Measure Aims to Help Small Businesses Build CyberdefensesSenate Commerce Panel OK's Bill Directing NIST to Create Guidance Tailored to Small Businesses
Legislation aimed to provide a set of tools, best practices and guidance to help small businesses protect their digital assets is heading to the U.S. Senate.
The Senate Commerce, Science and Transportation Committee on April 5 approved the Main Street Cybersecurity Act, short for Making Available Information Now to Strengthen Trust and Resilience and Enhance Enterprise Technology Cybersecurity Act.
"This legislation will help small businesses get the information they need to protect themselves and their customers from cyberattacks," Committee Chairman John Thune, R-S.D., said at the panel's markup session on the bill.
Guidance Tailored to Small Businesses
The bill would require the National Institute of Standards and Development to create cybersecurity guidance tailored to small business needs. Elements of the guidance would include simple, basic controls to assist small businesses to defend against common cybersecurity risks. Tools described in the guidance must be technology neutral and be commonly used, off-the-shelf commercial products.
In developing the guidance, the bill would require NIST to consider methods adopted through the Small Business Development Cyber Strategy. The strategy, enacted last year by Congress, aims to toughen small business cybersecurity through the dissemination of risk information and ways to enhance cybersecurity infrastructure.
Citing a 2012 study, one of the bill's sponsors, Republican Sen. James Risch of Idaho, says 71 percent of cyberattacks target businesses with fewer than 100 employees.
"Small businesses are the backbone of our economy, but unfortunately that's exactly what makes them a prime target for hackers," the bill's prime sponsor, Democratic Sen. Brian Schatz of Hawaii, said when introducing the legislation. "These cyberattacks not only leave American consumers exposed, they can be so harmful to businesses that recovering from an attack can often times force them out of business."
A number of business groups including the U.S. Chamber of Commerce and the National Small Business Association back the legislation. "By offering small businesses federal agencies' resources and coordinated support, they can better manage risks, protect customer privacy, and focus on growing their ventures," says Andy Halataei, senior vice president for government affairs at the Information Technology Industry Council, a trade group.