I saw two interesting bits of news today involving the federal government and cybersecurity issues.
First, my colleague Kara Reeder reported that the U.S. government is making slow progress in securing its networks. She wrote:
The Department of Homeland Security is working to secure approximately 2,400 network connections used every day by millions of federal workers, but the move to intrusion detection and prevention programs is being hampered by complex contracts with network vendors, technology issues and privacy concerns, explains RedOrbit.
Shortly after I read that, I saw an article at SecurityWeek that the government plans to spend upwards of $13.5 billion in security by the year 2015. This article provided a bit of an answer to Reeder's post. Why is the government not able to do a better job of securing federal networks? The answer (and reason for the spending outlook), according to the SecurityWeek article:
Driven by a 445 percent increase in cyber security incidents since 2006, a shortage of qualified cyber security experts, and an increasingly complex and interconnected technology environment, a recent research report from INPUT forecasts federal investment in information security will increase to $13.3 billion by 2015 at a compound annual growth rate of 9.1 percent, nearly twice the rate of overall federal IT spending.https://o1.qnsr.com/log/p.gif?;n=203;c=204663295;s=11915;x=7936;f=201904081034270;u=j;z=TIMESTAMP;a=20410779;e=i
The article goes on to say that the U.S. lacks cybersecurity talent, and frankly, that surprises me. An increasing number of colleges and universities are offering cybersecurity, cyber forensics and similar undergraduate and graduate degree programs, along with other training opportunities for those with an IT background. SecurityWeek, however, stated some of the following reasons why talent (and hiring) are lacking. They include:
. Scholarship for Service (SFS) and DOD Information Assurance Scholarship Program (IASP) are not producing enough entry-level workers.
. Some cybersecurity experts claim that current professional certification programs focus heavily on documenting compliance rather than actually reducing risk.
. Fragmented governance and uncoordinated leadership hinders the ability to meet federal cybersecurity workforce needs.