Sec. 2. Enhanced cybersecurity assistance and protections for small businesses
793 words·~4 min read·
/bill/117/hr/4513/rh/section-2A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
Section 21(a) of the Small Business Act ( 15 U.S.C. 648(a) ) is amended by adding at the end the following new paragraph: The Administrator of the Small Business Administration, in coordination with the Secretary of Commerce, and in consultation with the Secretary of Homeland Security and the Attorney General, shall establish— in the Administration, a central small business cybersecurity assistance unit; and within each small business development center, a regional small business cybersecurity assistance unit.
The central small business cybersecurity assistance unit established under subparagraph (A)(i) shall serve as the primary interface for small business concerns to receive and share cyber threat indicators and defensive measures with the Federal Government. The central small business cybersecurity assistance unit shall use the capability and process certified pursuant to section 105(c)(2)(A) of the Cybersecurity Information Sharing Act of 2015 ( 6 U.S.C. 1504(c)(2)(A) ) to receive cyber threat indicators or defensive measures from small business concerns.
A small business concern that receives or shares cyber threat indicators and defensive measures with the Federal Government through the central small business cybersecurity assistance unit established under subparagraph (A)(i), or with any appropriate entity pursuant to section 103(c) of the Cybersecurity Information Sharing Act of 2015 ( 6 U.S.C. 1503(c) ), shall receive the protections and exemptions provided in such Act and this paragraph. The central small business cybersecurity assistance unit established under subparagraph (A)(i) shall be collocated with the national cybersecurity and communications integration center.
The national cybersecurity and communications integration center shall have access to all cyber threat indicators or defensive measures shared with the central small cybersecurity assistance unit established under subparagraph (A)(i) through the use of the capability and process described in subparagraph (B)(ii). The central small business cybersecurity assistance unit established under subparagraph (A)(i) shall— work with each regional small business cybersecurity assistance unit established under subparagraph (A)(ii) to provide cybersecurity assistance to small business concerns; leverage resources from the Administration, the Department of Commerce, the Department of Homeland Security, the Department of Justice, the Department of the Treasury, the Department of State, and any other Federal department or agency the Administrator determines appropriate, in order to help improve the cybersecurity posture of small business concerns; coordinate with the Department of Homeland Security to identify and disseminate information to small business concerns in a form that is accessible and actionable by small business concerns; coordinate with the National Institute of Standards and Technology to identify and disseminate information to small business concerns on the most cost-effective methods for implementing elements of the cybersecurity framework of the National Institute of Standards and Technology applicable to improving the cybersecurity posture of small business concerns; seek input from the Office of Advocacy of the Administration to ensure that any policies or procedures adopted by any department, agency, or instrumentality of the Federal Government do not unduly add regulatory burdens to small business concerns in a manner that will hamper the improvement of the cybersecurity posture of such small business concerns; and leverage resources and relationships with representatives and entities involved in the national cybersecurity and communications integration center to publicize the capacity of the Federal Government to assist small business concerns in improving cybersecurity practices.
Notwithstanding any other provision of law, no cause of action shall lie or be maintained in any court against any small business concern, and such action shall be promptly dismissed, if such action is related to or arises out of— any activity authorized under this paragraph or the Cybersecurity Information Sharing Act of 2015 ( 6 U.S.C. 1501 et seq. ); or any action or inaction in response to any cyber threat indicator, defensive measure, or other information shared or received pursuant to this paragraph or the Cybersecurity Information Sharing Act of 2015 ( 6 U.S.C. 1501 et seq. ).
The exception provided in section 105(d)(5)(D)(ii)(I) of the Cybersecurity Information Sharing Act of 2015 ( 6 U.S.C. 1504(d)(5)(D)(ii)(I) ) shall not apply to any cyber threat indicator or defensive measure shared or received by small business concerns pursuant to this paragraph or the Cybersecurity Information Sharing Act of 2015 ( 6 U.S.C. 1501 et seq. ). Nothing in this subparagraph shall be construed to affect the applicability or merits of any defense, motion, or argument in any cause of action in a court brought against an entity that is not a small business concern.
In this paragraph: The terms cyber threat indicator and defensive measure have the meanings given such terms, respectively, in section 102 of the Cybersecurity Information Sharing Act of 2015 ( 6 U.S.C. 1501 ). The term national cybersecurity and communications integration center means the national cybersecurity and communications integration center established under section 227 of the Homeland Security Act of 2002 ( 6 U.S.C. 148 ). .
Connectionstraces to 4
1 reference not yet in our index
- 6 USC 148
Citation graph
cites case law
Sec. 2
Enhanced cybersecurity assistance and protections for small businesses
Cite6 USC 148
Cites 5Cited by 0 across 0 sources