Senate To Do List: NDAA and Cybersecurity

November 13, 2012


Two key small-business issues remain on the long to-do list for Congress during the lame duck: the Fiscal Year 2013 (FY 13) National Defense Authorization Act (NDAA) which hopefully will include critical small-business contracting reforms; and cybersecurity legislation. Both bills address important issues for America’s small-business community, and NSBA is urging the Senate to act on these measures.

Contracting Reforms in NDAA

Last week, NSBA sent a letter to Members on the Senate Armed Services Committee (SASC) encouraging them to incorporate the small-business contracting reform provisions included in the House-passed FY 13 NDAA (H.R. 4310) into the final bill. These provisions include language addressing everything from contract bundling and government-wide small-business contracting goals to increased transparency and an enhanced role for small-business advocates in the federal acquisition and procurement process.

In addition to the referenced provisions, NSBA also urged Members to include two important bipartisan bills: the Small Business Contracting Fraud Prevention Act (S. 633) and the Fairness in Women-Owned Small Business Contracting Act (S. 2172). These bills include language to help eliminate instances of fraud and abuse, and to remove the arbitrary limit on sole source contracts to women-owned small businesses, a crucial component of our federal contracting base.

Recent reports indicate that the NDAA could come up as soon as the end of this week, with debate on amendments expected after the Thanksgiving break. Another option involves going straight to conference on the measure instead of through the traditional floor process, though, this process remains a back-up at this point. NSBA will continue to monitor the situation and will keep its members apprised of any developments.

NSBA is urging all small-business owners to take a moment TODAY and urge your Senators to support the inclusion of these small business contracting provisions and measures in the final FY 13 NDAA.


Before leaving for August recess, the Senate failed to invoke cloture (by a vote of 52-46) on a motion to close debate on the revised Cybersecurity Act of 2012 (S. 3414), which provides for a flexible and voluntary, incentives-based system (or standards) to encourage owners and operators of the country’s most critical infrastructure systems to meet much-needed cybersecurity requirements. Senate Majority Leader Harry Reid (D-Nev.) has placed this legislation on his list of unfinished business, a positive indicator that the Senate may act to take up the measure during the lame duck session.

Small businesses are very concerned about safeguarding our nation’s digital networks and critical infrastructure, as well as ensuring that any new legislation or policy includes language to provide support for small-business cybersecurity efforts and does not place a disproportionate burden on small firms. According to a recent NSBA quick poll–an informal polling of NSBA members–56 percent of respondents said that they have been subject to a cyber-attack (i.e. malware, banking trojan, phishing e-mail, etc.). In 2011, 18 percent of all cyber-attacks targeted small businesses. Today, that number has ballooned to 36 percent. [1] Just as troubling: 59 percent of small-business owners said that they do not have a contingency plan in place for responding to or reporting a data breach (i.e. loss of customer data, credit card information, or intellectual property). [2]

The current lack of critical infrastructure protections for our nation’s networks (including our financial, communications, and electrical grids) coupled by the dramatic increase in cyber-attacks on small businesses and the inadequate protections afforded to their bank accounts under current federal law, makes this an important issue for NSBA and one that we will continue to closely monitor.

For updates or additional information, please follow us on Twitter at @NSBAAdvocate.



[1] See June 2012 Symantec Intelligence Report (

[2] See study conducted by National Cyber Security Alliance (NCSA) and Symantec (


 1 total views,  1 views today