Review - S 2483 Introduced - Improving Cybersecurity of Small Organizations

Last month Sen Rosen (D,NV) introduced S 2483, the Improving Cybersecurity of Small Organizations Act of 2021. The bill would require CISA to develop cybersecurity guidance for small organizations. It would also require the Department of Commerce to provide a report to Congress “describing methods to incentivize small organizations to improve their cybersecurity”. Finally, the bill would require the Small Business Administration to periodically submit to Congress a census on the state of cybersecurity of small business. No spending is authorized by this bill.

Rosen is a member of the Senate Homeland Security and Governmental Affairs Committee to which this bill was assigned for consideration. This means that there should be enough influence to see this bill considered by the Committee. I do not see anything in the language that would engender significant opposition. I suspect that there would be significant bipartisan support for the bill in Committee. Unfortunately, the bill is unlikely to move to the floor of the Senate if it is approved by the Committee. It is just not important enough to take the time and effort to move a bill through the Senate under regular order.

While I understand the need for our legislators to be seen doing something to address the wide-spread cybersecurity vulnerabilities in our country, the scope of coverage of the proposed guidance ensures that the guidance will have to be written so broadly as to be of little use to small organizations that are not expected to have in-house cybersecurity expertise.

For more details about the provisions of the bill, including further commentary about the scope of coverage of the proposed guidance, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/s-2483-introduced - subscription required.