Sen. Joni Ernst, R-Iowa, is asking President Trump to put in place a strong chief information officer (CIO) at the Small Business Administration (SBA) to improve the agency’s IT and cybersecurity functions.
In her letter to President Trump, Sen. Ernst, who serves as chairwoman of the Committee on Small Business and Entrepreneurship, asked the president to investigate what she called “landmines” the Biden administration left behind in its “mismanagement” of SBA.
Among areas requiring attention, the senator said, is improving SBA’s cybersecurity practices to address vulnerabilities that put small business owners’ data at risk.
“Over several Administrations, SBA’s IT has remained a significant management challenge,” wrote Sen. Ernst. “The new Administration needs to seek a strong Chief Information Officer and expeditiously work to protect small businesses’ personal information.”
The letter references a report from the Government Accountability Office (GAO) last November that reviewed the agency’s efforts to build a Unified Certification Platform (UCP) to “help address shortcomings with the systems supporting the certification of small businesses for its contracting assistance programs,” by creating a streamlined IT platform to improve the agency’s management.
The report made 14 recommendations to SBA, calling for the agency to “expeditiously” address critical risk management and critical cybersecurity vulnerabilities, and assess risks before authorizing system operations.
At the time, the report prompted legislation from Rep. Nydia Velázquez, D-N.Y., the ranking member of the House Small Business Committee, which called for the SBA administrator to submit a report to the committee within 180 days including its plans “to establish and implement policies and procedures to govern information technology modernization projects.”
The bill failed to make it past the committee level in the last Congress.
“The SBA’s failures leave the UCP vulnerable to successful cyberattacks on a platform intended to collect personal data, including financial information, from American small business owners,” wrote Sen. Ernst.
“The GAO also found the SBA’s UCP was not entirely unified, undercutting the whole point of this IT investment,” she said. The senator also pointed to GAO’s finding of “SBA’s cost estimate to be unreliable, indefensible, and rooted in one project manager’s past experience rather than on objective data or documentation.”
The senator also mentioned SBA’s FITARA score – which from December 2022 through December 2024 stood at a “C” grade. The most recent score for the agency is a “B” grade. “The SBA OIG [Office of Inspector General] found that the SBA had ineffective information security during this period,” wrote Sen. Ernst.
Ernst also called for the president to not reauthorize the diversity, equity and inclusion (DEI) multi-agency Small Business Innovation Research and Small Business Technology Transfer (SBIR-STTR) programs overseen by SBA, which aim to assist small businesses led by underrepresented groups.
The DEI program “takes away from a merit-based approach that is necessary for the SBIR-STTR program to meet its full potential,” when it should focus on the “quality of a technology and its innovation potential,” according to the senator. SBIR-STTR is up for reauthorization this year, potentially landing among the presidents promised cuts in Federal DEI programs.
