Cybersecurity Wednesdays | 2012 FISMA Report Key Takeaways

The White House recently released the 2012 Federal Information Security Management Act report. The report tracks agencies’ progress toward reaching the compliance targets set in 2002’s Federal Information Security Management Act (FISMA). While the report documents some improvements and an increase in spending (up a $1 billion from 2011), it also highlights areas of weaknesses that help illuminate the current government cybersecurity ecosystem.

Below are the key takeaways you need to know.

  1. Over $13 Billion Spent on Personnel
    The most revealing figure to come out of the report is the increase in personnel expenses. Of the $14.6 billion spent on cybersecurity in 2012, a whopping 90% went to personnel, an increase from 76% in 2011. Although IT security software and hardware is growing more sophisticated and automated, it only accounted for 5% of spending.
  2. Cybersecurity Education Down
    As we’ve mentioned in the past, cyber protection is a bottom to top process now. However, the amount of government employees with access to computer systems who received cybersecurity awareness instruction went from 99% to 88%.
  3. A Challenging Year
    The top reported cybersecurity challenges were:
    - Funding the administration’s priority initiatives
    - Cultural challenges
    - Upgrading legacy technology
    - The current budget structure
    - Acquiring skilled personnel
  4. Top Three Government Cybersecurity Spenders
    The organizations who spent the most in 2012 were:
    - Department of Defense: $12 billion
    - Department of Homeland Security: $615.5 million
    - Treasury Department: $404 million
  5. Security Incidents on the Rise
    49,000 security incidents were reported in 2012, up from 43,889 in 2011. However, it’s worth noting that the majority of them were the result of lost or stolen equipment and data, not unauthorized access.


The 2012 FISMA report reflects the major concerns we’ve recently heard in the media: an increase in successful cyberattacks; a shortage of trained cybersecurity professionals; and an IT infrastructure too weak to repel sophisticated attacks.

This recent surge in cyberattacks on government systems is the new normal. However, the amount of successful attacks can and will decrease when agencies invest in security automation IT, which will decrease personnel costs, freeing the resources needed to properly invest in a fully trained cybersecurity workforce.

Cybersecurity Wednesdays is a series exploring the world of public sector cybersecurity. We introduce concepts, offer opinions, provide resources, and identify ways to protect your agency.

More Tech articles from Business 2 Community:

See all articles from Business 2 Community

Friend's Activity