

115 S3788 IS: To require studies on cyberexploitation of employees of certain Federal departments and their families, and for other purposes.
U.S. Senate
2018-12-19
text/xml
EN
Pursuant to Title 17 Section 105 of the United States Code, this file is not subject to copyright protection and is in the public domain.



II115th CONGRESS2d SessionS. 3788IN THE SENATE OF THE UNITED STATESDecember 19, 2018Mr. Sasse introduced the following bill; which was read twice and referred to the Committee on Homeland Security and Governmental AffairsA BILLTo require studies on cyberexploitation of employees of certain Federal departments and their
			 families, and for other purposes.
	
		1.Study on cyberexploitation of employees of certain Federal departments and
			 their families
 (a)DefinitionsIn this section: (1)Covered departmentThe term covered department includes the following:
 (A)The Department of Justice. (B)The Department of Energy.
 (C)The Department of Homeland Security. (D)The Department of State.
 (E)The Department of the Treasury. (F)The United States Agency for International Development.
 (G)The civilian employees of the Department of Defense. (2)CyberexploitationThe term cy­ber­ex­ploi­ta­tion means the use of digital means to knowingly access, or conspire to access, without authorization, an individual’s personal information to be employed (or to be used for) with malicious intent.
 (3)Deep fakeThe term deep fake means the digital insertion of a person’s likeness into or digital alteration of a person’s likeness in visual media, such as photographs and videos, without the person’s permission and with malicious intent.
 (b)Study requiredNot later than 150 days after the date of the enactment of this Act, each head of a covered department shall complete a study on the cy­ber­ex­ploi­ta­tion of the personal information and accounts of employees of the covered department and their families.
 (c)ElementsThe study required by subsection (b) shall include, with respect to a covered department, the following:
 (1)An assessment of the vulnerability of employees described in subsection (b) and their families to inappropriate access to their personal information and accounts of such employees and their families, including identification of particularly vulnerable subpopulations.
 (2)Creation of a catalogue of past and current efforts by foreign governments and non-state actors at the cyberexploitation of the personal information and accounts of such employees and their families, including an assessment of the purposes of such efforts and their degrees of success.
 (3)An assessment of the actions taken by the department or agency to educate employees and their families, including particularly vulnerable subpopulations, about and actions that can be taken to otherwise reduce these threats.
 (4)Assessment of the potential for the cy­ber­ex­ploi­ta­tion of misappropriated images and videos as well as deep fakes.
 (5)Development of recommendations for policy changes to reduce the vulnerability of such employees and their families to cyberexploitation, including recommendations for legislative or administrative action.
				(d)Report
 (1)In generalEach head of a covered department shall submit to Congress a report on the findings of the head with respect to the study conducted by the head under subsection (b).
 (2)FormThe report required by paragraph (1) shall be submitted in unclassified form, but may include a classified annex.
				