House panel advances bill to help small businesses thwart cyber threats

House panel advances bill to help small businesses thwart cyber threats
© Greg Nash

The House Science Committee has advanced a bill with bipartisan backing aimed at helping small businesses improve their cyber defenses.

The legislation, approved by a voice vote at a brief business meeting Tuesday morning, would require the National Institute of Standards and Technology (NIST) to offer tools, guidelines and other resources for small businesses to safeguard their systems against cyber threats.

The bill was introduced by Rep. Daniel Webster (R-Fla.) and has bipartisan cosponsors. The bill is similar to bipartisan legislation introduced in the Senate by Sen. Brian Schatz (D-Hawaii) that already cleared the Commerce Committee back in April.

NIST develops an optional cybersecurity framework for organizations and is currently in the process of updating that framework. The federal agency already released a guide for small businesses on cybersecurity last November, but members of Congress are looking to expand its activities in this area. 

Both Republican and Democratic members of the committee cheered the legislation in the House on Tuesday.

Rep. Eddie Bernice Johnson (D-Texas), the panel's ranking member, said that the bill “addresses a significant need” to provide more cybersecurity help to small businesses. However, she expressed concern that the legislation says that no additional funds should be appropriated to NIST to produce the new resources. 

“I’m concerned that the House bill contains an explicit underfunded mandate clause and that the Senate bill is silent in funding,” Johnson said, emphasizing that lawmakers should work to provide the agency with “adequate resources” to expand its work. 

Johnson also took a swipe at the proposed budget blueprint released by the Trump administration earlier this year, saying that it would yield “damaging cuts” to NIST in fiscal year 2018.

Members of the committee approved the legislation by a voice vote, with the addition of a single amendment offered by Rep. Jerry McNerney (D-Calif.) that would require the NIST guidance disseminated to small businesses to include case studies of cyber protection and recovery. 

Both Webster and committee Chairman Lamar Smith (R-Texas) voiced support for the amendment. 

The Senate version has received backing from a number of groups including the National Small Business Association and the Chamber of Commerce, the latter of which wrote a letter in support of the House bill on Monday.