House Passes Improving Small Business Cyber Security Act of 2016
A bill introduced to the House of Representatives in April, 2016 is intended to help small businesses gain access to cybersecurity expertise. The full title is:
To amend the Small Business Act to allow small business development centers to assist and advise small business concerns on relevant cyber security matters, and for other purposes.
This bill was co-sponsored by a bipartisan slate and passed in the House on September 21, 2016 and goes to the Senate next for consideration.
As noted in the title, the Act is intended to support small business development centers (SBDCs) managed by the SBA, provide cybersecurity offerings.
Here is a summary from congress.gov:
(Sec. 2) This bill amends the Small Business Act to authorize the Small Business Administration (SBA) to make grants to small business development centers (SBDCs) in furtherance of a Small Business Development Center Cyber Strategy to be developed by the SBA and the Department of Homeland Security (DHS) after the Government Accountability Office (GAO) issues a report that reviews federal cybersecurity resources aimed at assisting small businesses.
SBDCs shall have access to cybersecurity specialists to counsel their small business clients.
(Sec. 3) The Homeland Security Act of 2002 and the Small Business Act are amended to allow DHS and other federal agencies coordinating with DHS to leverage SBDCs to disseminate cybersecurity risk information and other homeland security information to help small businesses in developing cybersecurity infrastructure, threat awareness, and employee training programs.
(Sec. 5) The GAO's cyber resources report must include: (1) an accounting, description, and assessment of the utilization of federal programs that provide cybersecurity assistance to small businesses; and (2) an assessment of whether the resources are duplicative of other programs or accessible to small businesses.
The strategy must include:
plans for leveraging SBDCs into existing federal cyber programs to assist small businesses;
methods for the provision of counsel and assistance to improve small businesses' cyber security infrastructure, threat awareness, and training programs for employees, including agreements with Information Sharing and Analysis Centers to gain awareness of actionable threat information that may be beneficial to small businesses; and
an analysis of how SBDCs can leverage federal programs and develop partnerships with federal, state, and local governments and private entities to improve cyber support services to small businesses.
The SBA's and DHS's strategy must be developed in consultation with entities representing SBDC concerns and submitted to Congress.
At this time, it is an unfunded mandate. Lack of funding to support small businesses with cyber security measures is likely to diminish an approved Act’s overall effectiveness.
About the author
Carolyn Schrader is Carolyn Schrader is a seasoned cybersecurity professional and founder of the Cyber Security Group Inc., providing corporate cybersecurity services to high profile clients.