By the year 2015, annual federal government spending on cyber security will reach $13.3 billion, a compound increase of nine percent per year, according to a new report.
The report comes from market research firm Input, which focuses on government, federal and local spending on technology and related services. Input says since 2006 there has been a 445 percent increase in the number of cyber attacks on the federal government. Over the last year alone, federal agencies have seen a 78 percent growth in cyber incidents, says John Slye, a principal analyst at Input.
The bottom line is cyber security is a major concern for the federal government within their network. They are concerned about private critical infrastructure, it doesn't fall under the realm of protection and is still critical to the nation's operations, Slye said.
Slye said the report, which is titled, Federal Information Security Market, 2010-2015, is focused primarily on what the federal government is doing to protect its civilian and military networks. Slye said the U.S. the government has begun to invest in security and will continue to do so.
There is an organization in the U.S., CERT (Computer Emergency Readiness Team) that tracks where attacks are coming from, how to manage them. They have brought to life several approaches to overcoming these attacks. One of them is the trusted internet connection, limiting internet connections into the U.S. government, Slye said.
The appointment of Howard Schmidt as the new Cybersecurity Coordinator was also an important move by the federal government Slye says. However, despite these efforts, the U.S. government is still not where it needs to be.
They are nowhere where they want to be in terms of real time situational awareness, in terms of identifying and recognizing attacks and responding just as quickly, Slye said. They are playing some catch-up and still getting hit hard and managing with doubled attacks per year... The good news is they seem to recognize that.
The report states one of the challenges is a lack of cyber security staff. Last year, the Department of Homeland Security announced it wanted to hire 1,000 professionals in the field. However, Slye says there are not that many people to fill that demand.
That's why the government has had to outsource so much of their cyber security work out, Slye said. One problem is using staff efficiently. Machines and software should be sifting through various attacks to recognize patterns, rather than people. Once they recognize potential patterns, he says humans can make decisions whether the threat is legitimate.
Another issue, Slye says is organizational leadership. Despite Schmidt's appointment, Slye says he does not seem to have budgetary or regulatory authority.
Bruce Schneier, security technologist and author, said the real threats the federal government faces are from cyber crime and espionage, rather than cyber attacks. However, he adds that little has changed in that regard.
Nothing is different. It's the same concerns. That's been true for years. Going to the conferences, it's the same concerns every year, Schneier said.
For the report, Input tapped into its client base which includes 2,000 member organizations. These range from small specialized companies, new entrants to the public sector to large government contractors and agencies.