U.S. Defense Department Agrees to Educate Small Businesses on Cybersecurity
The Small Business Programs Office has agreed to implement GAO recommendations.
The U.S. Defense Department’s Office of Small Business Programs (OSBP) has explored some options, such as online training videos, to integrate cybersecurity into its existing efforts, but as of July had not yet identified and disseminated cybersecurity resources in its outreach and education efforts to defense small businesses, according to a recent report by the U.S. Government Accountability Office (GAO).
Small businesses, including those that conduct business with the Defense Department, are vulnerable to cyber threats and may have fewer resources, such as robust cybersecurity systems, than larger businesses to counter them. The GAO recommended the department identify and disseminate cybersecurity resources to defense small businesses, and the Defense Department concurred.
While the OSBP is not required to educate small businesses on cybersecurity, officials acknowledged that cybersecurity is an important and timely issue for small businesses—and therefore the office is considering incorporating cybersecurity into its existing outreach and education efforts, the report states. During the review, the GAO identified 15 existing federal cybersecurity resources that the OSBP could disseminate to defense small businesses.
OSBP officials recognized the importance of identifying and disseminating cybersecurity resources to small businesses but identified some challenges: specifically, they were not aware of existing cybersecurity resources, they had leadership turnover in the office and the office was focused on developing a training curriculum for professionals who work with small businesses.
Officials agreed that identifying and disseminating information about existing cybersecurity resources to defense small businesses could help small businesses be more aware of cybersecurity practices and cyber threats, according to the report. “In addition, by identifying and disseminating this information, DOD OSBP could help small businesses to protect their networks, thereby supporting the 2015 DOD Cyber Strategy goals of working with the private sector to help secure defense industrial base trade data and build layered cyber defenses,” the report states.