Implications of strengthening the cybersecurity of small business in America – Help Net Security
On November 2, 2021, the House of Representatives passed two bills with the goal of strengthening the cybersecurity of small businesses in America.
The first bill, the Small Business Administration (SBA) Cyber Awareness Act, was unanimously approved to expand cybersecurity operations at the SBA. The bill requires the Small Business Administration to issue a report assessing the agency’s ability to combat cyber threats within six months of passage. The report must disclose:
- SBA’s cybersecurity infrastructure
- The SBA’s strategy to improve cybersecurity protections
- Any equipment used by the SBA and manufactured by a company headquartered in China, and
- Any incident of cyber risk at the SBA and the agency’s actions to confront it
Additionally, the bill requires that the SBA notify Congress of future breaches while detailing who was affected in said breach as well as how the breach occurred.
The bill was introduced by Reps. Young Kim (CA-39) and Jason Crow (CO-06).
“For more than two decades, the SBA’s Inspector General has listed IT security as one of the most pressing challenges facing the SBA. Unfortunately, SBA cybersecurity vulnerabilities were brought to light with unprecedented demand of SBA loan programs during COVID-19, discouraging entrepreneurs from starting a business and creating jobs,” said Congresswoman Kim. “We must address this issue now and secure our systems so small business owners can safely utilize SBA’s resources as they work to recover from the pandemic, hire workers and adjust to rising costs of supplies.”
The second bill, the Small Business Development Center Cyber Training Act, aims to give small businesses the resources necessary to manage cyber-attacks on their own. The bill would help improve the training of Small Business Development Centers (SBDCs) to ensure they can better support and counsel small businesses on cybersecurity-related matters. As it stands, the bill would enable the SBA to reimburse SBDCs for employee certification and training costs, upwards of $350,000 annually.
The bill was introduced by Congressman Andrew Garbarino (R-NY). In a recent release he stated, “As both a member of the House Small Business Committee and Ranking Member of the House Homeland Security Committee’s Cybersecurity Subcommittee, I have seen how difficult it is for small businesses to arm themselves against these kinds of attacks due to resource constraints. It is my hope that this bipartisan legislation will be an impactful first step to getting small businesses the training they need to protect themselves from cyber criminals.”
Why do these bills matter?
Given the rapidly evolving threat landscape and increased frequency of attacks, establishing strong …….