About | HeinOnline Law Journal Library | HeinOnline Law Journal Library | HeinOnline
LOG IN
LOG IN

1 [1] (August 7, 2024)

handle is hein.crs/goveqga0001 and id is 1 raw text is: Con re &on I Research S informing I leqi I ive de a ~ in e 1914 August 7, 2024 The Cybersecurity for Small Business Pilot Program Although cybercrimes against large companies often attract attention, criminals also frequently attack small businesses online. One 2022 report found that an average employee at a small business will be the target of 350% more social engineering cyberattacks (where individuals are manipulated into sharing information) than an employee at a larger company. Another survey that same year noted that over 30% of small and mid-size businesses in the United States lack written plans to respond to cyberattacks. At the same time, some experts suggest that small businesses may have less understanding of and resources for cybersecurity than larger firms. Since 2022, the U.S. Small Business Administration (SBA) has operated the Cybersecurity for Small Business Pilot Program (CSBPP) to help small businesses enhance their cybersecurity. CSBPP provides grants to states, state agencies, and entities designated to conduct a state's cybersecurity education to fund projects intended to help small businesses fend off online threats. To date, SBA has made nine awards worth a total of $9 million through CSBPP. SBA opened a new round of applications in July 2024 for CSBPP awards for FY2024. This In Focus discusses the legislative and funding histories of CSBPP, program eligibility and award information, and selected issues for Congress. Legs at ve HI story Congress has taken interest in small business cybersecurity several times in recent years. In the 114th Congress, the National Defense Authorization Act for Fiscal Year 2017 (FY2017 NDAA; P.L. 114-328) required the SBA Administrator and the Secretary of Homeland Security to work together to develop a Small Business Development Center Cyber Strategy (Strategy). Among other things, the Strategy was to include: * plans for allowing SBA's Small Business Development Centers (SBDCs; these provide technical assistance to small businesses) to access existing programs of the Department of Homeland Security (DHS) and other federal agencies to provide cybersecurity to small businesses; * analyses of how SBDCs can use federal programs, projects, and activities to improve access to cybersecurity for small businesses; and * information on how SBDCs can partner with state and local governments and private entities to improve the quality of cybersecurity services to small businesses. The Strategy was completed in March 2019. Its recommendations included: * centralizing cybersecurity information and resources on SBA's website for easy access by SBDCs and small businesses; * compiling a digital directory of small business cybersecurity resources; * providing access to cybersecurity training resources; and * expanding SBDC counselor expertise on cybersecurity. In addition, the FY2017 NDAA amended Section 21 of the Small Business Act (P.L. 83-163, as amended; Section 21 authorizes the SBDC program and is in the U.S. Code at 15 U.S.C. §648) to require SBDCs to provide assistance to small businesses in accordance with the Strategy. The FY2017 NDAA also amended Section 21 to require SBDCs to provide small businesses with access to cybersecurity specialists at an SBDC. In the 117th Congress, the Small Business Cyber Training Act of 2022 (P.L. 117-319) also amended Section 21 of the Small Business Act to require that SBA establish a cyber counseling certification program for employees of lead SBDCs. (SBDCs are comprised of lead SBDCs, which receive grants directly from SBA, and SBDC partner service centers, which are established by lead SBDCs.) P.L. 117-319 directed cyber-certified SBDC employees to provide cybersecurity planning assistance to small businesses. The law also required all lead SBDCs to have either five employees or 10% of the lead SBDC's total employees obtain the certification. In August 2024, SBA opened the application for an organization to develop the cyber certification program for SBDCs. Both P.L. 117-319 and the FY2017 NDAA amended 15 U.S.C. §648. CSBPP's FY2024 notice of funding opportunity (NOFO) cited 15 U.S.C. §648 and P.L. 118-47 (which provided FY2024 appropriations for the program; discussed below) as authorities for the program. While P.L. 117-319 and P.L. 114-328 provided general authority for SBA to provide cybersecurity assistance to small businesses, the 116th Congress directed SBA to stand up CSBPP through the Consolidated Appropriations Act, 2021 (P.L. 116-260). The law's accompanying explanatory statement noted, The agreement includes $3,000,000 for a Cybersecurity Assistance Pilot Program that will competitively award up to three grants to States to provide new small businesses with access to cybersecurity tools during their formative and most vulnerable years.

What Is HeinOnline?

HeinOnline is a subscription-based resource containing thousands of academic and legal journals from inception; complete coverage of government documents such as U.S. Statutes at Large, U.S. Code, Federal Register, Code of Federal Regulations, U.S. Reports, and much more. Documents are image-based, fully searchable PDFs with the authority of print combined with the accessibility of a user-friendly and powerful database. For more information, request a quote or trial for your organization below.



Short-term subscription options include 24 hours, 48 hours, or 1 week to HeinOnline.

Purchase Access

Already a HeinOnline Subscriber?

Log In

profiles profiles most