Skip to content
There is pending cybersecurity legislation that looks like it will affect almost every company on Main Street. It is known as the S.770 – MAIN STREET Cybersecurity Act of 2017.
What is S.770? It is a law designed to help private companies in the U.S. deal with cybersecurity threats. Section one of the bill states, This Act may be cited as the “Making Available Information Now to Strengthen Trust and Resilience and Enhance Enterprise Technology Cybersecurity Act of 2017” or the “MAIN STREET Cybersecurity Act of 2017”.
Section two goes on to say, Congress makes the following findings:
(1) Small businesses play a vital role in the economy of the United States, accounting for 54 percent of all United States sales and 55 percent of jobs in the United States.
(2) Attacks targeting small and medium businesses account for a high percentage of cyber attacks in the United States.
(3) The Cybersecurity Enhancement Act of 2014 (15 U.S.C. 7421 et seq.) calls on the National Institute of Standards and Technology to facilitate and support a voluntary public-private partnership to reduce cybersecurity risks to critical infrastructure. Such a partnership continues to play a key role in improving the cyber resilience of the United States and making cyberspace safer.
(4) There is a need to develop simplified resources that are consistent with the partnership described in paragraph (3) that improves its use by small businesses.
Section 3 (c) on IMPROVING CYBERSECURITY OF SMALL BUSINESS goes on to say
(1) In general.–Not later than one year after the date of the enactment of this Act, the Director, in carrying out section 2(e)(1)(A)(viii) of the National Institute of Standards and Technology Act, as added by subsection (b) of this Act, in consultation with the heads of such other Federal agencies as the Director considers appropriate, shall disseminate clear and concise resources for small business concerns to help reduce their cybersecurity risks.
(2) Requirements.–The Director shall ensure that the resources disseminated pursuant to paragraph (1)-
(A) are generally applicable and usable by a wide range of small business concerns;
(B) vary with the nature and size of the implementing small business concern, and the nature and sensitivity of the data collected or stored on the information systems or devices of the implementing small business concern;
(C) include elements that promote awareness of simple, basic controls, a workplace cybersecurity culture, and third party stakeholder relationships, to assist small business concerns in mitigating common cybersecurity risks;
(D) are technology-neutral and can be implemented using technologies that are commercial and off-the-shelf; and
(E) are based on international standards to the extent possible, and are consistent with the Stevenson-Wydler Technology Innovation Act of 1980 (15 U.S.C.3701 et seq.).
This reads as good help to me, if that is what is actually executed. Small businesses in the U.S. need all the help they can get facing cyber threats. I bet most of what is recommended is consistent with what we recommend at Alvaka Networks, so this should help validate our recommendations. I hope the recommendations and solutions are affordable and implementable by small businesses, as the federal government standard for a small business the last time I checked was 1,000 employees. According to the current language, it appears we will have to wait a year to see what National Institute of Standards and Technology (NIST) produces.
I am not big on the government meddling into business affair⎼although the government can play an important and positive role if done right. Doing it right and not creating a bigger burden for businesses is what concerns me, as too often the phrase, “we are from the government and we are here to help,” turns out to be the worst thing we can get. Time will tell to see what happens with this legislation. S.770 passed the Senate vote on September 28, 2017. The next stop is Congressional approval and then signature by the President. Cybersecurity is a hot and popular topic. No politician wants to be seen as being against helping Main Street businesses in the U.S., so I expect we will see it passed into law before too long.
You want to enter in a fully burdened labor rate for this field. What that means is that you want to take the base hourly rate, plus 25-30% for employer payroll taxes, benefits, vacation/holiday time, etc.
Smoke testing is a type of software testing performed by Alvaka after a software patching sequence to ensure that the system is working correctly and to identify any misconfigurations or conflicts within the patched system.
This is a basic cost calculator for you to compute your typical monthly cost for patching your servers, PCs, laptops, tablets and associated application software. It also forms the basis for you to begin calculating your Return on Investment for software patching, or for comparison with alternatives to the manual process of patching operating systems and application software—such as Patch Management as a Service, also known as Vulnerability Management as a Service.
You want to enter in a fully burdened labor rate for this field. What that means is that you want to take the base hourly rate, plus 25-30% for employer payroll taxes, benefits, vacation/holiday time, etc.
Smoke testing is a term used to describe the testing process for servers after patches are applied.