Small businesses will have dedicated access to cybersecurity tools, consulting services and resources developed by the Department of Homeland Security (DHS) if a newly introduced bipartisan bill makes it through Congress.
We're checking to see if or how MSSPs (managed security services providers) can potentially align with the government act to safeguard small business systems.
The Small Business Cybersecurity Assistance Act, introduced by Sens. Gary Peters (D-MI) and Marco Rubio (R-FL) would authorize Small Business Development Centers (SBDCs) to work with DHS to advise small businesses on how to strengthen their cybersecurity protocols. The legislation is right in Rubio’s wheelhouse -- he chairs the Senate Committee on Small Business and Entrepreneurship. Because small businesses often lack the resources to build robust cybersecurity defenses they are a favorite target of hackers. A combination of DHS' offerings and the expertise of a managed security service provider could make small businesses a formidable foe for cyber attackers.
Specifically, the bill directs the U.S. Small Business Administration (SBA) to become a cybersecurity clearinghouse by consolidating and managing federal government cybersecurity materials so small businesses can access information in one place. The measure also requires DHS specialists to train SBDC counselors on cybersecurity outreach to small businesses.
The Act does this:
- Permits SBDCs to use their current grant funding from SBA to provide cybersecurity training and technical resources to small businesses.
- Directs SBA, in consultation with DHS, and SBDCs to manage and disseminate cybersecurity materials created by federal government agencies.
- Directs DHS, in consultation with SBA, to create a train-the-trainer program with SBDC counselors.
- Requires DHS to develop online cybersecurity materials for small businesses.
“Cyber criminals and state-sponsored foreign hackers continue to target small businesses’ online systems, paralyzing their networks and ability to operate,” Rubio said. “This bipartisan bill ensures that small businesses have greater access to critical resources and training to better protect their networks before a cyber-attack occurs.”
Some of the bill’s mechanics were derived from recommendations presented in the Small Business Development Cyber Strategy report authored by DHS and the SBA. In debuting the bill, Peters and Rubio referenced the report, which described challenges small businesses face with implementing cybersecurity for their business. Last March, Rubio introduced two other small business cybersecurity bills. The Small Business Cyber Training Act would certify SBDC counselors to provide cyber planning assistance to small businesses, while the Small Business Administration (SBA) Cyber Awareness Act would require the SBA to create a cybersecurity strategy. The Senate has yet to vote on either bill.
“As we’ve seen in recent years, a breach at a small business not only has devastating consequences for that company’s future, it can also be the doorway for breaches of larger companies,” Peters said. “Yet too many small business owners say they lack the resources they need to safeguard their businesses and customers from hackers, fraudsters, and cybercriminals.”
Two months ago, Rep. Jason Crow (D-CO) introduced companion legislation in the House. The bipartisan measure has been added to the House version of the annual National Defense Authorization Act.