170501 hr2105 nistsmallbusinesscybersecurityact smith johnson


May 01, 2017


May 1, 2017

The Honorable Lamar Smith The Honorable Eddie Bernice Johnson
Chairman Ranking Member
Committee on Science, Space, and Committee on Science, Space, and
Technology Technology
U.S. House of Representatives U.S. House of Representatives
Washington, DC 20515 Washington, DC 20515

Dear Chairman Smith and Ranking Member Johnson:

The U.S. Chamber of Commerce supports H.R. 2105, the “NIST Small Business
Cybersecurity Act of 2017.” The legislation calls on the National Institute of Standards and
Technology (NIST) and other federal entities to assess the voluntary Framework for Improving
Critical Infrastructure Cybersecurity and provide concise and consistent resources to small and
midsize businesses (SMBs) on using the framework.

The legislation emphasizes industry and government efforts, which go back several years,
to craft dynamic risk management tools that support SMBs, especially the framework. Indeed,
the Chamber teamed up with Utah’s business community on March 23 in Salt Lake City to
launch the fourth year of the Chamber’s national Cybersecurity Campaign. This public-private
education initiative includes five regional events and its 6th Annual Cybersecurity Summit at the

The Chamber has made economic growth its driving focus for 2017. Enhancements to
America’s information security, particularly for SMBs, would help drive growth in the economy.
SMBs, which account for a significant percentage of all U.S. businesses, are more innovative,
agile, and productive than ever, owing to the capabilities delivered by information and
communications technology. However, smaller organizations tend to lack the resources and
expertise necessary for cybersecurity activities compared with larger ones.

The Chamber believes that the framework has been a remarkable success. The
framework represents one of the best examples of public-private partnerships in action. H.R.
2105 and its companion bill in the Senate, S. 770, the “MAIN STREET Cybersecurity Act of
2017,” would authorize NIST to draw on existing funds to develop and disseminate tools, best
practices, and methodologies that are based on the framework. The Chamber believes that the
administration and Congress should consider boosting funding for NIST given the important
tasks called for under these bills and the agency’s positive collaboration with industry on
cybersecurity generally.


The Chamber appreciates the Committee’s proactive approach to improving U.S.
cybersecurity capabilities. The Chamber urges the Committee to support H.R. 2105 and looks
forward to continuing to work together to advance the security and resilience of the business
community and the nation.


Neil L. Bradley

cc: Members of the Committee on Science, Space, and Technology

170501 hr2105 nistsmallbusinesscybersecurityact smith johnson