Since the Sept. 11, 2001, terrorist attacks, the government has spent heavily on IT security, although the increases have been declining each year. But next year's increase is significantly smaller than those in previous years. Annual IT security spending rose 10% this year, 50% in 2003, and 100% in 2002, Input reports. Single-digit increases in IT security spending will be the rule through the remainder of the decade, it says.
One reason IT security spending has slowed is that agencies have failed to comply with White House requirements to fix existing IT security weaknesses before the Office of Management and Budget releases additional money for new initiatives. Last year, according to Input, more than a quarter of federal IT systems didn't have up-to-date security plans. Input senior analyst Chris Campbell says yearly reviews by OMB and Congress have uncovered a number of security lapses unresolved from previous years, leaving many legacy systems vulnerable to attacks. This means agencies must seek OMB approval to re-appropriate funds to fix security lapses in existing systems, rather than get new money for new IT security projects. Campbell says vendors that help agencies implement security solutions at reasonable costs could benefit.
Still, Input sees IT security spending will pick up a bit in the second half of the decade, reaching an annual growth rate of about 5% through 2009--when IT security spending should surpass $7 billion.
By 2009, Input projects, IT security spending by Defense Department agencies and the military will rise to $3 billion, up from $2.4 billion this year, a 5% annual growth rate. Similarly, civilian agencies' IT security spending will grow at a 5.2% yearly growth rate over the next five years to $2.9 billion, from $2.3 billion. Intelligence agencies' growth rate is projected to be lower--2.5%, as spending will rise to $900 million from $800 million.
Two-thirds of federal IT security spending comes from just 10 agencies: the Office of the Secretary of Defense--which represents nearly one-quarter of all IT security spending--the three military branches, the departments of Homeland Security, Health and Human Services, Energy, Transportation, and Treasury, and the space agency, according to Input's analysis of government numbers.
The biggest IT security contracts awarded by the government are both for $1.5 billion. A Defense contract deals with information assurance and a General Services Administration contract focuses on developing common identification smart cards.
The government awards the biggest federal IT security contracts to systems integrators. In fiscal year 2003, according to Input, Northrop Grumman held 9% of the estimated federal government market share in IT security, followed by EDS at 8%, Science Applications International Corp., 5%, and General Dynamics, 4%.