House Passes Two SBA Cybersecurity Bills – 11-2-21

Yesterday the House took up two bills related to cybersecurity support to small businesses by the Small Business Administration. Both bills were considered under the suspension of the rules process and passed with very strong bipartisan support in recorded votes.

The two bills were:

• HR 3462, the SBA Cyber Awareness Act, and

• HR 4515, the Small Business Development Center Cyber Training Act of 2021

I have not covered HR 3462. This bill addresses the internal cybersecurity operations of the SBA. The final vote on this bill was 423 to 0.

There was only about 10 minutes of debate on HR 4515. There were no speakers in opposition to the bill. The final vote was 409 to 14 with all of the Nay votes coming from Republicans.

NOTE: Corrected title 11-4-21 0705 EDT

Committee Hearings – Week of 10-31-21

This week, with both the House and Senate in Washington, there is a relatively light committee schedule. There is one mark-up hearing and two cybersecurity hearings of interest.

Senate Mark-up Hearing

On Wednesday, the Senate Homeland Security and Governmental Affairs Committee will hold a business meeting. In addition to three nominations and two postal-naming bills, the Committee will take up 25 bills. That includes bills of interest here:

S 2993, the CISA Cyber Exercise Act,

S 2491, the Defense of United States Infrastructure Act of 2021,

S 2274, the Federal Cybersecurity Workforce Expansion Act,  and

S 2483, the Improving Cybersecurity of Small Organizations Act of 2021

With this large of an agenda, there will be little or no debate during the hearing, but in this Committee that sort of give and take almost always takes place behind closed doors.

Cybersecurity Hearings

On Wednesday the House Homeland Security Committee will hold a hearing on “Evolving the U.S. Approach to Cybersecurity: Raising the Bar Today to Meet the Threats of Tomorrow”. The witness list includes:

• Jen Easterly, CISA, and

• Chris Inglis, National Cyber Director

While not directly in the purview of this Committee, it will be interesting to see if the testimony reiterates previous calls for EPA cybersecurity mandate authority.

On Thursday, the House Transportation and Infrastructure Committee will hold a hearing on “The Evolving Cybersecurity Landscape: Industry Perspectives on Securing the Nation's Infrastructure”. No witness list is currently available. While the Committee certainly (and legitimately) wants to hear from industry, it would seem to me that a panel from TSA and CISA would certainly be appropriate in the current regulatory climate.

On the Floor

We may see the Senate this week formally start the consideration process for HR 4350, the FY 2022 NDAA. We certainly saw enough amendments proposed to that bill last week. The amendment submission process will likely continue in any case. This must pass bill is a great place for Senators to place legislation that could not make it to the floor under regular order.

The House is scheduled to take up three small-business cybersecurity bills this week (only two of which I have covered here) under the suspension of the rules process. Those bills are:

HR 3462 – SBA Cyber Awareness Act,

HR 4513 – Small Business Advanced Cybersecurity Enhancements Act of 2021,

HR 4515 – Small Business Development Center Cyber Training Act of 2021

These bills will have strong bipartisan support, but Republican delaying tactics could result in actual votes being delayed until next week.

The House leadership is still trying to get their two infrastructure bills to the floor for votes. Maybe we will see them this week, maybe not.

Review - HR 4515 Introduced – SBDC Cyber Training

Last month, Rep Garbarino (R,NY) introduced HR 4515, the Small Business Development Center Cyber Training Act of 2021. The bill would amend 15 USC 648, requiring the Small Business Administration (SBA) to provide cyber strategy training to personnel working at Small Business Development Centers. The bill would authorize the SBA to reimburse training costs associated with the program up to a total of $350,000 per year.

Garbarino and five of his six cosponsors {Rep Tenney (R,NY), Rep Delgado (D,NY), Rep Evans (D,PA), Rep Houlahan (D,PA), Rep Phillips (D,MN)} are all members of the House Small Business Committee. This means that there is a good chance that there is sufficient influence to see this bill considered in Committee. I see nothing in the bill that would engender any significant opposition. I suspect that the bill would receive bipartisan support. This means that the bill would probably be considered on the floor of the House under the suspension of the rules process.

For more details on the language of the bill, including suggestions to ensure control system security coverage, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/hr-4515-introduced - subscription required.

Bills Introduced – 7-19-21

Yesterday, with both the House and Senate back in Washington, there were 56 bills introduced. Of those there were seven bills that may receive additional coverage in this blog:

HR 4502 Making appropriations for the Departments of Labor, Health and Human Services, and Education, and related agencies for the fiscal year ending September 30, 2022, and for other purposes. Rep. DeLauro, Rosa L. [D-CT-3]

HR 4505 Making appropriations for the Departments of Commerce and Justice, Science, and Related Agencies for the fiscal year ending September 30, 2022, and for other purposes. Rep. Cartwright, Matt [D-PA-8]

HR 4513 To amend the Small Business Act to provide for the establishment of an enhanced cybersecurity assistance and protections for small businesses, and for other purposes. Rep. Donalds, Byron [R-FL-19]

 

HR 4515 To amend the Small Business Act to require cyber certification for small business development center counselors, and for other purposes. Rep. Garbarino, Andrew R. [R-NY-2]

HR 4530 To establish the Office of Technologists within the Federal Trade Commission. Rep. McNerney, Jerry [D-CA-9]

S 2377 An original bill to invest in the energy and outdoor infrastructure of the United States to deploy new and innovative technologies, update existing infrastructure to be reliable and resilient, and secure energy infrastructure against physical and cyber threats, and for other purposes. Sen. Manchin, Joseph [D-WV]

S 2382 A bill to authorize the National Cyber Director to accept details from other elements of the Federal Government on nonreimbursable basis, and for other purposes. Sen. Portman, Rob [R-OH]

The two spending bills will be rolled into the first minibus that I discussed yesterday.

I will be watching HR 4513 and HR 4515 for language and definitions that would indicate that industrial control systems would be included in their coverage.

Okay, I probably will not be covering HR 4530, but I have to see what an “Office of Technologists” is.

S 2377 is Sen Manchin’s (D,WV) infrastructure bill (counter point to the similar but unrelated HR 3684) that was marked up in the Senate Energy and Natural Resources Committee last week. The bill incorporates a number of cybersecurity bills. I am not sure that this will go anywhere, but it will be worth watching.

S 2382 is a housekeeping bill to allow the fleshing out of the Office of the National Cyber Director. I will probably be covering this even though it will almost certainly not have ICS specific language.