[Congressional Bills 118th Congress]
[From the U.S. Government Publishing Office]
[S. 2201 Introduced in Senate (IS)]

<DOC>






118th CONGRESS
  1st Session
                                S. 2201

    To increase knowledge and awareness of best practices to reduce 
               cybersecurity risks in the United States.


_______________________________________________________________________


                   IN THE SENATE OF THE UNITED STATES

                             June 22, 2023

  Ms. Klobuchar (for herself and Mr. Thune) introduced the following 
 bill; which was read twice and referred to the Committee on Commerce, 
                      Science, and Transportation

_______________________________________________________________________

                                 A BILL


 
    To increase knowledge and awareness of best practices to reduce 
               cybersecurity risks in the United States.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``American Cybersecurity Literacy 
Act''.

SEC. 2. CYBERSECURITY LITERACY CAMPAIGN.

    (a) In General.--The Secretary of Commerce, in consultation with 
the Director of the Cybersecurity and Infrastructure Security Agency, 
shall develop and conduct a cybersecurity literacy campaign described 
in subsection (b), which the Secretary of Commerce shall make available 
in multiple languages and formats, if practicable, to increase the 
knowledge and awareness of citizens of the United States of best 
practices to reduce cybersecurity risks.
    (b) Elements.--In carrying out subsection (a), the Secretary of 
Commerce, in consultation with the Director of the Cybersecurity and 
Infrastructure Security Agency, shall--
            (1) educate citizens of the United States with respect to 
        how to prevent and mitigate a cyberattack or cybersecurity 
        risk, including by--
                    (A) instructing citizens of the United States with 
                respect to how to identify--
                            (i) a phishing email or message; and
                            (ii) a secure website;
                    (B) instructing citizens of the United States about 
                the benefits of changing default passwords on any 
                hardware or software technology;
                    (C) encouraging the use of cybersecurity tools, 
                including--
                            (i) multi-factor authentication;
                            (ii) a complex password;
                            (iii) anti-virus software;
                            (iv) patching or updating software and 
                        applications; and
                            (v) a virtual private network;
                    (D) identifying a device that could pose possible 
                cybersecurity risks, including--
                            (i) a personal computer;
                            (ii) a smartphone;
                            (iii) a tablet;
                            (iv) a Wi-Fi router;
                            (v) a smart home appliance;
                            (vi) a webcam;
                            (vii) an internet-connected monitor; or
                            (viii) any other device that can be 
                        connected to the internet, including any mobile 
                        device other than a smartphone or tablet;
                    (E) encouraging citizens of the United States to--
                            (i) regularly review mobile application 
                        permissions;
                            (ii) decline any privilege request from a 
                        mobile application that is unnecessary;
                            (iii) download an application only from a 
                        trusted vendor or source; and
                            (iv) consider the life cycle of a product 
                        and the commitment of a developer to providing 
                        security updates during the expected period of 
                        use of a connected device; and
                    (F) identifying any potential cybersecurity risk 
                related to using a publicly available Wi-Fi network and 
                any method a user may use to limit such risks; and
            (2) encourage citizens of the United States to use any 
        resource to help mitigate the cybersecurity risks described in 
        this subsection.
                                 <all>