This week, some of the trending headlines highlighted action on Capitol Hill related to data privacy as well as warnings about cyber threats from China and the continuing failure to appoint a leader to one of the federal government’s leading cybersecurity agencies.
- Congress Considers Data Privacy
- China’s Cyber Threats & CISA’s Leadership Vacuum
Congress Considers Data Privacy
Lawmakers on both sides of the aisle weighed on data privacy issues this week, including broad-based data privacy laws and concerns about healthcare-related data protection:
- House Republicans introduced two sweeping bills this week to preempt state data privacy laws and enforce guardrails on how financial institutions and technology companies treat Americans’ data, according to an article by Weslan Hansen in MeriTalk.
- Privacy organizations and advocates raised concerns about one of those bills, The Secure Data Act, stating that it falls short in addressing the real-world consequences of weak data protections, particularly for people facing heightened risks, Keely Quinlan reported in StateScoop.
- Derek B. Johnson noted in CyberScoop that sponsors said the bill would allow consumers to opt out of data collection for individual businesses for the purposes of targeted advertising, selling to third parties or for use in automated decision making.
- In other news from the Hill related to data privacy, House Democrats called for a halt to White House plans to collect health data about federal workers from insurance companies, arguing the sensitive information could be used to target employees seeking care it disagrees with, according to coverage by Madison Alder in FedScoop.
- Speaking of protecting health data, former FBI cyber chief Cynthia Kaiser told Congress this week that the government should consider applying terrorism designations to ransomware actors who target hospitals and other critical, life-safety infrastructure, arguing a Bush-era terror financing authority could be applied beyond its traditional uses, David DiMolfetta reported in Nextgov/FCW.
- Covering Kaiser’s testimony for MeriTalk, Grace Dille noted Kaiser’s assertion that cybercriminals who target hospitals and other critical infrastructure systems put lives at risk and should face appropriate consequences.
- Tim Starks wrote in CyberScoop that members of the House Homeland Security Committee appeared receptive to the idea of a terrorism designation and are also considering pressing prosecutors to pursue homicide charges in attacks on hospitals where death resulted.
China’s Cyber Threats & CISA’s Leadership Vacuum
In cybersecurity news, we saw the administration’s focus veer somewhat from Iran to China. We also saw yet another setback in the attempt to appoint a leader at CISA:
- The White House Office of Science and Technology Policy (OSTP) this week accused China and other foreign entities of engaging in “deliberate, industrial-scale campaigns to distill U.S. frontier AI systems” and said it will take steps to safeguard domestic AI products, according to a piece by Edward Graham and DiMolfetta in Nextgov/FCW.
- MeriTalk’s Hansen quoted an OSTP memo to agencies which said the administration plans to address this threat by sharing information with U.S. AI companies about the foreign actors’ attempts to conduct distillation and enabling the private sector to better coordinate against those attacks.
- Mathew J. Schwartz reported in GovInfoSecurity that the U.S. joined other Western governments this week in sounding the alarm about Chinese nation-state threat actors funneling attacks through compromised edge devices such as home office routers, Internet of Things equipment and smart devices like web cameras, digital video recorders, firewalls as well as network-attached-storage devices.
- In response to the need to extend protection to non-IT devices, the National Institute of Standards and Technology’s cybersecurity hub is organizing a new project focused on helping critical infrastructure organizations gain better visibility into their operational technology environments, according to an article by Justin Doubleday in Federal News Network.
- MeriTalk’s Jerry Markon covered an advisory from the Cybersecurity and Infrastructure Security Agency (CISA) warning that China-linked groups are “moving away from the use of individually procured infrastructure, and towards the use of externally provisioned, large-scale networks of compromised devices.”
- In other CISA-related developments, Sean Plankey withdrew himself from consideration to lead the agency after a year of no Senate action taken on his nomination, Chris Riotta reported in GovInfoSecurity.
- Doubleday wrote in Federal News Network that Plankey’s withdrawal caps a frustrating saga for many cybersecurity experts, who thought he would help stabilize CISA amid a series of changes under the Trump administration.
- Starks noted in CyberScoop that numerous senators had placed holds on the nomination, including GOP senators who held him up over matters unrelated to cybersecurity.
Upcoming Industry Events
As always, we want to keep you up to speed on upcoming industry events you might find interesting. See our list below to find out what’s happening in the coming week:
- April 28: Workday Federal Forum, Workday, FedScoop, Waldorf Astoria, Washington, D.C.
- April 29: Uncharted Territory: A Revolutionary Approach to Acquisition, ACT-IAC, Carahsoft Collaboration & Conference Center, Reston, Virginia
- April 29-30: AI & Data Exchange 2026, Federal News Network, Virtual
If you would like your event included in this list, please fill out this form.
Finally, I invite you to listen to the latest episode of the Gov & Beyond podcast, featuring an interview with Jon Simkins, editor in chief of Military Timesand Defense News. In the interview, you can hear about Jon’s approach to covering military and defense issues as well as his views on the importance of good writing.
Thanks for reading. Please share this newsletter with your colleagues. Subscribe to this newsletter on LinkedIn or via the form below to receive it every week.