Security Breaches in the U.S. Federal Government

38 Pages Posted: 18 Mar 2017 Last revised: 20 Jun 2017

Min-Seok Pang

Temple University - Department of Management Information Systems

Hüseyin Tanriverdi

University of Texas at Austin - Red McCombs School of Business

Date Written: March 7, 2017

Abstract

Cybersecurity incidents in the U.S. federal government have increased by 1,121 percent between 2006 and 2014, leading to growing concerns on the security of the federal IT infrastructures. We examine potential drivers and mitigation mechanisms of security breaches in the U.S. federal government. Technologically, many argue that the large stock of legacy IT systems in federal agencies, which are not designed for security, cause security vulnerabilities. Some IT professionals, however, counter with a “security-by-antiquity” argument that legacy systems are more secure. We consider both arguments and empirically test how legacy systems are associated with security breach incidents in the federal government. Organizationally, federal agencies exhibit significant heterogeneity; some are highly centralized whereas others are highly decentralized geographically or functionally. We examine how their organizational forms affect security vulnerability. We find that agencies that invest more in new IT development and modernization experience fewer security breaches than ones that invest more in maintenance of legacy systems. Outsourcing legacy systems to the cloud also reduces the frequency of security breaches. Our results also find that effective IT governance, risk, and control mechanisms also mitigate security risks of the legacy systems. Finally, federal agencies that are geographically or functionally dispersed experience security breaches less frequently than centralized agencies.

Keywords: Federal Government, Security Breaches, Legacy Systems, Cloud Computing

Suggested Citation

Pang, Min-Seok and Tanriverdi, Hüseyin, Security Breaches in the U.S. Federal Government (March 7, 2017). Fox School of Business Research Paper No. 17-017. Available at SSRN: https://ssrn.com/abstract=2933577 or http://dx.doi.org/10.2139/ssrn.2933577

Min-Seok Pang (Contact Author)

Temple University - Department of Management Information Systems ( email )

1810 N. 13th Street
Floor 2
Philadelphia, PA 19128
United States
215-204-3059 (Phone)

HOME PAGE: http://sites.google.com/site/minspang

Huseyin Tanriverdi

University of Texas at Austin - Red McCombs School of Business ( email )

Austin, TX 78712
United States

Paper statistics

Downloads
358
Rank
67,833
Abstract Views
1,349