Establishment of cybersecurity literacy campaign

(a)

In general

The Assistant Secretary for Communications and Information (referred to in this section as the Assistant Secretary) shall, in consultation with the Director of the Cybersecurity and Infrastructure Security Agency of the Department of Homeland Security, develop and conduct a cybersecurity literacy campaign to increase the knowledge and awareness of people in the United States of best practices to reduce cybersecurity risks.(b)

Campaign

To reduce cybersecurity risks, the Assistant Secretary shall—(1)identify the critical areas of an IT system that present cybersecurity risks and educate people in the United States on how to prevent and mitigate such attacks by—(A)instructing such people on how to identify—(i)phishing emails; and(ii)secure websites;(B)instructing such people on the need to change default passwords on hardware and software technology;(C)encouraging the use of cybersecurity tools, including—(i)multi-factor authentication;(ii)complex passwords;(iii)firewalls; and(iv)anti-virus software;(D)identifying the devices that could pose possible cybersecurity risks, including—(i)personal computers;(ii)smartphones;(iii)tablets;(iv)Wi-Fi routers; and(v)smart home appliances;(E)encouraging such people to—(i)regularly review mobile application permissions;(ii)decline privilege requests from mobile applications that are unnecessary;(iii)download applications only from trusted vendors or sources; and(iv)connect internet of things or devices to a separate and dedicated network; and(F)identifying the potential cybersecurity risks of using publicly available Wi-Fi networks and the methods a user may utilize to limit such risks; and(2)direct people and businesses in the United States to Federal resources to help mitigate the cybersecurity risks identified in this subsection.