Feb 01 2023

Federal Cybersecurity vs. Private: How Do Agencies Stack Up?

A recent report finds the public sector struggles more when it comes to threat detection and prevention.

A recent report released by software company Splunk found that public sector organizations often lack the cybersecurity intelligence needed to respond effectively, and they struggle more than the private sector in leveraging data to detect and prevent threats.

Based on a survey of more than 200 IT and data security managers conducted by Foundry Research, the December report compares the state of federal cybersecurity defense with that of the private sector. The purpose was to determine how organizations use data to address cybersecurity priorities and identify obstacles to acting on that data. The survey also assessed the extent to which threat intelligence is shared within and outside both sectors.

“Cybersecurity is not cheap, and federal agencies are massive,” says Ryan Kovar, a distinguished security strategist at Splunk. Kovar is also the leader of SURGe, Splunk’s blue team security research arm, which works as a technical liaison between public and private partnerships at the organization. Kovar said the public sector’s struggles are due to the government’s massive size, even compared with the biggest private organizations, such as Google and Microsoft, which employ hundreds of thousands of employees.

“The Post Service has over 500,000 employees; the DOD, over a million,” Kovar said. “When you’re the size of the federal government, keeping data is a physics problem, not even just a cost problem.”

Click the banner below to get Insider access to exclusive cybersecurity articles.

Agencies Report Challenges with Threat Intelligence and Detection

Among public sector respondents, 63 percent said they struggle to leverage data to detect and prevent threats, compared with 49 percent of private sector respondents. The public sector was also more likely to struggle with mitigating cybersecurity events (66 percent of public respondents versus 56 percent of private).

Public sector respondents cited several reasons for these shortcomings, including skills gaps, lack of resources and lack of visibility into the threat landscape.

The public sector’s biggest barrier to addressing cybersecurity priorities and mandates is budget, the survey found. Nearly 80 percent of public sector respondents said budget inhibits their ability to address these areas. The 2023 omnibus spending package recently signed by President Joe Biden showed a significant increase in funding for cybersecurity, including $1.3 billion for cybersecurity programs at the Cybersecurity and Infrastructure Security Agency (CISA), a year-over-year increase of $230 million, according to FedScoop.

On threat intelligence, 44 percent of public sector respondents said that shared cybersecurity intelligence available to them is lacking for their needs, compared with 29 percent of private sector respondents. Kovar, who has worked in both the public and private sector, posits that these numbers could be a result of the public sector knowing what it’s missing and the private sector not being aware of all possibilities.

“I had significantly more intelligence when I was in the public sector than the private sector,” Kovar says. “I do wonder if part of that is people know how much they could have but are unable to action it because of a lack of resources. And how much of it is the private sector not knowing what it could have?”

In November, the General Services Administration acknowledged this and took steps to address it. On behalf of CISA, the GSA filed a request for information on the availability of Threat Intelligence Enterprise Services to help the agency in its development of threat intelligence capabilities. CISA cited fragmented threat information as one of the existing barriers in the federal cyber ecosystem found throughout the threat intelligence lifecycle.

EXPLORE: These new threat metrics can help improve federal cybersecurity.

How Data Limitations Increase Public-Private Disconnect

According to the report, these data challenges limit both sectors’ ability to share information with each other, hindering collaboration between public and private organizations. The survey results suggest organizations in both sectors are much more likely to share intelligence within their own sector than across sectors.

That said, the two sectors were aligned on what kind of insights and information were important to share:

  • Threat intelligence and actors (69 percent public and 63 percent private)
  • Real-time information on security events (60 percent public and 69 percent private)
  • Cybersecurity training materials and best practices (79 percent public and 68 percent private)
  • Benchmarked data (36 percent public and 31 percent private)

Kovar said the disconnect comes from the fact that the two sectors have different challenges and capabilities, so each side has different ideas about execution.

“We’re going to see people agreeing on the goals, but how you implement them and execute them between the public and private sector is going to be different,” he says. “The second thing is that the public sector has a mandate to help citizens, not make profit. There’s a very big difference there.”

Looking ahead, the most common cybersecurity investments among public sector respondents included monitoring/alerting, threat intelligence and security assessments.

Laurence Dutton/Getty Images

Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT