[Congressional Bills 114th Congress]
[From the U.S. Government Publishing Office]
[H.R. 5064 Received in Senate (RDS)]
<DOC>
114th CONGRESS
2d Session
H. R. 5064
_______________________________________________________________________
IN THE SENATE OF THE UNITED STATES
September 22, 2016
Received
_______________________________________________________________________
AN ACT
To amend the Small Business Act to allow small business development
centers to assist and advise small business concerns on relevant cyber
security matters, and for other purposes.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Improving Small Business Cyber
Security Act of 2016''.
SEC. 2. ROLE OF SMALL BUSINESS DEVELOPMENT CENTERS IN CYBER SECURITY
AND PREPAREDNESS.
Section 21 of the Small Business Act (15 U.S.C. 648) is amended--
(1) in subsection (a)(1), by striking ``and providing
access to business analysts who can refer small business
concerns to available experts:'' and inserting ``providing
access to business analysts who can refer small business
concerns to available experts; and, to the extent practicable,
providing assistance in furtherance of the Small Business
Development Center Cyber Strategy developed under section 5(b)
of the Improving Small Business Cyber Security Act of 2016:'';
and
(2) in subsection (c)--
(A) in paragraph (2)--
(i) in subparagraph (E), by striking
``and'' at the end;
(ii) in subparagraph (F), by striking the
period and inserting ``; and''; and
(iii) by adding at the end of the
following:
``(G) access to cyber security specialists to counsel,
assist, and inform small business concern clients, in
furtherance of the Small Business Development Center Cyber
Strategy developed under section 5(b) of the Improving Small
Business Cyber Security Act of 2016.''.
SEC. 3. ADDITIONAL CYBER SECURITY ASSISTANCE FOR SMALL BUSINESS
DEVELOPMENT CENTERS.
Section 21(a) of the Small Business Act (15 U.S.C. 648(a)) is
amended by adding at the end the following:
``(8) Cyber security assistance.--The Department of
Homeland Security, and any other Federal department or agency
in coordination with the Department of Homeland Security, may
leverage small business development centers to provide
assistance to small businesses by disseminating cyber security
risk information and other homeland security information to
help small business concerns in developing or enhancing cyber
security infrastructure, cyber threat awareness, and cyber
training programs for employees.''.
SEC. 4. CYBER SECURITY OUTREACH FOR SMALL BUSINESS DEVELOPMENT CENTERS.
Section 227 of the Homeland Security Act of 2002 (6 U.S.C. 148) is
amended--
(1) by redesignating subsection (l) as subsection (m); and
(2) by inserting after subsection (k) the following:
``(l) Cybersecurity Outreach.--
``(1) In general.--The Secretary may leverage small
business development centers to provide assistance to small
business concerns by disseminating information on cyber threat
indicators, defensive measures, cybersecurity risks, incidents,
analyses, and warnings to help small business concerns in
developing or enhancing cybersecurity infrastructure, cyber
threat awareness, and cyber training programs for employees.
``(2) Definitions.--For purposes of this subsection, the
terms `small business concern' and `small business development
center' have the meaning given such terms, respectively, under
section 3 of the Small Business Act.''.
SEC. 5. GAO STUDY ON SMALL BUSINESS CYBER SUPPORT SERVICES AND SMALL
BUSINESS DEVELOPMENT CENTER CYBER STRATEGY.
(a) Review of Current Cyber Security Resources.--
(1) In general.--The Comptroller General of the United
States shall conduct a review of current cyber security
resources at the Federal level aimed at assisting small
business concerns with developing or enhancing cyber security
infrastructure, cyber threat awareness, or cyber training
programs for employees.
(2) Content.--The review required under paragraph (1) shall
include the following:
(A) An accounting and description of all Federal
Government programs, projects, and activities that
currently provide assistance to small business concerns
in developing or enhancing cyber security
infrastructure, cyber threat awareness, or cyber
training programs for employees.
(B) An assessment of how widely utilized the
resources described under subparagraph (A) are by small
business concerns and a review of whether or not such
resources are duplicative of other programs and
structured in a manner that makes them accessible to
and supportive of small business concerns.
(3) Report.--The Comptroller General shall issue a report
to the Congress, the Administrator of the Small Business
Administration, the Secretary of Homeland Security, and any
association recognized under section 21(a)(3)(A) of the Small
Business Act containing all findings and determinations made in
carrying out the review required under paragraph (1).
(b) Small Business Development Center Cyber Strategy.--
(1) In general.--Not later than 90 days after the issuance
of the report under subsection (a)(3), the Administrator of the
Small Business Administration and the Secretary of Homeland
Security shall work collaboratively to develop a Small Business
Development Center Cyber Strategy.
(2) Consultation.--In developing the strategy under this
subsection, the Administrator of the Small Business
Administration and the Secretary of Homeland Security shall
consult with entities representing the concerns of small
business development centers, including any association
recognized under section 21(a)(3)(A) of the Small Business Act.
(3) Content.--The strategy required under paragraph (1)
shall include, at minimum, the following:
(A) Plans for leveraging small business development
centers (SBDCs) to access existing cyber programs of
the Department of Homeland Security and other
appropriate Federal agencies to enhance services and
streamline cyber assistance to small business concerns.
(B) To the extent practicable, methods for the
provision of counsel and assistance to improve a small
business concern's cyber security infrastructure, cyber
threat awareness, and cyber training programs for
employees, including--
(I) working to ensure individuals are aware
of best practices in the areas of cyber
security, cyber threat awareness, and cyber
training;
(ii) working with individuals to develop
cost-effective plans for implementing best
practices in these areas;
(iii) entering into agreements, where
practical, with Information Sharing and
Analysis Centers or similar cyber information
sharing entities to gain an awareness of
actionable threat information that may be
beneficial to small business concerns; and
(iv) providing referrals to area
specialists when necessary.
(c) An analysis of--
(I) how Federal Government programs,
projects, and activities identified by the
Comptroller General in the report issued under
subsection (a)(1) can be leveraged by SBDCs to
improve access to high-quality cyber support
for small business concerns;
(ii) additional resources SBDCs may need to
effectively carry out their role; and
(iii) how SBDCs can leverage existing
partnerships and develop new ones with Federal,
State, and local government entities as well as
private entities to improve the quality of
cyber support services to small business
concerns.
(4) Delivery of strategy.--Not later than 180 days after
the issuance of the report under subsection (a)(3), the Small
Business Development Center Cyber Strategy shall be issued to
the Committees on Homeland Security and Small Business of the
House of Representatives and the Committees on Homeland
Security and Governmental Affairs and Small Business and
Entrepreneurship of the Senate.
(c) Definition.--The term ``small business development center'' has
the meaning given such term in section 3 of the Small Business Act (15
U.S.C. 632).
SEC. 6. PROHIBITION ON ADDITIONAL FUNDS.
No additional funds are authorized to be appropriated to carry out
the requirements of this Act or the amendments made by this Act. Such
requirements shall be carried out using amounts otherwise authorized.
Passed the House of Representatives September 21, 2016.
Attest:
KAREN L. HAAS,
Clerk.