GovDefenders Wednesdays | 2012 FISMA Report Key Takeaways
The White House recently released the 2012 Federal Information Security Management Act report. The report tracks agencies’ progress toward reaching the compliance targets set in 2002’s Federal Information Security Management Act (FISMA). While the report documents some improvements and an increase in spending (up $1.3 billion from 2011), it also highlights areas of weaknesses that help illuminate the current government cybersecurity ecosystem.
These are the key takeaways you need to know:
- Over $13 Billion Spent on Personnel
The most revealing figure to come out of the report is the increase in personnel expenses. Of the $14.6 billion spent on cybersecurity in 2012, a whopping 90% went to personnel, an increase from 76% in 2011. Although IT security software and hardware is growing more sophisticated and automated, it only accounted for 5% of spending.
- Cybersecurity Education Down
As we’ve mentioned in the past, cyber protection is a bottom up process now. However, the percentage of government employees with access to computer systems who received cybersecurity awareness instruction went from 99% to 88%. Training only accounted for 0.9% of the total spent on cybersecurity, almost 2% lower than 2011.
- A Challenging Year
The top reported cybersecurity challenges were:
- Funding the administration's priority initiatives
- Cultural challenges
- Upgrading legacy technology
- The current budget structure
- Acquiring skilled personnel
- Top Three Government Cybersecurity Spenders
The organizations who spent the most in 2012 were:
- Department of Defense: $12 billion
- Department of Homeland Security: $615.5 million
- Treasury Department: $404 million
- Security Incidents on the Rise
49,000 security incidents were reported in 2012, up from 43,889 in 2011. However, it’s worth noting that the majority of them were the result of lost or stolen equipment and data, not unauthorized access.
The 2012 FISMA report reflects the major concerns we’ve recently heard in the media: an increase in successful cyberattacks; a shortage of trained cybersecurity professionals; and an IT infrastructure too weak to repel sophisticated attacks.
This recent surge in cyberattacks on government systems is the new normal. However, the amount of successful attacks can and will decrease when agencies invest in security automation IT, which will decrease personnel costs, freeing the resources needed to properly invest in a fully trained cybersecurity workforce.
Interested in learning more about cybersecurity? The GovDefenders Virtual Event is a free online cybersecurity conference on April 24. Join us from your desk as experts from NetApp, Symantec, ForeScout, Red Hat, Quest Software, SolarWinds, and DLT Solutions, discuss trends, best practices, and the future of public sector cybersecurity. Register today!