Analyst: Fed cybersecurity has far to go

The United States government is slated to spend more than $50 billion to improve its IT infrastructure and capabilities in 2003. Cybersecurity spending among government agencies will increase by 64 percent, to about $3 billion.

You would think that one result of increased spending, and awareness, would be a significantly more secure computing environment to defend against any kind of cyber threat.
That may not be the case. John Pescatore, vice president of Gartner, is predicting that it will take at least three years for the government to dramatically improve cybersecurity.
He contends that government cybersecurity is far behind the private sector, and needs to build a cybersecurity foundation before it can solve some of the bigger issues.
"The government will have to take baby steps, such as providing secure e-mail and Internet surfing, before it can share information between agencies or deploy more advanced technologies such as intrusion detection or automated vulnerability assessment."
Speaking at the Gartner Symposium/ITxpo in Lake Buena Vista, Fla., Pescatore said the majority of the security budget for 2003 will be applied to people and government overhead, rather than products. "Less than 5 percent of new money will go toward product acquisition. Most will be spent through existing channels, such as systems integrators, defense contractors, for people and services."
The bureaucratic programming and budgeting process will also contribute to the longer time horizon. "There's lots of pork barrel, and the government doesn't typically do multiyear engagements; but the biggest problem is that no central agency responsible for information security across civilian government agencies exists," Pescatore said. "The homeland security department is still not a place that will drive an information security architecture--each agency is still procuring pieces by themselves."
In addition, Pescatore predicts that privacy concerns will cause some of the anti-terrorism regulations set by the Bush Administration to be rolled back, unless a major cyberterrorist attack occurs. "By the end of 2004, 30 percent of anti-terrorism regulations will be rolled back due to increased citizen concern over privacy violations," Pescatore said.
He believes that market forces could help foster more secure environments, but only if the government set standards across agencies for security features, such as encrypted e-mail and secure laptops. "If those standards were set, the vendor community would be forced to comply and would drive the market upwards," Pescatore said.