[House Report 117-155]
[From the U.S. Government Publishing Office]


117th Congress    }                                   {      Report
                        HOUSE OF REPRESENTATIVES
 1st Session      }                                   {      117-155

======================================================================



 
                  AMERICAN CYBERSECURITY LITERACY ACT

                                _______
                                

October 26, 2021.--Committed to the Committee of the Whole House on the 
              State of the Union and ordered to be printed

                                _______
                                

 Mr. Pallone, from the Committee on Energy and Commerce, submitted the 
                               following

                              R E P O R T

                        [To accompany H.R. 4055]

    The Committee on Energy and Commerce, to whom was referred 
the bill (H.R. 4055) to establish a cybersecurity literacy 
campaign, and for other purposes, having considered the same, 
reports favorably thereon with an amendment and recommends that 
the bill as amended do pass.

                                CONTENTS

                                                                   Page
  I. Purpose and Summary..............................................2
 II. Background and Need for the Legislation..........................2
III. Committee Hearings...............................................3
 IV. Committee Consideration..........................................3
  V. Committee Votes..................................................4
 VI. Oversight Findings...............................................4
VII. New Budget Authority, Entitlement Authority, and Tax Expenditures4
VIII.Federal Mandates Statement.......................................4

 IX. Statement of General Performance Goals and Objectives............4
  X. Duplication of Federal Programs..................................4
 XI. Committee Cost Estimate..........................................4
XII. Earmarks, Limited Tax Benefits, and Limited Tariff Benefits......5
XIII.Advisory Committee Statement.....................................5

XIV. Applicability to Legislative Branch..............................5
 XV. Section-by-Section Analysis of the Legislation...................5
XVI. Changes in Existing Law Made by the Bill, as Reported............5

    The amendment is as follows:
  Strike all after the enacting clause and insert the 
following:

SECTION 1. SHORT TITLE.

  This Act may be cited as the ``American Cybersecurity Literacy Act''.

SEC. 2. SENSE OF CONGRESS.

  It is the sense of the Congress that the United States has a national 
security and economic interest in promoting cybersecurity literacy 
amongst the general public.

SEC. 3. ESTABLISHMENT OF CYBERSECURITY LITERACY CAMPAIGN.

  (a) In General.--The Assistant Secretary shall develop and conduct a 
cybersecurity literacy campaign (which shall be available in multiple 
languages and formats, if practicable) to increase the knowledge and 
awareness of the American people of best practices to reduce 
cybersecurity risks.
  (b) Campaign.--To reduce cybersecurity risks, the Assistant Secretary 
shall--
          (1) educate the American people on how to prevent and 
        mitigate cyberattacks and cybersecurity risks, including by--
                  (A) instructing the American people on how to 
                identify--
                          (i) phishing emails and messages; and
                          (ii) secure websites;
                  (B) instructing the American people about the 
                benefits of changing default passwords on hardware and 
                software technology;
                  (C) encouraging the use of cybersecurity tools, 
                including--
                          (i) multi-factor authentication;
                          (ii) complex passwords;
                          (iii) anti-virus software;
                          (iv) patching and updating software and 
                        applications; and
                          (v) virtual private networks;
                  (D) identifying the devices that could pose possible 
                cybersecurity risks, including--
                          (i) personal computers;
                          (ii) smartphones;
                          (iii) tablets;
                          (iv) Wi-Fi routers;
                          (v) smart home appliances;
                          (vi) webcams;
                          (vii) internet-connected monitors; and
                          (viii) any other device that can be connected 
                        to the internet, including mobile devices other 
                        than smartphones and tablets;
                  (E) encouraging Americans to--
                          (i) regularly review mobile application 
                        permissions;
                          (ii) decline privilege requests from mobile 
                        applications that are unnecessary;
                          (iii) download applications only from trusted 
                        vendors or sources; and
                          (iv) consider a product's life cycle and the 
                        developer or manufacturer's commitment to 
                        providing security updates during a connected 
                        device's expected period of use; and
                  (F) identifying the potential cybersecurity risks of 
                using publicly available Wi-Fi networks and the methods 
                a user may utilize to limit such risks; and
          (2) encourage the American people to use resources to help 
        mitigate the cybersecurity risks identified in this subsection.
  (c) Assistant Secretary Defined.--In this section, the term 
``Assistant Secretary'' means the Assistant Secretary of Commerce for 
Communications and Information.

                         I. PURPOSE AND SUMMARY

    H.R. 4055, the ``American Cybersecurity Literacy Act,'' 
would require the National Telecommunications and Information 
Administration (NTIA) to develop and conduct a cybersecurity 
literacy campaign to educate individuals about common 
cybersecurity risks and best practices.

                II. BACKGROUND AND NEED FOR LEGISLATION

    Cybersecurity threats targeting the American public 
continue to become more common as our economy has moved 
increasingly online.\1\ Although hackers often target 
businesses or other commercial entities, American individuals 
remain a common target for cyber criminals.\2\ By educating 
Americans on best practices to improve their awareness of 
common cybersecurity measures, it is expected that the overall 
impact of cyberattacks will be mitigated.
---------------------------------------------------------------------------
    \1\CISA, Cybersecurity, Combating Cyber Crime (Nov. 20, 2018) 
(www.cisa.gov/combating-cyber-crime).
    \2\CISA, Cyber Safety (Feb. 27, 2019) (www.cisa.gov/cyber-safety).
---------------------------------------------------------------------------

                        III. COMMITTEE HEARINGS

    For the purposes of clause 3(c) of rule XIII of the Rules 
of the House of Representatives, the following hearings were 
used to develop or consider H.R. 4055:
    The Subcommittee on Communications and Technology held a 
hearing on April 21, 2021, entitled ``Leading the Wireless 
Future: Securing American Network Technology.'' The 
Subcommittee received testimony from the following witnesses:
           John Baker, Senior Vice President, Business 
        Development, Mavenir;
           John Mezzalingua, Chief Executive Officer, 
        JMA Wireless;
           Tim Donovan, SVP, Legislative Affairs, 
        Competitive Carriers Association;
           Tareq Amin, EVP and Group Chief Technology 
        Officer, Rakuten Mobile; and
           Diane Rinaldo, Executive Director, Open RAN 
        Policy Coalition.
    The Subcommittee on Communications and Technology held a 
legislative hearing on June 30, 2021, entitled ``A Safe 
Wireless Future: Securing our Networks and Supply Chains.'' The 
Subcommittee received testimony from the following witnesses:
           Dileep Srihari, Senior Policy Counsel, 
        Access Partnership;
           Dean Brenner, SVP, Spectrum Strategy & Tech 
        Policy, Qualcomm Incorporated;
           Jason Boswell, Head of Security, Network 
        Product Solutions, N.A., Ericsson; and
           Clete Johnson, Senior Fellow, Strategic 
        Technologies Program, Center for Strategic and 
        International Studies.

                      IV. COMMITTEE CONSIDERATION

    Representatives Adam Kinzinger (R-IL), Anna Eshoo (D-CA), 
Gus Bilirakis (R-FL), Marc Veasey (R-TX), and Chrissy Houlahan 
(D-PA) introduced H.R. 4055, the ``American Cybersecurity 
Literacy Act,'' on June 22, 2021, and it was referred to the 
Committee on Energy and Commerce. Subsequently, on June 23, 
2021, H.R. 4055 was referred to the Subcommittee on 
Communications and Technology. A legislative hearing was held 
on the bill on June 30, 2021. H.R. 4055 was discharged from the 
Subcommittee on Communications and Technology on July 20, 2021.
    On July 21, 2021, the full Committee met in open markup 
session, pursuant to notice, to consider H.R. 4055 and 23 other 
bills. During consideration of the bill, an amendment in the 
nature of a substitute (AINS) offered by Representative 
Kinzinger was agreed to by a voice vote. An amendment to the 
AINS, offered by Representative Eshoo, was agreed to by a voice 
vote. Upon conclusion of consideration of the bill, the full 
Committee agreed to a motion on final passage offered by 
Representative Pallone (D-NJ), Chairman of the Committee, to 
order H.R. 4055 reported favorably to the House, amended, by a 
voice vote.

                           V. COMMITTEE VOTES

    Clause 3(b) of rule XIII of the Rules of the House of 
Representatives requires the Committee to list each record vote 
on the motion to report legislation and amendments thereto. The 
Committee advises that there were no record votes taken on H.R. 
4055, including a motion by Mr. Pallone ordering H.R. 4055 
favorably reported to the House, amended.

                         VI. OVERSIGHT FINDINGS

    Pursuant to clause 3(c)(1) of rule XIII and clause 2(b)(1) 
of rule X of the Rules of the House of Representatives, the 
oversight findings and recommendations of the Committee are 
reflected in the descriptive portion of the report.

 VII. NEW BUDGET AUTHORITY, ENTITLEMENT AUTHORITY, AND TAX EXPENDITURES

    Pursuant to 3(c)(2) of rule XIII of the Rules of the House 
of Representatives, the Committee adopts as its own the 
estimate of new budget authority, entitlement authority, or tax 
expenditures or revenues contained in the cost estimate 
prepared by the Director of the Congressional Budget Office 
pursuant to section 402 of the Congressional Budget Act of 
1974.
    The Committee has requested but not received from the 
Director of the Congressional Budget Office a statement as to 
whether this bill contains any new budget authority, spending 
authority, credit authority, or an increase or decrease in 
revenues or tax expenditures.

                    VIII. FEDERAL MANDATES STATEMENT

    The Committee adopts as its own the estimate of Federal 
mandates prepared by the Director of the Congressional Budget 
Office pursuant to section 423 of the Unfunded Mandates Reform 
Act.

       IX. STATEMENT OF GENERAL PERFORMANCE GOALS AND OBJECTIVES

    Pursuant to clause 3(c)(4) of rule XIII, the general 
performance goal or objective of this legislation is to require 
the National Telecommunications Information Administration to 
develop and conduct a cybersecurity literacy campaign to 
educate U.S. individuals about common cybersecurity risks and 
best practices.

                   X. DUPLICATION OF FEDERAL PROGRAMS

    Pursuant to clause 3(c)(5) of rule XIII, no provision of 
H.R. 4055 is known to be duplicative of another Federal 
program, including any program that was included in a report to 
Congress pursuant to section 21 of Public Law 111-139 or the 
most recent Catalog of Federal Domestic Assistance.

                      XI. COMMITTEE COST ESTIMATE

    Pursuant to clause 3(d)(1) of rule XIII, the Committee 
adopts as its own the cost estimate prepared by the Director of 
the Congressional Budget Office pursuant to section 402 of the 
Congressional Budget Act of 1974.

    XII. EARMARKS, LIMITED TAX BENEFITS, AND LIMITED TARIFF BENEFITS

    Pursuant to clause 9(e), 9(f), and 9(g) of rule XXI, the 
Committee finds that H.R. 4055 contains no earmarks, limited 
tax benefits, or limited tariff benefits.

                   XIII. ADVISORY COMMITTEE STATEMENT

    No advisory committee within the meaning of section 5(b) of 
the Federal Advisory Committee Act was created by this 
legislation.

                XIV. APPLICABILITY TO LEGISLATIVE BRANCH

    The Committee finds that the legislation does not relate to 
the terms and conditions of employment or access to public 
services or accommodations within the meaning of section 
102(b)(3) of the Congressional Accountability Act.

           XV. SECTION-BY-SECTION ANALYSIS OF THE LEGISLATION

Section 1. Short title

    Section 1 designates that the short title may be cited as 
the ``American Cybersecurity Literacy Act.''

Sec. 2. Sense of Congress

    This section states that it is the sense of the Congress 
that the United States has a national security and economic 
interest in promoting cybersecurity literacy among the general 
public.

Sec. 3. Establishment of cybersecurity literacy campaign

    This section requires the National Telecommunications 
Information Administration (NTIA) to develop and conduct a 
cybersecurity literacy campaign to educate United States 
individuals about common cybersecurity risks and best 
practices.

       XVI. CHANGES IN EXISTING LAW MADE BY THE BILL, AS REPORTED

    There are no changes to existing law made by the bill H.R. 
4055.

                                  [all]