news

With Russia’s hacking of the U.S. elections dominating headlines, a key Congressional panel today zeroed in on cyber weaknesses at the federal agency charged with protecting small businesses. The Small Business Administration (SBA) has been exposed by multiple government accountability reports for a range of IT issues including leadership and management problems, staff turnover and vacancies, underinvestment and security problems. Today, Democrats of the Committee called for sharp and timely reforms to these challenges, which mostly stem from SBA’s Office of the Chief Information Officer (OCIO). 

“As the only federal agency charged specifically with helping small businesses grow and succeed, all of the SBA’s functions should strengthen and preserve the entrepreneurial foundation of our economy,” said Ranking Member Nydia M. Velázquez (D-NY). “In particular, the Office of the Chief Information Officer plays a critical role in promoting information technology to support and enhance business decisions and agency operations.” 

Without a fully secure and operative Information Technology (IT) Department, the SBA risks both the security of the government and small firms. In light of the consensus from several U.S. intelligence agencies that Russia employed cyberattacks to influence the 2016 election, Democrats urged SBA officials to prioritize cybersecurity.  

“We can expect that Russia’s intelligence services and other bad actors will continue seeking weaknesses in our IT security systems – for political gain and personal profit,” noted Velázquez. “As stories unfold now almost daily about Russia’s digital meddling in our democratic process, we should expect every federal agency to make cyber security a top priority – so it is disconcerting that the OCIO has had such severe problems for so long.”  

Evidenced by high turnover and failure appoint a CIO for over a year, in 2015, the Government Accountability Office (GAO) found that SBA had failed to conduct regular reviews of its IT Department investment and had not prioritized long-term IT organizational goals. Along similar lines, the agency failed to implement over 30 Inspector General (IG) recommendations to improve investments in addressing security risks. 

The Chief Information Officer position at SBA is charged with playing a crucial leadership role to implement and drive reforms. Unfortunately, the IG report exposed a lack of stability in the role. Since 2005, the CIO position has been held by eight different officers. With such a high turnover rate, the agency has faced barriers to implementing long-lasting improvements. 

“Effective management of the agency’s IT systems helps ensure small businesses receive assistance they need – to grow and create jobs,” said Velázquez. “Equally important, bolstering the agency’s cybersecurity will ensure government and small businesses’ sensitive data is safeguarded from those who have already conducted cyberattacks on our nation – and others who may have similar plans.” 

Moving forward, Democrats pledged to support SBA and current CIO Maria Roat in tackling challenges around IT and cybersecurity. As the Committee responsible for overseeing the SBA, Democrats reaffirmed their commitment to ensuring that SBA meets its benchmarks. 

“On this Committee we represent America’s small businesses and entrepreneurs,” said Velázquez. “It is our duty to ensure that they remain shielded and equipped to deal with cyberattacks.” 

###