This bill directs the Assistant Secretary of Commerce for Communications and Information to develop and run a cybersecurity literacy campaign for the American public. The campaign must be available in multiple languages and formats if practicable and focus on concrete steps people can take to reduce cybersecurity risks.
It covers recognizing phishing, identifying secure websites, changing default passwords, adopting security tools like MFA, using updates and antivirus software, and understanding the life-cycle of devices.
The bill aims to raise everyday cyber hygiene among individuals and households, with an emphasis on practical actions rather than abstract concepts. By teaching people how to manage device risk, review app permissions, and avoid unsafe networks, the campaign seeks to strengthen national security and economic resilience through improved public awareness.
At a Glance
What It Does
The Assistant Secretary shall develop and conduct a cybersecurity literacy campaign, available in multiple languages and formats if practicable, to educate the public on best practices to reduce cybersecurity risks.
Who It Affects
All American internet users, including households and individuals with common connected devices such as PCs, smartphones, routers, and smart devices.
Why It Matters
A broad public education effort can reduce cyber incidents by promoting practical protections—mitigating phishing, password misuse, and insecure setups—strengthening national security and the digital economy.
More articles like this one.
A weekly email with all the latest developments on this topic.
What This Bill Actually Does
The American Cybersecurity Literacy Act creates a federal effort to teach cybersecurity basics to the general public. The campaign will be run by the Assistant Secretary of Commerce for Communications and Information and should be accessible in multiple languages and formats when practicable.
Its goal is to provide concrete steps people can take to lower their exposure to cyber risks.
Key topics include how to spot phishing, how to recognize secure websites, and how to improve personal password hygiene through the use of multi-factor authentication, complex passwords, antivirus software, regular software updates, and the use of virtual private networks. The bill also directs education on identifying devices that pose cybersecurity risks—ranging from personal computers and smartphones to routers, smart home devices, webcams, and other internet-connected gear—and on prudent user practices like reviewing app permissions and avoiding unnecessary privilege requests.Finally, the bill highlights the risk associated with using public Wi‑Fi networks and urges people to use available resources to mitigate those risks.
The Act defines the Assistant Secretary’s role and sets the stage for a cross-cutting, nationwide effort to improve everyday cybersecurity literacy.
The Five Things You Need to Know
The bill requires the Assistant Secretary to establish and run a cybersecurity literacy campaign, available in multiple languages and formats if practicable.
The campaign must educate on phishing identification, secure websites, password hygiene (including multi-factor authentication), antivirus software, software updates, and VPNs.
It includes guidance on identifying risk-bearing devices (PCs, smartphones, tablets, routers, smart home devices, webcams, and other internet-connected devices).
It urges users to review mobile app permissions, decline unnecessary privileges, download only from trusted sources, and consider a device’s life cycle and security updates.
The campaign is led by the Assistant Secretary of Commerce for Communications and Information (as defined in the Act).
Section-by-Section Breakdown
Every bill we cover gets an analysis of its key sections.
Short Title
This section designates the act as the American Cybersecurity Literacy Act.
Sense of Congress
This section expresses the sense of Congress that promoting cybersecurity literacy is important for national security and the economy.
Establishment of the Campaign — General
This subparagraph requires the Assistant Secretary to develop and conduct a cybersecurity literacy campaign that is multilingual and available in multiple formats where practicable, aimed at increasing knowledge and awareness of best practices to reduce cybersecurity risks.
Campaign Requirements
This subparagraph lists the campaign’s substantive duties: educating the public on preventing and mitigating cyberattacks, identifying phishing and insecure websites, promoting password hygiene and the use of security tools (MFA, complex passwords, antivirus, patching, VPNs), identifying devices that pose cybersecurity risks, and encouraging the use of resources to mitigate identified risks.
Assistant Secretary Defined
This subsection defines the term Assistant Secretary as the Assistant Secretary of Commerce for Communications and Information, who will oversee the campaign.
This bill is one of many.
Codify tracks hundreds of bills on Technology across all five countries.
Explore Technology in Codify Search →Who Benefits and Who Bears the Cost
Every bill creates winners and losers. Here's who stands to gain and who bears the cost.
Who Benefits
- General American public and households gain practical cybersecurity knowledge to reduce risk from phishing, poor password practices, and insecure devices.
- Owners and users of common connected devices (PCs, smartphones, routers, smart home devices, webcams, etc.) obtain targeted guidance to protect their devices.
- Software and hardware manufacturers that maintain ongoing security updates may see increased demand for secure products and clearer expectations for product lifecycles.
- Cybersecurity educators and program developers can leverage multilingual content to reach diverse audiences.
- Public libraries and community organizations can disseminate multilingual materials to broaden access to cybersecurity education.
Who Bears the Cost
- Federal taxpayers fund the campaign and support its administration.
- The Department of Commerce—Office of the Assistant Secretary for Communications and Information—bears ongoing program administration costs.
- Device and software manufacturers may incur costs to maintain security updates across product lifecycles.
- Content creators and translators for multilingual materials incur production and localization costs.
- Local governments, libraries, and community organizations may incur costs to host, translate, or disseminate campaign materials.
Key Issues
The Core Tension
Balancing a nationwide public education mission with fiscal constraints and the need for measurable impact: can a single federal literacy campaign meaningfully change everyday cybersecurity behavior across diverse populations, devices, and communities while funding and governance remain clear and sustainable?
The bill envisions a broad, ongoing public education program without specifying appropriations or enforcement mechanisms. Implementation will depend on funding, staff capacity, and coordination with existing federal, state, and nonprofit channels.
The lack of detailed metrics, timelines, or accountable benchmarks means effectiveness will hinge on future guidance and budget decisions, potentially leading to duplication with private-sector efforts unless coordination is clarified.
Try it yourself.
Ask a question in plain English, or pick a topic below. Results in seconds.