The U.S. House Committee on Science, Space, and Technology on Tuesday unanimously approved the National Institute of Standards and Technology (NIST) Small Business Cybersecurity Act of 2017, which aims to provide small businesses with guidance to help them manage various cybersecurity risks.
Currently, small businesses account for approximately 54 percent of all sales in the United States and 55 percent of all jobs, making them prime targets for cyberattacks. Recent estimates from the U.S. National Cybersecurity Alliance stated that 60 percent of small businesses that fall victim to a cyberattack will close down within six months.
To address a range of cybersecurity issues, the bill requires the NIST Director to disseminate clear and concise guidelines, tools, best practices, standards and methodologies based on the organization’s Framework for Improving Critical Infrastructure Cybersecurity. This helps small businesses identify, assess, manage, and reduce their cybersecurity risks within one year of the bill’s passage.
The legislation will also clarify that use of such guidance by small businesses is completely voluntary, and that all spending for use of the bill’s provisions are authorized out of existing funds.
“The NIST Small Business Cybersecurity Act will help ensure that our small businesses have the information they need to protect themselves from cyber-attacks,” Committee Chairman U.S. Rep. Lamar Smith (R-TX) said. “Many small businesses lack the expertise to successfully monitor and protect their computer systems, but NIST’s global cybersecurity expertise will assist small businesses in reducing their cybersecurity risks.”