Senate bill requires NIST to write cybersecurity guidance for small businesses

If passed, the law would help small- and medium-sized healthcare providers that often have constrained security budgets.
By Jessica Davis
01:36 PM
NIST cybersecurity

The MAIN STREET Cybersecurity Act, introduced by Sen. Brian Schatz, D-Hawaii, left, and supported by Sen. John Thune, R-South Dakota, was passed to protect digital assets that could greatly benefit small and medium healthcare providers.

The Senate Commerce, Science and Transportation Committee approved a bill this week that would require the National Institute of Standards and Technology to develop cybersecurity guidance for small businesses.

The MAIN STREET (Making Information Available Now to Strengthen Trust and Resilience and Enhance Enterprise Technology) Cybersecurity Act, introduced by Sen. Brian Schatz, D-Hawaii, now heads to the U.S. Senate for a vote.

The legislation is designed to provide a "consistent set of resources for small businesses to best protect digital assets from cybersecurity threats," officials said in a statement.

"Cyberattacks can have catastrophic effects on small businesses and their customers," Sen. John Thune, R-South Dakota, chairman of the Senate Committee on Commerce, Science and Transportation said in a statement. "This legislation offers important resources, specifically meeting the unique needs of small businesses, to help them guard sensitive data and systems from thieves and hackers."

This could greatly benefit small and medium healthcare providers who are often constrained when it comes to cybersecurity budgets. Further, many of these providers believe they're not at-risk due to the size of the organizations. But recent ransomware attacks on small health providers have proven otherwise.

NIST has developed security frameworks and guidance to help large organizations defend against cyberattacks. But often small businesses lack resources to implement these large-scale cybersecurity defenses and training. Many only have one dedicated IT person, who may not be equipped for security needs.

About 60 percent of small businesses are forced to close following an attack, according to the National Cybersecurity Alliance.

The new NIST guidance would be tailored to small businesses and will recommend common, off-the-shelf products that can be implemented in a cost-effective way.

"Small businesses are the backbone of our economy, but unfortunately that's exactly what makes them a prime target for hackers," Schatz said in a statement. "These cyberattacks not only leave American consumers exposed, they can be so harmful to businesses recovering from an attack can often times force them out of business."

"The MAIN STREET Cybersecurity Act will give small businesses the tools to firm up their cybersecurity infrastructure and fight online attacks," he added.

Twitter: @JessiefDavis