Small Business Cyber Training Act of 2022

Floor Speech

Date: Dec. 5, 2022
Location: Washington, DC


Ms. VELAZQUEZ. Mr. Speaker, I move to suspend the rules and pass the bill (S. 1687) to amend section 21 of the Small Business Act to require cyber certification for small business development center counselors, and for other purposes, as amended.

The Clerk read the title of the bill.

The text of the bill is as follows: S. 1687

Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled, SECTION 1. SHORT TITLE.

This Act may be cited as the ``Small Business Cyber Training Act of 2022''. SEC. 2. DUTIES OF SMALL BUSINESS DEVELOPMENT CENTER COUNSELORS.

(a) Cyber Training.--Section 21 of the Small Business Act (15 U.S.C. 648) is amended by adding at the end the following:

``(o) Cyber Strategy Training for Small Business Development Centers.--

``(1) Definitions.--In this subsection--

``(A) the term `cyber strategy' means resources and tactics to assist in planning for cybersecurity and defending against cyber risks and attacks; and

``(B) the term `lead small business development center' means a small business development center that receives reimbursement from the Administrator under paragraph (5).

``(2) Certification program.--The Administrator shall establish a cyber counseling certification program, or designate 1 or more substantially similar governmental or private cybersecurity certification programs, to certify the employees of lead small business development centers in providing cyber planning assistance to small business concerns.

``(3) Number of certified employees.--The Administrator shall ensure that the number of employees of each lead small business development center who are certified in providing cyber planning assistance is not less than the lesser of--

``(A) 5; or

``(B) 10 percent of the total number of employees of the lead small business development center.

``(4) Cyber strategy.--In carrying out paragraph (2), the Administrator, to the extent practicable, shall consider any cyber strategy methods included in the Small Business Development Center Cyber Strategy developed under section 1841(a)(3)(B) of the National Defense Authorization Act for Fiscal Year 2017 (Public Law 114-328; 130 Stat. 2662).

``(5) Reimbursement for certification.--

``(A) In general.--Subject to the availability of appropriations, the Administrator may reimburse each lead small business development center for costs relating to the certification of 1 or more employees of the lead small business center in providing cyber planning assistance under a program established or designated under paragraph (2).

``(B) Limitation.--The total amount reimbursed by the Administrator under subparagraph (A) may not exceed $350,000 in any fiscal year.''.

(b) Implementation.--Not later than 180 days after the date of enactment of this Act, the Administrator of the Small Business Administration shall implement paragraphs (2), (3), and (4) of section 21(o) of the Small Business Act, as added by subsection (a).

Mr. Speaker, I rise in support of the bill before us today, S. 1687, the Small Business Cyber Training Act of 2022.

The House passed its companion bill, H.R. 4515, the Small Business Development Center Cyber Training Act on November 2, 2021.

S. 1687, would establish a cyber counseling certification program for lead SBDC staff to provide specific, free-of-charge cyber training for small businesses.

As more businesses utilize the internet for social media advertising, payment systems, and global markets, more of them become vulnerable to cyberattacks. The cyber disruptions can destroy IT systems and derail operations, sometimes forcing the business to shut down.

Cyberattack damage is not just limited to the IT systems; it can also erode customers' trust and tarnish a business' reputation.

With that said, a recent SBA survey found that 88 percent of small business owners felt their business was vulnerable to a cyberattack, but reported that they couldn't afford professional IT solutions, have limited time to devote to cybersecurity, or just do not know where to begin.

Given the greater risk cyberattacks pose to small businesses and their limited capacity to protect against them, we must find ways to help entrepreneurs strengthen their cybersecurity posture. The SBA and SBDCs are ready, willing, and able to fill these gaps.

Under this legislation, lead SBDCs would be required to provide cyber training and resources and facilitate cybersecurity investments that are typically too expensive for small businesses.

S. 1687 makes minor technical changes to the House passed bill and were agreed upon by all stakeholders. I thank our House leaders, Mr. Garbarino, Mr. Evans, Ms. Houlahan, and Mr. Chabot, who have been true advocates on this issue. I applaud their commitment to helping small business owners protect their livelihood from destructive cyberattacks.

The use of digital tools dramatically increased during the pandemic, even here in Congress; and the massive shift to remote work has resulted in a significant rise in cybersecurity threats and attacks.

Guarding against cyberattacks often comes with significant costs and a substantial investment of time and resources. Unfortunately, small businesses operating on thin margins have fewer resources to dedicate to cybersecurity.

S. 1687 ensures that the Nation's 62 lead SBDCs are fully equipped to assist small businesses with their cybersecurity needs at no cost. The bill would eliminate the primary obstacle of investment costs and make cybersecurity mitigation easier to adopt.

This bill is a commonsense solution to complex problems. I urge my colleagues to support S. 1687, the Small Business Cyber Training Act of 2022, as amended.