[Congressional Bills 118th Congress]
[From the U.S. Government Publishing Office]
[S. 2201 Introduced in Senate (IS)]
<DOC>
118th CONGRESS
1st Session
S. 2201
To increase knowledge and awareness of best practices to reduce
cybersecurity risks in the United States.
_______________________________________________________________________
IN THE SENATE OF THE UNITED STATES
June 22, 2023
Ms. Klobuchar (for herself and Mr. Thune) introduced the following
bill; which was read twice and referred to the Committee on Commerce,
Science, and Transportation
_______________________________________________________________________
A BILL
To increase knowledge and awareness of best practices to reduce
cybersecurity risks in the United States.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``American Cybersecurity Literacy
Act''.
SEC. 2. CYBERSECURITY LITERACY CAMPAIGN.
(a) In General.--The Secretary of Commerce, in consultation with
the Director of the Cybersecurity and Infrastructure Security Agency,
shall develop and conduct a cybersecurity literacy campaign described
in subsection (b), which the Secretary of Commerce shall make available
in multiple languages and formats, if practicable, to increase the
knowledge and awareness of citizens of the United States of best
practices to reduce cybersecurity risks.
(b) Elements.--In carrying out subsection (a), the Secretary of
Commerce, in consultation with the Director of the Cybersecurity and
Infrastructure Security Agency, shall--
(1) educate citizens of the United States with respect to
how to prevent and mitigate a cyberattack or cybersecurity
risk, including by--
(A) instructing citizens of the United States with
respect to how to identify--
(i) a phishing email or message; and
(ii) a secure website;
(B) instructing citizens of the United States about
the benefits of changing default passwords on any
hardware or software technology;
(C) encouraging the use of cybersecurity tools,
including--
(i) multi-factor authentication;
(ii) a complex password;
(iii) anti-virus software;
(iv) patching or updating software and
applications; and
(v) a virtual private network;
(D) identifying a device that could pose possible
cybersecurity risks, including--
(i) a personal computer;
(ii) a smartphone;
(iii) a tablet;
(iv) a Wi-Fi router;
(v) a smart home appliance;
(vi) a webcam;
(vii) an internet-connected monitor; or
(viii) any other device that can be
connected to the internet, including any mobile
device other than a smartphone or tablet;
(E) encouraging citizens of the United States to--
(i) regularly review mobile application
permissions;
(ii) decline any privilege request from a
mobile application that is unnecessary;
(iii) download an application only from a
trusted vendor or source; and
(iv) consider the life cycle of a product
and the commitment of a developer to providing
security updates during the expected period of
use of a connected device; and
(F) identifying any potential cybersecurity risk
related to using a publicly available Wi-Fi network and
any method a user may use to limit such risks; and
(2) encourage citizens of the United States to use any
resource to help mitigate the cybersecurity risks described in
this subsection.
<all>