04 Mar Federal Security Report Q3 2015
Federal Security Report
SPECIAL REPORT FROM THE EDITORS AT CYBERSECURITY VENTURES
The Federal Security Report provides U.S. federal sector cybersecurity market sizing, forecasts, trends, statistics, best practices, and resources for chief information security officers (CISOs) and IT security staff.
U.S. Federal Government has spent $100 billion on cybersecurity over the past decade, $14 billion budgeted for 2016.
- With a cumulative market valued at $65.5 billion (2015 – 2020), the U.S. Federal Cybersecurity market will grow steadily at about 6.2 percent CAGR, according to a report from Market Research Media, Ltd. The report states “the annual cyber security spending of the US Federal government is bigger than any national cyber security market, exceeding at least twofold the largest cybersecurity spending countries.”
- Demand for vendor-furnished information security products and services by the U.S. federal government will increase from $7.8 billion in FY 2014 to $10.0 billion in 2019 at a compound annual growth rate (CAGR) of 5.2 percent, according to “Deltek’s Federal Information Security Market Report” (published Oct. 2014) – which examines the trends and drivers shaping the federal information security marketplace and provides a forecast for the next five years.
- “Federal agencies have spent more on cyber security than the entire GDP of North Korea, who some have speculated is to be involved with some of this cyber attacks,” said Senator Thomas. L. Carper. “The issue of Cyber Warfare is not science fiction anymore. It’s reality.”
- In an effort to combat the growing threat of cybercrime, the U.S. Department of Homeland Security (DHS) increased its cyber security budget 500 percent during the past two years; and President Obama included $14 billion for cyber security spending in his 2016 budget, according to GCN.
- In an effort to help replace the password as our primary means of security online – through the National Strategy for Trusted Identities in Cyberspace – the U.S. Government has invested more than $50 million over the past four years to advance the Multi-Factor Authentication market in partnership with the research and development community and technology firms.
- President Obama issued an executive order on April 1, 2015, declaring “the increasing prevalence and severity of malicious cyber-enabled activities… constitute an unusual and extraordinary threat to the national security, foreign policy and economy of the United States. I hereby declare a national emergency to deal with this threat.”
- TIME recently reported that the U.S. Director of National Intelligence ranks cyber crime as the No. 1 national security threat, ahead of terrorism, espionage and weapons of mass destruction. The TIME article said the federal government suffered a staggering 61,000 cyber-security breaches last year alone.
- The recent hack on the U.S. Office of Personnel Management exposed the records of up to 20 million current and former government employees, some dating back to 1985. Compromised data includes Social Security numbers, job assignments and performance evaluations, background check and fingerprint information. In the aftermath of the breach, the Agency Director stepped down.
- Reuters recently reported that nearly every U.S. weapons program tested in fiscal 2014 showed “significant vulnerabilities” to cyber attacks, including misconfigured, unpatched and outdated software, according to the Pentagon’s chief weapons tester in his annual report.
- The National Law Review reports that as part of a series of cyber security bills enacted last year, Congress passed the DHS Cybersecurity Workforce Recruitment and Retention Act of 2014. The law is intended to help the Department of Homeland Security (DHS) recruit and retain cybersecurity professionals. For DHS, which is responsible for securing civilian government computer systems, a top-flight and expertly trained cybersecurity workforce is an absolute necessity to carry out its security mission.
- Earlier this year The White House announced it will establish a new Cyber Threat Intelligence Integration Center, or CTIIC, under the auspices of the Director of National Intelligence. Currently, no single government entity is responsible for producing coordinated cyber threat assessments, ensuring that information is shared rapidly among existing Cyber Centers and other elements within the government, and supporting the work of operators and policymakers with timely intelligence about the latest cyber threats and threat actors. The CTIIC is intended to fill these gaps.
- To keep pace with training demands of the Army’s growing cyber force, the U.S. Army Communications-Electronics Command, or CECOM, is standing up a new training range to help Soldiers validate their cyber security skills. CECOM’s Logistics and Readiness Center Cyber Battlefield Range, expected to open in summer 2015, is part of a larger training program designed to re-invest in Soldiers and enhance the cyber security skills of the Army’s digital warriors.
- The U.S. Federal Financial Institutions Examination Council has recently mandated that its members formulate contingency plans to address the threat of DDoS attacks – which have become a key weapon of choice for cyber-criminals – according to Nexusguard, a leading cybersecurity firm whose customers include Federal agencies and commercial enterprises.
- A recent article in the National Law Review states “the devastating attacks, ongoing risks, and intense government focus on cybersecurity are expected to create ample opportunities for skilled and experienced cybersecurity professionals to work as contractors for DHS and other government agencies. In addition, the government’s need for specialized systems will continue to present enviable opportunities for qualified cybersecurity experts to provide their services and expert advice. For example, the government recently announced that $98 million in contracts were being awarded for work on the U.S. Air Force’s network defense and enemy cyber deception.”
- At the RSA Conference in April, the U.S. Department of Homeland Security (DHS) announced they are opening a Silicon Valley office. According to a recent Fortune article, the office is a bid to improve relations between tech companies and the government, spread the government’s ideology on cybersecurity throughout the tech industry, and recruit top talent that might otherwise head to the private sector.
- A recent San Jose Mercury News story signaled Silicon Valley’s importance in cyberwarfare stating “In one of the most overt displays of the federal government’s growing dependence on Silicon Valley, the Department of Defense late last month announced it will start providing venture capital funding to valley startups that can help the Pentagon develop more advanced cybersecurity and intelligence systems to fend off nation states and hackers targeting everything from top-secret military correspondence to public power grids.”
- “Over the past decade, in the United States alone, more than $100 billion has been spent on cyber-security at the federal level” according to a recent contribution to The Mantle by Benjamin Dean, a Fellow for Cybersecurity and Internet Governance at Columbia University. “This spending has been justified by the need to bolster defenses against an amorphous set of cyber-criminals and cyber-attackers. Following the money tells a story of why cybersecurity has not improved, despite so much investment over the past two decades. Rather than defense, a significant proportion of these funds have actually been used to develop sophisticated offensive cyber-capabilities, in other words, state-sponsored hacking.”
Steven C. Morgan, Editor-In-Chief
- is Founder and CEO at Cybersecurity Ventures, and Editor-In-Chief of the Cybersecurity Market Report and the Cybersecurity 500 list of the world’s hottest and most innovative cybersecurity companies. Steve writes the weekly Cybersecurity Business Report for IDG’s CSO, and he is a contributing writer for several business, technology, and cybersecurity media properties.
© 2015 Cybersecurity Ventures. All rights reserved. Federal copyright law prohibits unauthorized reproduction of this Report by any means and imposes fines up to $150,000 for violations. Reproduction in whole or in part in any form or medium without expressed written permission of Cybersecurity Ventures is prohibited.