H.R. 2154

119th CONGRESS 1st Session

To establish a cybersecurity literacy campaign, and for other purposes.

IN THE HOUSE OF REPRESENTATIVES · March 14, 2025 · Sponsor: Mr. Obernolte · Committee: Committee on Energy and Commerce

Table of contents

• H.R. 2154
  • SEC. 1. Short title
  • SEC. 2. Sense of Congress
  • SEC. 3. Establishment of cybersecurity literacy campaign

SEC. 1. Short title

• This Act may be cited as the American Cybersecurity Literacy Act.

SEC. 2. Sense of Congress

• It is the sense of the Congress that the United States has a national security and economic interest in promoting cybersecurity literacy amongst the general public.

SEC. 3. Establishment of cybersecurity literacy campaign

• (a) In general
  • The Assistant Secretary shall develop and conduct a cybersecurity literacy campaign (which shall be available in multiple languages and formats, if practicable) to increase the knowledge and awareness of the American people of best practices to reduce cybersecurity risks.
• (b) Campaign requirements
  • In carrying out subsection (a), the Assistant Secretary shall—
    • educate the American people on how to prevent and mitigate cyberattacks and cybersecurity risks, including by—
      • instructing the American people on how to identify—
        • (i) phishing emails and messages; and
        • (ii) secure websites;
      • instructing the American people about the benefits of changing default passwords on hardware and software technology;
      • encouraging the use of cybersecurity tools, including—
        • (i) multi-factor authentication;
        • (ii) complex passwords;
        • (iii) anti-virus software;
        • (iv) patching and updating software and applications; and
        • (v) virtual private networks;
      • identifying the devices that could pose possible cybersecurity risks, including—
        • (i) personal computers;
        • (ii) smartphones;
        • (iii) tablets;
        • (iv) Wi-Fi routers;
        • (v) smart home appliances;
        • (vi) webcams;
        • (vii) internet-connected monitors; and
        • (viii) any other device that can be connected to the internet, including mobile devices other than smartphones and tablets;
      • encouraging Americans to—
        • (i) regularly review mobile application permissions;
        • (ii) decline privilege requests from mobile applications that are unnecessary;
        • (iii) download applications only from trusted vendors or sources; and
        • (iv) consider a product’s life cycle and the developer or manufacturer’s commitment to providing security updates during a connected device’s expected period of use; and
      • identifying the potential cybersecurity risks of using publicly available Wi-Fi networks and the methods a user may utilize to limit such risks; and
    • encourage the American people to use resources to help mitigate the cybersecurity risks identified in this subsection.
• (c) Assistant Secretary defined
  • In this section, the term Assistant Secretary means the Assistant Secretary of Commerce for Communications and Information.