The cost and number of companies offering cyber products has also grown. A Govini study showed that for fiscal 2018, the number of vendors offering cybersecurity products and services has grown by 55.1 percent. On top of that, the opportunities and need for vendors to work in the federal market have also increased by 78.8 percent.
“A lot of people are gravitating towards this market, but at the same time, the way the federal government is emerging its digital footprint is cyber is pervasive, anything that requires data or any digital component has to have a cybersecurity aspect to it,” Hummer said.
This increasing need opens up areas for competition and contracts for vendors. In its study, the data was split into five broad categories related to mission or objective for each agency. From there, 13 segments were identified
reflecting the capabilities of the agencies. Lastly, it was broken down into 59 subsegments defining the approaches that were specific to each available technology.
“When it comes down to it, our category cyber defense accounted for the largest share of spending and that makes sense,” Hummer said. “But the challenge with cyber defense is we believe that it’s reached a point of diminishing returns.”
While it accounted for more than 40 percent of overall spending, its growth began to slow when compared to other categories, such as cyber resilience. Cyber defense is the act of doing everything to prevent an attack, but cyber resilience gives an agency the capability to continue operations, even while under attack.
Every agency has to keep their eyes open for potential insider threats, especially with the increase of cloud space. Training federal employees in cyber compliance and data analytics will help agencies learn the trends in cybersecurity, and could help them prevent or repel attacks, Hummer said.
Analytics, in the long run, will help agencies understand their cyber defense better, and learn to rely on software and not just hardware.
“Of course, we’re seeing a lot of huge proliferation in cyber capable software. But at the core root of a lot of the software, it’s analytics,” Hummer said.
“People aren’t buying appliances and putting them in their data centers.”
Everything depends on how defense and civilian agencies embrace software and hardware managed by vendors.
“They’re going to have to install a lot of that hardware themselves. And when we see this coming wave of IT modernization weaving in, [it will be a] challenge, because a lot of that infrastructure is going to be [fresh].”
An even bigger issue arises when looking specifically at the information that
agencies, such as the Veterans Affairs Department and Defense Department, have to keep under protection. So, agencies have to be careful which vendors and programs they accept.
On the other hand, a vendor also needs to understand who’s doing what, when, where and how with its products. Understanding this from a competitive point of view and identifying different markets in order to install vendors’ products is very important. In fact, the federal government relies a lot on these partnerships with civilian organizations, Hummer said.
“Nobody has an end-to-end solution, especially when it comes to cyber,” Hummer said.
Defense agencies such as the Army, Navy, Air Force and Defense Information Network, as well as the Department of Homeland Security, are leaders in cybersecurity because their networks are the largest and most comprehensive.
However, all agencies must look deeper into how they can prevent both insider threat attacks and outside threats to their information.
Hackers are often focused on obtaining information, such as medical records, in order to publish it on the dark web. Because of this, the federal government has a direct need to protect that information, Hummer said.
That increase in stolen information and medical records within the Veterans Affairs Department has the agency worried. Because of this, the VA alone is set to spend almost half a billion dollars on protecting its data and networks, Hummer said.