House and Senate legislators have proposed a bill aimed at bumping up cybersecurity resources tailored for local governments, small businesses (SMBs) and nonprofit organizations to defend themselves against cyber attacks.
The bipartisan and bicameral Improving Cybersecurity of Small Organizations Act--sponsored by Reps. Anna Eshoo (D-CA) and John Katko (R-NY), the ranking member of the House Homeland Security Committee’s cybersecurity subcommittee, and Sens. Jacky Rosen (D-NV) and John Cornyn (R-TX)--asks the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and the Small Business Administration (SBA) to take on central roles to help local governments, SMBs and nonprofits improve their cybersecurity profiles.
Both CISA and the SBA will be tasked with promoting the cyber pointers and the latter agency will be required to produce a report every two years on SMBs’ progress to supplement their cybersecurity defenses.
Specifically, the Act will do the following:
- Directs CISA to issue guidance that documents and promotes evidence-based cybersecurity policies and controls for small businesses, nonprofits, and local governments.
- Requires CISA, the SBA and the Minority Business Development Agency to promote the cybersecurity guidance.
- Requires the Secretary of Commerce to submit to Congress a report describing methods to incent small organizations to improve their cybersecurity.
- Requires the SBA to report on the state of small business cybersecurity every two years.
“Small businesses, small nonprofits, and small local governments can’t afford to hire cybersecurity professionals, yet they are still vulnerable to debilitating cyber attacks,” said Eshoo. “The Improving Cybersecurity of Small Organizations Act simply requires federal agencies to recommend easy-to-understand and evidence-based guidance that small organizations can adopt to improve their cybersecurity and protect everyone they serve.”
Both Rosen and Cornyn said the bill will help small businesses, local governments and nonprofits address cybersecurity challenges they face. “Small organizations are increasingly vulnerable to cyber attacks, and many of them lack the resources to manage complex cyber risks,” Rosen said.
“Small businesses and local governments face cybersecurity threats just as larger corporations do, and protecting against these risks doesn’t have to break the bank,” Cornyn said, a sentiment echoed by Katko, who said the bill will help those organizations sift through information that can be “overly complicated or geared toward organizations with greater resources.”
While a number of bills to help small organizations improve their cybersecurity postures have been introduced in Congress, many haven't traveled far in either chamber. Among the most recent to stand still is The Small Business Cybersecurity Assistance Act of 2019, proposed in July 2019 by Sens. Marco Rubio (R-FL) and Gary Peters (D-MI). The legislation is intended to better educate small businesses on cybersecurity and provide them with a central location to tap into the federal government's cybersecurity materials.