July 15, 2019 - Issue: Vol. 165, No. 118 — Daily Edition116th Congress (2019 - 2020) - 1st Session
All in House sectionPrev28 of 79Next
SBA CYBER AWARENESS ACT; Congressional Record Vol. 165, No. 118
(House of Representatives - July 15, 2019)
Text available as:
Formatting necessary for an accurate reading of this text may be shown by tags (e.g., <DELETED> or <BOLD>) or may be missing from this TXT display. For complete and accurate display of this text, see the PDF.
[Pages H5807-H5809] From the Congressional Record Online through the Government Publishing Office [www.gpo.gov] SBA CYBER AWARENESS ACT Mr. DELGADO. Mr. Speaker, I move to suspend the rules and pass the bill (H.R. 2331) to require an annual report on the cybersecurity of the Small Business Administration, and for other purposes. The Clerk read the title of the bill. The text of the bill is as follows: H.R. 2331 Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled, SECTION 1. SHORT TITLE. This Act may be cited as the ``SBA Cyber Awareness Act''. SEC. 2. CYBERSECURITY AWARENESS REPORTING. Section 10 of the Small Business Act (15 U.S.C. 639) is amended by inserting after subsection (a) the following: ``(b) Cybersecurity Reports.-- ``(1) Annual report.--Not later than 180 days after the date of enactment of this subsection, and every year thereafter, the Administrator shall submit a report to the appropriate congressional committees that includes-- ``(A) an assessment of the information technology (as defined in section 11101 of title 40, United States Code) and cybersecurity infrastructure of the Administration; ``(B) a strategy to increase the cybersecurity infrastructure of the Administration; ``(C) a detailed account of any information technology equipment or interconnected system or subsystem of equipment of the Administration that was manufactured by an entity that has its principal place of business located in the People's Republic of China; and ``(D) an account of any cybersecurity risk or incident that occurred at the Administration during the 2-year period preceding the date on which the report is submitted, and any action taken by the Administrator to respond to or remediate any such cybersecurity risk or incident. ``(2) Additional reports.--If the Administrator determines that there is a reasonable basis to conclude that a cybersecurity risk or incident occurred at the Administration, the Administrator shall-- ``(A) not later than 7 days after the date on which the Administrator makes that determination, notify the appropriate congressional committees of the cybersecurity risk or incident; and ``(B) not later than 30 days after the date on which the Administrator makes a determination under subparagraph (A)-- ``(i) provide notice to individuals and small business concerns affected by the cybersecurity risk or incident; and ``(ii) submit to the appropriate congressional committees a report, based on information available to the Administrator as of the date which the Administrator submits the report, that includes-- ``(I) a summary of information about the cybersecurity risk or incident, including how the cybersecurity risk or incident occurred; and ``(II) an estimate of the number of individuals and small business concerns affected by the cybersecurity risk or incident, including an assessment of the risk of harm to affected individuals and small business concerns. ``(3) Rule of construction.--Nothing in this subsection shall be construed to affect the reporting requirements of the Administrator under chapter 35 of title 44, United States Code, in particular the requirement to notify the Federal information security incident center under section 3554(b)(7)(C)(ii) of such title, or any other provision of law. ``(4) Definitions.--In this subsection: ``(A) Appropriate congressional committees.--The term `appropriate congressional committees' means-- ``(i) the Committee on Small Business and Entrepreneurship of the Senate; and ``(ii) the Committee on Small Business of the House of Representatives. ``(B) Cybersecurity risk; incident.--The terms `cybersecurity risk' and `incident' have the meanings given such terms, respectively, under section 2209(a) of the Homeland Security Act of 2002.''. The SPEAKER pro tempore. Pursuant to the rule, the gentleman from New York (Mr. Delgado) and the gentleman from Ohio (Mr. Chabot) each will control 20 minutes. The Chair recognizes the gentleman from New York. General Leave Mr. DELGADO. Mr. Speaker, I ask unanimous consent that all Members may have 5 legislative days in which to revise and extend their remarks and include extraneous material on the measure under consideration. The SPEAKER pro tempore. Is there objection to the request of the gentleman from New York? There was no objection. Mr. DELGADO. Mr. Speaker, I yield myself such time as I may consume. I rise in support of H.R. 2331, the SBA Cyber Awareness Act of 2019, which strengthens the Small Business Administration's cybersecurity infrastructure to handle and report cyber threats that affect small businesses. The Small Business Administration processes a significant amount of small business data, and protecting these businesses is essential to its mission. That is why they must protect its precious digital networks from cyberattacks. But after the massive data breach at the U.S. Office of Personnel Management, 75 percent of Americans are doubtful that the government can protect their personal information. With 28 million small business owners in the U.S. that provide 64 percent of new private-sector jobs, America cannot afford for small businesses to lose faith in the SBA. Today, we take an important step to restore American confidence in the SBA's cybersecurity protections and prevent the harmful results of cyberattacks. [[Page H5808]] H.R. 2331 ensures that the SBA has an effective cyber strategy and requires timely reporting of cyber incidents to Congress and affected individuals. Through these measures, the SBA will better serve the American small businesses that support the U.S. economy. I thank Congressman Crow and Congressman Balderson for working so diligently to strengthen the agency we oversee and protect the Nation's small business community that utilizes its services. I ask my fellow Members to support this bill, and I reserve the balance of my time. Mr. CHABOT. Mr. Speaker, I yield myself such time as I may consume. Mr. Speaker, I rise in support of H.R. 2331, the SBA Cyber Awareness Act. In June 2015, the Office of Personnel Management, or OPM, discovered that background investigation records of current, former, and prospective Federal employees and contractors had been stolen from their system. That data breach affected 21.5 million individuals. Earlier in 2015, OPM discovered that the personal data of 4.2 million current and former Federal Government employees had also been stolen. This is absolutely unacceptable, and we must hold agencies accountable to secure their networks. While a much smaller agency, the SBA maintains important and sensitive data about loan recipients, government contractor information, and various other forms of personally identifiable information that hackers covet. That is why I am happy to support Mr. Crow's and Mr. Balderson's legislation, H.R. 2331, the SBA Cyber Awareness Act. This legislation mirrors legislation introduced in the last Congress by Senators Rubio and Cardin. The bill directs the SBA to issue reports that assess its cybersecurity infrastructure, including determining the country of origin of its IT components, and report cyber threats, breaches, and cyberattacks. This is a commonsense, bipartisan bill, and I urge my colleagues to support the measure. Mr. Speaker, I reserve the balance of my time. Mr. DELGADO. Mr. Speaker, I yield 5 minutes to the gentleman from Colorado (Mr. Crow), the sponsor of the bill. Mr. CROW. Mr. Speaker, I want to thank the gentleman from New York (Mr. Delgado) for yielding, and I want to thank Chairwoman Velazquez for prioritizing this critical issue and bringing our bill to the floor. I also want to thank my friend and colead on H.R. 2331, the gentleman from Ohio (Mr. Balderson), for his leadership on cybersecurity and small business issues and this bill in particular. I value his input and expertise on all of these issues. Mr. Speaker, I rise in strong support of this bipartisan legislation I introduced with Ranking Member Balderson, the SBA Cyber Awareness Act. The Small Business Administration houses vital information for small business owners and lenders. We must do everything we can to help the SBA protect its systems and the data of our Nation's small businesses. Our bill would require the SBA to be more proactive in protecting its data and more transparent in the event of a cyber breach. First, our bill requires the SBA to issue a report detailing its cybersecurity efforts within 6 months of enactment. This report must include an assessment of the SBA's existing IT and cybersecurity infrastructure and its strategy to address vulnerabilities. Notably, this bill ensures we are protecting ourselves against China by requiring an audit of any SBA system or IT equipment manufactured by a company headquartered in China. The report must detail every cybersecurity risk or incident in the last 2 years and the SBA's strategy to address them going forward. Second, our bill provides a framework for the SBA to follow in the event of future breaches, requiring timely notifications to Congress as well as the people in the small businesses affected. The bill also requires the SBA to submit a full report to both committees on how the cybersecurity risk or incident occurred and how many parties were affected. The goal of this bill is to put the SBA and the small businesses that it interacts with and that depend on it on the best footing possible to combat the rising threat of cyberattacks. I am very excited that this bill is up for a vote in the House today and has such strong bipartisan support. Mr. Speaker, I urge my colleagues to vote in support of our bipartisan legislation and thank everyone who had a hand in bringing it to the floor. It is an exciting day when we can focus on our Nation's small businesses and cyber infrastructure, and I am hopeful for this bill's quick consideration by the Senate. Mr. CHABOT. Mr. Speaker, in closing, I just want to thank Mr. Balderson and Mr. Crow for working together in a bipartisan manner on this very important legislation. I know Mr. Balderson wanted to be here today to speak on this. Unfortunately, I believe he had some airline issues, but I believe he will be submitting a statement for the Record. But again, we appreciate both Mr. Balderson and Mr. Crow's leadership on this. {time} 1700 We have seen a large increase in cybersecurity threats against not only the private sector, but also the public sector. We must remain vigilant to ensure the public's data does not end up in the wrong hands. This bipartisan legislation ensures that the SBA is better equipped to protect American citizens' data. Mr. Speaker, I urge my colleagues to support this, and I yield back the balance of my time. Mr. DELGADO. Mr. Speaker, the Small Business Administration fuels the U.S. economy, and through its lending and contracting programs, helps Americans start, build, and grow small businesses, but in doing so, the agency is tasked with handling vital information. As we all know, cyberattacks are very real, and nobody, not even the Federal Government, is immune. That is why this piece of legislation, H.R. 2331, is fundamental to the health of our national cyber infrastructure as it relates to small firms. The SBA must protect its digital networks from cyberattacks and collaborate more with Congress. Modernizing the agency's IT infrastructure and implementing an effective cyber strategy is the key component of this bill. Doing so guarantees the SBA can adequately and effectively defend its digital network. This bill also requires timely reporting of cyber incidents to Congress and affected individuals in the unfortunate event of a breach. The sharing of this information allows us to collaborate with the SBA to better address vulnerabilities in the system. Mr. Speaker, H.R. 2331 has bipartisan support, so I once again want to urge my colleagues to support the measure. I yield back the balance of my time. Mr. BALDERSON. Mr. Speaker, I rise today in support of H.R. 2331, the SBA Cyber Awareness Act of 2019. This bill has had my full support since its introduction and I am happy to support its passage today. I want to first thank my good friend, the gentleman from Colorado, for his leadership on this effort. It is nice to see Congress attempt to solve problems not only in a bipartisan manner, but also proactively before problems occur, rather than waiting until something goes wrong. This bill addresses a potential weakness within the Small Business Administration's cybersecurity infrastructure. By passing this bill, we will proactively guard against harmful and widespread cyberattacks by bringing the Small Business Administration's cybersecurity defenses into the 21st Century. This bill will protect the sensitive business and personal information of millions of small business owners across the country. In a rapidly-developing digital age, strong cybersecurity protections and reinforcements are of the utmost importance. Many small businesses don't have the defensive infrastructure to deal with cyberattacks, A threat to cybersecurity is a threat to small businesses' vitality. that's why this bill is so important. We, as Congress, must lift up the small businesses of America and ensure they have the support they need to address this ever-changing online environment. And this bill is a bipartisan example of that. Once again, I thank my colleague from Colorado for his proactive leadership, and I urge the passage of H.R. 2331. The SPEAKER pro tempore. The question is on the motion offered by the gentleman from New York (Mr. [[Page H5809]] Delgado) that the House suspend the rules and pass the bill, H.R. 2331. The question was taken; and (two-thirds being in the affirmative) the rules were suspended and the bill was passed. A motion to reconsider was laid on the table. ____________________
All in House sectionPrev28 of 79Next