Weak information security was at the top of the House Small Business Committee's agenda when it met Wednesday and Thursday to discuss several areas of mismanagement at the Small Business Administration (SBA).
The panel hearing Wednesday focused on a report published by the Government Accountability Office (GAO) that addressed the agency's failure to act on GAO recommendations, including 30 improvements related to information security. The agency implemented only seven out of 69 GAO recommendations.
“We've seen the IRS hit, the State Department, OPM, and even the White House hacked,” said Small Business Committee Chairman Steve Chabot (R-OH), in an opening statement Thursday. “Small businesses trust the SBA with information they don't want a rival business, their neighbors, or the Chinese Government to have access to. Yesterday, GAO told us this information isn't adequately secured. That cannot continue."
SBA Administrator Maria Contreras-Sweet's testified on Thursday that the SBA made “significant strides” in addressing information technology challenges, although her lengthy testimony contained few details about cybersecurity improvements.
“We're in the midst of a major upgrade of our IT systems,” Contreras-Sweet said. “We are in the final stages of moving our entire email system into the cloud. Additionally, we're investing in mobile technology because we recognize that our SBA team members in the field need to get out beyond the walls of federal offices and meet entrepreneurs where they are.”