Crow Introduces Bipartisan Bill to Promote Cybersecurity at The Small Business Administration

Today, Representative Jason Crow (D-CO) was joined by Representatives Troy Balderson (R-OH), Nydia Velázquez (D-NY), and Steve Chabot (R-OH) to introduce the SBA Cyber Awareness Act (H.R. 2331), a bill that takes several important steps to strengthen the Small Business Administration's (SBA) cybersecurity to handle and report cyber threats that affect small businesses.

"Cybersecurity is one of the biggest threats to our economy and small businesses. Our small businesses are the backbone of our economy but are increasingly the target of cyber attacks and theft of small business data and intellectual property. This bill is an important first step to securing the SBA and ensuring that the millions of small businesses it serves are protected, " said Crow.

"Small businesses are reliant on having secure online presences for e-Commerce transactions, data collection and storage, and hosting intellectual property," said Balderson. "Without this crucial security, small businesses are prone to cyberattacks, threatening their vitality. As small business account for 99.9% of American firms, we cannot afford this risk. That's why this bill takes important steps to reduce cyber security risks and ensure protection for the Small Business Administration and the millions of small businesses it serves."

The bill would expand cybersecurity operations at the SBA by requiring the Small Business Administrator to issue a report assessing the agency's ability to combat cyber threats within six months of passage. Specifically, the report would disclose: SBA's cybersecurity infrastructure; the SBA's strategy to improve cybersecurity protections; any equipment used by the SBA and manufactured by a company headquartered China; and any incident of cyber risk at the SBA and the agency's actions to confront it. Finally, recognizing that a cyberattack to the agency could put the sensitive information and intellectual property of small businesses at risk, the bill would require SBA to notify Congress of future breaches with information on those affected and how the breach occurred.

In recent years, cyberattacks have increased and federal agencies are not immune. In fact, over 35,000 cyber incidents were reported by agencies to the Department of Homeland Security in 2017. In a review of cybersecurity infrastructure, the SBA was one of seven agencies earning negative ratings, leaving them at risk to cyberattacks.