IN THE SENATE OF THE UNITED STATES
January 16, 2020
Ms. Cortez Masto (for herself, Mr. Risch, and Ms. Rosen) introduced the following bill; which was read twice and referred to the Committee on Small Business and Entrepreneurship
To require the Administrator of the Small Business Administration to establish a program to assist small business concerns with purchasing cybersecurity products and services, and for other purposes.
This Act may be cited as the
Strengthening and Enhancing Cybersecurity Usage to Reach Every Small Business Act or the
SECURE Small Business Act.
In this Act:
The term Administrator means the Administrator of the Small Business Administration.
Covered industry sectors
The term covered industry sectors means the following industry sectors:
Accommodation and food services.
Healthcare and social assistance.
Retail and wholesale trade.
Transportation and warehousing.
Entertainment and recreation.
Finance and insurance.
Information and telecommunications.
Any other industry sector that the Administrator determines to be relevant.
The term covered vendor means a vendor of cybersecurity products and services, including cybersecurity risk insurance.
The term cybersecurity means—
the art of protecting networks, devices, and data from unauthorized access or criminal use; and
the practice of ensuring the confidentiality, integrity, and availability of information.
The term cybersecurity threat means the possibility of a malicious attempt to infiltrate, damage, disrupt, or destroy computer networks or systems.
Small business concern
The term small business concern has the meaning given the term in section 3(a) of the Small Business Act (15 U.S.C. 632(a)).
Cybersecurity cooperative marketplace program
Not later than 180 days after the date of enactment of this Act, the Administrator, in consultation with the Director of the National Institute of Standards and Technology, shall establish a program to assist small business concerns with purchasing cybersecurity products and services.
In carrying out the program established under subsection (a), the Administrator shall—
educate small business concerns about the types of cybersecurity products and services that are specific to each covered industry sector; and
provide outreach to covered vendors and small business concerns to encourage use of the cooperative marketplace described in subsection (c).
Cooperative marketplace for purchasing cybersecurity products and services
The Administrator shall—
establish and maintain a website that—
is free to use for small business concerns and covered vendors; and
provides a cooperative marketplace that facilitates the creation of mutual agreements under which small business concerns cooperatively purchase cybersecurity products and services from covered vendors; and
determine whether each covered vendor and each small business concern that participates in the marketplace described in paragraph (1) is legitimate, as determined by the Administrator.
This section ceases to be effective on September 30, 2024.
GAO study on available Federal cybersecurity initiatives
The Comptroller General of the United States shall conduct a study that identifies any improvements that could be made to Federal initiatives that—
train small business concerns how to avoid cybersecurity threats; and
are in effect on the date on which the Comptroller General commences the study.
Not later than 1 year after the date of enactment of this Act, the Comptroller General of the United States shall submit to the Committee on Small Business and Entrepreneurship of the Senate and the Committee on Small Business of the House of Representatives a report that contains the results of the study required under subsection (a).