SBA systems fended off foreign adversaries applying for coronavirus loans

Users in North Korea, China and Russia applied for CARES Act loans intended for U.S. small businesses, the agency's deputy CIO says.
Small Business Administration (SBA)
( / CC BY 2.0 / Flickr)

Amid the Small Business Administration’s early struggles with its system for coronavirus relief loans, the agency was able to quickly identify and block North Korean, Chinese and Russian accounts making bogus applications, officials said Thursday.

The agency moved to the cloud three years ago but didn’t realize just how powerful its cloud cybersecurity tools were until it deployed them against foreign adversaries, said Guy Cavallo, deputy chief information officer, during an AFFIRM webinar Thursday.

“We’ll make an exception if there’s an American businessperson traveling abroad,” Cavallo said. “But our overseas warning, when we turned it on, went off like a Christmas tree.”

Those cybersecurity successes were a bright spot as the SBA quickly launched two systems in April to disburse funds from the Coronavirus Aid, Relief, and Economic Security (CARES) Act and other stimulus packages. One experienced outages and the other potentially exposed personally identifiable information.


The cloud system includes machine-learning technology that flags unusual activity in real time for SBA analysts to investigate and block. SBA also has run Trusted Internet Connections (TIC) and Continuous Diagnostics and Mitigation (CDM) pilots granting the deputy CIO “full visibility” into agency systems, Cavallo said. TIC policy is coordinated by the Office of Management and Budget, and the CDM program is run by the Department of Homeland Security.

SBA developed a portal for the Paycheck Protection Program (PPP), created by the CARES Act, within its E-Tran system. PPP provides forgivable loans of up to $10 million to keep small businesses’ workforces employed during the pandemic, but lenders applying on behalf of small business clients for the second round of loans complained of numerous outages.

The PPP portal timed out because it hadn’t been moved to the cloud, and the on-premise version couldn’t withstand the traffic, Cavallo said. When President Trump tweeted out the address, the site saw an 8,000% increase in hits within a minute.

“It was fine when we had normal traffic, but PPP was way overboard,” Cavallo said. “So we rebuilt and launched a new version in the cloud in five days.”

Developers pulled all-nighters, he added.


SBA will always have problems adjusting loan systems quickly to new requirements in coronavirus stimulus legislation, Cavallo said, but its investment in the cloud paid off.

“I would say that, as we’re flying the plane, we just changed it to SpaceX along the way,” Cavallo said.

Since the pandemic began, Cavallo has been allowed to hire cloud specialists from outside Washington, D.C., for the first time in cities like Chicago, Cincinnati and Dallas. The deputy CIO hopes that trend continues when quarantine lifts.

“In the past that was something we weren’t allowed to do,” Cavallo said. “And what that’s allowed me to do is pick people that don’t want to move to Washington, D.C. that have great skills that I could actually leverage virtually.”

Latest Podcasts