Whether you work for the public sector or sell to it, chances are you’ve seen the growing concern over cybersecurity permeating federal, state and local governments.
A confluence of factors — evolving technologies, the rise of state-sponsored corporate espionage and a talent drain of valuable public-sector IT personnel — has created an environment in which state governments (and the valuable personal data they store about their citizens) are under constant threat from millions of cyberattacks and intrusion attempts every day.
In particular, the August 2012 hacking of the South Carolina Department of Revenue, in which hackers stole more than 40 million personal and financial records, set off a wave of panic among high-level IT officials and other state and local policymakers that resulted in a nationwide push to seriously address cyber deficiencies within IT infrastructures. Many states and localities announced major pushes over the next year to bolster their security capabilities.
The simultaneous nationwide trend by governments towards cloud adoption is reinforcing the need for better protections, as security has always been one of the biggest unanswered questions about this emerging technology. Cybersecurity was cited as the number one priority for 2014 in a survey conducted by the National Association of State Chief Information Officers.
“We’re pleased that cybersecurity has gotten to the ‘interesting’ level, mainly because of political liability,” said NASCIO Executive Director Doug Robinson at a technology conference in February. “All of our CIOs are appointed. None of them want to lose their jobs.”
State and local governments often follow the trail blazed by their federal counterparts, and nowhere is this truer than when it comes to aggressively addressing cyber vulnerabilities.
In 2010, the Defense Department classified cyberspace on par with land, sea, air and space as a legitimate domain of warfare. In 2013, President Obama signed an executive order reorganizing the way federal agencies collect and report data on cyber vulnerabilities and establishing security baselines for the nation’s critical infrastructure.
Finally, former secretary of defense Leon Panetta recently urged Congress to beef up funding for cybersecurity, calling it “the battlefield of the future.”
So what might all this mean for IT contractors and companies that do business with state and local governments? At the same time state IT budgets are finally getting back to pre-recession levels, a top-down push for increased network and cybersecurity augmentation is coming in time for the fiscal 2015 budget season.
“If you spend one dollar in this next fiscal year, you need to spend it on cybersecurity. That’s how important it is,” said David Stevens, CIO for Maricopa County in Arizona.
Some of the most frequently procured tools and services across state and local government include network penetration testing, virtual private networks and firewalls, identity theft and tax fraud software, IT security audits and strategic planning.
A slow but persistent drain on human resources also looms large, with many states reporting that 20 to 60 percent of their IT employees are nearing or at the age of retirement. Many CIOs have begun to warm to the idea of augmenting their IT staffs and ramping up consulting contracts.
Derek Johnson is a state and local analyst at Herndon-based Deltek, which conducts research on the government contracting market and can be found at www.deltek.com.