[Congressional Bills 118th Congress]
[From the U.S. Government Publishing Office]
[S. 2201 Reported in Senate (RS)]
<DOC>
Calendar No. 291
118th CONGRESS
1st Session
S. 2201
To increase knowledge and awareness of best practices to reduce
cybersecurity risks in the United States.
_______________________________________________________________________
IN THE SENATE OF THE UNITED STATES
June 22, 2023
Ms. Klobuchar (for herself and Mr. Thune) introduced the following
bill; which was read twice and referred to the Committee on Commerce,
Science, and Transportation
December 13, 2023
Reported by Ms. Cantwell, with an amendment
[Strike out all after the enacting clause and insert the part printed
in italic]
_______________________________________________________________________
A BILL
To increase knowledge and awareness of best practices to reduce
cybersecurity risks in the United States.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
<DELETED>SECTION 1. SHORT TITLE.</DELETED>
<DELETED> This Act may be cited as the ``American Cybersecurity
Literacy Act''.</DELETED>
<DELETED>SEC. 2. CYBERSECURITY LITERACY CAMPAIGN.</DELETED>
<DELETED> (a) In General.--The Secretary of Commerce, in
consultation with the Director of the Cybersecurity and Infrastructure
Security Agency, shall develop and conduct a cybersecurity literacy
campaign described in subsection (b), which the Secretary of Commerce
shall make available in multiple languages and formats, if practicable,
to increase the knowledge and awareness of citizens of the United
States of best practices to reduce cybersecurity risks.</DELETED>
<DELETED> (b) Elements.--In carrying out subsection (a), the
Secretary of Commerce, in consultation with the Director of the
Cybersecurity and Infrastructure Security Agency, shall--</DELETED>
<DELETED> (1) educate citizens of the United States with
respect to how to prevent and mitigate a cyberattack or
cybersecurity risk, including by--</DELETED>
<DELETED> (A) instructing citizens of the United
States with respect to how to identify--</DELETED>
<DELETED> (i) a phishing email or message;
and</DELETED>
<DELETED> (ii) a secure website;</DELETED>
<DELETED> (B) instructing citizens of the United
States about the benefits of changing default passwords
on any hardware or software technology;</DELETED>
<DELETED> (C) encouraging the use of cybersecurity
tools, including--</DELETED>
<DELETED> (i) multi-factor
authentication;</DELETED>
<DELETED> (ii) a complex password;</DELETED>
<DELETED> (iii) anti-virus
software;</DELETED>
<DELETED> (iv) patching or updating software
and applications; and</DELETED>
<DELETED> (v) a virtual private
network;</DELETED>
<DELETED> (D) identifying a device that could pose
possible cybersecurity risks, including--</DELETED>
<DELETED> (i) a personal computer;</DELETED>
<DELETED> (ii) a smartphone;</DELETED>
<DELETED> (iii) a tablet;</DELETED>
<DELETED> (iv) a Wi-Fi router;</DELETED>
<DELETED> (v) a smart home
appliance;</DELETED>
<DELETED> (vi) a webcam;</DELETED>
<DELETED> (vii) an internet-connected
monitor; or</DELETED>
<DELETED> (viii) any other device that can
be connected to the internet, including any
mobile device other than a smartphone or
tablet;</DELETED>
<DELETED> (E) encouraging citizens of the United
States to--</DELETED>
<DELETED> (i) regularly review mobile
application permissions;</DELETED>
<DELETED> (ii) decline any privilege request
from a mobile application that is
unnecessary;</DELETED>
<DELETED> (iii) download an application only
from a trusted vendor or source; and</DELETED>
<DELETED> (iv) consider the life cycle of a
product and the commitment of a developer to
providing security updates during the expected
period of use of a connected device;
and</DELETED>
<DELETED> (F) identifying any potential
cybersecurity risk related to using a publicly
available Wi-Fi network and any method a user may use
to limit such risks; and</DELETED>
<DELETED> (2) encourage citizens of the United States to use
any resource to help mitigate the cybersecurity risks described
in this subsection.</DELETED>
SECTION 1. SHORT TITLE.
This Act may be cited as the ``American Cybersecurity Literacy
Act''.
SEC. 2. CYBERSECURITY LITERACY CAMPAIGN.
(a) In General.--The Director of the National Institute of
Standards and Technology shall, in consultation with the Director of
the Cybersecurity and Infrastructure Security Agency, develop and
conduct a cybersecurity literacy campaign described in subsection (b),
which the Director of the National Institute of Standards and
Technology shall make available in multiple languages and formats, if
practicable, to increase the knowledge and awareness of citizens of the
United States of best practices to reduce cybersecurity risks.
(b) Elements.--In carrying out subsection (a), the Director of the
National Institute of Science and Technology, in consultation with the
Director of the Cybersecurity and Infrastructure Security Agency,
shall--
(1) educate citizens of the United States with respect to
how to prevent and mitigate a cyberattack or cybersecurity
risk, including by--
(A) instructing citizens of the United States with
respect to how to identify--
(i) a phishing email or message; and
(ii) a secure website;
(B) instructing citizens of the United States about
the benefits of changing default passwords on any
hardware or software technology;
(C) encouraging the use of cybersecurity tools,
including--
(i) multi-factor authentication;
(ii) a complex password;
(iii) anti-virus software;
(iv) patching or updating software and
applications; and
(v) a virtual private network;
(D) identifying a device that could pose possible
cybersecurity risks, including--
(i) a personal computer;
(ii) a smartphone;
(iii) a tablet;
(iv) a Wi-Fi router;
(v) a smart home appliance;
(vi) a webcam;
(vii) an internet-connected monitor; or
(viii) any other device that can be
connected to the internet, including any mobile
device other than a smartphone or tablet;
(E) encouraging citizens of the United States to--
(i) regularly review mobile application
permissions;
(ii) decline any privilege request from a
mobile application that is unnecessary;
(iii) download an application only from a
trusted vendor or source; and
(iv) consider the life cycle of a product
and the commitment of a developer to providing
security updates during the expected period of
use of a connected device; and
(F) identifying any potential cybersecurity risk
related to using a publicly available Wi-Fi network and
any method a user may use to limit such risks; and
(2) encourage citizens of the United States to use any
resource that is developed as a result of this literacy
campaign to help mitigate the cybersecurity risks described in
this subsection.
(c) Existing Authorized Amounts.--No additional funds are
authorized to be appropriated for the purpose of carrying out this Act.
Calendar No. 291
118th CONGRESS
1st Session
S. 2201
_______________________________________________________________________
A BILL
To increase knowledge and awareness of best practices to reduce
cybersecurity risks in the United States.
_______________________________________________________________________
December 13, 2023
Reported with an amendment