"This cyber threat represents one of the most serious economic and national security challenges we face as a nation.” Howard Schmidt made this statement nearly TEN YEARS AGO, shortly after he was appointed to the newly created position of White House Cybersecurity Coordinator. He was speaking about the advanced persistent threat against our critical information infrastructure, including cyber threats against our electrical grid, global supply chain, and our military. Effectively the exact same words were spoken in August of this year by Congressman Tim Walberg in a meeting room at the Crowne Plaza hotel, as he answered questions during a Business Roundtable discussion organized by the Lansing Regional Chamber of Commerce. Congressman Walberg acknowledged that even though work has been ongoing, there remains significant action needed to analyze our weaknesses on a national level, and to take the important steps toward appropriate policies to shore up our homeland security.
The threat persists! The threat is real! The threat is escalating!
It’s clear to me that all levels of government must own the three roles of leadership, education, and influence in this battle, but we as small business owners, community leaders, and US citizens must fully understand what’s required to keep our computer systems safe, and to take the vital steps to secure these assets before they are compromised. The government is leading… now it is our time to follow!
On Tuesday, August 14, 2018, President Trump signed into law S. 770, the “NIST Small Business Cybersecurity Act,” also known as the “MAIN STREET Cybersecurity Act of 2017.” The legislation requires the Commerce Department’s National Institute of Standards and Technology to develop and disseminate resources for small businesses to help them reduce their cybersecurity risks. Within the next year the acting director of NIST, collaborating with the leaders of appropriate federal agencies, must provide cybersecurity “guidelines, tools, best practices, standards, and methodologies” to small businesses that are:
- Generally applicable and usable by a wide range of small business concerns
- Vary with the nature and size of the implementing small business and the sensitivity of the data collected or stored on the information systems
- Include elements that promote awareness of simple, basic controls, a workplace cybersecurity culture, and third-party stakeholder relationships to help mitigate common cybersecurity risks
- Are technology-neutral and can be implemented using technologies that are commercial and off-the-shelf
- Based on international standards to the extent possible
Since small and medium businesses suffer most often from cyber-attacks, it is vital that NIST, which sets the standard for cybersecurity resources, provide Main Street America with usable resources on how to keep themselves secure,” said Senator Risch, Chairman of the Senate Committee on Small Business and Entrepreneurship and cosponsor of the legislation.
As these standards are being developed over the next twelve months, it’s imperative that we begin to plan strategically for the necessary change ahead, and budget the resources, both time and money, that will be needed to implement these cybersecurity standards. For many small business owners, it will require them to either learn a new language and a new discipline or lean on a technology service provider who has proven and certifiable expertise in this area.
For more information on this topic, please contact the author.