The chairman of a House committee that oversees the Small Business Administration urged the agency’s head to plug long festering cybersecurity vulnerabilities within six months.
In back-to-back hearings of the House Small Business Committee this week, lawmakers pried into longstanding “mismanagement” at the agency, including a slew of unaddressed recommendations from the agency’s inspector general and the Government Accountability Office.
Among them: more than 30 recommendations for shoring up SBA’s IT security.
“If I were you, I’d start with (fixing) these IT and cybersecurity deficiencies,” Rep. Steve Chabot, R-Ohio, the chairman of the committee told SBA Administrator Maria Contreras-Sweet on Thursday. “That’s what worries me the most.”
Chabot cited the long list of hacked federal agencies over the past year: the Office of Personnel Management, the State Department and even the unclassified networks at the White House.
“Small businesses trust the SBA, your agency, with their information — oftentimes very sensitive information — that they don’t want a rival business or their neighbors or the Chinese government to have access to,” Chabot told Contreras-Sweet.
The massive hack of OPM background investigation records is believed to have been an espionage operation carried out by Chinese hackers.
Chabot pressed Contreras-Sweet to fix the security gaps by June 30 and to provide monthly updates to the committee along the way.
Contreras-Sweet responded, “I commit to you to reporting to you on a regular basis and will work with godspeed to make your deadline.”
GAO, in a report issued in September, first drew attention to…