Small Business Cybersecurity Act awaits Trump’s signature
Bipartisan legislation aims to improve cybersecurity resources for small businesses
Awaiting President Donald Trump's signature is the National Institute of Standards and Technology Small Business Cybersecurity Act, which would provide a consistent set of resources for small businesses to protect their digital assets from cybersecurity threats.
Cybersecurity is of the upmost concern to NIST, which issued a Dec. 31, 2017 deadline for businesses to adhere to NIST Standard Protocol 800-171, which requires companies to have system security plans in place in order to contract with the federal government in the defense and homeland security supply chain.
171 focuses on the control of sensitive but unclassified information, usually marked with “no foreign dissemination” or “official use only.” The protocol is meant to ensure the flow of government sensitive data transferred to manufacturers and subcontractors remains protected.
Last week, the U.S. Senate unanimously passed the NIST Small Business Cybersecurity Act. Sen. Maggie Hassan co-sponsored the legislation.
“New Hampshire’s innovative small businesses are the engine of our economy, helping to create jobs and drive economic growth — unfortunately, these small businesses are increasingly becoming targets of cyberattacks, which threaten their livelihood and the privacy of their customers,” said Sen. Hassan in a press release from her office. “This bipartisan bill is integral to ensuring that our small businesses have the support and resources they need to protect against such cyberattacks, and I urge the president to sign it into law without delay.”
In 2014, the Senate unanimously passed the Cybersecurity Enhancement Act of 2014, which codified the industry-led process for the NIST Cybersecurity Framework, a comprehensive voluntary guide for organizations and businesses to better manage and reduce cybersecurity risks. The latest legislation was introduced by Senators Brian Schatz (D-HI) and James Risch (R-ID), who argue additional coordinated resources may be necessary to improve the ability of small businesses to use NIST's Cybersecurity Framework.
The legislation, formerly known as the MAIN STREET Cybersecurity Act, will ensure NIST considers the needs of small businesses as it updates the framework and provide simplified, consistent resources based on the NIST framework specifically for small businesses.
Last week, Sen. Hassan and Sen. Rob Portman (R-OH) also introduced the bipartisan Department of Homeland Security Cyber Incident Response Teams Act of 2018 to bolster cybersecurity efforts at the Department of Homeland Security and help prevent cyberattacks on federal agencies and in the private sector by making “cyber hunt” and “cyber incident response” teams permanent.