Attention! Tustin Hangar ResourceClick Here

Rep. Young Kim in a Small Business Committee hearing

Jul 29, 2021 | Press Releases, Small Business

Washington, DC – Today, the Small Business Committee passed the SBA Cyber Awareness Act (H.R. 3462), a bipartisan bill by Innovation, Entrepreneurship and Workforce Development Subcommittee Ranking Member Young Kim (CA-39) and Chairman Jason Crow (CO-06).

The SBA Cyber Awareness Act now heads to the House Floor for a vote. Congresswoman Kim spoke in support of the bill during today’s markup HERE.

“Rising cyberattacks are compromising small business owners’ security, hurting businesses’ ability to keep their doors open and employees on payroll, undermining our public institutions, and discouraging future entrepreneurs from establishing a small business and creating jobs,” said Rep. Young Kim. “We must ensure that small business owners can safely utilize the Small Business Administration’s resources. I thank Chairman Crow for working with me on the SBA Cyber Awareness Act and my Small Business Committee colleagues for prioritizing cybersecurity at the Small Business Administration. I’ll always fight for our small business owners and entrepreneurs in Congress.” 

 “Cyberattacks are one of the biggest threats to our economy and small businesses, and this bill would ensure that we are doing everything we can to protect the millions of small businesses the SBA serves,” said Rep. Jason Crow. “I’m proud the Small Business Committee voted to pass this legislation and look forward to a vote on the House floor.”

In recent years, cyberattacks have increased and federal agencies are not immune. For more than two decades, the SBA’s Inspector General has listed IT security as one of the most serious management and performance challenges facing the SBA.

Over the course of the COVID-19 pandemic, unprecedented demand for relief programs like the Paycheck Protection Program (PPP) and Economic Injury Disaster Loan Program (EIDL) have inundated SBA’s legacy systems, leading to backend system crashes, portals operating slowly and a glitch that led to a data breach of applicants’ personal information. On March 25, 2020, SBA discovered a flaw in its EIDL application system that exposed the personal information of up to 8,000 individuals to other applicants. Exposed data included email addresses, citizenship status, insurance information, birth dates, phone numbers, addresses, and Social Security Numbers. SBA failed to make any public announcement about the data breach, and it wasn’t until April 13, 2020 that the agency sent paper notifications to affected individuals.

The bipartisan bill would expand cybersecurity operations at the SBA by requiring the Small Business Administration to issue a report assessing the agency’s ability to combat cyber threats within six months of passage. Specifically, the report would disclose:

  • SBA’s cybersecurity infrastructure;
  • the SBA’s strategy to improve cybersecurity protections;
  • any equipment used by the SBA; and,
  • any incident of cyber risk at the SBA and the agency’s actions to confront it.

Finally, recognizing that a cyberattack to the agency could put the sensitive information and intellectual property of small businesses at risk, the legislation would require SBA to notify Congress of future breaches with information on those affected and how the breach occurred.

Signup to receive our Email Newsletters

The Latest News