Lawmakers introduce legislation to boost cybersecurity of local governments, small businesses

A group of bipartisan House and Senate lawmakers on Friday introduced legislation to increase resources to help local governments, small businesses and nonprofit groups to defend themselves against cyberattacks. 

The Improving Cybersecurity of Small Organizations Act would require the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) to develop and issue guidance on cybersecurity policies for small businesses, nonprofits and local governments. 

Both CISA and the Small Business Administration (SBA) would be required to promote the guidance, and the SBA would additionally be required to issue a report on the state of small business cybersecurity every two years.

The bill is sponsored in the House by Reps. Anna Eshoo (D-Calif.) and John Katko (R-N.Y.), the ranking member of the House Homeland Security Committee’s cybersecurity subcommittee. Sens. Jacky Rosen (D-Nev.) and John Cornyn (R-Texas) introduced the legislation in the Senate. 

Eshoo said in a statement Friday that the legislation was necessary, as “small businesses, small nonprofits and small local governments can’t afford to hire cybersecurity professionals, yet they are still vulnerable to debilitating cyberattacks.”

“Today, small businesses, local governments, and regional non-profits are facing growing risks when it comes to cybersecurity,” Katko said in a separate statement. “Unfortunately, the guidance that is available is overly complicated or geared toward organizations with greater resources. That’s why I’m glad to join Rep. Eshoo in introducing the Improving Cybersecurity of Small Organizations Act.”

Both Rosen and Cornyn separately praised the bill as addressing cybersecurity challenges faced by small businesses and local governments.  

“Small organizations are increasingly vulnerable to cyber-attacks, and many of them lack the resources to manage complex cyber risks,” Rosen said Friday. “This bipartisan and bicameral legislation will help protect our nation’s small businesses, nonprofits, and local governments from the growing threat of cyber-attacks and keep our economy and nation safe.”

Cornyn said, “Small businesses and local governments face cybersecurity threats just as larger corporations do, and protecting against these risks doesn’t have to break the bank.”

The bill was introduced amid mounting cybersecurity challenges to groups nationwide during the COVID-19 pandemic, as more people move online for a variety of activities, and hackers increasingly target vulnerable systems.

Schools have become a major target in recent weeks, with cyberattacks aimed at school districts in Miami and Fairfax County, Va., temporarily disrupting online classes. 

Ransomware attacks — in which an attacker encrypts a system and demands a ransom — have been an increasing issue of concern for state and local governments in particular.

In 2019, the city governments of New Orleans and Baltimore were temporarily crippled by ransomware attacks, while almost two dozen towns in Texas were hit by a coordinated attack, slowing down city operations.  

State and local officials have begged Congress for more resources to address the ongoing targeting. Bipartisan lawmakers in the House and Senate have introduced various measures in response, including a bill last month that would provide $28 billion in federal aid to state and local governments to shore up older IT systems during the COVID-19 pandemic.