What Portion of Federal Civilian Information Security Spending Is Contractor Addressable?
Published: October 15, 2014
With the inconsistencies in reported federal spending, it can be difficult to determine how much agencies are investing in different technology areas, like information security. That lack of visibility can make it even more challenging for contractors to determine the size of the addressable market. The reported data for top and mid-tier civilian agencies suggests around 80% of IT security funds could be in play for contractors.
One approach to determining the current addressability of information security spending leverages the IT budget details that agencies report to the Office of Management and Budget (OMB). First the information security related categories within the Federal Enterprise Architecture (FEA) Business Reference Model (BRM) services are identified. These categories allow investment details to be filtered by determining primary and secondary service requirements. The results that meet the FEA BRM service criteria are reviewed for relevance to information security. This process yielded 208 IT investments reported for FY 2015. Then, the contractor addressable portion of spending for each of these investments is calculated. Finally, the figures for each of the investments are used to approximate averages for the spending per investment and for the contractor addressable portions.
- Addressability varies across the civilian agencies and does not necessarily correspond to the highest levels of spending.
There are some drawbacks worth acknowledging with this approach. Obviously, the calculations rely on the accuracy of agency reporting and consistently coding investments to FEA BRM service areas. This analysis also only takes public data into account, which omits any classified funding or details. Numerous investments include an unspecified portion of spending dedicated to security. In such cases, the whole amount has been included. Additionally, the funding level associated with each of the investments reflects the requested, not approved or actual, sum. Despite some of the limitations around the conclusions, they offer a decent starting point for sizing contracted spending on information security within the federal civilian government.