National Cybersecurity Awareness Act

National Cybersecurity Awareness Act

This bill requires the Cybersecurity and Infrastructure Security Agency (CISA) of the Department of Homeland Security to lead and coordinate federal efforts to promote national cybersecurity awareness and to establish a program for planning and coordinating federal cybersecurity awareness campaigns.

CISA must also inform nonfederal entities of voluntary cyber hygiene best practices, including information on how to prevent cyberattacks and mitigate cybersecurity risks.

Further, CISA shall consult with private sector entities, state, local, tribal, and territorial governments, academia, and civil society to

• promote cyber hygiene best practices, including by focusing on tactics that are cost effective and result in significant cybersecurity improvement;
• promote awareness of cybersecurity risks and mitigation with respect to malicious applications on internet-connected devices;
• help consumers identify products that are designed to support user and product security;
• coordinate with other federal agencies and departments to promote relevant cybersecurity-related awareness activities and ensure the federal government is coordinated in communicating accurate and timely cybersecurity information; and
• expand nontraditional outreach mechanisms to ensure that entities including low-income and rural communities, small and medium- sized businesses and institutions, and state, local, tribal, and territorial partners receive cybersecurity awareness outreach in an equitable manner.

CISA must (1) report within 180 days after this bill's enactment and annually thereafter regarding the campaign program; and (2) develop and maintain a central repository for its resources, tools, and public communications that promote cybersecurity awareness.