[Congressional Record Volume 164, Number 74 (Tuesday, May 8, 2018)]
[House]
[Pages H3797-H3800]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]




      SMALL BUSINESS DEVELOPMENT CENTER CYBER TRAINING ACT OF 2017

  Mr. CHABOT. Mr. Speaker, I move to suspend the rules and pass the 
bill (H.R. 3170) to amend the Small Business Act to require cyber 
certification for small business development center counselors, and for 
other purposes.
  The Clerk read the title of the bill.
  The text of the bill is as follows:

                               H.R. 3170

       Be it enacted by the Senate and House of Representatives of 
     the United States of America in Congress assembled,

     SECTION 1. SHORT TITLE.

       This Act may be cited as the ``Small Business Development 
     Center Cyber Training Act of 2017''.

     SEC. 2. DUTIES OF SMALL BUSINESS DEVELOPMENT CENTER 
                   COUNSELORS.

       Section 21 of the Small Business Act (15 U.S.C. 648) is 
     amended by adding at the end the following:
       ``(o) Cyber Strategy Training for Small Business 
     Development Centers.--
       ``(1) Definitions.--In this subsection--
       ``(A) the term `cyber strategy' means resources and tactics 
     to assist in planning for cybersecurity and defending against 
     cyber risks and cyber attacks; and
       ``(B) the term `lead small business development center' 
     means a small business development center that has received a 
     grant from the Administration.
       ``(2) Certification program.--The Administrator shall 
     establish a cyber counseling certification program, or 
     approve a similar existing program, to certify the employees 
     of lead small business development centers to provide cyber 
     planning assistance to small business concerns.
       ``(3) Number of certified employees.--The Administrator 
     shall ensure that the number of employees of each lead small 
     business development center who are certified in providing 
     cyber planning assistance under this subsection is not fewer 
     than the lesser of--
       ``(A) 5; or
       ``(B) 10 percent of the total number of employees of the 
     lead small business development center.
       ``(4) Consideration of small business development center 
     cyber strategy.--In carrying out this subsection, the 
     Administrator, to the extent practicable, shall consider any 
     cyber strategy methods included in the Small Business 
     Development Center Cyber Strategy developed under section 
     1841(a) of the National Defense Authorization Act for Fiscal 
     Year 2017 (Public Law 114-328; 130 Stat. 2662).
       ``(5) Reimbursement for certification.--
       ``(A) In general.--Subject to the availability of 
     appropriations and subparagraph (B), the Administrator shall 
     reimburse a lead small business development center for costs 
     relating to the certification of an employee of the lead 
     small business development center under the program 
     established under paragraph (2).
       ``(B) Limitation.--The total amount reimbursed by the 
     Administrator under subparagraph (A) may not exceed $350,000 
     in any fiscal year.''.

  The SPEAKER pro tempore. Pursuant to the rule, the gentleman from 
Ohio (Mr. Chabot) and the gentlewoman from New York (Ms. Velazquez) 
each will control 20 minutes.
  The Chair recognizes the gentleman from Ohio.

[[Page H3798]]

  



                             General Leave

  Mr. CHABOT. Mr. Speaker, I ask unanimous consent that all Members may 
have 5 legislative days within which to revise and extend their remarks 
and include extraneous material on the bill under consideration.
  The SPEAKER pro tempore. Is there objection to the request of the 
gentleman from Ohio?
  There was no objection.
  Mr. CHABOT. Mr. Speaker, I yield myself such time as I may consume.
  Mr. Speaker, before we get into the business at hand, I would like to 
thank our ranking member, Ms. Velazquez, all of our minority and 
majority members on the committee, and their staffs for working in a 
bipartisan manner to produce this strong package of small business 
bills.
  Our committee strives to be bipartisan and an example, really, for 
our fellow Members. That can't be done without equal effort on both 
sides.
  Again, I want to thank Ms. Velazquez for always working with us--
usually working with us--in a bipartisan manner, and I want to thank 
all the members in the committee for doing that as well.
  Mr. Speaker, last week was National Small Business Week all across 
America. I like to call small businesses our biggest asset as a Nation. 
And because of the actions of this Congress and our President, small 
businesses are the most optimistic they have been in more than three 
decades.
  It is vital to our Nation's economy that these small businesses 
succeed. As technology evolves, so must our small businesses. Just as 
important as the ice cream shop on Main Street is the online startup 
company.
  We have an obligation to do everything we can to create an economy 
where all small businesses flourish, because a community that has 
successful small businesses thrives, and this is good for all of us all 
across the country.
  This leads us to the first piece of legislation before us today.
  Advances in information technology, or IT, have helped small 
businesses to rapidly increase their productivity, enter new markets, 
and offer consumers new and innovative services and products.
  However, IT has advanced so quickly that it has been difficult to 
keep pace with the ever-growing cyber threats. Unfortunately, small 
businesses are becoming increasingly targeted by cyber criminals.
  While larger companies have more resources to detect and combat cyber 
attacks, small businesses often do not learn they have been hacked 
until it is too late. As chairman of the House Committee on Small 
Business, I have heard too many firsthand accounts of this occurring.

                              {time}  1345

  One story that stands out to me is the story of a small-business 
owner who owned an indoor go-karting facility in Maine and had a number 
of employees and their families who depended on it. He told our 
committee that he was struck by a phishing scam. He logged on to his 
business account, and, to his utter disbelief, his bank account was 
zero. This happened on a payday, no less. So all these people, who are 
depending on him to pay them, his bank account is zero because some 
hacker got into it.
  Stories like these are why Congressman Evans and I have introduced 
H.R. 3170, the Small Business Development Center Cyber Training Act of 
2017. This bipartisan and bicameral legislation would establish a cyber 
counseling certification program in lead small business development 
centers, or SBDCs, to assist small businesses with planning and 
implementing cybersecurity measures to defend against cyber attacks. 
The cyber assistance offered by trained staff at SBDCs would be 
provided at no cost, or low cost, to small businesses.
  Cyber planning assistance will encourage small businesses to take a 
more proactive approach to defending themselves from cyber attacks by 
leveraging the expertise from SBDCs and their partner agencies and 
institutions, rather than being forced to react after an attack.
  When provided with the right resources, small businesses can be 
assured that they have an effective cyber plan in place. I would like 
to thank Mr. Evans for his collaboration on this bill, and I would urge 
my colleagues to support this bipartisan legislation.
  Mr. Speaker, I reserve the balance of my time.
  Ms. VELAZQUEZ. Mr. Speaker, I yield myself such time as I may 
consume.
  Let me take this opportunity to thank the chairman, Mr. Chabot; his 
staff; and all the members of the Small Business Committee for working 
in a bipartisan manner.
  Mr. Speaker, we continue to hear about cyber breaches and 
unauthorized data collection. Cybersecurity must be our Nation's top 
priority, especially as it pertains to the health of our small business 
community.
  The Small Business Committee has taken steps to leverage the Small 
Business Administration's network of resource partners to assist in 
education and development of cyber infrastructure. Clearly, we must do 
more to combat rogue nation-states and cybercriminals.
  The key lies in a properly trained workforce at our small business 
development centers who are tasked in educating, developing, and 
implementing cybersecurity measures for small companies of all kinds.
  H.R. 3170, the Small Business Development Center Cyber Training Act 
does this by creating a certification program at SBDCs to develop staff 
who are prepared to combat cyber attacks. Therefore, I urge my 
colleagues to vote for this bill.
  Mr. Speaker, I reserve the balance of my time.
  Mr. CHABOT. Mr. Speaker, I yield such time as he may consume to the 
gentleman from South Carolina (Mr. Norman).
  Mr. NORMAN. Mr. Speaker, I rise in support of H.R. 3170, the Small 
Business Development Center Cyber Training Act of 2017. In today's 
increasingly cyber world, information technology is vital for small 
businesses. It equips them with the necessary tools and allows them to 
remain competitive in the global economy.
  However, the same tools that allow small businesses to stay on the 
cutting edge of technology have also caused them to be increasingly 
targeted by cybercriminals. And, unfortunately, a simple cyber attack 
can destroy a small business.
  According to the National Small Business Association, the average 
cost of a cyber attack on a small business is $32,000. Many small 
businesses fear such an attack but lack the resources or the technical 
knowledge to prevent one. That is where H.R. 3170 comes into play.
  This legislation would equip lead small business development centers 
with a cyber counseling certification program to educate small 
businesses and help them to implement a cybersecurity plan to protect 
their business. Due to the high cost of hiring cyber experts, many 
small businesses could not otherwise afford to take such precautions.
  H.R. 3170 would offer cyber assistance at no or low cost to small 
businesses. This bipartisan bill would help America's nearly 30 million 
small businesses stay ahead of cyber attacks so that they are not 
forced to react once it is too late. I urge my colleagues to support 
this legislation.
  Ms. VELAZQUEZ. Mr. Speaker, I yield 2 minutes to the gentleman from 
Pennsylvania (Mr. Evans), who is the ranking member on the Subcommittee 
on Economic Growth, Tax and Capital Access.
  Mr. EVANS. Mr. Speaker, I thank the ranking member for yielding to 
me. I rise in strong support of H.R. 3170, the Small Business 
Development Center Cyber Training Act. As a member of the House Small 
Business Committee, we look to find solutions to problems and address 
gaps in policy relating to small businesses.
  H.R. 3170, which was introduced last year, is yet another example of 
a tool in the toolbox for small businesses and illustrates the 
important role that government can play in areas of cybersecurity, 
which continues to develop and is ripe for direction and collaboration.
  This is an extremely important bicameral bill. Our small-business 
owners and entrepreneurs are the engines that drive people to live, 
grow, and succeed in our neighborhoods. We know that our small business 
community faces increasing cyber threats in our ever-changing global 
economy.

[[Page H3799]]

  As seen by the glaring number of cyber attacks on American businesses 
in the past few years, it is critical that we work with the private 
sector to ensure that these businesses are not stiffed. Many large 
companies have the resources to fight these attacks by cybercriminals, 
but a lot of small businesses just do not have the time, money, or 
expertise.
  Every day we hear about issues relating to national security and 
cyber attacks. They are threats to us all. We are all a part of 
cyberspace, and we have to ensure that proper safety precautions are in 
place.

  We know that small businesses are especially at risk as it relates to 
cyber attacks; therefore, we must ensure that all small businesses have 
the ability to invest in the protection needed, but we must ensure 
proper coordination. I look forward to working with the chairperson and 
the ranking member.
  Mr. CHABOT. Mr. Speaker, I yield as much time as he may consume to 
the gentleman from Kansas (Mr. Marshall).
  Mr. MARSHALL. Mr. Speaker, I thank the chairman for his leadership in 
continuing to fight for small business.
  Mr. Speaker, I rise today in support of H.R. 3170, the Small Business 
Development Center Cyber Training Act of 2017. Cybersecurity has become 
an increasing issue for small businesses, as many small firms have less 
time than larger firms to develop cybersecurity defense strategies, 
fewer staff to monitor systems, and less access to capital to purchase 
computer security hardware and software.
  As more businesses embrace online tools, such as social media, mobile 
services, and cloud data storage, the need for stronger information 
security and cybersecurity systems has grown. Small business 
development centers provide important resources and business assistance 
programs for entrepreneurs and small-business owners.
  In Kansas, small business development centers have aided hundreds of 
businesses across the State, many of which I visited across the 
district. H.R. 3170 acknowledges the importance of cybersecurity, as 
well as the broad reach of SBDCs, and instructs the small-business 
administrator to establish a cybersecurity program for SBDC employees.
  Adding this training to the SBDC toolkit will allow SBDC employees to 
assist businessowners with cyber planning and strategy and is critical 
in ensuring that small businesses and entrepreneurs are able to 
securely compete in today's digital marketplace. I encourage my 
colleagues to support this legislation.
  Ms. VELAZQUEZ. Mr. Speaker, does the chairman have any further 
speakers?
  Mr. CHABOT. Mr. Speaker, I do not have any further speakers on this 
bill.
  Ms. VELAZQUEZ. Mr. Speaker, I yield myself such time as I may 
consume.
  Mr. Speaker, expanding access to a skilled cyber workforce focused on 
small businesses has been a top priority for both sides of the aisle. 
We cannot let our Nation's job creators go without the assistance they 
need to develop, implement, and monitor their online presence.
  H.R. 3170 will help boost SBDC's ability to engage and protect their 
small-business clients, and, therefore, also protect the interests of 
American workers and consumers.
  This legislation ensures that our national efforts combating cyber 
attacks can be utilized by our Nation's most vulnerable businesses. I 
urge my colleagues to support this bill.
  Mr. Speaker, I yield back the balance of my time.
  Mr. CHABOT. Mr. Speaker, I yield myself such time as I may consume to 
close, and I will be brief.
  Mr. Speaker, America's small business development centers must have 
the best possible cybersecurity training so that they can better assist 
small businesses to detect and combat cyber attacks.
  In our committee's efforts to spotlight these serious and growing 
threats, it has become clear that we need to think outside the box as 
we work to thwart cyber attacks, and the bipartisan bill before us 
today is a step in that direction.
  I would urge my colleagues to support this legislation, and I want to 
again thank the gentlewoman from New York (Ms. Velazquez), the ranking 
member, for her leadership on this.
  Mr. Speaker, I yield back the balance of my time.
  Ms. JACKSON LEE. Mr. Speaker, I speak in support of H.R. 3170, the 
Small Business Development Center Cyber Security Training Act of 2017.
  H.R. 3170 amends the Small Business Act to require the Small Business 
Administration to establish a program for certifying employees of small 
business development centers to provide cybersecurity planning 
assistance to small businesses.
  Cybersecurity threats faced by small businesses are as serious as 
those faced by large businesses and government agencies.
  According to the Better Business Bureau's 2017 report ``State of 
Cybersecurity Among Small Businesses in North America'' found that 
small business owners are becoming more and more aware of cyber 
threats, continue to be concerned about cyber risks, and are taking 
some proactive security steps in spite of their unique challenges in 
regard to cybersecurity.
  Global spending on cybersecurity is expected to reach $170 billion by 
2020 as businesses and governments work to security networks and the 
data they contain.
  Cyberattacks in the form of ransomware, phishing, point-of sale 
malware, keyloggers, tech support phone scam, remote access Trojan or 
rat are some of the threats faced by small businesses.
  According to the trade journal Small Business Trends:
  43 percent of cyberattacks target small businesses;
  14 percent of small businesses rate their ability to mitigate cyber 
risks, vulnerabilities, and attacks as highly effective;
  60 percent of small companies go out of business within six months of 
a cyberattack;
  48 percent of data security breaches are caused by acts of malicious 
intent, human error, or system failure; and
  Small businesses are most concerned about the security of customer 
data.
  Cyber criminals are not only interested in what may be of value on a 
small business computer or computing device.
  Criminals can also see value in taking control of a small business' 
computers or computing devices to launch an attack on a third party.
  These types of attacks can shield the attacker from being identified 
and cause problems for the small business as networks label their 
computing devices or web addresses as the source of an attack.
  The overall impact of a cybersecurity incident according to the 
National Institute for Standards and Technology could include:
  damage to information or information systems;
  regulatory fines and penalties/legal fees;
  decreased productivity;
  loss of information critical to running your business;
  damage to reputation or loss of consumer confidence;
  damage to credit and loan worthiness; or
  loss of business income.
  There is a growing shortage of cybersecurity professionals with over 
a quarter-million positions remaining unfilled in the U.S. alone and a 
predicted shortfall of 1.5 million cybersecurity professionals by 2019.
  Solutions like the ones contained in the bill before us would 
increase the number of cybersecurity professionals in the Small 
Business Administration to serve the cybersecurity needs of small 
businesses.
  The bill would require the SBA to have staff at their Small Business 
Development Centers (SBDCs) receive training in cybersecurity so that 
they will be prepared to assist businesses with cybersecurity planning.
  Small Business Development Centers provide an array of technical 
assistance to small businesses and aspiring entrepreneurs.
  By supporting business growth, sustainability and enhancing the 
creation of new businesses entities, SBDCs foster local and regional 
economic development through job creation and retention.
  As a result of the no-cost, extensive, one-on-one, long-term 
professional business advising, low-cost training and other specialized 
services SBDC clients receive, the program remains one of the nation's 
largest small business assistance programs in the federal government.
  The SBDCs are comprised of a unique collaboration of SBA federal 
funds, state and local governments, and private sector resources.
  SBDCs provide services through professional business advisors such 
as:
  development of business plans; manufacturing assistance;
  financial packaging and lending assistance; exporting and importing 
support;
  disaster recovery assistance; procurement and contracting aid; market 
research services;
  aid to 8(a) firms in all stages; and

[[Page H3800]]

  healthcare information.
  H.R. 3170, would add to this list cybersecurity planning assistance.
  I ask my colleagues to join me in supporting this bill.
  The SPEAKER pro tempore. The question is on the motion offered by the 
gentleman from Ohio (Mr. Chabot) that the House suspend the rules and 
pass the bill, H.R. 3170.
  The question was taken; and (two-thirds being in the affirmative) the 
rules were suspended and the bill was passed.
  A motion to reconsider was laid on the table.

                          ____________________