US Senator Jim Risch, a Republican from Idaho, has introduced a bill called the Small Business Cyber Resiliency Act in the US Senate. The purpose of the bill is to assist small businesses in strengthening their cybersecurity resources in response to the increasing digital threats they face. Risch, who previously served as chairman of the Senate Committee on Small Business and Entrepreneurship, believes that small businesses need access to tools and information to protect themselves, their employees, customers, and the economy as a whole. The bill aims to achieve this by providing effective and accessible cybersecurity training, establishing a Central Small Business Cybersecurity Unit at the Small Business Administration (SBA), and creating a publicly-available SBA clearinghouse of cybersecurity resources for small businesses.
Additionally, the bill seeks to improve information sharing between small businesses, the SBA, the Cybersecurity and Infrastructure Security Agency, and other agencies. It also provides special attention to businesses that were forced to transition to digital operations due to the pandemic. Senators Jeanne Shaheen, Mike Crapo, and Catherine Cortez Masto are joining Risch in introducing the legislation. Shaheen expressed her support for the bill, highlighting the importance of equipping small businesses with the tools they need to grow and create employment opportunities.
The introduction of the Small Business Cyber Resiliency Act has been met with approval from experts in the cybersecurity field. Grayson Milbourne, Security Intelligence Director at OpenText Cybersecurity, believes that small and medium businesses (SMBs) have long been targets of cyberattacks without adequate assistance from the government. Milbourne stresses the need for the government to take action in supporting SMBs in their defense against cybercrime. He also emphasizes the potential benefits of legislation like this, such as increasing the government’s awareness of the most active threat actors targeting SMBs and enabling authorities to launch offensive attacks against cybercrime infrastructure.
In other cybersecurity news, Karim Khan, the lead prosecutor for the International Criminal Court (ICC), has announced that the ICC will be investigating cyber war crimes. While there has been ongoing debate about the need for a Geneva Convention-like framework for digital acts of war, the ICC will be utilizing the existing Rome Statute, which grants the court the authority to prosecute illegal acts, including war crimes, crimes against humanity, and genocide. Khan emphasized the real-life impact of cyber warfare, particularly on vulnerable populations, and committed to collecting and reviewing evidence related to such conduct during the ICC’s investigations. The timing of the announcement suggests that Russia’s cyberattacks on Ukraine may have prompted this move. Last year, the Human Rights Center at UC Berkeley’s School of Law submitted a document requesting the ICC to consider war crime prosecutions of Russian hackers, specifically focusing on the activities of the Sandworm cyber unit within Russia’s GRU military intelligence agency.
In a separate development, Anna Gomez has been approved by the US Senate to fill the vacant fifth seat on the Federal Communications Commission (FCC). Gomez, who has twelve years of experience in various positions at the FCC, including as a senior advisor on communications policy at the Bureau of Cyberspace and Digital Policy, brings extensive knowledge to her new role. She is also a telecommunications attorney and previously worked as the vice president for Federal and State Government Affairs at Sprint Nextel. Gomez’s appointment has shifted the balance of power within the FCC, giving Democrats the majority. This change opens up opportunities for the Commission to address contentious issues, such as the restoration of network neutrality.
Overall, the introduction of the Small Business Cyber Resiliency Act, the ICC’s commitment to prosecuting digital war crimes, and Anna Gomez’s appointment to the FCC demonstrate a growing recognition of the significance of cybersecurity and digital policy. These developments aim to enhance the protection of small businesses, hold perpetrators of cyber warfare accountable, and leverage expertise to navigate complex telecommunications issues effectively.