Cost of protecting U.S. classified data doubles over 10 years
U.S. spent close to $11-plus billion to protect classified data in 2011; versus $5 billion in 2001.
Computerworld - The U.S. government -- minus key spy operations -- spent $11.36 billion to protect classified data in 2011, according to the Information Security Oversight Office (ISOO)
The number has increased substantially over the past decade, from $4.7 billion in 2001, the agency said.
The ISOO report comes from its compilation of cost estimates provided by 41 executive branch agencies, including the U.S. Department of Defense.
The report doesn't include cost estimates from the CIA, the Office of the Director of National Intelligence, the Defense Intelligence Agency, the National Security Agency and other secret spy agencies.
The ISOO reports to the White House and oversees the implementation of a government-wide security classification system for protecting sensitive and classified data.
Each year, the ISSO collects estimates from federal agencies on how much they spent on personnel, physical controls and IT systems to protect classified data. The estimates also include training costs and salaries for those involved in classifying and declassifying data.
The ISOO's latest report shows that the agencies spent about 12%, or about $1.2 billion, more on security classification in 2011 that the previous year.
The biggest costs increases were associated with IT systems and training.
Spending on information security controls for classified data jumped 19% from $5.21 billion in 2010 to $6.18 billion in 2011. Costs for professional education, training and awareness rose from $102 million in 2010 to $502 million last year.
The 2011 figures reflect a steep increase in security classification costs since the terrorist attacks of Sept., 2001, much of it for counterterrorism programs and an increased focus on preventing Wikileaks-type hacks into government systems.
For instance, President Barack Obama last October issued an executive order directing federal agencies to implement new measures to limit access to classified networks and data. The order required the heads of all federal agencies to appoint a senior official to oversee the protection of classified data security and required agencies to put in place insider threat-detection and prevention programs.
Obama issued a similar executive order in late 2009 that directed federal agencies to adopt uniform standards for classifying, declassifying and protecting national security information including that related to counter-terrorism operations.
Such directives, and fears of data leaks -- such as those related to the Stuxnet attacks that have dogged the Obama administration -- have considerably heightened attention on better protecting classified data.
John Pescatore, an analyst at Gartner, said the ISOO spending report reflects several trends.
"Quite often in the past, government agencies have gotten bad publicity when individually unclassified bits of information were made public [and led to] huge headlines," Pescatore said. Therefore, there's a natural tendency to sometimes over-classify data within government agencies, he said.
There is also a tendency by government agencies to overestimate the cost of protecting classified data, Pescatore said.
Government agencies at times also underestimates the risks and costs associated with not classifying data properly, Pescatore said.
"When the Web first reached government use, many government agencies put unclassified floor plans, phone lists [and other data] on their websites," he said. "When it was pointed out that this made it much easier for terrorists to plan, they had to remove all that," resulting in some very real, but often, underestimated costs, he said.
"So, I think there is perennial overhype about over-classification and perennial denial about the real need for "need to know" controls," for accessing classified data, he said.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His e-mail address is email@example.com.
Read more about Government/Industries in Computerworld's Government/Industries Topic Center.
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Manufacturing Outlook: Improving time to market, operational effectiveness and innovation in a highly competitive environment An enterprise project portfolio management solution can help manufacturers position themselves in the new competitive landscape.
- Time-to-Market: The Need for Speed in the Automotive Industry Bringing new vehicles to market quickly has never been more challenging. To bring new models to market on-time and on budget, automakers need...
- Patient Portals: A Platform for Connecting Communities of Care Connecting patient health data across the care continuum is essential to achieve improved care, increased access to personal health records and lowered costs.
- 3 Ways Clinicians Can Leverage a Patient Portal to Craft a Healthcare Community With a bevy of vendors offering patient portal solutions, it can be challenging for a hospital to know where to start. Fortunately, YourCareCommunity...
- Make or Break: New Auto Products Must Go To Market On Time This Webcast quantifies the value of time to market for the auto industry and highlights how Primavera Enterprise Portfolio Management can help organizations.
- Top 4 Digital Signage Fails Join RMG Networks for a look at four of the most common reasons digital signage fails in corporate businesses. Learn about strategies to... All Government/Industries White Papers | Webcasts