The House on Monday afternoon passed two cyber security bills, one aimed at helping small business and the other aimed at assessing the security posture of the Small Business Administration.
Separately, on Monday, Rep. Brian Babin (R-Texas), introduced a bill to establish a three-year pilot program that attempts to make it easier for U.S. universities to protect research from cyber-attacks. He said that universities are currently required to implement more than 100 controls to protect certain research but the complexity and cost of the controls means many schools can’t meet the requirements.
The Securing American Research from Cyber Theft Act (H.R. 3611) would create secure computing enclaves to protect federally-funded research in universities. It calls for the Defense Department, working with the National Institute of Standards and Technology, the National Science Foundation and the Department of Energy, to establish the pilot program.
The bill also calls for DoD to select three universities from among the schools classified under the Indiana Univ. Center for Postsecondary Research Carnegie Classification that work with secure information to develop the geographically secure computing enclaves.
“It’s becoming more and more difficult to protect American research and intellectual property from cyber-attacks,” Babin, ranking member of the House Science Subcommittee on Space & Aeronautics, said in a statement. “This pilot program gives researchers the tools needed to conduct sensitive research in a secure environment, and it safeguards tax payers’ investment in emerging technologies.”
The House by voice vote passed the Small Business Development Center Cyber Training Act of 2019 (H.R. 1649) that directs the Small Business Administration (SBA) to establish a cyber consulting certification to certify employees of lead small business development centers to provide cyber planning assistance to small businesses.
The SBA Cyber Awareness Act (H.R. 2331), also approved by voice vote, requires the SBA to report to Congress annually on its information technology and cyber security infrastructure, and include a strategy to improve its cyber security infrastructure, an inventory of its IT equipment or subsystems made in China, and a list of any cyber incidents in the last two years and actions taken to respond to or mitigate incidents.
The measure also directs the SBA to notify Congress within 7 days of a cyber security risk or incident and to notify small businesses affected by a cyber incident within 30 days.