At a glance.

• Could the American Data Privacy and Protection Act be the US’s GDPR?
• White House signs three cybersecurity bills.
• US senator tasks Cybercom with election security reporting.
• US Navy sets its sights on cybersecurity.

Could the American Data Privacy and Protection Act be the US’s GDPR?

The US has yet to pass an overarching privacy law at the federal level. In an attempt to remedy this, bipartisan House and Senate leaders on June 3 released a draft discussion bill called the American Data Privacy and Protection Act (ADPPA), a wide-ranging measure that is being compared to the EU’s General Data Protection Regulation. CSO Online explains that the bill would cover all entities subject to the jurisdiction of the Federal Trade Commission (FTC) that collect, process, or transfer covered data. As well, the bill would make these entities responsible for ensuring they do not unnecessarily collect or use covered data, regardless of user consent or transparency. Though many influential lawmakers support the bill, the ADPPA is already experiencing pushback. The US Chamber of Commerce called the bill “unworkable,” as some parties are concerned that the bill would give individuals the right to sue companies that don’t abide by the legislation’s provisions, and the fact that the bill would preempt state and local privacy laws has also caused friction. The House Energy and Commerce Subcommittee on Consumer Protection and Commerce was scheduled to mark up the bill yesterday, and a full committee markup is expected after the July 4 recess.

White House signs three cybersecurity bills.

MSSP Alert reports that the Biden administration has passed three bipartisan cybersecurity bills focused on protecting federal information technology supply chains by fostering coordination between the Cybersecurity and Infrastructure Security Agency (CISA) and state and local governments. The State and Local Government Cybersecurity Act will require CISA to supply state and local actors with access to enhanced security tools, policies, and procedures, and encourages CISA to collaborate on implementation through joint cybersecurity exercises. Representative Joe Neguse said of the measure, “For hackers, state and local governments are an attractive target — we must increase support to these entities so that they can strengthen their systems and better defend themselves from harmful cyber-attacks,” Dark Reading reports. The Federal Rotational Cyber Workforce Program Act establishes a civilian rotation initiative that will allow cybersecurity professionals to expand their experiences and skill sets by working short stints in various government agencies. And the Supply Chain Security Training Act tasks the General Services Administration with instituting a supply chain security training program in coordination with the Department of Homeland Security, Department of Defense, and the Office of Management and Budget. 

US senator tasks Cybercom with election security reporting.

Maine Senator Angus King of the US state of Maine is pushing for a measure that would require US Cyber Command (Cybercom) to publish two unclassified reports connected with each biennial election. The first report would focus on assessing foreign threats before an election takes place, and the second would be a post-election assessment of voting security. King, who is also Co-chair of Cyberspace Solarium, told the Washington Post, “We want to be kept informed of what the threats are, how they’re developing, what direction they’re taking. We also want to be able to reassure people about the security of our elections.” Public confidence in election security has plummeted in recent years, and King asserts that having the assessment come from a trusted, independent source like Cybercom – as well as making the information as transparent and accessible as possible – could rebuild Americans’ faith in the election process. To improve the measure’s chance of passage, King included it in the National Defense Authorization Act (NDAA), an annual must-pass defense policy bill that both Republicans and Democrats already support. 

US Navy sets its sights on cybersecurity.

As the battlespace and cyberspace increasingly overlap, the US Department of the Navy is preparing to publish a unified cybersecurity strategy and vision statement, FedScoop reports. According to the Navy’s Principal Cyber Advisor (PCA) Chris Cleary, the mission’s overriding motto will be “secure, survive and strike.” When he became PCA in 2020, Cleary was tasked with collaborating with the Navy’s chief information officer to create a clear, comprehensive cybersecurity mission statement, and after years in development, the document is currently being reviewed, with hopes that it will be published next month. The strategy’s aim is to supply Navy personnel with guidance on enabling cyber forces, acquiring the necessary tools, and securing critical infrastructure. Cleary explained that the Navy is already up to speed when it comes to enterprise information technology, so now it’s time to focus on “critical infrastructure, weapon systems and the security of weapons systems, and then ultimately how we embrace cyber as a warfighting domain in the service.”