[Congressional Bills 117th Congress]
[From the U.S. Government Publishing Office]
[S. 2699 Reported in Senate (RS)]

<DOC>





                                                       Calendar No. 221
117th CONGRESS
  1st Session
                                S. 2699

To establish a cybersecurity literacy campaign, and for other purposes.


_______________________________________________________________________


                   IN THE SENATE OF THE UNITED STATES

                            August 10, 2021

  Ms. Klobuchar (for herself and Mr. Thune) introduced the following 
 bill; which was read twice and referred to the Committee on Commerce, 
                      Science, and Transportation

                           December 17, 2021

              Reported by Ms. Cantwell, with an amendment
 [Strike out all after the enacting clause and insert the part printed 
                               in italic]

_______________________________________________________________________

                                 A BILL


 
To establish a cybersecurity literacy campaign, and for other purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

<DELETED>SECTION 1. SHORT TITLE.</DELETED>

<DELETED>    This Act may be cited as the ``American Cybersecurity 
Literacy Act''.</DELETED>

<DELETED>SEC. 2. SENSE OF CONGRESS.</DELETED>

<DELETED>    It is the sense of the Congress that the United States has 
a national security and economic interest in promoting cybersecurity 
literacy amongst the general public.</DELETED>

<DELETED>SEC. 3. ESTABLISHMENT OF CYBERSECURITY LITERACY 
              CAMPAIGN.</DELETED>

<DELETED>    (a) In General.--The Assistant Secretary for 
Communications and Information (referred to in this section as the 
``Assistant Secretary'') shall, in consultation with the Director of 
the Cybersecurity and Infrastructure Security Agency of the Department 
of Homeland Security, develop and conduct a cybersecurity literacy 
campaign to increase the knowledge and awareness of people in the 
United States of best practices to reduce cybersecurity 
risks.</DELETED>
<DELETED>    (b) Campaign.--To reduce cybersecurity risks, the 
Assistant Secretary shall--</DELETED>
        <DELETED>    (1) identify the critical areas of an IT system 
        that present cybersecurity risks and educate people in the 
        United States on how to prevent and mitigate such attacks by--
        </DELETED>
                <DELETED>    (A) instructing such people on how to 
                identify--</DELETED>
                        <DELETED>    (i) phishing emails; and</DELETED>
                        <DELETED>    (ii) secure websites;</DELETED>
                <DELETED>    (B) instructing such people on the need to 
                change default passwords on hardware and software 
                technology;</DELETED>
                <DELETED>    (C) encouraging the use of cybersecurity 
                tools, including--</DELETED>
                        <DELETED>    (i) multi-factor 
                        authentication;</DELETED>
                        <DELETED>    (ii) complex passwords;</DELETED>
                        <DELETED>    (iii) firewalls; and</DELETED>
                        <DELETED>    (iv) anti-virus 
                        software;</DELETED>
                <DELETED>    (D) identifying the devices that could 
                pose possible cybersecurity risks, including--
                </DELETED>
                        <DELETED>    (i) personal computers;</DELETED>
                        <DELETED>    (ii) smartphones;</DELETED>
                        <DELETED>    (iii) tablets;</DELETED>
                        <DELETED>    (iv) Wi-Fi routers; and</DELETED>
                        <DELETED>    (v) smart home 
                        appliances;</DELETED>
                <DELETED>    (E) encouraging such people to--</DELETED>
                        <DELETED>    (i) regularly review mobile 
                        application permissions;</DELETED>
                        <DELETED>    (ii) decline privilege requests 
                        from mobile applications that are 
                        unnecessary;</DELETED>
                        <DELETED>    (iii) download applications only 
                        from trusted vendors or sources; and</DELETED>
                        <DELETED>    (iv) connect internet of things or 
                        devices to a separate and dedicated network; 
                        and</DELETED>
                <DELETED>    (F) identifying the potential 
                cybersecurity risks of using publicly available Wi-Fi 
                networks and the methods a user may utilize to limit 
                such risks; and</DELETED>
        <DELETED>    (2) direct people and businesses in the United 
        States to Federal resources to help mitigate the cybersecurity 
        risks identified in this subsection.</DELETED>

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``American Cybersecurity Literacy Act 
of 2021''.

SEC. 2. SENSE OF CONGRESS.

    It is the sense of the Congress that the United States has a 
national security and economic interest in promoting cybersecurity 
literacy amongst the general public.

SEC. 3. ESTABLISHMENT OF CYBERSECURITY LITERACY CAMPAIGN.

    (a) In General.--The Director of the National Institute of 
Standards and Technology shall, in consultation with the Director of 
the Cybersecurity and Infrastructure Security Agency of the Department 
of Homeland Security, develop and conduct a cybersecurity literacy 
campaign to increase the knowledge and awareness of people in the 
United States of best practices to reduce cybersecurity risks.
    (b) Elements.--In carrying out subsection (a), the Director of the 
Institute shall--
            (1) identify the critical areas of an information 
        technology system that presents cybersecurity risks and educate 
        people in the United States on how to prevent and mitigate such 
        risks by--
                    (A) instructing such people on how to identify--
                            (i) phishing emails; and
                            (ii) secure websites;
                    (B) instructing such people on the need to change 
                default passwords on hardware and software technology;
                    (C) encouraging the use of cybersecurity tools, 
                including--
                            (i) multi-factor authentication;
                            (ii) complex passwords;
                            (iii) firewalls; and
                            (iv) anti-virus software;
                    (D) identifying the devices that could pose 
                possible cybersecurity risks, including--
                            (i) personal computers;
                            (ii) smartphones;
                            (iii) tablets;
                            (iv) Wi-Fi routers; and
                            (v) smart home appliances;
                    (E) encouraging such people to--
                            (i) regularly review mobile application 
                        permissions;
                            (ii) decline privilege requests from mobile 
                        applications that are unnecessary;
                            (iii) download applications only from 
                        trusted vendors or sources; and
                            (iv) connect internet of things or devices 
                        to a separate and dedicated network; and
                    (F) identifying the potential cybersecurity risks 
                of using publicly available Wi-Fi networks and the 
                methods a user may utilize to limit such risks; and
            (2) direct people and businesses in the United States to 
        Federal resources to help mitigate the cybersecurity risks 
        identified in this subsection.
                                                       Calendar No. 221

117th CONGRESS

  1st Session

                                S. 2699

_______________________________________________________________________

                                 A BILL

To establish a cybersecurity literacy campaign, and for other purposes.

_______________________________________________________________________

                           December 17, 2021

                       Reported with an amendment