House OKs Small Biz Cyber Bills

July 17, 2019

On Monday, July 15, the U.S. House of Representatives voted to approve two bills aimed at improving cybersecurity protections for America’s small businesses. The bills, approved under unanimous consent, will require enhanced reporting on cybersecurity protections at the U.S. Small Business Administration (SBA) and expand available cybersecurity training at the nation’s Small Business Development Centers (SBDCs).

The SBA Cyber Awareness Act (H.R. 2331)
Introduced by Rep. Jason Crow (D-Colo.) would require the SBA to report annually to the Congress on the state of its information technology (IT) and cybersecurity systems, the methods it could use to improve cybersecurity, any IT equipment or systems it has that were produced by an entity doing business principally in China, and any recent cybersecurity risks or incidents and subsequent responses. H.R. 2331 also would require the SBA to report all cybersecurity risks or incidents to Congress as they occur and to notify the individuals and small businesses affected.

Under current law, the SBA is required to submit an annual performance report to Congress that includes information concerning agency cybersecurity efforts. In addition, the Federal Information Security Modernization Act of 2014 requires federal agencies, including the SBA, to report on the effectiveness of their information security policies and practices each year. Although H.R. 2331 would impose new reporting requirements upon the SBA, the work required to fulfill most of those requirements would not be significant because the SBA already collects most of the information needed in those reports.

The Small Business Development Center Cyber Training Act of 2019 (H.R. 1649)
This legislation, introduced by Rep. Steve Chabot (R-Ohio), would require SBA to establish a certification program for employees of SBDCs to provide assistance to small businesses on cybersecurity planning. Under the bill the SBA could spend up to $350,000 per year to reimburse SBDCs for certification costs. Such spending would be subject to the availability of appropriations. Based on that authorization level, CBO estimates that implementing H.R. 1649 would cost $2 million over the 2020-2024 period to fund certification programs at 63 SBDCs.