SBA slow to improve IT security, watchdog says

Shutterstock image (by Sergey Nivens): Security concept, lock on a digital screen.

The Small Business Administration needs to clean up its act, according to a leading House lawmaker. At a Jan. 6 hearing, Rep. Steve Chabot (R-Ohio), chairman of the House Small Business Committee, said the agency needs a "complete overhaul of its operations." He added that "the problems that have festered far too long must end."

The problems Chabot referred to are cataloged in an extensive and highly critical Government Accountability Office report from September 2015 that cites leadership, management and IT security as areas requiring improvement at SBA.

Bill Shear, director of financial markets and community investment at GAO, testified that SBA had implemented only seven of GAO's 69 recommendations as of Dec. 15, 2015. Those recommendations include 30 related to IT security.

"IT security has been identified for well over a decade as a long-standing management challenge," Shear said. "It's disturbing to us that these challenges still remain, and they go down to some very basic functions."

According to the GAO report, SBA has ramped up efforts to secure its networks with the use of dual-factor authentication and personal identity verification cards, as part of the governmentwide push to improve security. Additionally, SBA spends about $100 million on technology per year but has lagged in reviewing IT investments.

"Until SBA fully implements all of the required IT management initiatives, the agency cannot provide reasonable assurance that its IT investments are cost-effective, meet agency goals or are effectively managed," GAO's report states.

The agency's IT problems are a big concern for Chabot as well. "The one that worries me the most is in the area of IT security," he said. "The information that they keep on individuals and on small businesses can be pretty sensitive information."

Shear said that for GAO, documentation was essential. "There might be good things going on in the agency in terms of oversight of its IT, but we don't see documented evidence that meets [the Office of Management and Budget's] very specific requirements," Shear said.

The hearing is the first in a planned series of oversight events designed to draw attention to the independent agency. SBA Administrator Maria Contreras-Sweet is scheduled to testify before the panel on Jan. 7.

About the Author

Bianca Spinosa is an Editorial Fellow at FCW.

Spinosa covers a variety of federal technology news for FCW including workforce development, women in tech, and the intersection of start-ups and agencies. Prior to joining FCW, she was a TV journalist for more than six years, reporting local news in Virginia, Kentucky, and North Carolina. Spinosa is currently pursuing her Master’s degree in Writing at George Mason University, where she also teaches composition. She earned her B.A. from the University of Virginia.

Click here for previous articles by Spinosa, or connect with her on Twitter: @BSpinosa.


  • FCW Perspectives
    zero trust network

    Why zero trust is having a moment

    Improved technologies and growing threats have agencies actively pursuing dynamic and context-driven security.

  • Workforce
    online collaboration (elenabsl/Shutterstock.com)

    Federal employee job satisfaction climbed during pandemic

    The survey documents the rapid change to teleworking postures in government under the COVID-19 pandemic.

Stay Connected