[Congressional Record Volume 164, Number 74 (Tuesday, May 8, 2018)]
[House]
[Pages H3797-H3800]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]
SMALL BUSINESS DEVELOPMENT CENTER CYBER TRAINING ACT OF 2017
Mr. CHABOT. Mr. Speaker, I move to suspend the rules and pass the
bill (H.R. 3170) to amend the Small Business Act to require cyber
certification for small business development center counselors, and for
other purposes.
The Clerk read the title of the bill.
The text of the bill is as follows:
H.R. 3170
Be it enacted by the Senate and House of Representatives of
the United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Small Business Development
Center Cyber Training Act of 2017''.
SEC. 2. DUTIES OF SMALL BUSINESS DEVELOPMENT CENTER
COUNSELORS.
Section 21 of the Small Business Act (15 U.S.C. 648) is
amended by adding at the end the following:
``(o) Cyber Strategy Training for Small Business
Development Centers.--
``(1) Definitions.--In this subsection--
``(A) the term `cyber strategy' means resources and tactics
to assist in planning for cybersecurity and defending against
cyber risks and cyber attacks; and
``(B) the term `lead small business development center'
means a small business development center that has received a
grant from the Administration.
``(2) Certification program.--The Administrator shall
establish a cyber counseling certification program, or
approve a similar existing program, to certify the employees
of lead small business development centers to provide cyber
planning assistance to small business concerns.
``(3) Number of certified employees.--The Administrator
shall ensure that the number of employees of each lead small
business development center who are certified in providing
cyber planning assistance under this subsection is not fewer
than the lesser of--
``(A) 5; or
``(B) 10 percent of the total number of employees of the
lead small business development center.
``(4) Consideration of small business development center
cyber strategy.--In carrying out this subsection, the
Administrator, to the extent practicable, shall consider any
cyber strategy methods included in the Small Business
Development Center Cyber Strategy developed under section
1841(a) of the National Defense Authorization Act for Fiscal
Year 2017 (Public Law 114-328; 130 Stat. 2662).
``(5) Reimbursement for certification.--
``(A) In general.--Subject to the availability of
appropriations and subparagraph (B), the Administrator shall
reimburse a lead small business development center for costs
relating to the certification of an employee of the lead
small business development center under the program
established under paragraph (2).
``(B) Limitation.--The total amount reimbursed by the
Administrator under subparagraph (A) may not exceed $350,000
in any fiscal year.''.
The SPEAKER pro tempore. Pursuant to the rule, the gentleman from
Ohio (Mr. Chabot) and the gentlewoman from New York (Ms. Velazquez)
each will control 20 minutes.
The Chair recognizes the gentleman from Ohio.
[[Page H3798]]
General Leave
Mr. CHABOT. Mr. Speaker, I ask unanimous consent that all Members may
have 5 legislative days within which to revise and extend their remarks
and include extraneous material on the bill under consideration.
The SPEAKER pro tempore. Is there objection to the request of the
gentleman from Ohio?
There was no objection.
Mr. CHABOT. Mr. Speaker, I yield myself such time as I may consume.
Mr. Speaker, before we get into the business at hand, I would like to
thank our ranking member, Ms. Velazquez, all of our minority and
majority members on the committee, and their staffs for working in a
bipartisan manner to produce this strong package of small business
bills.
Our committee strives to be bipartisan and an example, really, for
our fellow Members. That can't be done without equal effort on both
sides.
Again, I want to thank Ms. Velazquez for always working with us--
usually working with us--in a bipartisan manner, and I want to thank
all the members in the committee for doing that as well.
Mr. Speaker, last week was National Small Business Week all across
America. I like to call small businesses our biggest asset as a Nation.
And because of the actions of this Congress and our President, small
businesses are the most optimistic they have been in more than three
decades.
It is vital to our Nation's economy that these small businesses
succeed. As technology evolves, so must our small businesses. Just as
important as the ice cream shop on Main Street is the online startup
company.
We have an obligation to do everything we can to create an economy
where all small businesses flourish, because a community that has
successful small businesses thrives, and this is good for all of us all
across the country.
This leads us to the first piece of legislation before us today.
Advances in information technology, or IT, have helped small
businesses to rapidly increase their productivity, enter new markets,
and offer consumers new and innovative services and products.
However, IT has advanced so quickly that it has been difficult to
keep pace with the ever-growing cyber threats. Unfortunately, small
businesses are becoming increasingly targeted by cyber criminals.
While larger companies have more resources to detect and combat cyber
attacks, small businesses often do not learn they have been hacked
until it is too late. As chairman of the House Committee on Small
Business, I have heard too many firsthand accounts of this occurring.
{time} 1345
One story that stands out to me is the story of a small-business
owner who owned an indoor go-karting facility in Maine and had a number
of employees and their families who depended on it. He told our
committee that he was struck by a phishing scam. He logged on to his
business account, and, to his utter disbelief, his bank account was
zero. This happened on a payday, no less. So all these people, who are
depending on him to pay them, his bank account is zero because some
hacker got into it.
Stories like these are why Congressman Evans and I have introduced
H.R. 3170, the Small Business Development Center Cyber Training Act of
2017. This bipartisan and bicameral legislation would establish a cyber
counseling certification program in lead small business development
centers, or SBDCs, to assist small businesses with planning and
implementing cybersecurity measures to defend against cyber attacks.
The cyber assistance offered by trained staff at SBDCs would be
provided at no cost, or low cost, to small businesses.
Cyber planning assistance will encourage small businesses to take a
more proactive approach to defending themselves from cyber attacks by
leveraging the expertise from SBDCs and their partner agencies and
institutions, rather than being forced to react after an attack.
When provided with the right resources, small businesses can be
assured that they have an effective cyber plan in place. I would like
to thank Mr. Evans for his collaboration on this bill, and I would urge
my colleagues to support this bipartisan legislation.
Mr. Speaker, I reserve the balance of my time.
Ms. VELAZQUEZ. Mr. Speaker, I yield myself such time as I may
consume.
Let me take this opportunity to thank the chairman, Mr. Chabot; his
staff; and all the members of the Small Business Committee for working
in a bipartisan manner.
Mr. Speaker, we continue to hear about cyber breaches and
unauthorized data collection. Cybersecurity must be our Nation's top
priority, especially as it pertains to the health of our small business
community.
The Small Business Committee has taken steps to leverage the Small
Business Administration's network of resource partners to assist in
education and development of cyber infrastructure. Clearly, we must do
more to combat rogue nation-states and cybercriminals.
The key lies in a properly trained workforce at our small business
development centers who are tasked in educating, developing, and
implementing cybersecurity measures for small companies of all kinds.
H.R. 3170, the Small Business Development Center Cyber Training Act
does this by creating a certification program at SBDCs to develop staff
who are prepared to combat cyber attacks. Therefore, I urge my
colleagues to vote for this bill.
Mr. Speaker, I reserve the balance of my time.
Mr. CHABOT. Mr. Speaker, I yield such time as he may consume to the
gentleman from South Carolina (Mr. Norman).
Mr. NORMAN. Mr. Speaker, I rise in support of H.R. 3170, the Small
Business Development Center Cyber Training Act of 2017. In today's
increasingly cyber world, information technology is vital for small
businesses. It equips them with the necessary tools and allows them to
remain competitive in the global economy.
However, the same tools that allow small businesses to stay on the
cutting edge of technology have also caused them to be increasingly
targeted by cybercriminals. And, unfortunately, a simple cyber attack
can destroy a small business.
According to the National Small Business Association, the average
cost of a cyber attack on a small business is $32,000. Many small
businesses fear such an attack but lack the resources or the technical
knowledge to prevent one. That is where H.R. 3170 comes into play.
This legislation would equip lead small business development centers
with a cyber counseling certification program to educate small
businesses and help them to implement a cybersecurity plan to protect
their business. Due to the high cost of hiring cyber experts, many
small businesses could not otherwise afford to take such precautions.
H.R. 3170 would offer cyber assistance at no or low cost to small
businesses. This bipartisan bill would help America's nearly 30 million
small businesses stay ahead of cyber attacks so that they are not
forced to react once it is too late. I urge my colleagues to support
this legislation.
Ms. VELAZQUEZ. Mr. Speaker, I yield 2 minutes to the gentleman from
Pennsylvania (Mr. Evans), who is the ranking member on the Subcommittee
on Economic Growth, Tax and Capital Access.
Mr. EVANS. Mr. Speaker, I thank the ranking member for yielding to
me. I rise in strong support of H.R. 3170, the Small Business
Development Center Cyber Training Act. As a member of the House Small
Business Committee, we look to find solutions to problems and address
gaps in policy relating to small businesses.
H.R. 3170, which was introduced last year, is yet another example of
a tool in the toolbox for small businesses and illustrates the
important role that government can play in areas of cybersecurity,
which continues to develop and is ripe for direction and collaboration.
This is an extremely important bicameral bill. Our small-business
owners and entrepreneurs are the engines that drive people to live,
grow, and succeed in our neighborhoods. We know that our small business
community faces increasing cyber threats in our ever-changing global
economy.
[[Page H3799]]
As seen by the glaring number of cyber attacks on American businesses
in the past few years, it is critical that we work with the private
sector to ensure that these businesses are not stiffed. Many large
companies have the resources to fight these attacks by cybercriminals,
but a lot of small businesses just do not have the time, money, or
expertise.
Every day we hear about issues relating to national security and
cyber attacks. They are threats to us all. We are all a part of
cyberspace, and we have to ensure that proper safety precautions are in
place.
We know that small businesses are especially at risk as it relates to
cyber attacks; therefore, we must ensure that all small businesses have
the ability to invest in the protection needed, but we must ensure
proper coordination. I look forward to working with the chairperson and
the ranking member.
Mr. CHABOT. Mr. Speaker, I yield as much time as he may consume to
the gentleman from Kansas (Mr. Marshall).
Mr. MARSHALL. Mr. Speaker, I thank the chairman for his leadership in
continuing to fight for small business.
Mr. Speaker, I rise today in support of H.R. 3170, the Small Business
Development Center Cyber Training Act of 2017. Cybersecurity has become
an increasing issue for small businesses, as many small firms have less
time than larger firms to develop cybersecurity defense strategies,
fewer staff to monitor systems, and less access to capital to purchase
computer security hardware and software.
As more businesses embrace online tools, such as social media, mobile
services, and cloud data storage, the need for stronger information
security and cybersecurity systems has grown. Small business
development centers provide important resources and business assistance
programs for entrepreneurs and small-business owners.
In Kansas, small business development centers have aided hundreds of
businesses across the State, many of which I visited across the
district. H.R. 3170 acknowledges the importance of cybersecurity, as
well as the broad reach of SBDCs, and instructs the small-business
administrator to establish a cybersecurity program for SBDC employees.
Adding this training to the SBDC toolkit will allow SBDC employees to
assist businessowners with cyber planning and strategy and is critical
in ensuring that small businesses and entrepreneurs are able to
securely compete in today's digital marketplace. I encourage my
colleagues to support this legislation.
Ms. VELAZQUEZ. Mr. Speaker, does the chairman have any further
speakers?
Mr. CHABOT. Mr. Speaker, I do not have any further speakers on this
bill.
Ms. VELAZQUEZ. Mr. Speaker, I yield myself such time as I may
consume.
Mr. Speaker, expanding access to a skilled cyber workforce focused on
small businesses has been a top priority for both sides of the aisle.
We cannot let our Nation's job creators go without the assistance they
need to develop, implement, and monitor their online presence.
H.R. 3170 will help boost SBDC's ability to engage and protect their
small-business clients, and, therefore, also protect the interests of
American workers and consumers.
This legislation ensures that our national efforts combating cyber
attacks can be utilized by our Nation's most vulnerable businesses. I
urge my colleagues to support this bill.
Mr. Speaker, I yield back the balance of my time.
Mr. CHABOT. Mr. Speaker, I yield myself such time as I may consume to
close, and I will be brief.
Mr. Speaker, America's small business development centers must have
the best possible cybersecurity training so that they can better assist
small businesses to detect and combat cyber attacks.
In our committee's efforts to spotlight these serious and growing
threats, it has become clear that we need to think outside the box as
we work to thwart cyber attacks, and the bipartisan bill before us
today is a step in that direction.
I would urge my colleagues to support this legislation, and I want to
again thank the gentlewoman from New York (Ms. Velazquez), the ranking
member, for her leadership on this.
Mr. Speaker, I yield back the balance of my time.
Ms. JACKSON LEE. Mr. Speaker, I speak in support of H.R. 3170, the
Small Business Development Center Cyber Security Training Act of 2017.
H.R. 3170 amends the Small Business Act to require the Small Business
Administration to establish a program for certifying employees of small
business development centers to provide cybersecurity planning
assistance to small businesses.
Cybersecurity threats faced by small businesses are as serious as
those faced by large businesses and government agencies.
According to the Better Business Bureau's 2017 report ``State of
Cybersecurity Among Small Businesses in North America'' found that
small business owners are becoming more and more aware of cyber
threats, continue to be concerned about cyber risks, and are taking
some proactive security steps in spite of their unique challenges in
regard to cybersecurity.
Global spending on cybersecurity is expected to reach $170 billion by
2020 as businesses and governments work to security networks and the
data they contain.
Cyberattacks in the form of ransomware, phishing, point-of sale
malware, keyloggers, tech support phone scam, remote access Trojan or
rat are some of the threats faced by small businesses.
According to the trade journal Small Business Trends:
43 percent of cyberattacks target small businesses;
14 percent of small businesses rate their ability to mitigate cyber
risks, vulnerabilities, and attacks as highly effective;
60 percent of small companies go out of business within six months of
a cyberattack;
48 percent of data security breaches are caused by acts of malicious
intent, human error, or system failure; and
Small businesses are most concerned about the security of customer
data.
Cyber criminals are not only interested in what may be of value on a
small business computer or computing device.
Criminals can also see value in taking control of a small business'
computers or computing devices to launch an attack on a third party.
These types of attacks can shield the attacker from being identified
and cause problems for the small business as networks label their
computing devices or web addresses as the source of an attack.
The overall impact of a cybersecurity incident according to the
National Institute for Standards and Technology could include:
damage to information or information systems;
regulatory fines and penalties/legal fees;
decreased productivity;
loss of information critical to running your business;
damage to reputation or loss of consumer confidence;
damage to credit and loan worthiness; or
loss of business income.
There is a growing shortage of cybersecurity professionals with over
a quarter-million positions remaining unfilled in the U.S. alone and a
predicted shortfall of 1.5 million cybersecurity professionals by 2019.
Solutions like the ones contained in the bill before us would
increase the number of cybersecurity professionals in the Small
Business Administration to serve the cybersecurity needs of small
businesses.
The bill would require the SBA to have staff at their Small Business
Development Centers (SBDCs) receive training in cybersecurity so that
they will be prepared to assist businesses with cybersecurity planning.
Small Business Development Centers provide an array of technical
assistance to small businesses and aspiring entrepreneurs.
By supporting business growth, sustainability and enhancing the
creation of new businesses entities, SBDCs foster local and regional
economic development through job creation and retention.
As a result of the no-cost, extensive, one-on-one, long-term
professional business advising, low-cost training and other specialized
services SBDC clients receive, the program remains one of the nation's
largest small business assistance programs in the federal government.
The SBDCs are comprised of a unique collaboration of SBA federal
funds, state and local governments, and private sector resources.
SBDCs provide services through professional business advisors such
as:
development of business plans; manufacturing assistance;
financial packaging and lending assistance; exporting and importing
support;
disaster recovery assistance; procurement and contracting aid; market
research services;
aid to 8(a) firms in all stages; and
[[Page H3800]]
healthcare information.
H.R. 3170, would add to this list cybersecurity planning assistance.
I ask my colleagues to join me in supporting this bill.
The SPEAKER pro tempore. The question is on the motion offered by the
gentleman from Ohio (Mr. Chabot) that the House suspend the rules and
pass the bill, H.R. 3170.
The question was taken; and (two-thirds being in the affirmative) the
rules were suspended and the bill was passed.
A motion to reconsider was laid on the table.
____________________