[Congressional Record Volume 165, Number 118 (Monday, July 15, 2019)]
[House]
[Pages H5809-H5810]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]




      SMALL BUSINESS DEVELOPMENT CENTER CYBER TRAINING ACT OF 2019

  Mr. DELGADO. Mr. Speaker, I move to suspend the rules and pass the 
bill (H.R. 1649) to amend the Small Business Act to require cyber 
certification for small business development center counselors, and for 
other purposes.
  The Clerk read the title of the bill.
  The text of the bill is as follows:

                               H.R. 1649

       Be it enacted by the Senate and House of Representatives of 
     the United States of America in Congress assembled,

     SECTION 1. SHORT TITLE.

       This Act may be cited as the ``Small Business Development 
     Center Cyber Training Act of 2019''.

     SEC. 2. DUTIES OF SMALL BUSINESS DEVELOPMENT CENTER 
                   COUNSELORS.

       Section 21 of the Small Business Act (15 U.S.C. 648) is 
     amended by adding at the end the following:
       ``(o) Cyber Strategy Training for Small Business 
     Development Centers.--
       ``(1) Definitions.--In this subsection--
       ``(A) the term `cyber strategy' means resources and tactics 
     to assist in planning for cybersecurity and defending against 
     cyber risks and cyber attacks; and
       ``(B) the term `lead small business development center' 
     means a small business development center that has received a 
     grant from the Administration.
       ``(2) Certification program.--The Administrator shall 
     establish a cyber counseling certification program, or 
     approve a similar existing program, to certify the employees 
     of lead small business development centers to provide cyber 
     planning assistance to small business concerns.
       ``(3) Number of certified employees.--The Administrator 
     shall ensure that the number of employees of each lead small 
     business development center who are certified in providing 
     cyber planning assistance under this subsection is not fewer 
     than the lesser of--
       ``(A) 5; or
       ``(B) 10 percent of the total number of employees of the 
     lead small business development center.
       ``(4) Consideration of small business development center 
     cyber strategy.--In carrying out this subsection, the 
     Administrator, to the extent practicable, shall consider any 
     cyber strategy methods included in the Small Business 
     Development Center Cyber Strategy developed under section 
     1841(a) of the National Defense Authorization Act for Fiscal 
     Year 2017 (Public Law 114-328; 130 Stat. 2662).
       ``(5) Reimbursement for certification.--
       ``(A) In general.--Subject to the availability of 
     appropriations and subparagraph (B), the Administrator shall 
     reimburse a lead small business development center for costs 
     relating to the certification of an employee of the lead 
     small business development center under the program 
     established under paragraph (2).
       ``(B) Limitation.--The total amount reimbursed by the 
     Administrator under subparagraph (A) may not exceed $350,000 
     in any fiscal year.''.

  The SPEAKER pro tempore. Pursuant to the rule, the gentleman from New 
York (Mr. Delgado) and the gentleman from Ohio (Mr. Chabot) each will 
control 20 minutes.
  The Chair recognizes the gentleman from New York.


                             General Leave

  Mr. DELGADO. Mr. Speaker, I ask unanimous consent that all Members 
may have 5 legislative days in which to revise and extend their remarks 
and include extraneous material on the measure under consideration.
  The SPEAKER pro tempore. Is there objection to the request of the 
gentleman from New York?
  There was no objection.
  Mr. DELGADO. Mr. Speaker, I yield myself such time as I may consume.
  Mr. Speaker, I rise in support of H.R. 1649, the Small Business 
Development Center Cyber Training Act of 2019, which helps Small 
Business Development Centers, or SBDCs, become better equipped to 
assist small entities with their cybersecurity needs.
  Small businesses have increasingly become the targets of 
cyberattacks, and because of the complexity and cost associated with 
identifying, monitoring, and sharing information with appropriate 
agencies, only 31 percent of small firms have cybersecurity plans in 
place.
  Besides access to capital, cybersecurity is one of the main 
impediments to entrepreneurial success. Our committee has heard many 
heartbreaking stories about how it took just one attack to shutter a 
business.
  We have also heard time and time again the frustration business 
owners feel as they attempt to protect against ever-changing threats 
and navigate cyber regulations to win government contracts.
  This legislation ensures that our Nation's most vulnerable businesses 
are prepared to combat the imminent threat from cyberattacks.
  Leveraging the vast network of SBDCs and their expertise in assisting 
entrepreneurs from all over the country is a step in the right 
direction to provide education and training to business owners seeking 
to implement safeguards to their networks.
  Mr. Speaker, I commend Ranking Member Chabot and Congressman Evans 
for working together on this important issue, and I ask my fellow 
Members to support this bill.
  Mr. Speaker, I reserve the balance of my time.
  Mr. CHABOT. Mr. Speaker, I yield myself such time as I may consume.
  Mr. Speaker, I rise in support of H.R. 1649, the Small Business 
Development Center Cyber Training Act of 2019.
  Information technology is a necessity for small businesses, because 
it arms them with the tools they need to be competitive in the global 
economy.
  Unfortunately, small businesses are increasingly popular targets for 
cybercriminals. The average cost of a cyberattack on a small business 
is over $30,000, which can destroy, literally, a small business.
  That is exactly why Ms. Velazquez, Mr. Evans, and I introduced H.R. 
1649, the Small Business Development Center Cyber Training Act of 2019.
  This bipartisan legislation establishes a cyber counseling 
certification program in lead SBDCs to better assist small businesses 
with planning and implementing cybersecurity measures to defend against 
cyberattacks.
  The cyber assistance offered by trained staff at SBDCs would be 
provided at no or low cost to small businesses.
  Cyber planning assistance will encourage small businesses to take a 
more proactive approach to defending themselves from cyberattacks by 
leveraging the expertise from SBDCs and their partner agencies and 
institutions. This bill utilizes existing Federal resources to cover 
the reimbursement costs.
  We recognize cyber threats are ever-evolving and will continue to 
work with industry to ensure that appropriate staffing needs are met.
  Mr. Speaker, I urge my colleagues to support this measure, and I 
reserve the balance of my time.
  Mr. DELGADO. Mr. Speaker, I yield 5 minutes to the gentleman from 
Pennsylvania (Mr. Evans).
  Mr. EVANS. Mr. Speaker, I thank my colleague from New York (Mr. 
Delgado) for the introduction.
  Mr. Speaker, I rise to offer my support for H.R. 1649, the Small 
Business Development Center Cyber Training Act.
  As vice chair of the Small Business Committee, I was proudly joined 
by fellow colleagues in the committee, Ranking Member Chabot and 
Chairwoman Velazquez, in introducing this important bipartisan 
legislation.
  I consider small business to be the foundation of our communities. 
They are the engines that drive innovativeness, investments, and 
economic development, and they are the pillars that prop up our 
neighborhoods.
  Both in my home State of Pennsylvania and across the U.S., small 
businesses account for more than 99 percent of all businesses. 
Nationally, they support almost 59 million jobs.
  Over the past decade, as we have seen immense growth in technology 
and innovativeness, we have also seen an increase in incidents 
involving the theft of valuable information from businesses and 
governments.
  In 2014, it was discovered that the Office of Personnel Management 
was hacked, resulting in the theft of over 20 million records.
  In 2013, criminals broke into Target's databases, with the credit and 
debit information from almost 40 million consumers being compromised.
  Breaches have also been reported at Home Depot, JPMorgan Chase, and 
Sony.

[[Page H5810]]

  As we have witnessed, these breaches can have extremely devastating 
and costly impacts on major corporations.
  Now, if major entities struggle with the challenges of cybersecurity, 
what chances do our small businesses have?
  H.R. 1649 was written to address this risk by providing cyber 
training, strategies, and resources to small businesses to better equip 
themselves against cyberattacks.
  I appreciate having the opportunity to co-lead this important piece 
of legislation that will truly help our small businesses, the backbone 
of our Nation's economy, have the tools they need to protect themselves 
and to succeed.

  Mr. DELGADO. Mr. Speaker, I have no further speakers. I am prepared 
to close, and I reserve the balance of my time.
  Mr. CHABOT. Mr. Speaker, we have no further speakers, so I would be 
happy to close at this time if it is acceptable to the gentleman.
  Mr. Speaker, we have heard from small business owners, cybersecurity 
experts, and government officials, and there is no question that 
improving cybersecurity for America's small businesses should be an 
urgent priority for small firms.
  Over the past few years, the Federal Government has stepped up its 
efforts to both prevent and mitigate cyberattacks by coordinating and 
distributing cybersecurity resources directly to small businesses.
  This commonsense legislation would continue our efforts to ensure 
small firms can access needed information from SBDCs to help prevent 
and respond to cyberattacks.
  Mr. Speaker, I urge this bill's adoption. I want to again thank the 
gentleman from Pennsylvania (Mr. Evans) for his leadership on this, and 
I yield back the balance of my time.
  Mr. DELGADO. Mr. Speaker, cybercrime is one of the greatest risks to 
every business in the world. Cybercriminals have realized small 
entities are more exposed than larger businesses that have dedicated 
in-house IT personnel overseeing their systems and networks.
  Unfortunately, just 14 percent of small businesses have a plan in 
place for keeping their company secure.
  This is why Congress and the SBA must continue to make cybersecurity 
training and resources a top priority for our Nation's small firms.
  Through H.R. 1649, U.S. small businesses will be more prepared and 
better protected against cyber threats.
  This bill has bipartisan support and is essential to enhancing 
America's cyber infrastructure, by starting with the most vulnerable 
businesses.
  Our committee remains dedicated to advancing more policies to address 
the cyber challenges of small employers.
  Mr. Speaker, I urge my colleagues to support the bill, and I yield 
back the balance of my time.
  Ms. JACKSON LEE. Mr. Speaker, as a senior member of the House 
Committees on the Judiciary, Homeland Security, and Budget, I rise in 
strong support of H.R. 1649, the ``Small Business Development Center 
Cyber Training Act of 2019.''
  H.R. 1649 calls for the establishment of a cyber counseling 
certification program, or the approval of a similar existing program, 
to certify the employees of lead business development centers to 
provide cyber planning assistance to small business concerns.
  Cyber strategy refers to the necessary resources and tactics that 
assist in planning for cybersecurity and defending against cyber risks 
and cyber attacks.
  Technology becomes more advanced every day, and cyber threats follow 
that same trend, making them increasingly difficult to predict and 
prevent.
  Cyber attacks have cost companies with robust cybersecurity programs 
millions of dollars, and small businesses are no exception.
  Yet, small businesses often lack the resources available to larger 
companies and corporations, making them especially vulnerable to such 
attacks.
  A recent Ponemon study found that nearly 70 percent of all small 
businesses experienced a cyberattack in 2017, while nearly half 
admitted to having no understanding of how to protect their company 
against a cyber attack.
  Additionally, another study by Hiscox found that less than 20 percent 
of small businesses said they were confident in their cybersecurity 
readiness, and barely half had a clearly defined cybersecurity strategy 
at all.
  Due to the vulnerability of small business operations, we need 
extensive measures to identify, analyze, and alleviate threats of 
cyberattacks.
  This bill ensures that there are at least 5 or 10 percent of the 
total number of employees within a small business development center 
who are certified in providing cyber planning assistance.
  Mr. Speaker, I urge my colleagues to join me in supporting H.R. 1649 
to protect the cybersecurity networks and facilitate cybersecurity 
training within our nation's small businesses.
  The SPEAKER pro tempore. The question is on the motion offered by the 
gentleman from New York (Mr. Delgado) that the House suspend the rules 
and pass the bill, H.R. 1649.
  The question was taken; and (two-thirds being in the affirmative) the 
rules were suspended and the bill was passed.
  A motion to reconsider was laid on the table.

                          ____________________