[Congressional Bills 114th Congress]
[From the U.S. Government Publishing Office]
[S. 3024 Reported in Senate (RS)]
<DOC>
Calendar No. 511
114th CONGRESS
2d Session
S. 3024
To improve cyber security for small businesses.
_______________________________________________________________________
IN THE SENATE OF THE UNITED STATES
June 6, 2016
Mr. Vitter (for himself, Mr. Peters, and Mr. Coons) introduced the
following bill; which was read twice and referred to the Committee on
Small Business and Entrepreneurship
June 9, 2016
Reported by Mr. Vitter, without amendment
_______________________________________________________________________
A BILL
To improve cyber security for small businesses.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Small Business Cyber Security
Improvements Act of 2016''.
SEC. 2. ROLE OF SMALL BUSINESS DEVELOPMENT CENTERS IN CYBER SECURITY
AND PREPAREDNESS.
Section 21 of the Small Business Act (15 U.S.C. 648) is amended--
(1) in subsection (a)(1), by striking ``and providing
access to business analysts who can refer small business
concerns to available experts:'' and inserting ``providing
access to business analysts who can refer small business
concerns to available experts; and, to the extent practicable,
providing assistance in furtherance of the Small Business
Development Center Cyber Strategy developed under section 4(c)
of the Small Business Cyber Security Improvements Act of
2016''; and
(2) in subsection (c)(3)--
(A) in subparagraph (S), by striking ``and'' at the
end;
(B) in subparagraph (T), by striking the period and
inserting ``; and''; and
(C) by adding at the end of the following:
``(U) to the extent practicable, providing access to
external cyber security specialists to counsel, assist, and
inform small business concerns in furtherance of the Small
Business Development Center Cyber Strategy developed under
section 4(c) of the Small Business Cyber Security Improvements
Act of 2016.''.
SEC. 3. ADDITIONAL CYBER SECURITY ASSISTANCE FOR SMALL BUSINESS
DEVELOPMENT CENTERS.
Section 21(a) of the Small Business Act (15 U.S.C. 648(a)) is
amended by adding at the end the following:
``(8) Cyber security assistance.--The Department of
Homeland Security, and any other Federal agency, in
coordination with the Department of Homeland Security, may
provide assistance to small business development centers,
through the dissemination of cyber security risk information
and other homeland security information, to help small business
concerns in developing or enhancing cyber security
infrastructure, cyber threat awareness, and cyber training
programs for employees.''.
SEC. 4. GAO STUDY ON SMALL BUSINESS CYBER SUPPORT SERVICES AND SMALL
BUSINESS DEVELOPMENT CENTER CYBER STRATEGY.
(a) Definitions.--In this section--
(1) the term ``Administrator'' means the Administrator of
the Small Business Administration;
(2) the term ``association'' means the association
established under section 21(a)(3)(A) of the Small Business Act
(15 U.S.C. 648(a)(3)(A)) representing a majority of small
business development centers;
(3) the terms ``Federal agency'', ``small business
concern'', and ``small business development center'' have the
meanings given such terms under section 3 of the Small Business
Act (15 U.S.C. 632); and
(4) the term ``Secretary'' means the Secretary of Homeland
Security.
(b) Review of Current Cyber Security Resources.--
(1) In general.--The Comptroller General of the United
States shall conduct a review of the cyber security resources
of Federal agencies aimed at assisting small business concerns
with developing or enhancing cyber security infrastructure,
cyber threat awareness, or cyber training programs for
employees.
(2) Content.--The review required under paragraph (1) shall
include the following:
(A) An accounting and description of all programs,
projects, and activities of Federal agencies that
provide assistance to small business concerns in
developing or enhancing cyber security infrastructure,
cyber threat awareness, or cyber training programs for
employees.
(B) An assessment of how widely utilized the
resources described under subparagraph (A) are by small
business concerns.
(C) A review of whether or not the resources
described in subparagraph (A) are--
(i) duplicative of other programs; or
(ii) structured in a manner that makes the
resources accessible to and supportive of small
business concerns.
(3) Report.--The Comptroller General shall submit to
Congress, the Administrator, the Secretary, and the association
a report containing all findings and determinations made in
carrying out the review required under paragraph (1).
(c) Small Business Development Center Cyber Strategy.--
(1) In general.--Not later than 90 days after the date on
which the Comptroller General submits the report under
subsection (b)(3), the Administrator and the Secretary shall
begin to work collaboratively to develop a Small Business
Development Center Cyber Strategy.
(2) Consultation.--In developing the strategy required
under paragraph (1), the Administrator and the Secretary shall
consult with entities representing the concerns of small
business development centers, including the association.
(3) Content.--The strategy required under paragraph (1)
shall include, at minimum, the following:
(A) Plans for incorporating small business
development centers into cyber programs to enhance
services and streamline cyber assistance to small
business concerns.
(B) To the extent practicable, methods for
providing counsel and assistance to improve the cyber
security infrastructure, cyber threat awareness, and
cyber training programs for employees of small business
concerns, including--
(i) working to ensure individuals are aware
of best practices in the areas of cyber
security, cyber threat awareness, and cyber
training;
(ii) working with individuals to develop
cost-effective plans for implementing best
practices in the areas described in clause (i);
(iii) entering into agreements, where
practical, with Information Sharing and
Analysis Centers or similar cyber information
sharing entities to gain an awareness of
actionable threat information that may be
beneficial to small business concerns; and
(iv) providing referrals to area
specialists when necessary.
(C) An analysis of--
(i) how programs, projects, and activities
of Federal agencies identified by the
Comptroller General in the report submitted
under subsection (b)(3) can be leveraged by
small business development centers to improve
access to high quality cyber support for small
business concerns;
(ii) additional resources small business
development centers may need to effectively
carry out the role of the small business
development centers; and
(iii) how small business development
centers can leverage existing partnerships and
develop new partnerships with entities of the
Federal Government, States, and local
governments and in the private sector to
improve the quality of cyber support services
to small business concerns.
(4) Delivery of strategy.--Not later than 180 days after
the date on which the Comptroller General submits the report
under subsection (b)(3), the Administrator and the Secretary
shall submit the strategy required under paragraph (1) to--
(A) the Committee on Homeland Security and
Governmental Affairs and the Committee on Small
Business and Entrepreneurship of the Senate; and
(B) the Committee on Homeland Security and the
Committee on Small Business of the House of
Representatives.
(d) Prohibition on Additional Funds.--No additional funds are
authorized to be appropriated to carry out this section.
Calendar No. 511
114th CONGRESS
2d Session
S. 3024
_______________________________________________________________________
A BILL
To improve cyber security for small businesses.
_______________________________________________________________________
June 9, 2016
Reported without amendment