[Congressional Bills 116th Congress]
[From the U.S. Government Publishing Office]
[S. 3205 Introduced in Senate (IS)]

<DOC>






116th CONGRESS
  2d Session
                                S. 3205

 To require the Administrator of the Small Business Administration to 
 establish a program to assist small business concerns with purchasing 
      cybersecurity products and services, and for other purposes.


_______________________________________________________________________


                   IN THE SENATE OF THE UNITED STATES

                            January 16, 2020

Ms. Cortez Masto (for herself, Mr. Risch, and Ms. Rosen) introduced the 
 following bill; which was read twice and referred to the Committee on 
                  Small Business and Entrepreneurship

_______________________________________________________________________

                                 A BILL


 
 To require the Administrator of the Small Business Administration to 
 establish a program to assist small business concerns with purchasing 
      cybersecurity products and services, and for other purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Strengthening and Enhancing 
Cybersecurity Usage to Reach Every Small Business Act'' or the ``SECURE 
Small Business Act''.

SEC. 2. DEFINITIONS.

    In this Act:
            (1) Administrator.--The term ``Administrator'' means the 
        Administrator of the Small Business Administration.
            (2) Covered industry sectors.--The term ``covered industry 
        sectors'' means the following industry sectors:
                    (A) Accommodation and food services.
                    (B) Agriculture.
                    (C) Construction.
                    (D) Healthcare and social assistance.
                    (E) Retail and wholesale trade.
                    (F) Transportation and warehousing.
                    (G) Entertainment and recreation.
                    (H) Finance and insurance.
                    (I) Manufacturing.
                    (J) Information and telecommunications.
                    (K) Any other industry sector that the 
                Administrator determines to be relevant.
            (3) Covered vendor.--The term ``covered vendor'' means a 
        vendor of cybersecurity products and services, including 
        cybersecurity risk insurance.
            (4) Cybersecurity.--The term ``cybersecurity'' means--
                    (A) the art of protecting networks, devices, and 
                data from unauthorized access or criminal use; and
                    (B) the practice of ensuring the confidentiality, 
                integrity, and availability of information.
            (5) Cybersecurity threat.--The term ``cybersecurity 
        threat'' means the possibility of a malicious attempt to 
        infiltrate, damage, disrupt, or destroy computer networks or 
        systems.
            (6) Small business concern.--The term ``small business 
        concern'' has the meaning given the term in section 3(a) of the 
        Small Business Act (15 U.S.C. 632(a)).

SEC. 3. CYBERSECURITY COOPERATIVE MARKETPLACE PROGRAM.

    (a) Establishment.--Not later than 180 days after the date of 
enactment of this Act, the Administrator, in consultation with the 
Director of the National Institute of Standards and Technology, shall 
establish a program to assist small business concerns with purchasing 
cybersecurity products and services.
    (b) Duties.--In carrying out the program established under 
subsection (a), the Administrator shall--
            (1) educate small business concerns about the types of 
        cybersecurity products and services that are specific to each 
        covered industry sector; and
            (2) provide outreach to covered vendors and small business 
        concerns to encourage use of the cooperative marketplace 
        described in subsection (c).
    (c) Cooperative Marketplace for Purchasing Cybersecurity Products 
and Services.--The Administrator shall--
            (1) establish and maintain a website that--
                    (A) is free to use for small business concerns and 
                covered vendors; and
                    (B) provides a cooperative marketplace that 
                facilitates the creation of mutual agreements under 
                which small business concerns cooperatively purchase 
                cybersecurity products and services from covered 
                vendors; and
            (2) determine whether each covered vendor and each small 
        business concern that participates in the marketplace described 
        in paragraph (1) is legitimate, as determined by the 
        Administrator.
    (d) Sunset.--This section ceases to be effective on September 30, 
2024.

SEC. 4. GAO STUDY ON AVAILABLE FEDERAL CYBERSECURITY INITIATIVES.

    (a) In General.--The Comptroller General of the United States shall 
conduct a study that identifies any improvements that could be made to 
Federal initiatives that--
            (1) train small business concerns how to avoid 
        cybersecurity threats; and
            (2) are in effect on the date on which the Comptroller 
        General commences the study.
    (b) Report.--Not later than 1 year after the date of enactment of 
this Act, the Comptroller General of the United States shall submit to 
the Committee on Small Business and Entrepreneurship of the Senate and 
the Committee on Small Business of the House of Representatives a 
report that contains the results of the study required under subsection 
(a).
                                 <all>