Washington, DC – Today, the House passed the SBA Cyber Awareness Act (H.R. 3462), a bipartisan bill introduced by Reps. Young Kim (CA-39) and Jason Crow (CO-06) that would strengthen the Small Business Administration’s (SBA) cybersecurity capabilities to handle and report cyber threats that impact small businesses.
Reps. Kim and Crow serve as Ranking Member and Chair of the Small Business Subcommittee on Innovation, Entrepreneurship and Workforce Development.
H.R. 3462 is Congresswoman Kim’s 10th bipartisan bill to pass out of the House of Representatives. She spoke on the House floor in support of the bill, here.
“For more than two decades, the SBA’s Inspector General has listed IT security as one of the most pressing challenges facing the SBA. Unfortunately, SBA cybersecurity vulnerabilities were brought to light with unprecedented demand of SBA loan programs during COVID-19, discouraging entrepreneurs from starting a business and creating jobs,” said Congresswoman Kim. “We must address this issue now and secure our systems so small business owners can safely utilize SBA’s resources as they work to recover from the pandemic, hire workers and adjust to rising costs of supplies. I thank my colleagues for coming together to pass the SBA Cyber Awareness Act and urge the Senate to swiftly take action to support small businesses. I will continue to fight for our small business owners in Congress.”
“Cyberattacks are one of the greatest modern threats to our economy. We must do everything we can to defend our small business owners from these attacks. I’m proud to join my friend, Congresswoman Young Kim as we work to modernize our government infrastructure and protect hardworking small business owners,” said Congressman Jason Crow (CO-06).
The SBA Cyber Awareness Act would expand cybersecurity operations at the SBA by requiring the SBA to notify Congress of future breaches with information on those affected and how the breach occurred and directing the SBA to issue a report within six months of bill passage assessing the agency’s ability to combat cyber threats. Specifically, the report would disclose:
- The SBA’s cybersecurity infrastructure;
- The SBA’s strategy to improve cybersecurity protections;
- Any equipment used by the SBA and manufactured by a company headquartered in China; and,
- Any incident of cyber risk at the SBA and the agency’s actions to confront it.
