few larger agencies taking over the information security roles at smaller agencies, he said,

"You need to be paying attention to where those consolidation and centralization centers are," he said.

In addition, much of the federal government's cybersecurity focus will be real-time monitoring and control of computer networks, Plexico predicted. He sees less emphasis in the future on audits to identify breaches after they happen.

"Agencies are really investing in technology that helps them identify threats as soon as they happen, and even anticipate where those threats are going to come from," he said.

Input bases its predictions on economic forecasts, historical analysis of government spending, past budgets, Obama's 2010 budget request and other information.