skip to main content

S. 3024 (114th): Small Business Cyber Security Improvements Act of 2016

The text of the bill below is as of Jun 9, 2016 (Reported by Senate Committee).


II

Calendar No. 511

114th CONGRESS

2d Session

S. 3024

IN THE SENATE OF THE UNITED STATES

June 6, 2016

(for himself, Mr. Peters, and Mr. Coons) introduced the following bill; which was read twice and referred to the Committee on Small Business and Entrepreneurship

June 9, 2016

Reported by , without amendment

A BILL

To improve cyber security for small businesses.

1.

Short title

This Act may be cited as the Small Business Cyber Security Improvements Act of 2016.

2.

Role of small business development centers in cyber security and preparedness

Section 21 of the Small Business Act (15 U.S.C. 648) is amended—

(1)

in subsection (a)(1), by striking and providing access to business analysts who can refer small business concerns to available experts: and inserting providing access to business analysts who can refer small business concerns to available experts; and, to the extent practicable, providing assistance in furtherance of the Small Business Development Center Cyber Strategy developed under section 4(c) of the Small Business Cyber Security Improvements Act of 2016; and

(2)

in subsection (c)(3)—

(A)

in subparagraph (S), by striking and at the end;

(B)

in subparagraph (T), by striking the period and inserting ; and; and

(C)

by adding at the end of the following:

(U)

to the extent practicable, providing access to external cyber security specialists to counsel, assist, and inform small business concerns in furtherance of the Small Business Development Center Cyber Strategy developed under section 4(c) of the Small Business Cyber Security Improvements Act of 2016.

.

3.

Additional cyber security assistance for small business development centers

Section 21(a) of the Small Business Act (15 U.S.C. 648(a)) is amended by adding at the end the following:

(8)

Cyber security assistance

The Department of Homeland Security, and any other Federal agency, in coordination with the Department of Homeland Security, may provide assistance to small business development centers, through the dissemination of cyber security risk information and other homeland security information, to help small business concerns in developing or enhancing cyber security infrastructure, cyber threat awareness, and cyber training programs for employees.

.

4.

GAO study on small business cyber support services and Small Business Development Center Cyber Strategy

(a)

Definitions

In this section—

(1)

the term Administrator means the Administrator of the Small Business Administration;

(2)

the term association means the association established under section 21(a)(3)(A) of the Small Business Act (15 U.S.C. 648(a)(3)(A)) representing a majority of small business development centers;

(3)

the terms Federal agency, small business concern, and small business development center have the meanings given such terms under section 3 of the Small Business Act (15 U.S.C. 632); and

(4)

the term Secretary means the Secretary of Homeland Security.

(b)

Review of current cyber security resources

(1)

In general

The Comptroller General of the United States shall conduct a review of the cyber security resources of Federal agencies aimed at assisting small business concerns with developing or enhancing cyber security infrastructure, cyber threat awareness, or cyber training programs for employees.

(2)

Content

The review required under paragraph (1) shall include the following:

(A)

An accounting and description of all programs, projects, and activities of Federal agencies that provide assistance to small business concerns in developing or enhancing cyber security infrastructure, cyber threat awareness, or cyber training programs for employees.

(B)

An assessment of how widely utilized the resources described under subparagraph (A) are by small business concerns.

(C)

A review of whether or not the resources described in subparagraph (A) are—

(i)

duplicative of other programs; or

(ii)

structured in a manner that makes the resources accessible to and supportive of small business concerns.

(3)

Report

The Comptroller General shall submit to Congress, the Administrator, the Secretary, and the association a report containing all findings and determinations made in carrying out the review required under paragraph (1).

(c)

Small Business Development Center Cyber Strategy

(1)

In general

Not later than 90 days after the date on which the Comptroller General submits the report under subsection (b)(3), the Administrator and the Secretary shall begin to work collaboratively to develop a Small Business Development Center Cyber Strategy.

(2)

Consultation

In developing the strategy required under paragraph (1), the Administrator and the Secretary shall consult with entities representing the concerns of small business development centers, including the association.

(3)

Content

The strategy required under paragraph (1) shall include, at minimum, the following:

(A)

Plans for incorporating small business development centers into cyber programs to enhance services and streamline cyber assistance to small business concerns.

(B)

To the extent practicable, methods for providing counsel and assistance to improve the cyber security infrastructure, cyber threat awareness, and cyber training programs for employees of small business concerns, including—

(i)

working to ensure individuals are aware of best practices in the areas of cyber security, cyber threat awareness, and cyber training;

(ii)

working with individuals to develop cost-effective plans for implementing best practices in the areas described in clause (i);

(iii)

entering into agreements, where practical, with Information Sharing and Analysis Centers or similar cyber information sharing entities to gain an awareness of actionable threat information that may be beneficial to small business concerns; and

(iv)

providing referrals to area specialists when necessary.

(C)

An analysis of—

(i)

how programs, projects, and activities of Federal agencies identified by the Comptroller General in the report submitted under subsection (b)(3) can be leveraged by small business development centers to improve access to high quality cyber support for small business concerns;

(ii)

additional resources small business development centers may need to effectively carry out the role of the small business development centers; and

(iii)

how small business development centers can leverage existing partnerships and develop new partnerships with entities of the Federal Government, States, and local governments and in the private sector to improve the quality of cyber support services to small business concerns.

(4)

Delivery of strategy

Not later than 180 days after the date on which the Comptroller General submits the report under subsection (b)(3), the Administrator and the Secretary shall submit the strategy required under paragraph (1) to—

(A)

the Committee on Homeland Security and Governmental Affairs and the Committee on Small Business and Entrepreneurship of the Senate; and

(B)

the Committee on Homeland Security and the Committee on Small Business of the House of Representatives.

(d)

Prohibition on additional funds

No additional funds are authorized to be appropriated to carry out this section.

June 9, 2016

Reported without amendment