Cybersecurity Bill to Help Small Businesses Passes House

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Daniel R. Stoller

The House Oct. 11 passed a bill that would provide cybersecurity guidance to the nation’s millions of small businesses, which are frequent targets of cyberattacks.

Similar legislation passed the Senate Sept. 28, and staffers for bill sponsors in both chambers told Bloomberg BNA that the differences between the legislation are minor and should be easy to resolve.

The bipartisan NIST Small Business Cybersecurity Act (H.R. 2105), which passed by voice vote, would require the Department of Commerce’s National Institute of Standards and Technology (NIST) to issue voluntary cybersecurity guidelines specific to the needs of small businesses.

House sponsor Daniel Webster (R-Fla.), owner of a multi-generational small business, told Bloomberg BNA Oct. 11 that small businesses “are more susceptible to attacks” due to limited cybersecurity resources and “tools they need to prepare for such an event.”

About 50 percent of reported cyberattacks are against companies that make $50 million in revenue or less, Daimon Geopfert, national leader and security and privacy consultant at Risk Advisory Services in Southfield, Mich., said at a recent House Small Businesses Committee hearing. Approximately 28.2 million small businesses in the U.S. employ half of all workers in the country, according to the Small Business Administration.

The NIST cybersecurity framework, which consists of voluntary cybersecurity standards that can be customized to various industry sectors, would be tailored for small businesses to “protect business owners, their employees, and their customer base, all while contributing positively to the economy,” Webster said.

A similar bipartisan bill that passed the Senate, the MAIN STREET Cybersecurity Act ( S. 770), was sponsored by Sens. Brian Schatz (R-Hawaii) and Jim Risch (R-Idaho).

Senate Bill

The major difference between the two bills is a Senate bill provision. According to the Senate bill, if another federal agency provides small business cybersecurity resources, the head of each agency must make sure “resources are consistent with the resources disseminated” through NIST.

These differences probably won’t prevent the House and Senate from reaching an agreement and presenting legislation to President Trump in the near future.

The House and Senate bills “are substantively alike” and any differences “can be easily worked out without changing the underlying intent which is the same in both bills,” a Webster staffer told Bloomberg BNA.

Senators that sponsored the MAIN STREET Cybersecurity Act also think they can work out differences between the two pieces of legislation.

A staffer for Senate Small Business Committee Chairman Risch told Bloomberg BNA Oct. 11 that the committee and the senator “will work with the House” to pass a bill “that provides small businesses with a usable set of best practices to help keep themselves and their businesses safe from a variety of bad actors while doing business online.”

Representatives for Schatz didn’t immediately respond to Bloomberg BNA’s email request for comment.

To contact the reporter on this story: Daniel R. Stoller in Washington at

To contact the editor responsible for this story: Donald Aplin at

For More Information

Text of the NIST Small Business Cybersecurity Act is available at of the MAIN STREET Cybersecurity Act is available at

Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.

Request Bloomberg Law: Privacy & Data Security