[Congressional Bills 114th Congress]
[From the U.S. Government Publishing Office]
[H.R. 5064 Introduced in House (IH)]

<DOC>






114th CONGRESS
  2d Session
                                H. R. 5064

  To amend the Small Business Act to allow small business development 
centers to assist and advise small business concerns on relevant cyber 
               security matters, and for other purposes.


_______________________________________________________________________


                    IN THE HOUSE OF REPRESENTATIVES

                             April 26, 2016

  Mr. Hanna (for himself, Mr. Kilmer, Ms. Stefanik, Ms. Clarke of New 
York, Mr. Chabot, Ms. Meng, Mr. Knight, Mr. Loudermilk, Mr. Payne, Ms. 
    Velazquez, Mr. Renacci, Mr. Curbelo of Florida, and Mr. Carney) 
 introduced the following bill; which was referred to the Committee on 
Small Business, and in addition to the Committee on Homeland Security, 
for a period to be subsequently determined by the Speaker, in each case 
for consideration of such provisions as fall within the jurisdiction of 
                        the committee concerned

_______________________________________________________________________

                                 A BILL


 
  To amend the Small Business Act to allow small business development 
centers to assist and advise small business concerns on relevant cyber 
               security matters, and for other purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Improving Small Business Cyber 
Security Act of 2016''.

SEC. 2. ROLE OF SMALL BUSINESS DEVELOPMENT CENTERS IN CYBER SECURITY 
              AND PREPAREDNESS.

    Section 21 of the Small Business Act (15 U.S.C. 648) is amended--
            (1) in subsection (a)(1), by striking ``and providing 
        access to business analysts who can refer small business 
        concerns to available experts:'' and inserting ``providing 
        access to business analysts who can refer small business 
        concerns to available experts; and, to the extent practicable, 
        providing assistance in furtherance of the Small Business 
        Development Center Cyber Strategy developed under section 5(b) 
        of the Improving Small Business Cyber Security Act of 2016:''; 
        and
            (2) in subsection (c)--
                    (A) in paragraph (2)--
                            (i) in subparagraph (E), by striking 
                        ``and'' at the end;
                            (ii) in subparagraph (F), by striking the 
                        period and inserting ``; and''; and
                            (iii) by adding at the end of the 
                        following:
            ``(G) access to cyber security specialists to counsel, 
        assist, and inform small business concern clients, in 
        furtherance of the Small Business Development Center Cyber 
        Strategy developed under section 5(b) of the Improving Small 
        Business Cyber Security Act of 2016.''.

SEC. 3. ADDITIONAL CYBER SECURITY ASSISTANCE FOR SMALL BUSINESS 
              DEVELOPMENT CENTERS.

    Section 21(a) of the Small Business Act (15 U.S.C. 648(a)) is 
amended by adding at the end the following:
            ``(8) Cyber security assistance.--The Department of 
        Homeland Security, and any other Federal department or agency 
        in coordination with the Department of Homeland Security, may 
        provide assistance to small business development centers, 
        through the dissemination of cyber security risk information 
        and other homeland security information, to help small business 
        concerns in developing or enhancing cyber security 
        infrastructure, cyber threat awareness, and cyber training 
        programs for employees.''.

SEC. 4. CYBER SECURITY OUTREACH FOR SMALL BUSINESS DEVELOPMENT CENTERS.

    Section 227 of the Homeland Security Act of 2002 (6 U.S.C. 148) is 
amended--
            (1) by redesignating subsection (l) as subsection (m); and
            (2) by inserting after subsection (k) the following:
    ``(l) Cyber Security Outreach.--
            ``(1) In general.--The Secretary may provide assistance to 
        small business development centers, through the dissemination 
        of cyber security risk information and other homeland security 
        information, to help small business concerns in developing or 
        enhancing cyber security infrastructure, cyber threat 
        awareness, and cyber training programs for employees.
            ``(2) Definitions.--For purposes of this subsection, the 
        terms `small business concern' and `small business development 
        center' have the meaning given such terms, respectively, under 
        section 3 of the Small Business Act.''.

SEC. 5. GAO STUDY ON SMALL BUSINESS CYBER SUPPORT SERVICES AND SMALL 
              BUSINESS DEVELOPMENT CENTER CYBER STRATEGY.

    (a) Review of Current Cyber Security Resources.--
            (1) In general.--The Comptroller General of the United 
        States shall conduct a review of current cyber security 
        resources at the Federal level aimed at assisting small 
        business concerns with developing or enhancing cyber security 
        infrastructure, cyber threat awareness, or cyber training 
        programs for employees.
            (2) Content.--The review required under paragraph (1) shall 
        include the following:
                    (A) An accounting and description of all Federal 
                Government programs, projects, and activities that 
                currently provide assistance to small business concerns 
                in developing or enhancing cyber security 
                infrastructure, cyber threat awareness, or cyber 
                training programs for employees.
                    (B) An assessment of how widely utilized the 
                resources described under subparagraph (A) are by small 
                business concerns and a review of whether or not such 
                resources are duplicative of other programs and 
                structured in a manner that makes them accessible to 
                and supportive of small business concerns.
            (3) Report.--The Comptroller General shall issue a report 
        to the Congress, the Small Business Administrator, the 
        Secretary of Homeland Security, and any association recognized 
        under section 21(a)(3)(A) of the Small Business Act containing 
        all findings and determinations made in carrying out the review 
        required under paragraph (1).
    (b) Small Business Development Center Cyber Strategy.--
            (1) In general.--Not later than 90 days after the issuance 
        of the report under subsection (a)(3), the Small Business 
        Administrator and the Secretary of Homeland Security shall work 
        collaboratively to develop a Small Business Development Center 
        Cyber Strategy.
            (2) Consultation.--In developing the strategy under this 
        subsection, the Small Business Administrator and the Secretary 
        of Homeland Security shall consult with entities representing 
        the concerns of small business development centers, including 
        any association recognized under section 21(a)(3)(A) of the 
        Small Business Act.
            (3) Content.--The strategy required under paragraph (1) 
        shall include, at minimum, the following:
                    (A) Plans for incorporating small business 
                development centers (SBDCs) into existing cyber 
                programs to enhance services and streamline cyber 
                assistance to small business concerns.
                    (B) To the extent practicable, methods for the 
                provision of counsel and assistance to improve a small 
                business concern's cyber security infrastructure, cyber 
                threat awareness, and cyber training programs for 
                employees, including--
                            (i) working to ensure individuals are aware 
                        of best practices in the areas of cyber 
                        security, cyber threat awareness, and cyber 
                        training;
                            (ii) working with individuals to develop 
                        cost-effective plans for implementing best 
                        practices in these areas;
                            (iii) entering into agreements, where 
                        practical, with Information Sharing and 
                        Analysis Centers or similar cyber information 
                        sharing entities to gain an awareness of 
                        actionable threat information that may be 
                        beneficial to small business concerns; and
                            (iv) providing referrals to area 
                        specialists when necessary.
                    (C) An analysis of--
                            (i) how Federal Government programs, 
                        projects, and activities identified by the 
                        Comptroller General in the report issued under 
                        subsection (a)(1) can be leveraged by SBDCs to 
                        improve access to high-quality cyber support 
                        for small business concerns;
                            (ii) additional resources SBDCs may need to 
                        effectively carry out their role; and
                            (iii) how SBDCs can leverage existing 
                        partnerships and develop new ones with Federal, 
                        State, and local government entities as well as 
                        private entities to improve the quality of 
                        cyber support services to small business 
                        concerns.
            (4) Delivery of strategy.--Not later than 180 days after 
        the issuance of the report under subsection (a)(3), the Small 
        Business Development Center Cyber Strategy shall be issued to 
        the Committees on Homeland Security and Small Business of the 
        House of Representatives and the Committees on Homeland 
        Security and Governmental Affairs and Small Business and 
        Entrepreneurship of the Senate.

SEC. 6. PROHIBITION ON ADDITIONAL FUNDS.

    No additional funds are authorized to be appropriated to carry out 
this Act or the amendments made by this Act.
                                 <all>