Congratulations on being sworn-in as Administrator of the U.S. Small Business Administration (SBA). We look forward to working with you to modernize the agency so it may serve the needs of today’s entrepreneur.
In light of recent international threats, we write to urge you to take immediate action to ensure small businesses have the resources they need to prepare for potential cybersecurity threats from Iran and its proxies. As technology has grown to be deeply embedded in every aspect of our lives, the battlefield has also expanded into the cyber realm. The federal government, and large corporations, have dedicated numerous resources to protect the homeland from these threats. Unfortunately, small businesses are yet to amass the capabilities required to protect themselves from highly dangerous exploits possessed by nation-state actors. We must do what is necessary to provide small businesses with the tools and expertise required to shield themselves.
Both the Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA), the DHS component responsible for protecting the nation’s critical infrastructure, have issued advisories urging U.S. organizations to prepare for potential cyber-attacks in light of Iran’s continued threats and aggression toward America. DHS and CISA warn that Iran is capable of carrying out cyber enabled attacks against a range of U.S.-based targets which could include cyber-enabled espionage and intellectual property theft. They also encourage organizations to strengthen their basic cyber defenses and implement basic cyber hygiene practices to protect against these threats.
As you know, limited resources and technical expertise leaves many small businesses vulnerable to cyber-attacks. We are concerned that small businesses may not have the information and tools necessary to implement the DHS and CISA’s recommendations and thus, not adequately able to defend against these potential cyber threats. These emerging threats reaffirm the need for the SBA to play an active role in helping small business with cybersecurity through increased outreach efforts, practical guidance, and accessible resources as well as leveraging resource partners including the Small Business Development Center Network.
Additionally, we request a staff briefing by the SBA on actions the agency is taking to assist small businesses in defending against cybersecurity threats.