The NIST Small Business Cybersecurity Act, S. 770, is heading to President Trump’s desk where he is expected to sign it into law soon.
The legislation, approved by the Senate on Wednesday, directs the National Institute of Standards and Technology (NIST) to provide resources to small businesses to help them implement NIST’s voluntary cybersecurity framework. The bill also directs NIST to take the needs of small businesses into account when working on future standards. The goal of the legislation, according to bill sponsors Sens. Brian Schatz, D-Hawaii, and James Risch, R-Idaho, is to help small businesses protect their digital assets from cybersecurity threats.
“As businesses rely more and more on the internet to run efficiently and reach more customers, they will continue to be vulnerable to cyberattacks,” said Schatz, ranking member of the Senate Commerce, Science, and Transportation Committee’s Subcommittee on Communications, Technology, Innovation, and the Internet. “But while big businesses have the resources to protect themselves, small businesses do not, and that’s exactly what makes them an easy target for hackers. With this bill set to become law, small businesses will now have the tools to firm up their cybersecurity infrastructure and fight online attacks.”
The legislation received bipartisan support. Co-sponsors of the bill include Sens. John Thune, R-S.D., Maria Cantwell, D-Wash., Bill Nelson, D-Fla., Cory Gardner, R-Colo., Catherine Cortez Masto, D-Nev., Maggie Hassan, D-N.H., Claire McCaskill, D-Mo., and Kirsten Gillibrand, D-N.Y.
The House companion bill, HR 2105, passed in October of 2017 and was sponsored by Reps. Daniel Lipinski, D-Ill., and Daniel Webster, R-Fla.
“Most small businesses do not have significant IT departments,” said Lipinski on the House floor when the House legislation initially passed. “Some do not even have any dedicated information security personnel. Thus they may be more at risk of cyberattacks than large enterprises. These incidents hurt individual small business owners, employees, customers, and American competitiveness.”
The guidelines included in the legislation are entirely voluntary for small businesses. Legislators noted that this means there is no regulatory burden placed on small businesses, rather they can take advantage of additional government resources.