Short title

This Act may be cited as the

Strengthening and Enhancing Cybersecurity Usage to Reach Every Small Business Act

or the

SECURE Small Business Act

Definitions

In this Act:(1)

Administrator

The term Administrator means the Administrator of the Small Business Administration.(2)

Covered industry sectors

The term covered industry sectors means the following industry sectors:(A)Accommodation and food services.(B)Agriculture.(C)Construction.(D)Healthcare and social assistance.(E)Retail and wholesale trade.(F)Transportation and warehousing.(G)Entertainment and recreation.(H)Finance and insurance.(I)Manufacturing.(J)Information and telecommunications.(K)Any other industry sector that the Administrator determines to be relevant.(3)

Covered vendor

The term covered vendor means a vendor of cybersecurity products and services, including cybersecurity risk insurance.(4)

Cybersecurity

The term cybersecurity means—(A)the art of protecting networks, devices, and data from unauthorized access or criminal use; and(B)the practice of ensuring the confidentiality, integrity, and availability of information. (5)

Cybersecurity threat

The term cybersecurity threat means the possibility of a malicious attempt to infiltrate, damage, disrupt, or destroy computer networks or systems.(6)

Small business concern

The term small business concern has the meaning given the term in section 3(a) of the Small Business Act (15 U.S.C. 632(a)).

Cybersecurity cooperative marketplace program

(a)

Establishment

Not later than 180 days after the date of enactment of this Act, the Administrator, in consultation with the Director of the National Institute of Standards and Technology, shall establish a program to assist small business concerns with purchasing cybersecurity products and services.(b)

Duties

In carrying out the program established under subsection (a), the Administrator shall—(1)educate small business concerns about the types of cybersecurity products and services that are specific to each covered industry sector; and(2)provide outreach to covered vendors and small business concerns to encourage use of the cooperative marketplace described in subsection (c).(c)

Cooperative marketplace for purchasing cybersecurity products and services

The Administrator shall—(1)establish and maintain a website that—(A)is free to use for small business concerns and covered vendors; and(B)provides a cooperative marketplace that facilitates the creation of mutual agreements under which small business concerns cooperatively purchase cybersecurity products and services from covered vendors; and(2)determine whether each covered vendor and each small business concern that participates in the marketplace described in paragraph (1) is legitimate, as determined by the Administrator.(d)

Sunset

This section ceases to be effective on September 30, 2024.

GAO study on available Federal cybersecurity initiatives

(a)

In general

The Comptroller General of the United States shall conduct a study that identifies any improvements that could be made to Federal initiatives that—(1)train small business concerns how to avoid cybersecurity threats; and(2)are in effect on the date on which the Comptroller General commences the study.(b)

Report

Not later than 1 year after the date of enactment of this Act, the Comptroller General of the United States shall submit to the Committee on Small Business and Entrepreneurship of the Senate and the Committee on Small Business of the House of Representatives a report that contains the results of the study required under subsection (a).