Text: S.2034 — 116th Congress (2019-2020)All Information (Except Text)

There is one version of the bill.

Text available as:

Shown Here:
Introduced in Senate (06/27/2019)


116th CONGRESS
1st Session
S. 2034


To authorize small business development centers to provide cybersecurity assistance to small business concerns, and for other purposes.


IN THE SENATE OF THE UNITED STATES

June 27, 2019

Mr. Peters (for himself and Mr. Rubio) introduced the following bill; which was read twice and referred to the Committee on Small Business and Entrepreneurship


A BILL

To authorize small business development centers to provide cybersecurity assistance to small business concerns, and for other purposes.

Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,

SECTION 1. Short title.

This Act may be cited as the “Small Business Cybersecurity Assistance Act of 2019”.

SEC. 2. SBA activities to bolster small business development center cybersecurity support functions.

(a) In general.—Section 21 of the Small Business Act (15 U.S.C. 648) is amended—

(1) in subsection (a)—

(A) in paragraph (1), by inserting “management, training, and technical assistance regarding cybersecurity;” after “technology transfer;”; and

(B) in paragraph (8)—

(i) by redesignating subparagraph (B) as subparagraph (C); and

(ii) by inserting after subparagraph (A) the following:

“(B) CYBERSECURITY CLEARINGHOUSE.—

“(i) IN GENERAL.—In furtherance of the Small Business Development Center Cyber Strategy developed under section 1841(a) of the National Defense Authorization Act for Fiscal Year 2017 (Public Law 114–328; 130 Stat. 2662), not later than 90 days after the date of enactment of the Small Business Cybersecurity Assistance Act of 2019, the Administrator, in consultation with America's SBDC (or any subsequent association identified by the Administrator that represents small business development centers), any federally affiliated small business-focused entity as determined appropriate by the Administrator, and, as appropriate, any other Federal agency, shall advise the Secretary of Homeland Security on the development and maintenance of a Cybersecurity Clearinghouse platform (in this subparagraph referred to as the ‘Clearinghouse’).

“(ii) MANAGEMENT.—The Administrator and the Secretary of Homeland Security shall jointly manage the content maintained on the Clearinghouse.

“(iii) RESOURCES.—The Clearinghouse shall contain public-facing cybersecurity resources, to the extent possible focused on small business concerns, in a single location for easy reference by small business development centers, federally affiliated small-business focused entities, and small business concerns.

“(iv) CONTENTS.—The Clearinghouse shall—

“(I) be publicly available online; and

“(II) contain cybersecurity reference material for small business concerns—

“(aa) developed by entities in the Federal Government; and

“(bb) for any other purpose as determined jointly by the Administrator and the Secretary of Homeland Security.

“(v) TRAINING.—The Administrator, in consultation with America's SBDC (or any subsequent association identified by the Administrator that represents small business development centers), any federally affiliated small business-focused entity as determined appropriate by the Administrator, the Department of Homeland Security, and, as appropriate, any other Federal agency, shall provide periodic training sessions, online or in-person, to employees of small business development centers and other federally affiliated small business-focused entities on the Clearinghouse, including utilization of the Clearinghouse.

“(vi) EXISTING PLATFORM OR WEBSITE.—The Administrator may maintain the Clearinghouse on an online platform or website in existence as of the date of enactment of the Small Business Cybersecurity Assistance Act of 2019.

“(vii) REFERENCE.—The Administration shall include a hyperlink for the public to access the Clearinghouse on the website of the Administration.”; and

(2) in subsection (c)(3)—

(A) in subparagraph (T), by striking “and” at the end;

(B) in the first subparagraph (U), by striking the period at the end and inserting a semicolon;

(C) by redesignating the second subparagraph (U) as subparagraph (V);

(D) in subparagraph (V), as so redesignated, by striking the period at the end and inserting “; and”; and

(E) by adding at the end the following:

“(W) providing information and assistance to small business concerns with respect to cybersecurity policies, management, or technical strategies.”.

SEC. 3. Department of Homeland Security activities to bolster small business development center cybersecurity support functions.

(a) Definitions.—In this section—

(1) the term “Administrator” means the Administrator of the Small Business Administration;

(2) the term “Secretary” means the Secretary of Homeland Security; and

(3) the terms “small business concern” and “small business development center” has the meanings given those terms in section 3 of the Small Business Act (15 U.S.C. 632).

(b) Program.—

(1) IN GENERAL.—The Secretary, in consultation with the Administrator, America's SBDC (or any subsequent association identified by the Administrator that represents small business development centers), any federally affiliated small business-focused entity as determined appropriate by the Administrator, and, as appropriate, any other Federal agency, shall develop—

(A) educational cybersecurity materials for employees of small business development centers, and other federally affiliated small business-focused entities as determined appropriate by the Administrator, to utilize during cybersecurity events and counseling sessions with small business concerns, which shall address, at a minimum—

(i) cybersecurity policies and procedures for small businesses;

(ii) cybersecurity defensive strategies for small businesses; and

(iii) cybersecurity response strategies for small businesses; and

(B) training programs, such as webinars, on-line tools, or software, for employees of small business development centers, and other federally affiliated small business-focused entities as determined appropriate by the Administrator, to utilize during cybersecurity events and counseling sessions with small business concerns.

(2) TRAINING.—The Secretary shall provide periodic training sessions, online or in-person, to employees of small business development centers, and other federally affiliated small business-focused entities as determined appropriate by the Administrator, on the utilization of the materials and training programs described in subparagraphs (A) and (B) of paragraph (1).

(3) POSTING OF MATERIAL.—Not later than 180 days after the date on which the Administrator establishes the Cybersecurity Clearinghouse required under subparagraph (B) of section 21(a)(8) of the Small Business Act (15 U.S.C. 648(a)(8)), as added by section 2 of this Act—

(A) the Secretary shall complete development of the materials described in paragraph (1)(A) and submit them to the Administrator; and

(B) the Administrator or the Secretary shall upload those materials to the Cybersecurity Clearinghouse.