Federal cybersecurity spending will likely increase over the next five years, despite increasing budget pressures and the looming threat of sequestration.
Deltek estimates the federal government spent nearly $10 billion on cybersecurity contracts in 2012. By 2017, that number is projected to reach over $14 billion — reflecting a compound annual growth rate of 7.6 percent.
In a recent Deltek survey, both industry professionals and government technology leaders reported that they expect cybersecurity to be the fastest-growing area of federal IT investment over the next few years.
Threats to data, networks and other assets are increasing in frequency, complexity, variety and persistence. The U.S. Computer Emergency Readiness Team reports that threats to federal assets are up 700 percent since 2006.
The government is struggling to keep pace as agency leaders face obstacles.
Congressional funding through piecemeal continuing resolutions, rather than annual appropriations, as well as the threat of automatic budget cuts known as sequestration generate uncertainty to IT funding.
Mired in disagreement, Congress has not provided significant cybersecurity guidance, despite 12 related bills in various stages in the last Congress. No significant cybersecurity legislation has passed in over a year. The White House is expected to issue an executive order, but without certain legal authorities and funding that only Congress can provide, its effect could be limited.
At the same time, the government is having trouble hiring enough qualified personnel and those it has need more training. In Deltek’s survey, industry and government professionals agreed that building a skilled cybersecurity workforce is the government’s most significant information security challenge.
Meanwhile, standards and definitions are still being refined for “skilled” information security personnel.
For contractors, it’s a daunting challenge. Cybersecurity is one of the few fields that will see an increase in spending, but it’s also a chaotic, evolving field that isn’t easy to crack.
Companies that want to win cybersecurity contracts should be aware of the pressures on their potential clients. Federal buyers will likely want to work with companies that understand the difficult budget environment and can present technologies combining hardware and software into more efficient and effective security solutions.
Contractors should be prepared for the continuous monitoring requirements that are coming and ensure that their own supply chain, development practices and personnel are secure. Companies should consider seeking out certifications, such as a listing in the electronic directory of the Federal Risk and Authorization Management Program, a federal initiative to standardize the security of cloud products and services.
Most of all, contractors should be aware of their reputation within the government. Cybersecurity is a nerve-wracking subject for the federal agency leaders who will likely be held accountable for any highly public failures. Enabling the government to secure its technology resources on a tight budget is as much about trust and cultural acceptance as any new piece of hardware or software.
John Slye is an advisory research analyst in federal industry analysis at Herndon-based Deltek, which conducts research on the government contracting market and can be found at www.deltek.com.