With the number of cyber attacks on our Nations infrastructure rising by the day, along side a team of 5 bipartisan cosponsors, Senator Brian Schatz (D-Hawaii) has introduced a new piece of legislation aimed at arming Americas small business sector with all the cyber security tools/protection they may need throughout the future.
Senate Bill S.707 or the “MAIN STREET Cybersecurity Act of 2017” will “require the Director of the National Institute of Standards and Technology to disseminate resources to help reduce small business cybersecurity risks, and for other purposes.” The text of the Bill goes on to clarify that the term “resources” means “guidelines, tools, best practices, standards, methodologies, and other ways of providing information.” Adding that all resources must be assembled and ready for disbursement “Not later than one year after the date of the enactment of this Act” – if passed.
Read The Full Bill for Yourself: https://www.congress.gov/bill/115th-congress/senate-bill/770/text
The bill was officially introduced to the Senate on March 29th 2017 and as of April 5th 2017, was passed along to the Senate Committee on Commerce, Science, and Transportation, where it was then ordered to be amended with the “the nature of a substitute favorably.” Honestly, I am not quite sure what that means, but at the time of this article no such amendment has been submitted.
Mr. Schatz points out that according to the National Cyber Security Alliance, 60% of all small businesses that are victimized by a cyber-attack go out of business and close within 6 months of that attack. Additional data supports that over the course of the last 12 months, nearly half of all small businesses in America have been targeted by some form of a cyber attack. Despite these risks however, as reported by Manta in March of 2017, 87% of small business owners do not feel threatened by hackers and 33% of business owners report that even if they were, they do not posses the proper cyber tools, training or know-how to stop them.
— Manta (@Manta) March 22, 2017
According to a report by CNBC about the legislation in question, this is exactly why Senator Schatz has introduced his Bill. As Andrew Zaleski puts it, “small businesses need all the help they can get.” Explaining that “Small businesses, which often don’t have the revenue to afford their own IT departments, are especially susceptible to phishing attacks via email or fraudulent activity happening in their e-commerce shops.” This is why he ultimately supports Schatz and the MAIN STREET Cybersecurity Act of 2017.
It’s no surprise why Democrats are jumping on the cybersecurity issue right now, not only does a large percentage of Congressional Democrats believe that foreign hacking cost the Party the Presidential election of 2016, but many people have been critical of Donald Trump for not addressing the Nations cybersecurity concerns. Something he originally promised to do within his first 100 days in office.
Reached by phone, Trump spokesperson Michael Short said, “I’ve got to run” and then hung up. https://t.co/3K5MlfdCH9
— The Intercept (@theintercept) April 14, 2017
Something I do not think many people realize or remember is that Donald Trump did write an Executive Order regarding cybersecurity in January, he just never signed it. The document, entitled “Strengthening US Cyber Security & Capabilities” and leaked to the public by The Washington Post, outlined everything the Trump Administration hoped to achieve in regards to cybersecurity. It also designated specific assignments for individual agencies and outlined where/how information from the public should be submitted to the US Government.
You might also remember that at the time, Trump was stressing how any recommendations and/or patches to our Nations cyber issues were going to have to start coming from the private sector – rather than the Federal Government itself. This is because the Federal employees he was inheriting were already in place as our country was being hacked/exploited in the first place. Essentially, if the Federal Government really has all the answers to our cyber problems, don’t you think they would have already been implemented?
This is why I have always maintained that Trumps “leak” was not an accident or over-site, rather, it was a deliberate act to get information out to the public. I say this because, in response to the leaked Executive Order asking for cyber solutions, I wrote my own report/analysis and submitted it to the US Department of Defense. I am also certain that I was not alone, the Executive Order even told people where to go and which offices to submit recommendations to. I am certain that there was a large volume of people who also submitted their own analysis of the problem through various back-channels, just as I did.
** EDITORIAL WARNING **
Regardless, for many of the same reasons mentioned above, I do not support the MAIN STREET Cybersecurity Act of 2017. I simply believe that this is a private sector issue, not a Federal one. As it stands today, cybersecurty, penetration testing and informational technology are some of the fastest growing fields in the world. Despite an influx of hacking over the years, there are plenty of qualified companies, professionals and persons fully capable of protecting businesses and their infrastructure.
As the report by Manta eludes to though, 87% of businesses simply do not seek these companies out. This suggest that we don’t really have a cyber “problem,” rather, we just have a country full or arrogant, incompetent, ignorant or technologically illiterate people/business owners.
I get that the Government wants to get involved and help people on this issue, but cybersecurity information, tips or advice should already be prepared by the National Institute of Standards and Technology and made public knowledge. Is that not already the point of the Cyber Security Enhancement Act of 2014, the same bill that Senator Schatz’s is trying to update here?
I have no problem with the government researching and gathering information as a public service, but when it comes to offering cybersecurity platforms, programs, software, hardware or physical services to business owners, this must come from the private sector – id est – other business owners and professionals.
I worry that the MAIN STREET Cybersecurity Act of 2017 will attempt to turn a Federal office/agency into a sort of cybersecurity business, something Government must never do. I feel as though this legislation is nothing more than an attempt to hijack a niche, but growing market for Federal control/exploitation and would therefore negatively harm small businesses and professionals already working in the fields of cybersecurity and Informational Technology.
It is one thing for the Government to work to fix a problem, it is another thing entirely to attempt to profiteer from it. This is why I will be urging people to pressure their representatives to vote “No” on the MAIN STREET Cybersecurity Act.