SBA slow to improve IT security, watchdog says

Shutterstock image (by Sergey Nivens): Security concept, lock on a digital screen.

The Small Business Administration needs to clean up its act, according to a leading House lawmaker. At a Jan. 6 hearing, Rep. Steve Chabot (R-Ohio), chairman of the House Small Business Committee, said the agency needs a "complete overhaul of its operations." He added that "the problems that have festered far too long must end."

The problems Chabot referred to are cataloged in an extensive and highly critical Government Accountability Office report from September 2015 that cites leadership, management and IT security as areas requiring improvement at SBA.

Bill Shear, director of financial markets and community investment at GAO, testified that SBA had implemented only seven of GAO's 69 recommendations as of Dec. 15, 2015. Those recommendations include 30 related to IT security.

"IT security has been identified for well over a decade as a long-standing management challenge," Shear said. "It's disturbing to us that these challenges still remain, and they go down to some very basic functions."

According to the GAO report, SBA has ramped up efforts to secure its networks with the use of dual-factor authentication and personal identity verification cards, as part of the governmentwide push to improve security. Additionally, SBA spends about $100 million on technology per year but has lagged in reviewing IT investments.

"Until SBA fully implements all of the required IT management initiatives, the agency cannot provide reasonable assurance that its IT investments are cost-effective, meet agency goals or are effectively managed," GAO's report states.

The agency's IT problems are a big concern for Chabot as well. "The one that worries me the most is in the area of IT security," he said. "The information that they keep on individuals and on small businesses can be pretty sensitive information."

Shear said that for GAO, documentation was essential. "There might be good things going on in the agency in terms of oversight of its IT, but we don't see documented evidence that meets [the Office of Management and Budget's] very specific requirements," Shear said.

The hearing is the first in a planned series of oversight events designed to draw attention to the independent agency. SBA Administrator Maria Contreras-Sweet is scheduled to testify before the panel on Jan. 7.

About the Author

Bianca Spinosa is an Editorial Fellow at FCW.

Spinosa covers a variety of federal technology news for FCW including workforce development, women in tech, and the intersection of start-ups and agencies. Prior to joining FCW, she was a TV journalist for more than six years, reporting local news in Virginia, Kentucky, and North Carolina. Spinosa is currently pursuing her Master’s degree in Writing at George Mason University, where she also teaches composition. She earned her B.A. from the University of Virginia.

Click here for previous articles by Spinosa, or connect with her on Twitter: @BSpinosa.


  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.