WASHINGTON—Two pieces of legislation that seek to improve cybersecurity practices at the Small Business Administration and help small businesses across the country defend themselves against cyber threats have passed in the House.
The SBA Cyber Awareness Act, spearheaded by Rep. Jason Crow (D-CO), would require the agency to produce an annual congressional report assessing its information technology and if any of its equipment was manufactured in China, Security Today reported.
If the SBA was the victim of a cyber attack, the agency would have seven days to notify Congress and 30 days to notify individuals and small businesses affected by the incident.
What Would Be Required
“Our bill would require the SBA to be more proactive in protecting its data and more transparent in the event of a cyber breach,” Crow said on the House floor before the bill passed. “The goal of this bill is to put the SBA and the small businesses that it interacts with, and that depend on it, on the best footing possible to combat the rising threat of cyber attacks.”
The act was approved with bipartisan support, as was a measure that requires counselors at Small Business Development Centers – run by the SBA – to be certified in cybersecurity and assist business owners with protecting their businesses. The Small Business Development Center Cyber Training Act was spurred by the growing threats faced by business owners, Security Today noted.
‘Increasingly Popular Targets’
“Small businesses are increasingly popular targets for cyber criminals,” Rep. Steve Chabot (R-OH), who chairs the House Small Business Committee. “The average cost of a cyber attack on a small business is over $30,000 which can destroy, literally, a small business.”
Both bills have companion measures that have been introduced by Sen. Marco Rubio (R-FL), who chairs the Senate Committee on Small Business & Entrepreneurship. The legislation is awaiting a vote.