[Congressional Bills 117th Congress]
[From the U.S. Government Publishing Office]
[S. 2699 Reported in Senate (RS)]
<DOC>
Calendar No. 221
117th CONGRESS
1st Session
S. 2699
To establish a cybersecurity literacy campaign, and for other purposes.
_______________________________________________________________________
IN THE SENATE OF THE UNITED STATES
August 10, 2021
Ms. Klobuchar (for herself and Mr. Thune) introduced the following
bill; which was read twice and referred to the Committee on Commerce,
Science, and Transportation
December 17, 2021
Reported by Ms. Cantwell, with an amendment
[Strike out all after the enacting clause and insert the part printed
in italic]
_______________________________________________________________________
A BILL
To establish a cybersecurity literacy campaign, and for other purposes.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
<DELETED>SECTION 1. SHORT TITLE.</DELETED>
<DELETED> This Act may be cited as the ``American Cybersecurity
Literacy Act''.</DELETED>
<DELETED>SEC. 2. SENSE OF CONGRESS.</DELETED>
<DELETED> It is the sense of the Congress that the United States has
a national security and economic interest in promoting cybersecurity
literacy amongst the general public.</DELETED>
<DELETED>SEC. 3. ESTABLISHMENT OF CYBERSECURITY LITERACY
CAMPAIGN.</DELETED>
<DELETED> (a) In General.--The Assistant Secretary for
Communications and Information (referred to in this section as the
``Assistant Secretary'') shall, in consultation with the Director of
the Cybersecurity and Infrastructure Security Agency of the Department
of Homeland Security, develop and conduct a cybersecurity literacy
campaign to increase the knowledge and awareness of people in the
United States of best practices to reduce cybersecurity
risks.</DELETED>
<DELETED> (b) Campaign.--To reduce cybersecurity risks, the
Assistant Secretary shall--</DELETED>
<DELETED> (1) identify the critical areas of an IT system
that present cybersecurity risks and educate people in the
United States on how to prevent and mitigate such attacks by--
</DELETED>
<DELETED> (A) instructing such people on how to
identify--</DELETED>
<DELETED> (i) phishing emails; and</DELETED>
<DELETED> (ii) secure websites;</DELETED>
<DELETED> (B) instructing such people on the need to
change default passwords on hardware and software
technology;</DELETED>
<DELETED> (C) encouraging the use of cybersecurity
tools, including--</DELETED>
<DELETED> (i) multi-factor
authentication;</DELETED>
<DELETED> (ii) complex passwords;</DELETED>
<DELETED> (iii) firewalls; and</DELETED>
<DELETED> (iv) anti-virus
software;</DELETED>
<DELETED> (D) identifying the devices that could
pose possible cybersecurity risks, including--
</DELETED>
<DELETED> (i) personal computers;</DELETED>
<DELETED> (ii) smartphones;</DELETED>
<DELETED> (iii) tablets;</DELETED>
<DELETED> (iv) Wi-Fi routers; and</DELETED>
<DELETED> (v) smart home
appliances;</DELETED>
<DELETED> (E) encouraging such people to--</DELETED>
<DELETED> (i) regularly review mobile
application permissions;</DELETED>
<DELETED> (ii) decline privilege requests
from mobile applications that are
unnecessary;</DELETED>
<DELETED> (iii) download applications only
from trusted vendors or sources; and</DELETED>
<DELETED> (iv) connect internet of things or
devices to a separate and dedicated network;
and</DELETED>
<DELETED> (F) identifying the potential
cybersecurity risks of using publicly available Wi-Fi
networks and the methods a user may utilize to limit
such risks; and</DELETED>
<DELETED> (2) direct people and businesses in the United
States to Federal resources to help mitigate the cybersecurity
risks identified in this subsection.</DELETED>
SECTION 1. SHORT TITLE.
This Act may be cited as the ``American Cybersecurity Literacy Act
of 2021''.
SEC. 2. SENSE OF CONGRESS.
It is the sense of the Congress that the United States has a
national security and economic interest in promoting cybersecurity
literacy amongst the general public.
SEC. 3. ESTABLISHMENT OF CYBERSECURITY LITERACY CAMPAIGN.
(a) In General.--The Director of the National Institute of
Standards and Technology shall, in consultation with the Director of
the Cybersecurity and Infrastructure Security Agency of the Department
of Homeland Security, develop and conduct a cybersecurity literacy
campaign to increase the knowledge and awareness of people in the
United States of best practices to reduce cybersecurity risks.
(b) Elements.--In carrying out subsection (a), the Director of the
Institute shall--
(1) identify the critical areas of an information
technology system that presents cybersecurity risks and educate
people in the United States on how to prevent and mitigate such
risks by--
(A) instructing such people on how to identify--
(i) phishing emails; and
(ii) secure websites;
(B) instructing such people on the need to change
default passwords on hardware and software technology;
(C) encouraging the use of cybersecurity tools,
including--
(i) multi-factor authentication;
(ii) complex passwords;
(iii) firewalls; and
(iv) anti-virus software;
(D) identifying the devices that could pose
possible cybersecurity risks, including--
(i) personal computers;
(ii) smartphones;
(iii) tablets;
(iv) Wi-Fi routers; and
(v) smart home appliances;
(E) encouraging such people to--
(i) regularly review mobile application
permissions;
(ii) decline privilege requests from mobile
applications that are unnecessary;
(iii) download applications only from
trusted vendors or sources; and
(iv) connect internet of things or devices
to a separate and dedicated network; and
(F) identifying the potential cybersecurity risks
of using publicly available Wi-Fi networks and the
methods a user may utilize to limit such risks; and
(2) direct people and businesses in the United States to
Federal resources to help mitigate the cybersecurity risks
identified in this subsection.
Calendar No. 221
117th CONGRESS
1st Session
S. 2699
_______________________________________________________________________
A BILL
To establish a cybersecurity literacy campaign, and for other purposes.
_______________________________________________________________________
December 17, 2021
Reported with an amendment