President Biden on Dec. 27, 2022, signed into law the Small Business Cyber Training Act, which requires the Small Business Administration (SBA) to boost its ability to provide cyber planning training, and be more proactive in protecting data and requiring greater transparency of threats and breaches that occur.
Specifically, the bill, which was introduced by Sens. Marco Rubio, R-Fla., Jim Risch, R-Ind., and Bill Cassidy, R-La., requires the SBA to establish a cyber counseling certification program to certify the employees that lead small business development centers in providing cyber planning assistance to small businesses.
The bill also requires the SBA to issue a report assessing the agency’s ability to combat cyber threats. The report must include:
- Details of SBA’s cybersecurity infrastructure;
- SBA’s strategy to improve cybersecurity protections;
- Any equipment used by the SBA and manufactured by a company headquartered in China; and
- Any cyber risk incidents, and the agency’s actions taken to deal with them.
According to Sen. Rubio’s office, this bill is modeled after the success of the Small Business Development Centers (SBDCs) across the country to certify counselors in trade/export counseling and is in line with legislation already signed into law that requires intellectual property counseling.
“This bill has garnered broad bipartisan support as a cost-effective measure to use existing conferences to train SBDC counselors on the important topic of cyber strategy,” the senator’s office said in a statement.
Reps. Young Kim, R-Calif, and Jason Crow, D-Colo., introduced a similar House version of the bill – which President Biden signed into law on Dec. 21 – which obligates the SBA to develop a cyber strategy, assess the risks of foreign-sourced components that make up part of its IT systems, and submit an annual report to Congress on the agency’s cybersecurity progress.