A bill making its way through the U.S. Senate proposes to do what cybersecurity experts say is long overdue: Create a set of resources and guidelines small businesses can use to protect themselves from a steadily increasing number of cyberattacks.
If passed, the Main Street Cybersecurity Act, introduced at the end of March, would update the Cybersecurity Enhancement Act of 2014, which called for the National Institute of Standards and Technology to provide a voluntary set of guidelines for big businesses to follow in order to manage and reduce their cybersecurity risks. As a result of the 2014 act, cybersecurity became one of NIST's primary focus areas, and the federal government made a verbal commitment to fund cybersecurity research.
This new piece of legislation — discussed during a meeting of the Senate Committee on Commerce, Science and Transportation on Wednesday — directs NIST to consider small businesses in updating those guidelines.
"By creating a simple, voluntary cybersecurity framework for small businesses, the Main Street Cybersecurity Act will help them protect their data," said Sen. Maria Cantwell, D-Wash., one of the bill's five co-sponsors, in a press release.