The explosion of the Internet of Things has increased the vulnerability of all networked digital systems and devices. The internet has become an unsafe, open digital highway filled with marvelous capabilities that are constantly being attacked and exploited by hostile people, organizations and nations. Protecting this digital highway requires special purpose hardware, software and skilled technicians to manage the real time attacks and intrusions. But this cybersecurity layer comes at a cost, which has been hard for many government organizations to identify, track and predict.
This a paper presents the results of research into cybersecurity costs for executive departments and agencies of the federal government. Budget data provided through the OMB IT Dashboard was evaluated and filtered to identify cybersecurity specific activities supporting the development of business IT systems, as well as development of IT systems with a cybersecurity primary mission function. Data was sorted by agency and cybersecurity activity to identify potential correlation between the cybersecurity costs and other program costs leading to cost estimating methods for specific cybersecurity activities.
The paper presents:
1. Costs for IT systems with a primary function of providing cybersecurity to an agency.
2. Cost factors to estimate cybersecurity material costs (HW, SW) and support labor costs (program management, system engineering, test, documentation, etc ...) within a general business system.
Presenters
Richard Mabe
Senior Solutions Consultant for Price Systems
Mr. Richard Mabe is a Senior Solutions Consultant for Price Systems, with over 40 years of experience in government and industry. He has conducted extensive research focused on methods to apply industry-best cost estimating practices for SW, cybersecurity and C4I systems.
Dan Harper
Mr. Dan Harper (MITRE) is a CCE/A and has been an ICEAA member for over 15 years. Dan has estimated Hardware and Software/IT during all Acquisition and Support Phases and has a passion for knowledge management.