President Signs Schatz’s Small Business Cybersecurity Legislation Into Law
Schatz Authored Bill Will Give Small Businesses the Resources To Fight Online Attacks
WASHINGTON – Today, President Donald Trump signed the NIST Small Business Cybersecurity Act, legislation authored by U.S. Senators Brian Schatz (D-Hawai‘i) and James Risch (R-Idaho). The bipartisan bill will provide a consistent set of resources for small businesses to best protect their digital assets from cybersecurity threats. Small businesses are a pillar of the American economy and make up more than half of all jobs in the United States. But these businesses have also become a major target for cyberattacks.
“As businesses rely more and more on the internet to run efficiently and reach more customers, they will continue to be vulnerable to cyberattacks. But while big businesses have the resources to protect themselves, small businesses do not, and that’s exactly what makes them an easy target for hackers,” said Senator Schatz, lead Democrat on the Commerce Subcommittee on Communications, Technology, Innovation, and the Internet. “This new law will give small businesses the tools to firm up their cybersecurity infrastructure and fight online attacks.”
In addition to Schatz and Risch, co-sponsors of the bill include U.S. Senators John Thune (R-S.D.), Maria Cantwell (D-Wash.), Bill Nelson (D-Fla.), Cory Gardner (R-Colo.), Catherine Cortez Masto (D-Nev.), Maggie Hassan (D-N.H.), Claire McCaskill (D-Mo.), and Kirsten Gillibrand (D-N.Y.).
In 2014, the Senate unanimously passed the Cybersecurity Enhancement Act of 2014, which codified the industry-led process for the National Institute of Standards and Technology (NIST) Cybersecurity Framework, a comprehensive voluntary guide for organizations and businesses to better manage and reduce cybersecurity risks. While this framework continues to play a key role in improving the cyber resilience of the United States, additional coordinated resources are necessary to improve the ability of small businesses to use the framework. The legislation, formerly known as the MAIN STREET Cybersecurity Act, will ensure NIST considers the needs of small businesses as it updates the framework and provide simplified, consistent resources based on the NIST framework specifically for small businesses.