skip to main content

H.R. 5064 (114th): Improving Small Business Cyber Security Act of 2016


The text of the bill below is as of Apr 26, 2016 (Introduced).


I

114th CONGRESS

2d Session

H. R. 5064

IN THE HOUSE OF REPRESENTATIVES

April 26, 2016

(for himself, Mr. Kilmer, Ms. Stefanik, Ms. Clarke of New York, Mr. Chabot, Ms. Meng, Mr. Knight, Mr. Loudermilk, Mr. Payne, Ms. Velázquez, Mr. Renacci, Mr. Curbelo of Florida, and Mr. Carney) introduced the following bill; which was referred to the Committee on Small Business, and in addition to the Committee on Homeland Security, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned

A BILL

To amend the Small Business Act to allow small business development centers to assist and advise small business concerns on relevant cyber security matters, and for other purposes.

1.

Short title

This Act may be cited as the Improving Small Business Cyber Security Act of 2016.

2.

Role of small business development centers in cyber security and preparedness

Section 21 of the Small Business Act (15 U.S.C. 648) is amended—

(1)

in subsection (a)(1), by striking and providing access to business analysts who can refer small business concerns to available experts: and inserting providing access to business analysts who can refer small business concerns to available experts; and, to the extent practicable, providing assistance in furtherance of the Small Business Development Center Cyber Strategy developed under section 5(b) of the Improving Small Business Cyber Security Act of 2016:; and

(2)

in subsection (c)—

(A)

in paragraph (2)—

(i)

in subparagraph (E), by striking and at the end;

(ii)

in subparagraph (F), by striking the period and inserting ; and; and

(iii)

by adding at the end of the following:

(G)

access to cyber security specialists to counsel, assist, and inform small business concern clients, in furtherance of the Small Business Development Center Cyber Strategy developed under section 5(b) of the Improving Small Business Cyber Security Act of 2016.

.

3.

Additional cyber security assistance for small business development centers

Section 21(a) of the Small Business Act (15 U.S.C. 648(a)) is amended by adding at the end the following:

(8)

Cyber security assistance

The Department of Homeland Security, and any other Federal department or agency in coordination with the Department of Homeland Security, may provide assistance to small business development centers, through the dissemination of cyber security risk information and other homeland security information, to help small business concerns in developing or enhancing cyber security infrastructure, cyber threat awareness, and cyber training programs for employees.

.

4.

Cyber security outreach for small business development centers

Section 227 of the Homeland Security Act of 2002 (6 U.S.C. 148) is amended—

(1)

by redesignating subsection (l) as subsection (m); and

(2)

by inserting after subsection (k) the following:

(l)

Cyber security outreach

(1)

In general

The Secretary may provide assistance to small business development centers, through the dissemination of cyber security risk information and other homeland security information, to help small business concerns in developing or enhancing cyber security infrastructure, cyber threat awareness, and cyber training programs for employees.

(2)

Definitions

For purposes of this subsection, the terms small business concern and small business development center have the meaning given such terms, respectively, under section 3 of the Small Business Act.

.

5.

GAO study on small business cyber support services and small business development center cyber strategy

(a)

Review of current cyber security resources

(1)

In general

The Comptroller General of the United States shall conduct a review of current cyber security resources at the Federal level aimed at assisting small business concerns with developing or enhancing cyber security infrastructure, cyber threat awareness, or cyber training programs for employees.

(2)

Content

The review required under paragraph (1) shall include the following:

(A)

An accounting and description of all Federal Government programs, projects, and activities that currently provide assistance to small business concerns in developing or enhancing cyber security infrastructure, cyber threat awareness, or cyber training programs for employees.

(B)

An assessment of how widely utilized the resources described under subparagraph (A) are by small business concerns and a review of whether or not such resources are duplicative of other programs and structured in a manner that makes them accessible to and supportive of small business concerns.

(3)

Report

The Comptroller General shall issue a report to the Congress, the Small Business Administrator, the Secretary of Homeland Security, and any association recognized under section 21(a)(3)(A) of the Small Business Act containing all findings and determinations made in carrying out the review required under paragraph (1).

(b)

Small business development center cyber strategy

(1)

In general

Not later than 90 days after the issuance of the report under subsection (a)(3), the Small Business Administrator and the Secretary of Homeland Security shall work collaboratively to develop a Small Business Development Center Cyber Strategy.

(2)

Consultation

In developing the strategy under this subsection, the Small Business Administrator and the Secretary of Homeland Security shall consult with entities representing the concerns of small business development centers, including any association recognized under section 21(a)(3)(A) of the Small Business Act.

(3)

Content

The strategy required under paragraph (1) shall include, at minimum, the following:

(A)

Plans for incorporating small business development centers (SBDCs) into existing cyber programs to enhance services and streamline cyber assistance to small business concerns.

(B)

To the extent practicable, methods for the provision of counsel and assistance to improve a small business concern’s cyber security infrastructure, cyber threat awareness, and cyber training programs for employees, including—

(i)

working to ensure individuals are aware of best practices in the areas of cyber security, cyber threat awareness, and cyber training;

(ii)

working with individuals to develop cost-effective plans for implementing best practices in these areas;

(iii)

entering into agreements, where practical, with Information Sharing and Analysis Centers or similar cyber information sharing entities to gain an awareness of actionable threat information that may be beneficial to small business concerns; and

(iv)

providing referrals to area specialists when necessary.

(C)

An analysis of—

(i)

how Federal Government programs, projects, and activities identified by the Comptroller General in the report issued under subsection (a)(1) can be leveraged by SBDCs to improve access to high-quality cyber support for small business concerns;

(ii)

additional resources SBDCs may need to effectively carry out their role; and

(iii)

how SBDCs can leverage existing partnerships and develop new ones with Federal, State, and local government entities as well as private entities to improve the quality of cyber support services to small business concerns.

(4)

Delivery of strategy

Not later than 180 days after the issuance of the report under subsection (a)(3), the Small Business Development Center Cyber Strategy shall be issued to the Committees on Homeland Security and Small Business of the House of Representatives and the Committees on Homeland Security and Governmental Affairs and Small Business and Entrepreneurship of the Senate.

6.

Prohibition on additional funds

No additional funds are authorized to be appropriated to carry out this Act or the amendments made by this Act.