Intelligence agencies spend three times more of their budgets on IT than average government agencies, says IDC report.
Government intelligence agencies devote about 15% of their annual budgets to IT -- nearly three times more than civilian agencies -- to support their missions, according to a new IDC Government Insights report. The National Security Agency (NSA) is believed to be spending twice that amount, or more than 30%.
While intelligence spending by the federal government is expected to rise by 18.8%, or about $9.5 billion, between 2013 and 2017, the IT portion of intelligence budgets is expected to grow by up to 33.6%, the report predicted. The majority of this spending will go toward additional data collection technologies and flexible, large-scale computing platforms.
Together, the CIA, NSA, and National Reconnaissance Office (NRO) get more than 68% of the "black" budget, which refers to the government's top-secret intelligence budget. Nearly a fourth of the government's black budget is devoted to IT products and services.
The new forecasts are based in part on documents leaked earlier this year by former NSA contractor Edward Snowden that included details on the US intelligence community's spending. The budget figures from one of those documents, called "Fiscal 2013 Congressional Budget Justification Book," show that the US budgeted $52.6 billion in fiscal 2013 to support the operations of 16 intelligence agencies. This included $14.7 billion for the CIA, $10.8 billion for the NSA, and $10.3 billion for the NRO.
The IDC Government Insights report suggests that 22.5% of the government's black intelligence budget covers IT solutions.
"For the intelligence agencies, the biggest surprise is the amount of funding needed to support the intelligence facilities and to collect data," Shawn McCarthy, IDC Government Insights research director and author of the report, told us in an email.
While IT security spending continues to climb steadily, investment patterns vary by agency, depending on existing legacy systems and what improvements need to be made.
"Many agencies are reviewing how their move to cloud-based solutions might affect their overall IT security posture, and many are finding that unified threat management (UTM) solutions are becoming increasingly popular," McCarthy said. IDC anticipates that "federal UTM spending will rise from $213.8 million in 2012 to over $541.4 million in 2017."
Most IT security spending goes toward staff salaries -- as much as 85% to 91%, McCarthy noted. That's because security scanning and proactive defense efforts require substantial amounts of manpower to set configurations and make decisions when threats are detected.
"For general IT security, the story is somewhat similar. IT infrastructure maintenance is the top security-related line item at many agencies. This shows that keeping systems in good condition, with the proper patches and software updates in place, is key to keeping systems secure," McCarthy said.
When it comes to long-term growth for security spending, the report forecasts that staffing will grow to $6.2 billion by 2017; firewall spending will increase to $249.6 million; intrusion detection and prevention will rise to $226.3 million; and virtual private network spending will grow to $80.9 million.
Elena Malykhina has written for The Wall Street Journal, Scientific American, Newsday, and AdWeek. She covers the federal government, including NASA's space missions, for InformationWeek.
The NSA leak showed that one rogue insider can do massive damage. Use these three steps to keep your information safe from internal threats. Also in the Stop Data Leaks issue of Dark Reading: Technology is critical, but corporate culture also plays a central role in stopping a big breach. (Free registration required.)
Security Job #1 For FedsThe 2014 InformationWeek Government IT Priorities Survey shows federal IT pros care about security - itís rated as very important by 69% of respondents, 30 percentage points ahead of the No. 2 priority, disaster recovery. Will the upcoming NIST cyber-security framework help manage risk?