Patrick Thibodeau of Infoworld on the IRS cutting its cyber security staff by 11% over four years yet increasing overall spending on cyber security:
The Internal Revenue Service, which disclosed this week the breach of 100,000 taxpayer accounts, has been steadily reducing the size of its internal cyber security staff as it increases its security spending. This may seem paradoxical, but one observer suggested it could signal a shift to outsourcing.
In 2011, the IRS employed 410 people in its cyber security organization, but by 2014 the headcount had fallen by 11 percent to 363 people, according to annual reports about IRS information technology spending by the U.S. Treasury Department Inspector General.
Despite this staff reduction, the IRS has increased spending in its cyber security organization. In 2012, the IRS earmarked $129 million for cyber security, which rose to $141.5 million last year, an increase of approximately 9.7 percent.
If the IRS cut their cyber security staff while increasing overall cyber security spending, they are relying on either a managed security service or a lot of automation for their alerting. The former is the likely answer, although knowing how the US government functions, it would not surprise me if it were the latter: do more with less.