The U.S. House of Representatives on Tuesday approved a bipartisan bill introduced by U.S. Rep. Young Kim (R-CA) that would help protect small business owners by requiring the Small Business Administration (SBA) to report on its cybersecurity risks.
In May, Rep. Kim introduced the SBA Cyber Awareness Act, H.R. 3462, with bill sponsor U.S. Rep. Jason Crow (D-CO) to require the SBA to submit an annual cybersecurity report. Reps. Kim and Crow serve as ranking member and chair of the U.S. House Small Business Subcommittee on Innovation, Entrepreneurship, and Workforce Development.
“For more than two decades, the SBA’s Inspector General has listed IT security as one of the most pressing challenges facing the SBA. Unfortunately, SBA cybersecurity vulnerabilities were brought to light with unprecedented demand of SBA loan programs during COVID-19, discouraging entrepreneurs from starting a business and creating jobs,” Rep. Kim said in remarks on the House floor.
“We must address this issue now and secure our systems so small business owners can safely utilize SBA’s resources as they work to recover from the pandemic, hire workers and adjust to rising costs of supplies,” the congresswoman added.
H.R. 3462 would strengthen cybersecurity operations at the SBA by requiring the agency to issue a report to Congress that assesses its ability to respond to cyber threats.
According to a summary of the bill, that report would have to disclose the SBA’s cybersecurity infrastructure; the agency’s strategy to improve cybersecurity protections; any equipment used by the SBA and manufactured by a Chinese-based company; and any incident of cyber risk at the SBA.
The SBA also would have to notify Congress of future cybersecurity breaches with information on how the breach occurred and who was affected.