[Congressional Bills 117th Congress]
[From the U.S. Government Publishing Office]
[H.R. 4513 Introduced in House (IH)]
<DOC>
117th CONGRESS
1st Session
H. R. 4513
To amend the Small Business Act to provide for the establishment of an
enhanced cybersecurity assistance and protections for small businesses,
and for other purposes.
_______________________________________________________________________
IN THE HOUSE OF REPRESENTATIVES
July 19, 2021
Mr. Donalds (for himself, Ms. Velazquez, Mr. Chabot, and Ms. Houlahan)
introduced the following bill; which was referred to the Committee on
Small Business
_______________________________________________________________________
A BILL
To amend the Small Business Act to provide for the establishment of an
enhanced cybersecurity assistance and protections for small businesses,
and for other purposes.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Small Business Advanced
Cybersecurity Enhancements Act of 2021''.
SEC. 2. ENHANCED CYBERSECURITY ASSISTANCE AND PROTECTIONS FOR SMALL
BUSINESSES.
Section 21(a) of the Small Business Act (15 U.S.C. 648(a)) is
amended by adding at the end the following new paragraph:
``(9) Small business cybersecurity assistance and
protections.--
``(A) Establishment of small business cybersecurity
assistance units.--The Administrator of the Small
Business Administration, in coordination with the
Secretary of Commerce, and in consultation with the
Secretary of Homeland Security and the Attorney
General, shall establish--
``(i) in the Administration, a central
small business cybersecurity assistance unit;
and
``(ii) within each small business
development center, a regional small business
cybersecurity assistance unit.
``(B) Duties of the central small business
cybersecurity assistance unit.--
``(i) In general.--The central small
business cybersecurity assistance unit
established under subparagraph (A)(i) shall
serve as the primary interface for small
business concerns to receive and share cyber
threat indicators and defensive measures with
the Federal Government.
``(ii) Use of capability and processes.--
The central small business cybersecurity
assistance unit shall use the capability and
process certified pursuant to section
105(c)(2)(A) of the Cybersecurity Information
Sharing Act of 2015 (6 U.S.C. 1504(c)(2)(A)) to
receive cyber threat indicators or defensive
measures from small business concerns.
``(iii) Application of cisa.--A small
business concern that receives or shares cyber
threat indicators and defensive measures with
the Federal Government through the central
small business cybersecurity assistance unit
established under subparagraph (A)(i), or with
any appropriate entity pursuant to section
103(c) of the Cybersecurity Information Sharing
Act of 2015 (6 U.S.C. 1503(c)), shall receive
the protections and exemptions provided in such
Act and this paragraph.
``(C) Relation to nccic.--
``(i) Central small business cybersecurity
assistance unit.--The central small business
cybersecurity assistance unit established under
subparagraph (A)(i) shall be collocated with
the national cybersecurity and communications
integration center.
``(ii) Access to information.--The national
cybersecurity and communications integration
center shall have access to all cyber threat
indicators or defensive measures shared with
the central small cybersecurity assistance unit
established under subparagraph (A)(i) through
the use of the capability and process described
in subparagraph (B)(ii).
``(D) Cybersecurity assistance for small
businesses.--The central small business cybersecurity
assistance unit established under subparagraph (A)(i)
shall--
``(i) work with each regional small
business cybersecurity assistance unit
established under subparagraph (A)(ii) to
provide cybersecurity assistance to small
business concerns;
``(ii) leverage resources from the
Administration, the Department of Commerce, the
Department of Homeland Security, the Department
of Justice, the Department of the Treasury, the
Department of State, and any other Federal
department or agency the Administrator
determines appropriate, in order to help
improve the cybersecurity posture of small
business concerns;
``(iii) coordinate with the Department of
Homeland Security to identify and disseminate
information to small business concerns in a
form that is accessible and actionable by small
business concerns;
``(iv) coordinate with the National
Institute of Standards and Technology to
identify and disseminate information to small
business concerns on the most cost-effective
methods for implementing elements of the
cybersecurity framework of the National
Institute of Standards and Technology
applicable to improving the cybersecurity
posture of small business concerns;
``(v) seek input from the Office of
Advocacy of the Administration to ensure that
any policies or procedures adopted by any
department, agency, or instrumentality of the
Federal Government do not unduly add regulatory
burdens to small business concerns in a manner
that will hamper the improvement of the
cybersecurity posture of such small business
concerns; and
``(vi) leverage resources and relationships
with representatives and entities involved in
the national cybersecurity and communications
integration center to publicize the capacity of
the Federal Government to assist small business
concerns in improving cybersecurity practices.
``(E) Enhanced cybersecurity protections for small
businesses.--
``(i) In general.--Notwithstanding any
other provision of law, no cause of action
shall lie or be maintained in any court against
any small business concern, and such action
shall be promptly dismissed, if such action is
related to or arises out of--
``(I) any activity authorized under
this paragraph or the Cybersecurity
Information Sharing Act of 2015 (6
U.S.C. 1501 et seq.); or
``(II) any action or inaction in
response to any cyber threat indicator,
defensive measure, or other information
shared or received pursuant to this
paragraph or the Cybersecurity
Information Sharing Act of 2015 (6
U.S.C. 1501 et seq.).
``(ii) Application.--The exception provided
in section 105(d)(5)(D)(ii)(I) of the
Cybersecurity Information Sharing Act of 2015
(6 U.S.C. 1504(d)(5)(D)(ii)(I)) shall not apply
to any cyber threat indicator or defensive
measure shared or received by small business
concerns pursuant to this paragraph or the
Cybersecurity Information Sharing Act of 2015
(6 U.S.C. 1501 et seq.).
``(iii) Rule of construction.--Nothing in
this subparagraph shall be construed to affect
the applicability or merits of any defense,
motion, or argument in any cause of action in a
court brought against an entity that is not a
small business concern.
``(F) Definitions.--In this paragraph:
``(i) CISA definitions.--The terms `cyber
threat indicator' and `defensive measure' have
the meanings given such terms, respectively, in
section 102 of the Cybersecurity Information
Sharing Act of 2015 (6 U.S.C. 1501).
``(ii) National cybersecurity and
communications integration center.--The term
`national cybersecurity and communications
integration center' means the national
cybersecurity and communications integration
center established under section 227 of the
Homeland Security Act of 2002 (6 U.S.C.
148).''.
SEC. 3. PROHIBITION ON NEW APPROPRIATIONS.
(a) In General.--No additional funds are authorized to be
appropriated to carry out this Act and the amendments made by this Act.
(b) Existing Funding.--This Act and the amendments made by this Act
shall be carried out using amounts made available under section
21(a)(4)(C)(viii) of the Small Business Act (15 U.S.C.
648(a)(4)(viii)).
(c) Technical and Conforming Amendment.--Section 21(a)(4)(C)(viii)
of the Small Business Act (15 U.S.C.648(a)(4)(C)(viii)) is amended to
read as follows:
``(viii) Limitation.--
``(I) Cybersecurity assistance.--
From the funds appropriated pursuant to
clause (vii), the Administration shall
reserve not less than $1,000,000 in
each fiscal year to develop
cybersecurity assistance units at small
business development centers under
paragraph (9).
``(II) Portable assistance.--
``(aa) In general.--Any
funds appropriated pursuant to
clause (vii) that are remaining
after reserving amounts under
subclause (I) may be used for
portable assistance for startup
and sustainability non-matching
grant programs to be conducted
by eligible small business
development centers in
communities that are
economically challenged as a
result of a business or
government facility down sizing
or closing, which has resulted
in the loss of jobs or small
business instability.
``(bb) Grant amount and
use.--A non-matching grant
under this subclause shall not
exceed $100,000, and shall be
used for small business
development center personnel
expenses and related small
business programs and
services.''.
<all>