Mercatus Scholars Study Relationship between Cybersecurity Breaches and Federal Cybersecurity Spending
Mercatus scholars Eli Dourado and Andrea Castillo published an article, titled "Federal Cybersecurity Breaches Mount Despite Increased Spending," that uses data from the Congressional Research Service and the Government Accountability Office ("GAO") to compare the dollar amount of federal cybersecurity spending to the number of information security incidents from 2006 to 2013.
Recently, President Obama announced cybersecurity reform proposals that included an increase in federal funding for cybersecurity and legislative changes to encourage private organizations to share sensitive security information with the federal government.
According to the Mercatus article, increased federal spending on cybersecurity authorized by the Federal Information and Security Act ("FISMA") in the past is not reflected in the rate of cyber-breaches of federal systems reported by the GAO. Although the federal government spent a total of $78 billion on cybersecurity investments from FY 2006 to FY 2013, the number of reported federal cybersecurity breaches increased by 1,012% over the selected years.
The article charts the difference between "other" security incidents and the number of reported federal information security incidents that involved the exposure of personally identifiable information from 2009 to 2013. Additionally, the article states that, in April 2014, the GAO reported that federal agencies failed systematically to meet federal security standards due to poor implementation of FISMA practices.
While cybersecurity vulnerabilities and data breaches remain a formidable problem in both the private and public sector, "policies that failed to protect the federal government's own information security are unlikely to magically work when applied to private industry." The authors call on the federal government to focus on securing its own information technology systems properly "before trying to exert more control over private systems."
See: "Federal Cybersecurity Breaches Mount Despite Increased Spending" by Eli Dourado and Andrea Castillo. Related news: White House Announces New Cybersecurity Measures (January 13, 2015).