Safeguarding Small Business Cybersecurity
WASHINGTON—Today, Chairman Steve Chabot (R-OH) and the Committee on Small Business heard testimony from Howard Marshall, Deputy Assistant Director of the Cyber Division of the Federal Bureau of Investigation (FBI) and Richard Driggers, the Deputy Assistant Secretary of the Office of Cybersecurity and Communications, National Protection and Programs Directorate, at the United States Department of Homeland Security (DHS), on the federal government’s role in providing support to America’s 29 million small businesses at risk of foreign cyberattack.
“In today’s global economy, small business are increasingly turning to foreign technology to remain competitive in the world marketplace, “said Chairman Chabot. “However, these same products and services also provide new opportunities for foreign cyber criminals to infiltrate small business information technology systems, allowing them access to sensitive and valuable information.”
Combating Foreign Cyber Threats
There is strong bipartisan support from both chambers of Congress and the President to protect and strengthen American cyberinfrastructure from foreign attacks. Chairman Chabot has made it a top priority of the Committee during his term as Chairman, and recently introduced H.R. 4668, the Small Business Advanced Cybersecurity Enhancements Act of 2017, to increase the defensive measures available for small businesses undergoing or concerned about a cyber attack.
“Mr. Marshall, how do you determine whether a cyberattack on a small business warrants FBI intervention? Is there a monetary loss threshold? Or is there some other indicator to assess an appropriate level of response, and/or dedication of resources from the FBI?” questioned Chairman Chabot.
“There is no hard and fast rule, Mr. Chairman. Generally there are a number of variables we’ll look at. It depends on the field office that has jurisdiction over the particular attack,” said FBI Deputy Assistant Director Howard Marshall. “We continue to see an increase in the scale and scope of reporting on malicious cyber activity that can be measured by the amount of corporate data stolen or deleted, personally identifiable information compromised, or remediation costs incurred by U.S. victims. In light of these and other cyber threats to U.S. businesses, the FBI has made private sector engagement a key component of our strategy for combatting cyber threats.”
“The Federal Government and its contractors, subcontractors, and suppliers at all tiers of the supply chain are under constant attack…In some cases, advanced threat actors target small businesses deep in the government’s supply chain to gain a foothold and then pivot to sensitive information and intellectual property,” said DHS Deputy Assistant Secretary Richard Driggers. “Over the last several years, many federal contractors have significantly improved their cybersecurity posture, making it more difficult for threat actors to launch successful attacks on their enterprises. However, this has caused increased targeting of small businesses connected to the federal supply chain that may not have the resources or awareness to adequately address such threats.”
Based on revelations from today’s hearing, the Chairman stated that the Committee will hold further hearings and investigations on companies owned by foreign governments that may be using their products for nefarious reasons.Click here to watch full hearing video, and here to read full witness testimony