[Congressional Record Volume 168, Number 188 (Monday, December 5, 2022)]
[House]
[Pages H8740-H8741]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]




               SMALL BUSINESS CYBER TRAINING ACT OF 2022

  Ms. VELAZQUEZ. Mr. Speaker, I move to suspend the rules and pass the 
bill (S. 1687) to amend section 21 of the Small Business Act to require 
cyber certification for small business development center counselors, 
and for other purposes, as amended.
  The Clerk read the title of the bill.
  The text of the bill is as follows:

                                S. 1687

       Be it enacted by the Senate and House of Representatives of 
     the United States of America in Congress assembled,

     SECTION 1. SHORT TITLE.

       This Act may be cited as the ``Small Business Cyber 
     Training Act of 2022''.

     SEC. 2. DUTIES OF SMALL BUSINESS DEVELOPMENT CENTER 
                   COUNSELORS.

       (a) Cyber Training.--Section 21 of the Small Business Act 
     (15 U.S.C. 648) is amended by adding at the end the 
     following:
       ``(o) Cyber Strategy Training for Small Business 
     Development Centers.--
       ``(1) Definitions.--In this subsection--
       ``(A) the term `cyber strategy' means resources and tactics 
     to assist in planning for cybersecurity and defending against 
     cyber risks and attacks; and
       ``(B) the term `lead small business development center' 
     means a small business development center that receives 
     reimbursement from the Administrator under paragraph (5).
       ``(2) Certification program.--The Administrator shall 
     establish a cyber counseling certification program, or 
     designate 1 or more substantially similar governmental or 
     private cybersecurity certification programs, to certify the 
     employees of lead small business development centers in 
     providing cyber planning assistance to small business 
     concerns.
       ``(3) Number of certified employees.--The Administrator 
     shall ensure that the number of employees of each lead small 
     business development center who are certified in providing 
     cyber planning assistance is not less than the lesser of--
       ``(A) 5; or
       ``(B) 10 percent of the total number of employees of the 
     lead small business development center.
       ``(4) Cyber strategy.--In carrying out paragraph (2), the 
     Administrator, to the extent practicable, shall consider any 
     cyber strategy methods included in the Small Business 
     Development Center Cyber Strategy developed under section 
     1841(a)(3)(B) of the National Defense Authorization Act for 
     Fiscal Year 2017 (Public Law 114-328; 130 Stat. 2662).
       ``(5) Reimbursement for certification.--
       ``(A) In general.--Subject to the availability of 
     appropriations, the Administrator may reimburse each lead 
     small business development center for costs relating to the 
     certification of 1 or more employees of the lead small 
     business center in providing cyber planning assistance under 
     a program established or designated under paragraph (2).
       ``(B) Limitation.--The total amount reimbursed by the 
     Administrator under subparagraph (A) may not exceed $350,000 
     in any fiscal year.''.
       (b) Implementation.--Not later than 180 days after the date 
     of enactment of this Act, the Administrator of the Small 
     Business Administration shall implement paragraphs (2), (3), 
     and (4) of section 21(o) of the Small Business Act, as added 
     by subsection (a).

  The SPEAKER pro tempore. Pursuant to the rule, the gentlewoman from 
New York (Ms. Velazquez) and the gentleman from Missouri (Mr. 
Luetkemeyer) each will control 20 minutes.
  The Chair recognizes the gentlewoman from New York.


                             General Leave

  Ms. VELAZQUEZ. Mr. Speaker, I ask unanimous consent that all Members 
have 5 legislative days in which to revise and extend their remarks and 
include extraneous material on the measure under consideration.
  The SPEAKER pro tempore. Is there objection to the request of the 
gentlewoman from New York?
  There was no objection.
  Ms. VELAZQUEZ. Mr. Speaker, I yield myself such time as I may 
consume.
  Mr. Speaker, I rise in support of the bill before us today, S. 1687, 
the Small Business Cyber Training Act of 2022.
  The House passed its companion bill, H.R. 4515, the Small Business 
Development Center Cyber Training Act on November 2, 2021.
  S. 1687, would establish a cyber counseling certification program for 
lead SBDC staff to provide specific, free-of-charge cyber training for 
small businesses.
  As more businesses utilize the internet for social media advertising, 
payment systems, and global markets, more of them become vulnerable to 
cyberattacks. The cyber disruptions can destroy IT systems and derail 
operations, sometimes forcing the business to shut down.
  Cyberattack damage is not just limited to the IT systems; it can also 
erode customers' trust and tarnish a business' reputation.
  With that said, a recent SBA survey found that 88 percent of small 
business owners felt their business was vulnerable to a cyberattack, 
but reported that they couldn't afford professional IT solutions, have 
limited time to devote to cybersecurity, or just do not know where to 
begin.
  Given the greater risk cyberattacks pose to small businesses and 
their limited capacity to protect against them, we must find ways to 
help entrepreneurs strengthen their cybersecurity posture. The SBA and 
SBDCs are ready, willing, and able to fill these gaps.
  Under this legislation, lead SBDCs would be required to provide cyber 
training and resources and facilitate cybersecurity investments that 
are typically too expensive for small businesses.
  S. 1687 makes minor technical changes to the House passed bill and 
were agreed upon by all stakeholders. I thank our House leaders, Mr. 
Garbarino, Mr. Evans, Ms. Houlahan, and Mr. Chabot, who have been true 
advocates on this issue. I applaud their commitment to helping small 
business owners protect their livelihood from destructive cyberattacks.
  Mr. Speaker, I urge my colleagues to support this bill, as amended, 
and I reserve the balance of my time.
  Mr. LUETKEMEYER. Mr. Speaker, I yield myself such time as I may 
consume.
  Mr. Speaker, I rise in support of the House Amendment to S. 1687, the 
Small Business Cyber Training Act of 2022.
  All businesses, regardless of size or available resources, are 
susceptible to cyber threats. If large businesses can become victims of 
cybercrimes, small businesses are even more vulnerable.
  This bipartisan legislation directs Small Business Development 
Centers, SBDCs, to provide training to thwart potential attacks and 
educate small businesses on the most up-to-date cybersecurity 
practices. With over 1,000 local centers nationwide, SBDCs are well-
positioned to assist small businesses with their cybersecurity needs.
  Mr. Speaker, I thank Congressman Garbarino for his leadership on this 
issue and commitment to enhancing Missouri's economic competitiveness 
and cyber resiliency.
  I also thank my counterparts in the Senate for their work on this 
legislation.
  S. 1687 passed the Senate in September, and I urge my colleagues to 
support the bill we have before us today that does not include unneeded 
reimbursement provisions included in the final form.
  Mr. Speaker, I reserve the balance of my time.

                              {time}  1500

  Ms. VELAZQUEZ. Mr. Speaker, I reserve the balance of my time.
  Mr. LUETKEMEYER. Mr. Speaker, I yield myself the balance of my time.
  S. 1687, as amended, takes important steps to prepare small 
businesses to combat cybersecurity threats.
  This bipartisan bill to expand services at Small Business Development

[[Page H8741]]

Centers will ensure small businesses have the resources necessary to 
create a cybersecurity plan and detect cyber risks.
  Mr. Speaker, I urge my colleagues to support this legislation and I 
yield back the balance of my time.
  Ms. VELAZQUEZ. Mr. Speaker, I yield myself the balance of my time.
  The use of digital tools dramatically increased during the pandemic, 
even here in Congress; and the massive shift to remote work has 
resulted in a significant rise in cybersecurity threats and attacks.
  Guarding against cyberattacks often comes with significant costs and 
a substantial investment of time and resources. Unfortunately, small 
businesses operating on thin margins have fewer resources to dedicate 
to cybersecurity.
  S. 1687 ensures that the Nation's 62 lead SBDCs are fully equipped to 
assist small businesses with their cybersecurity needs at no cost. The 
bill would eliminate the primary obstacle of investment costs and make 
cybersecurity mitigation easier to adopt.
  This bill is a commonsense solution to complex problems. I urge my 
colleagues to support S. 1687, the Small Business Cyber Training Act of 
2022, as amended.
  Mr. Speaker, I yield back the balance of my time.
  The SPEAKER pro tempore (Mr. Beyer). The question is on the motion 
offered by the gentlewoman from New York (Ms. Velazquez) that the House 
suspend the rules and pass the bill, S. 1687, as amended.
  The question was taken.
  The SPEAKER pro tempore. In the opinion of the Chair, two-thirds 
being in the affirmative, the ayes have it.
  Mr. ROSENDALE. Mr. Speaker, on that I demand the yeas and nays.
  The yeas and nays were ordered.
  The SPEAKER pro tempore. Pursuant to clause 8 of rule XX, further 
proceedings on this motion will be postponed.

                          ____________________