Senate Takes up Cybersecurity Legislation

August 1, 2012

After years of hearings and discussions on how best to protect the nation’s critical infrastructure from the ever increasing threat of cyber attack, the Senate this week is taking up a modified version of its cyber security legislation, the Cybersecurity Act of 2012 (S. 3414). The bill provides for a flexible and voluntary, incentives-based system (or standards) to encourage owners and operators of the country’s most critical infrastructure systems (e.g. electric grids, banking systems, etc.) to meet much-needed cybersecurity requirements. The original bill, S. 2105, introduced by Sens. Joseph Lieberman (I-Vt.), John Rockefeller (D-W.Va.), Susan Collins (R-Maine), Dianne Feinstein (D-Calif.), and Sheldon Whitehouse (D-R.I.), was revised to address a number of concerns from opponents including issues regarding privacy, civil liberties, and mandatory security standards for private industry.

Addressing our nation’s cyber vulnerabilities is of particular interest to America’s small-business community, specifically with respect to the digital networks connecting our country’s financial institutions. Two recent articles from the New York Times  and the Wall Street Journal  help to highlight the dramatic increase in cyber attacks on small businesses. Further complicating the issue, are the inadequate protections afforded to small-business bank accounts.  Under federal law, small-business accounts do not receive the same safeguards as personal accounts, even though the majority of small businesses are sole proprietorships.

According to the New York Times article, “Business owners who have been hacked often feel most betrayed by the banks they thought were protecting their money. But banks have no legal obligation to reimburse businesses for attacks – federal regulations [the Electronic Fund Transfer Act (EFTA)] do not cover commercial accounts.” (Pamela Ryckman, Owners May Not Be Covered When Hackers Wipe Out A Business Bank Account, June 13, 2012).

The current lack of critical infrastructure protections for our nation’s digital networks, the meteoric rise in the number of cyber threats to small businesses, and the lack of protections afforded to them under current federal law, creates a perfect storm for America’s small-business community. The amount of time and money spent either trying to prevent cyber attacks or dealing with the aftermath can cripple a small business, forcing many to drastically reduce their workforce or any plans they had to expand, or even close their doors. Small businesses comprise 97.7 percent of all U.S. employers firms and employ approximately 50 percent of all private sector employees. Small-business owners need to focus on what they do best, which is creating new jobs and maintaining sustainable economic growth.