tag:blogger.com,1999:blog-91225149746590833422024-03-19T06:18:08.145-04:00Chemical Facility Security NewsNews and views about chemical facility security, transportation of hazardous chemicals, and the federal laws and rules governing the same.PJCoylehttp://www.blogger.com/profile/03390039682578324978noreply@blogger.comBlogger10718125tag:blogger.com,1999:blog-9122514974659083342.post-80437734966259823742024-03-18T22:41:00.003-04:002024-03-18T22:41:24.389-04:00Short Takes – 3-18-24 <p class="MsoNormal"><b>Iceland Volcano Erupts in Plumes of Fire With Little
Notice</b>. NYTimes.com <a href="https://www.nytimes.com/2024/03/17/world/europe/iceland-volcano-eruption.html">article</a>.
Pull quote: “Lava fountains burst out of the ground, and a nearly two-mile-long
fissure opened up on the Reykjanes Peninsula around 8:30 p.m., the Icelandic
Meteorological Office said. The eruption occurred near the town of Grindavik,
the Svartsengi Power Plant and the Blue Lagoon, one of Iceland’s most famous
tourist attractions.”</p>
<p class="MsoNormal"><b>US government agencies demand fixable ice cream machines</b>.
ArsTechnica.com <a href="https://arstechnica.com/tech-policy/2024/03/ftc-and-doj-want-to-free-mcdonalds-ice-cream-machines-from-dmca-repair-rules/">article</a>.
Pull quote: “Every three years, the Copyright Office allows for petitions to
exempt certain exceptions to DMCA violations (and renew prior exemptions).
Repair advocates have won exemptions for farm equipment repair, video game
consoles, cars, and certain medical gear. The exemption is often granted for
device fixing if a repair person can work past its locks, but not for the
distribution of tools that would make such a repair far easier. The esoteric
nature of such "release valve" offerings has led groups like the EFF
to push for the DMCA's abolishment.”</p>
<p class="MsoNormal"><b>NASA investigating 2023 theft of astronaut training
devices</b>. FedScoop.com <a href="https://fedscoop.com/nasa-investigating-2023-theft-of-astronaut-training-devices/">article</a>.
Pull quote: “The topic has continued to come up. In 2014, a NASA OIG report
found the agency did not, at the time, have an accurate inventory of mobile
devices, including tablets. A 2021 NASA OIG report focused on the space
agency’s cyber readiness, noting that lost and stolen equipment can be a
“common attack vector” for cyber incidents and pointed to hundreds of instances
of “loss/theft of equipment” annually.”</p>
<p class="MsoNormal"><b>Cybersecurity Professional Engineer (my title)</b>.
LinkedIn.com/Pulse <a href="https://www.linkedin.com/pulse/1337-h4x0r-pe-darren-highfill-pwc4e/">post</a>.
Pull quote: “A Cybersecurity Professional Engineer certification would force
process change. The Cyber PE is not going to put their signature on anything
that leaves them with doubt because their livelihood and freedom are on the
line. Just ask any of the other licensed PE disciplines Want me to sign off on
this system implementation? I need visibility and understanding of the design
intent, development, and implementation of every element in the system, which
means bringing me in when the business idea starts.”</p>
<p class="MsoNormal"><b>Urban humans have lost much of their ability to digest
plants</b>. ArsTechnica.com <a href="https://arstechnica.com/science/2024/03/human-gut-bacteria-that-can-digest-plant-matter-probably-came-from-cows/">article</a>.
Pull quote: “In addition, many gut bacteria use the energy they get from our
food to produce chemicals that are helpful to humans—which may help explain
some of the benefits of high-fiber diets. So, while these bacteria may be a
minor component of our ability to process food, we may still learn that they
make critical contributions to our health.”</p>
<p class="MsoNormal"><b>Congress scrambles to avert shutdown after weekend delay</b>.
TheHill.com <a href="https://thehill.com/homenews/house/4538491-congress-scrambles-to-avert-shutdown-after-weekend-delay/">article</a>.
Pull quote: “Top leaders planned to roll out their funding deal on Sunday,
which included a package of five appropriations bills and a continuing
resolution to fund DHS through the end of the fiscal year, which ends on Sept.
30. Appropriators had to turn to a stopgap for DHS amid deep disagreements
between the two parties over immigration and border security.”</p>
<p class="MsoNormal"><b>NIST NVD Halt Leaves Thousands of Vulnerabilities
Untagged</b>. HackRead.com <a href="https://www.hackread.com/nist-nvd-halt-leaves-vulnerabilities-untagged/#google_vignette">article</a>.
Pull quote: “As pointed out by a report referring to NetRise CEO Tom Pace,
reported that only 200 out of 2700 Common Vulnerabilities and Exposures (CVEs)
have been enriched. This means over 2500 vulnerabilities added to the database
have been uploaded without crucial metadata information.”</p>
<p class="MsoNormal"><b>White House, Johnson close out Homeland Security
negotiations holding up final funding deal</b>. Politico.com <a href="https://www.politico.com/live-updates/2024/03/18/congress/homeland-funding-fix-00147684">article</a>.
Pull quote: “Legislative text of the six-bill funding bundle is now expected
late Tuesday or Wednesday, potentially teeing up a House vote on Friday at the
earliest, if Speaker Mike Johnson adheres to a pledge to give Republicans 72
hours to review legislative text. Once the package passes the House, Senate
leaders will need consent from all 100 senators to ensure speedy votes on the
spending package. That task is already expected to be politically tricky, with
Republicans likely to demand a swath of amendment votes on issues ranging from
immigration to earmarks.”</p>
<p class="MsoNormal"><b>Starship successfully makes orbit – but the FAA has
grounded it anyway</b>. NewAtlas.com <a href="https://newatlas.com/space/starship-the-worlds-largest-most-powerful-rocket-reaches-orbit/">article</a>.
Pull quote: “"A return to flight is based on the FAA determining that any
system, process, or procedure related to the mishap does not affect public
safety," reads the <a href="https://www.faa.gov/newsroom/statements" target="_blank">FAA statement</a>. "In addition, SpaceX may need to modify
its license to incorporate any corrective actions and meet all other licensing
requirements."”</p>
<p class="MsoNormal"><b>Debris from burning satellites could be affecting Earth's
magnetic field</b>. Space.com <a href="https://www.space.com/satellites-re-entering-magnetosphere-effects-study">article</a>.
Pull quote: “"Satellites are mostly made of aluminum and aluminum is a
superconductor," Solter-Hunt said. "Superconductors are used for
blocking, distorting or shielding of magnetic fields. My concern is that at
some point in the future, this conductive dust could create some perturbations
in the magnetosphere."”<o:p></o:p></p>PJCoylehttp://www.blogger.com/profile/03390039682578324978noreply@blogger.com0tag:blogger.com,1999:blog-9122514974659083342.post-26301098178743819442024-03-18T10:03:00.000-04:002024-03-18T10:03:00.772-04:00Review – S 3792 Introduced – Technology Workforce<p class="MsoNormal"></p><p class="MsoNormal">Last month, Sen Peters introduced S 3792, the Technology
Workforce Framework Act of 2024. The bill would add development of workforce frameworks
to the description of duties for NIST as well as updating the <a href="https://www.nist.gov/itl/applied-cybersecurity/nice/nice-framework-resource-center">NICE
Workforce</a> Development for Cybersecurity and requiring the development of a
new workforce framework for artificial intelligence. No new funding is
authorized by this legislation.</p>
<h2>Moving Forward</h2>
<p class="MsoNormal">Peters, and his sole cosponsor {Sen Schmitt (R,MO)} are
members of the Senate Commerce, Science, and Transportation Committee to which
this bill was assigned for consideration. This means that there may be
sufficient influence to see the bill considered in Committee. I see nothing in
this bill that would engender any organized opposition. I suspect that there
would be bipartisan support for the bill. This bill is not politically
important enough for it to be considered by the full Senate. While the bill
might be able to move forward under the unanimous consent process (a
politically fraught process at the best of times), it would be more likely to
advance as a floor amendment to a larger bill.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">For more details about the provisions of this bill, see my
article at CFSN Detailed Analysis - <a href="https://patrickcoyle.substack.com/p/s-3792-introduced">https://patrickcoyle.substack.com/p/s-3792-introduced</a>
- subscription required.<o:p></o:p></p><br /><p></p>PJCoylehttp://www.blogger.com/profile/03390039682578324978noreply@blogger.com0tag:blogger.com,1999:blog-9122514974659083342.post-8628198984555346772024-03-18T07:27:00.000-04:002024-03-18T07:27:03.762-04:00VA Adopts CISA’s Software Attestation Form<p class="MsoNormal">On Friday, the OMB’s Office of Information and Regulatory
Affairs (OIRA) <a href="https://www.reginfo.gov/public/do/PRAViewRCF?ref_nbr=202403-2900-002CF">announced</a>
that it had approved a request for common form (RCF) use from the Veterans Administration
for “Secure Software Self-Attestation Common Form”. This CISA sponsored form <a href="https://chemical-facility-security-news.blogspot.com/2024/03/omb-approves-cisa-software-attestation.html">was
approved</a> last week. Agencies wanting to use the form now must submit a <a href="file:///C:/Users/pjcoy/Downloads/ROCIS_How_to_Guide_for_AGENCY_Users_of_ICR_Module-110422.pdf">request
to OIRA</a> (pg 90) to use that form, providing a one-time burden estimate. The
VA is one of the first agencies to complete an RCF for this form.</p>
<p class="MsoNormal">The VA’s burden estimate (based upon CISA’s estimates of
time per response):</p>
<table border="1" cellpadding="0" cellspacing="0" class="MsoTableGrid" style="border-collapse: collapse; border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 0in 5.4pt 0in 5.4pt; mso-yfti-tbllook: 1184;">
<tbody><tr style="mso-yfti-firstrow: yes; mso-yfti-irow: 0;">
<td style="border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 94.25pt;" valign="top" width="126">
<p class="MsoNormal" style="line-height: normal;">Burden Estimate<o:p></o:p></p>
</td>
<td style="border-left: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 40.5pt;" valign="top" width="54">
<p align="right" class="MsoNormal" style="line-height: normal; text-align: right;"><o:p> </o:p></p>
</td>
</tr>
<tr style="mso-yfti-irow: 1;">
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 94.25pt;" valign="top" width="126">
<p class="MsoNormal" style="line-height: normal;">Annual Responses<o:p></o:p></p>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 40.5pt;" valign="top" width="54">
<p align="right" class="MsoNormal" style="line-height: normal; text-align: right;">3,975<o:p></o:p></p>
</td>
</tr>
<tr style="mso-yfti-irow: 2; mso-yfti-lastrow: yes;">
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 94.25pt;" valign="top" width="126">
<p class="MsoNormal" style="line-height: normal;">Burden (hrs)<o:p></o:p></p>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 40.5pt;" valign="top" width="54">
<p align="right" class="MsoNormal" style="line-height: normal; text-align: right;">9,632<o:p></o:p></p>
</td>
</tr>
</tbody></table>
<p class="MsoNormal">NOTE: I do not plan on noting each approved RCF for this
form.<o:p></o:p></p>PJCoylehttp://www.blogger.com/profile/03390039682578324978noreply@blogger.com0tag:blogger.com,1999:blog-9122514974659083342.post-46705682574942068182024-03-16T23:34:00.001-04:002024-03-16T23:34:18.164-04:00Short Takes – 3-16-24 <p class="MsoNormal"><b>Houthis Threaten to Target Merchant Ships in Indian Ocean</b>.
News.USNI.org <a href="https://news.usni.org/2024/03/14/houthis-threaten-to-target-merchant-ships-in-indian-ocean">article</a>.
Pull quote: “Their weapons can go at least 650 kilometers, while the drones can
go up to 2,000, Ben Taleblu said. But they cannot hit ships that are going
around the Cape of Good Hope.”</p>
<p class="MsoNormal"><b>The first test of a magnetic levitation train on an
existing track</b>. TheNextWeb.com <a href="https://thenextweb.com/news/watch-first-maglev-train-existing-track">article</a>.
Not much in the way of tech details. Pull quote: “The maglev journey took place
on a railway line near Venice. Across the two-kilometre route, the prototype
vehicle hit a speed of 70 km/h. According to IronLev, not a single modification
had been made to the track.”</p>
<p class="MsoNormal"><b>International effort to disrupt cybercrime moves into
operational phase</b>. TheRegiser.com <a href="https://www.theregister.com/2024/03/14/wef_cybercrime_atlas/">article</a>.
Pull quote: “"This is part of the idea of disruption: it's not only to
make an impact, but to send a message back to the cybercriminals that we mean
business, and that we can make it more cost prohibitive for them to
operate," Manky said.”<o:p></o:p></p>PJCoylehttp://www.blogger.com/profile/03390039682578324978noreply@blogger.com0tag:blogger.com,1999:blog-9122514974659083342.post-1866293324882449182024-03-16T22:55:00.005-04:002024-03-16T22:55:39.492-04:00Review – Public ICS Disclosures – Week of 2-9-24 – Part 2 <p class="MsoNormal">For Part 2 we have four additional vendor disclosures from
Schneider, Softing, WAGO, and Western Digital. We also have 17 vendor updates
from Dell, HP (5), and Siemens (11). There is a researcher report about
vulnerabilities in products from FortiGuard. Finally, we have five exploits for
products from FortiGuard, Hitachi, Honeywell, Solar View, and VMware.</p>
<h2>Advisories</h2>
<p class="MsoNormal"><b>Schneider Advisory</b> - Schneider published <a href="https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-072-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-072-01.pdf">an
advisory</a> that describes three vulnerabilities in their Easergy T200 RTU product
line.<o:p></o:p></p>
<p class="MsoNormal"><b>Softing Advisory</b> - Softing published <a href="https://industrial.softing.com/fileadmin/psirt/downloads/2024/syt-2024-2.html">an
advisory</a> that describes a missing release of memory after effective
lifetime vulnerability in their UA Toolkit and smartLink products.<o:p></o:p></p>
<p class="MsoNormal"><b>WAGO Advisory</b> - CERT-VDE published <a href="https://cert.vde.com/de/advisories/VDE-2023-039">an advisory</a> that describes
two vulnerabilities in the WAGO 750-8xx series PLCs.<o:p></o:p></p>
<p class="MsoNormal"><b>Western Digital</b> - Western Digital published <a href="https://www.westerndigital.com/support/product-security/wdc-24002-sandisk-privateaccess-desktop-app-v-6-4-10">an
advisory</a> that describes an uncontrolled search path element vulnerability
in their SanDisk PrivateAccess Desktop App.</p>
<h2>Updates</h2>
<p class="MsoNormal"><b>Dell Updates</b> - Dell published <a href="https://www.dell.com/support/kbdoc/en-us/000142620/dsa-2019-022-dell-wyse-password-encoder-hard-coded-cryptographic-key-vulnerability">an
update</a> for their Wyse Password Encoder advisory that was originally
published on February 1<sup>st</sup>, 2019.<o:p></o:p></p>
<p class="MsoNormal"><b>HP Update #1</b> - HP published <a href="https://support.hp.com/us-en/document/ish_9818602-9818630-16/hpsbhf03889">an
update</a> for their Intel 2023.4 IPU advisory that was originally published on
December 11<sup>th</sup>, 2023.<o:p></o:p></p>
<p class="MsoNormal"><b>HP Update #2</b> - HP published <a href="https://support.hp.com/us-en/document/ish_10050418-10050455-16/hpsbhf03909">an
update</a> for their AMI UEFI Firmware advisory that was originally published
on January 26<sup>th</sup>, 2024.<o:p></o:p></p>
<p class="MsoNormal"><b>HP Update #3</b> - HP published <a href="https://support.hp.com/us-en/document/ish_9667148-9667172-16/hpsbhf03879.">an
update</a> for their Intel Graphics Drivers advisory that was originally published
on November 15<sup>th</sup>, 2023.<o:p></o:p></p>
<p class="MsoNormal"><b>HP Update #4</b> - HP published <a href="https://support.hp.com/us-en/document/ish_9799938-9799975-16/hpsbhf03893">an
update</a> for their AMD SMM Supervisor advisory that was originally published
on December 7<sup>th</sup>, 2023.<o:p></o:p></p>
<p class="MsoNormal"><b>HP Update #5</b> - HP published <a href="https://support.hp.com/us-en/document/ish_9925738-9925742-16/hpsbhf03892">an
update</a> for their AMD Client UEFI Firmware advisory that was originally
published on January 8<sup>th</sup>, 2024.<o:p></o:p></p>
<p class="MsoNormal"><b>Siemens Update #1</b> - Siemens published an <a href="https://cert-portal.siemens.com/productcert/pdf/ssa-968170.pdf">update</a>
for their n SIMATIC STEP 7 advisory that was originally published on June 13<sup>th</sup>,
2023.<o:p></o:p></p>
<p class="MsoNormal"><b>Siemens Update #2</b> - Siemens published <a href="https://cert-portal.siemens.com/productcert/pdf/ssa-943925.pdf">an update</a>
for their SINEC NMS advisory that was originally published on February 13<sup>th</sup>,
2023.<o:p></o:p></p>
<p class="MsoNormal"><b>Siemens Update #3</b> - Siemens published <a href="https://cert-portal.siemens.com/productcert/pdf/ssa-871717.pdf">an update</a>
for their Polarion ALM advisory that was originally published on February 13<sup>th</sup>,
2024.<o:p></o:p></p>
<p class="MsoNormal"><b>Siemens Update #4</b> - Siemens published <a href="https://cert-portal.siemens.com/productcert/pdf/ssa-711309.pdf">an update</a>
for their e OPC UA Implementation advisory that was originally published on
September 12<sup>th</sup>, 2023 and most recently updated on February 13<sup>th</sup>,
2024.<o:p></o:p></p>
<p class="MsoNormal"><b>Siemens Update #5</b> - Siemens published <a href="https://cert-portal.siemens.com/productcert/pdf/ssa-693975.pdf">an update</a>
for their Web Server of Industrial Products Advisory that was originally
published on December 12, 2023.<o:p></o:p></p>
<p class="MsoNormal"><b>Siemens Update #6</b> - Siemens published <a href="https://cert-portal.siemens.com/productcert/pdf/ssa-592380.pdf.">an
update</a> for their SIMATIC S7-1500 CPUs advisory that was originally
published on December 12<sup>th</sup>, 2023.<o:p></o:p></p>
<p class="MsoNormal"><b>Siemens Update #7</b> - Siemens published <a href="https://cert-portal.siemens.com/productcert/pdf/ssa-552874.pdf">an update</a>
for their SIPROTEC 5 Devices advisory that was originally published on December
13<sup>th</sup>, 2022 and most recently updated on September 12<sup>th</sup>,
2023.<o:p></o:p></p>
<p class="MsoNormal"><b>Siemens Update #8</b> - Siemens published <a href="https://cert-portal.siemens.com/productcert/pdf/ssa-398330.pdf">an update</a>
for their GNU/Linux subsystem advisory that was originally published on December
12<sup>th</sup>, 2023 and most recently updated on February 13<sup>th</sup>, 2024.<o:p></o:p></p>
<p class="MsoNormal"><b>Siemens Update #9</b> - Siemens published <a href="https://cert-portal.siemens.com/productcert/pdf/ssa-699386.pdf">an update</a>
for their SCALANCE XB-200 / XC-200 / XP-200 / XF-200BA / XR-300WG Family that
was originally published on November 14<sup>th</sup>, 2023 and most recently
updated on December 12<sup>th</sup>, 2023.<o:p></o:p></p>
<p class="MsoNormal"><b>Siemens Update #10</b> - Siemens published <a href="https://cert-portal.siemens.com/productcert/pdf/ssa-322980.pdf">an update</a>
for their SIPROTEC 5 Devices advisory that was originally published on April 11<sup>th</sup>,
2023 and most recently updated on September 12, 2023.<o:p></o:p></p>
<p class="MsoNormal"><b>Siemens Update #11</b> - Siemens published <a href="https://cert-portal.siemens.com/productcert/pdf/ssa-000072.pdf">an update</a>
for their Simcenter Femap advisory that was originally published on February 13<sup>th</sup>,
2024.</p>
<h2>Researcher Reports</h2>
<p class="MsoNormal"><b>FortiGuard Report</b> - Horizon3 published <a href="https://www.horizon3.ai/attack-research/attack-blogs/fortiwlm-the-almost-story-for-the-forti-forty/">a
report</a> describing six vulnerabilities in the Fortinet FortiWLM product.</p>
<h2>Exploits</h2>
<p class="MsoNormal"><b>FortiGuard Exploit</b> - H4x0r-dz published <a href="https://packetstormsecurity.com/files/177602/Fortinet-FortiOS-Out-Of-Bounds-Write.html">an
exploit</a> for an out-of-bounds write vulnerability that is on the CISA Known
Exploited Vulnerabilities Catalog.<o:p></o:p></p>
<p class="MsoNormal"><b>Hitachi Exploit</b> - Arslan Masood published <a href="https://www.exploit-db.com/exploits/51872">an exploit</a> for an improper
authentication vulnerability in the Hitachi NAS.<o:p></o:p></p>
<p class="MsoNormal"><b>Honeywell Exploit</b> - BYTEHUNTER published <a href="https://www.exploit-db.com/exploits/51885">an exploit</a> for a command
injection vulnerability in the Honeywell PM43 industrial printers.<o:p></o:p></p>
<p class="MsoNormal"><b>Solar View Exploit</b> - BYTEHUNTER published <a href="https://www.exploit-db.com/exploits/51886">an exploit</a> for a command
injection vulnerability in the Solar View compact product.<o:p></o:p></p>
<p class="MsoNormal"><b>VMware Exploit</b> - Abdualhadi Khalifa published <a href="https://www.exploit-db.com/exploits/51882">an exploit</a> for a missing authentication
for critical function vulnerability in the VMware Cloud Director.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">For more information on these disclosures, including a brief
description of changes in updates, see my article at CFSN Detailed Analysis - <a href="https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-2-5d3">https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-2-5d3</a>
- subscription required.<o:p></o:p></p>PJCoylehttp://www.blogger.com/profile/03390039682578324978noreply@blogger.com0tag:blogger.com,1999:blog-9122514974659083342.post-3403639939060819212024-03-16T14:42:00.000-04:002024-03-16T14:42:02.490-04:00Chemical Incident Reporting – Week of 3-2-24<p class="MsoNormal">NOTE: See <a href="https://chemical-facility-security-news.blogspot.com/2023/04/chemical-incident-reporting-week-of-3.html">here</a>
for series background.</p>
<h2>Bath, NY – 3-11-24</h2>
<p class="MsoNormal">Local news reports: <a href="https://13wham.com/news/local/several-crews-battling-large-fire-at-building-in-steuben-county">Here</a>,
<a href="https://www.the-leader.com/story/news/local/2024/03/12/former-babcock-ladder-factory-fire-bath-new-york/72940882007/">here</a>,
<a href="https://www.mytwintiers.com/news-cat/local-news/fire-breaks-out-at-bath-manufacturing-company/">here</a>
and <a href="https://www.whec.com/local/crews-battle-three-alarm-fire-at-machine-shop-in-bath/">here</a>.</p>
<p class="MsoNormal">Three-alarm fire at manufacturing facility. No injuries were
reported. Building destroyed.</p>
<p class="MsoNormal">Google <a href="https://www.google.com/maps/@42.3288989,-77.3141786,92m/data=!3m1!1e3?entry=ttu">satellite
view</a> does not show any external chemical storage tanks, but there were
almost certainly chemicals (drums and totebins) in the building, making this a
chemical fire. Building/business damage is almost certainly >$1 million.</p>
<p class="MsoNormal">Probably CSB reportable.</p>
<h2>Red Oak, IA – 3-11-24</h2>
<p class="MsoNormal">Local news reports: <a href="https://www.ketv.com/article/iowa-liquid-fertilizer-spill-in-red-oak-iowa-makes-it-missouri/60204971">Here</a>,
<a href="https://www.radioiowa.com/2024/03/15/fertilizer-spill-in-southwest-iowa-has-reached-missouri/">here</a>,
and <a href="https://www.desmoinesregister.com/story/tech/science/environment/2024/03/14/massive-fertilizer-spill-hits-river-in-southwest-iowa-liquid-nitrogen/72964494007/">here</a>.</p>
<p class="MsoNormal">About 1,500 tons of ‘liquid nitrogen’ fertilizer (probably
some sort of ammonia compound) leaked from a storage tank at a farm cooperative
into the East Nishnabotna River. No injuries reported but large scale fish
kills reported miles downstream. Interesting question about how much fish kills
‘cost’ as part of the damage estimate.</p>
<p class="MsoNormal">Possible CSB reportable.<o:p></o:p></p>PJCoylehttp://www.blogger.com/profile/03390039682578324978noreply@blogger.com0tag:blogger.com,1999:blog-9122514974659083342.post-76665381364518984742024-03-16T14:32:00.004-04:002024-03-16T14:32:57.463-04:00CRS Reports – Week of 3-9-24 – Change Healthcare <p class="MsoNormal">This week the Congressional Research Service (CRS) published
<a href="https://crsreports.congress.gov/product/pdf/IN/IN12330">a report</a>
on “The Change Healthcare Cyberattack and Response Considerations for
Policymakers”. The report provides a brief look at the BlackCat ransomware
attack on Change Healthcare and the wide spread consequences of that attack. It
concludes by introducing a new term to cybersecurity considerations: ‘information
parity’.</p>
<p class="MsoNormal">The author makes the point that following the FBI takedown
of the BlackCat infrastructure, the ransomware organization re-grouped and
encouraged its affiliates to attack hospitals and other healthcare
organizations. While a number of hospitals were successfully attacked, the
victim that caused the most disruption and political notice was the attack on
Change Healthcare. Almost certainly, that disruption was because the immediate response
to the attack was to shut down all cyber systems to stop the potential spread
of the ransomware. As the report notes there is a similarity here to the attack
on Colonial Pipeline: “Both attacks began with ransomware, led the victim to
disconnect systems thereby causing operational disruptions, which resulted in
physical consequences.” The physical consequences here were to interfere with
the delivery of prescriptions to many people across the country.</p>
<p class="MsoNormal">In addition to a discussion about policy issued revealed by
this attack, the report looks at three information parity (in this case
government agencies having access to the same level of details about the
situation in making agency decisions) problems raised by this incident:</p>
<p class="MsoNormal" style="margin-left: .5in;">• Coordination of offensive and
defensive actions, <o:p></o:p></p>
<p class="MsoNormal" style="margin-left: .5in;">• Knowledge of conditions in
decision making, and<o:p></o:p></p>
<p class="MsoNormal" style="margin-left: .5in;">• Information sharing reach.<o:p></o:p></p>PJCoylehttp://www.blogger.com/profile/03390039682578324978noreply@blogger.com0tag:blogger.com,1999:blog-9122514974659083342.post-33940864945651323842024-03-16T13:26:00.000-04:002024-03-16T13:26:12.964-04:00Transportation Chemical Incidents – Week of 3-5-24<p class="MsoNormal"><b>Reporting Background
– See <a href="https://chemical-facility-security-news.blogspot.com/2024/01/transportation-chemical-incidents-week.html">this post</a> for explanation.</b></p>
<p class="MsoNormal">Data from PHMSA’s <a href="https://www.phmsa.dot.gov/hazmat-program-management-data-and-statistics/data-operations/incident-statistics">online
database</a> of transportation related chemical incidents that have been
reported to the agency.</p>
<h2>Incidents Summary</h2>
<blockquote style="border: none; margin: 0px 0px 0px 40px; padding: 0px; text-align: left;"><p class="MsoNormal">Number of incidents – 137 (127 highway, 6 air, 4 rail)</p><p class="MsoNormal">Serious incidents – 2 (2 Bulk release, 0 injuries, 0 deaths,
0 major artery closed)</p><p class="MsoNormal">Largest container involved – DOT 117R100W railcar (Gasoline
Includes Gasoline Mixed with Ethyl Alcohol, with not more than 10% Alcohol) about
1-gal leaked through damaged manway gasket.</p><p class="MsoNormal">Largest amount spilled – 330-gallons (Bisulfites, Aqueous
Solutions, N.O.S.) from 330-gal plastic IBC due to forklift strike.</p></blockquote>
<p class="MsoNormal">Most Interesting Chemical: Ammonium bifluoride, UN 1727. White,
deliquescent crystals [may dissolve in atmospheric moisture] that are corrosive
to most materials. Ammonium bifluoride is used as an etchant for Glass and
Aluminum. Decomposition temperature: 240°
C with HF as byproduct.</p>
<p class="MsoNormal"><o:p></o:p></p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi6-2k_JKpP0Y601YT4DPNmOYWcGMt5ls13DV8QsvZR04-ZggPudBS9Lfh08nasoQoJNmIiH4lMrJmS-sN6tbZd7ZBVrtEaEXHaSHEmlClSkgf4uYcmIGqU73iewZBVul24-2nfOLXYeh-9wRUak3W4LByiiJt7BfKbq4Y8tCfPEejoq2uAJkMz8OmuHL8/s114/UN%201727%20Placard.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="114" data-original-width="111" height="114" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi6-2k_JKpP0Y601YT4DPNmOYWcGMt5ls13DV8QsvZR04-ZggPudBS9Lfh08nasoQoJNmIiH4lMrJmS-sN6tbZd7ZBVrtEaEXHaSHEmlClSkgf4uYcmIGqU73iewZBVul24-2nfOLXYeh-9wRUak3W4LByiiJt7BfKbq4Y8tCfPEejoq2uAJkMz8OmuHL8/s1600/UN%201727%20Placard.png" width="111" /></a></div><br /><br /><p></p>PJCoylehttp://www.blogger.com/profile/03390039682578324978noreply@blogger.com0tag:blogger.com,1999:blog-9122514974659083342.post-79192438431944348442024-03-16T11:58:00.003-04:002024-03-16T11:58:35.875-04:00Review – Public ICS Disclosures – Week of 2-9-24 – Part 1<p class="MsoNormal">This week we have 25 vendor disclosures from Bosch (2), FortiGuard
(3), Fujitsu, GE Vernova, Hitachi (6), Honeywell, HP (4), Insyde, Korenix, Palo
Alto Networks (3), Philips, and Phoenix Contact.</p>
<h2>Advisories</h2>
<p class="MsoNormal"><b>Bosch Advisory #1</b> - Bosch published <a href="https://psirt.bosch.com/security-advisories/bosch-sa-246962-bt.html">an
advisory</a> that discusses seven vulnerabilities in multiple Bosch products.<o:p></o:p></p>
<p class="MsoNormal"><b>Bosch Advisory #2</b> - Bosch published <a href="https://psirt.bosch.com/security-advisories/bosch-sa-099637-bt.html">an
advisory</a> that describes five vulnerabilities in their Remote Programing
Software.<o:p></o:p></p>
<p class="MsoNormal"><b>FortiGuard Advisory #1</b> - FortiGuard published <a href="https://www.fortiguard.com/psirt/FG-IR-23-424">an advisory</a> that describes
an improper authentication vulnerability in their FortiOS products.<o:p></o:p></p>
<p class="MsoNormal"><b>FortiGuard Advisory #2</b> - FortiGuard published <a href="https://www.fortiguard.com/psirt/FG-IR-24-013">an advisory</a> that
describes an authentication bypass through user controlled key vulnerability in
their FortiOS and FortiProxy products.<o:p></o:p></p>
<p class="MsoNormal"><b>FortiGuard Advisory #3</b> - FortiGuard published <a href="https://www.fortiguard.com/psirt/FG-IR-23-328">an advisory</a> that describes
two vulnerabilities in their FortiOS and FortiProxy products.<o:p></o:p></p>
<p class="MsoNormal"><b>Fujitsu Advisory</b> - Fujitsu published <a href="https://support.ts.fujitsu.com/IndexDownload.asp?SoftwareGuid=77a43f33-4f4d-4558-8712-cc334629a60d">an
advisory</a> that discusses 11 vulnerabilities in multiple Fujitsu products.<o:p></o:p></p>
<p class="MsoNormal"><b>GE Vernova Advisory</b> - GE Vernova published <a href="https://www.gevernova.com/content/dam/cyber_security/global/en_US/pdfs/2024-03-05_FortiOS_February_Advisory.pdf">an
advisory</a> that discusses four vulnerabilities (two listed in CISA’s Known
Exploited Vulnerabilities catalog) in multiple products.<o:p></o:p></p>
<p class="MsoNormal"><b>Hitachi Advisor #1</b> - Hitachi published <a href="https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-113/index.html">an
advisory</a> that discusses an internal state disruption vulnerability in their
Cosminexus HTTP Server.<o:p></o:p></p>
<p class="MsoNormal"><b>Hitachi Advisory #2</b> - Hitachi published <a href="https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-114/index.html">an
advisory</a> that describes an uncontrolled resource consumption vulnerability
in their Cosminexus HTTP Server.<o:p></o:p></p>
<p class="MsoNormal"><b>Hitachi Advisory #3</b> - Hitachi published <a href="https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-115/index.html.">an
advisory</a> that discusses an improper input validation vulnerability in their
Cosminexus HTTP Server.<o:p></o:p></p>
<p class="MsoNormal"><b>Hitachi Advisory #4</b> - Hitachi published <a href="https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-116/index.html">an
advisory</a> that discusses the HTTP/2 Rapid Reset Attack (listed on CISA’s KEV
catalog) vulnerability in their Cosminexus HTTP Server.<o:p></o:p></p>
<p class="MsoNormal"><b>Hitachi Advisory #5</b> - Hitachi published <a href="https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-117/index.html">an
advisory</a> that discusses an incomplete cleanup vulnerability in their Cosminexus
Component Container.<o:p></o:p></p>
<p class="MsoNormal"><b>Hitachi Advisory #6</b> - Hitachi published <a href="https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-118/index.html">an
advisory</a> that describes an insertion of sensitive information into log file
vulnerability in their Cosminexus Component Container.<o:p></o:p></p>
<p class="MsoNormal"><b>Honeywell Advisory</b> - Honeywell published an
end-of-life notice for their e S3100 portfolio.<o:p></o:p></p>
<p class="MsoNormal"><b>HP Advisory #1</b> - HP published <a href="https://support.hp.com/us-en/document/ish_10290255-10290279-16/hpsbhf03924">an
advisory</a> that describes a privilege escalation vulnerability in multiple HP
computers.<o:p></o:p></p>
<p class="MsoNormal"><b>HP Advisory #2</b> - HP published <a href="https://support.hp.com/us-en/document/ish_10295050-10295074-16/hpsbhf03925">an
advisory</a> that discusses four vulnerabilities in multiple HP computers.<o:p></o:p></p>
<p class="MsoNormal"><b>Insyde Advisory</b> - Insyde published <a href="https://www.insyde.com/security-pledge/SA-2023040">an advisory</a> that describes
a UEFI variable modification vulnerability in their H2OFFT, H2OUVE, and H2OOAE
products.<o:p></o:p></p>
<p class="MsoNormal"><b>Korenix Advisory</b> - INCIBE-CERT published <a href="https://www.incibe.es/en/incibe-cert/notices/aviso-sci/information-exposure-vulnerability-korenix-jetio-6550">an
advisory</a> that describes an exposure of sensitive information to an
unauthorized actor vulnerability in the Korenix JetI/O 6550 F208 product.<o:p></o:p></p>
<p class="MsoNormal"><b>Palo Alto Networks Advisory #1</b> - Palo Alto Networks
published <a href="https://security.paloaltonetworks.com/CVE-2024-2433">an
advisory</a> that describes an improper privilege management vulnerability in
their PAN-OS product.<o:p></o:p></p>
<p class="MsoNormal"><b>Palo Alto Networks Advisory #2</b> - Palo Alto Networks
published <a href="https://security.paloaltonetworks.com/CVE-2024-2432">an
advisory</a> that describes an improper privilege management vulnerability in
their GlobalProtect App.<o:p></o:p></p>
<p class="MsoNormal"><b>Palo Alto Networks Advisory #3</b> - Palo Alto Networks
published <a href="https://security.paloaltonetworks.com/CVE-2024-2431">an
advisory</a> that describes an improper privilege management vulnerability in
their GlobalProtect App.<o:p></o:p></p>
<p class="MsoNormal"><b>Philips Advisory</b> - Philips published <a href="https://support.hp.com/us-en/security-bulletins">an advisory</a> that discusses
two use-after-free vulnerabilities in the Imaging Data Commons libdicom.<o:p></o:p></p>
<p class="MsoNormal"><b>Phoenix Contact Advisory</b> - Phoenix Contact published <a href="https://dam-mdc.phoenixcontact.com/asset/156443151564/2173b55305fd514d96ca331a07832677/Security_Advisory_CHARX-SEC3xxx_CVE-2024-25994-26005_26288.pdf">an
advisory</a> that describes 13 vulnerabilities in their CHARX SEC-3xxx charge controllers.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">For more information on these advisories, including links to
3rd party advisories, see my article at CFSN Detailed Analysis - <a href="https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-2-c78%203-16-24">https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-2-c78
3-16-24</a><o:p></o:p></p>
<p class="MsoNormal"><span style="mso-spacerun: yes;"> </span>- subscription
required.<o:p></o:p></p>PJCoylehttp://www.blogger.com/profile/03390039682578324978noreply@blogger.com0tag:blogger.com,1999:blog-9122514974659083342.post-23004103708394876222024-03-15T23:09:00.003-04:002024-03-15T23:09:42.416-04:00Short Takes – 3-15-24 <p><b>Caffeine makes fuel cells more efficient, cuts cost of
energy storage</b>. TheRegister.com <a href="https://www.theregister.com/2024/03/14/caffeine_fuel_cells_paper/">article</a>.
Pull quote: “If you are wondering (as we were) how they came to be
experimenting with this, the paper explains that modifying electrodes with
hydrophobic material is known to be an effective method for enhancing ORR.
Caffeine is less toxic than other hydrophobic substances, and it activates the
hydrogen evolution and oxidation reactions of Pt nanoparticles and caffeine
doped carbons. Got that?”</p>
<p class="MsoNormal"><b>Trump makes radical overhaul of RNC at furious pace</b>.
TheHill.com <a href="https://thehill.com/homenews/campaign/4533173-trump-remakes-rnc-republican-nomination/">article</a>.
Pull quote: ““It’s clear that donors aren’t buying what the RNC is selling,”
DNC executive director Sam Cornale wrote in a memo released Wednesday. “Between
dire finances, abysmal fundraising, frantic mass firings, and a string of
devastating electoral losses, the RNC is barely able to stay afloat — much less
build a winning operation for the general election.””</p>
<p class="MsoNormal"><b>Attrition: Patterns of American Combat Casualties</b>.
StrategyPage.com <a href="https://www.strategypage.com/htmw/htatrit/articles/20240314.aspx">article</a>.
Lots of interesting data. Pull quote: “Another big problem is that the United
States has never had such a long period of combat with so many troops involved.
Moreover, casualties, especially combat deaths, are much lower than in the
past. As a result, more troops are surviving to spend a lot more time in
combat. This is producing an unprecedented number of NCOs who are very stressed
out. If the NCOs are having stress-related problems, that usually makes their
subordinates uneasy as well.”</p>
<p class="MsoNormal"><b>SpaceX Blazes Forward With Latest Starship Launch</b>.
NYTimes.com <a href="https://www.nytimes.com/2024/03/14/science/spacex-starship-rocket-launch.html?unlocked_article_code=1.c00.bJPh.SFZYnl9hY1MG&smid=url-share">article</a>
(free). Includes a bit of anti-Musk commentary, Pull quote: “Even with the
partial success of Thursday’s flight, Starship is far from ready to go to Mars,
or even the moon. Because of Mr. Musk’s ambitions for Mars, Starship is much
larger and much more complicated than what NASA needs for its Artemis moon
landings. For Artemis III, two astronauts are to spend about a week in the
South Pole region of the moon.”</p>
<p class="MsoNormal"><b>Giant redwoods: World’s largest trees 'thriving in UK'</b>.
BBC.com <a href="https://www.bbc.com/news/science-environment-68518623">article</a>.
Pull quote: “However, while the trees are doing well in the UK, there's little
chance of them taking over our native forests any time soon - they're not
reproducing here as they need very specific conditions to take seed.”</p>
<p class="MsoNormal"><b>Formaldehyde; Draft Risk Evaluation Peer Review by the
Science Advisory Committee on Chemicals (SACC); Notice of Availability, Public
Meetings and Request for Comment</b>. Federal Register EPA <a href="https://www.federalregister.gov/documents/2024/03/15/2024-05554/formaldehyde-draft-risk-evaluation-peer-review-by-the-science-advisory-committee-on-chemicals-sacc">notice.</a>
Summary: “The Environmental Protection Agency (EPA or “Agency”) is announcing
the availability of and soliciting public comment on the 2024 draft risk
evaluation for formaldehyde prepared under the Toxic Substances Control Act
(TSCA). The draft risk evaluation is available for public review and comment.
It will also be submitted to the SACC for peer review. EPA is also announcing
that there will be two virtual public meetings of the SACC. The SACC will
consider and review the draft risk evaluation at a 4-day virtual peer review
public meeting that will be held on May 20–23, 2024. In addition, a virtual
preparatory public meeting will be held on May 7, 2024, for the SACC to
consider the scope and clarity of the draft charge questions for the peer
review.”</p>
<p class="MsoNormal"><b>Space Innovation; Facilitating Capabilities for In-Space
Servicing, Assembly, and Manufacturing</b>. Federal Register FCC <a href="https://www.federalregister.gov/documents/2024/03/15/2024-05389/space-innovation-facilitating-capabilities-for-in-space-servicing-assembly-and-manufacturing">notice
of proposed rulemaking</a>. Summary: “In this document, the Federal
Communications Commission (FCC or Commission) adopted a Notice of Proposed
Rulemaking that seeks comment on a proposed new framework for licensing space
stations engaged in in-space servicing, assembly, and manufacturing (ISAM).”</p>
<p class="MsoNormal"><b>FCC approves cyber labeling program for IoT devices</b>.
NextGov.com <a href="https://www.nextgov.com/cybersecurity/2024/03/fcc-approves-cyber-labeling-program-iot-devices/394946/">article</a>.
Pull quote: “Smart products covered by the rule that meet certain cybersecurity
standards would bear a label akin to the ENERGY STAR marking that indicates a
product is energy efficient. The FCC sought public comment last August on how
to craft the rules and finalized the program based on that. Device compliance
testing would be handled by accredited research labs, the agency said.”<o:p></o:p></p>PJCoylehttp://www.blogger.com/profile/03390039682578324978noreply@blogger.com0tag:blogger.com,1999:blog-9122514974659083342.post-29656669557770798072024-03-15T21:31:00.004-04:002024-03-15T21:31:37.057-04:00Review - S 3758 Introduced – DETECT Act<p class="MsoNormal">Last month, Sen Warner (D,VA) introduced <a href="https://www.congress.gov/118/bills/s3758/BILLS-118s3758is.pdf">S 3758</a>,
the Drone Evaluation To Eliminate Cyber Threats (DETECT) Act. The bill would
require NIST to establish guidelines for federal agencies for managing
cybersecurity risks associated with unmanned aircraft systems (UAS) operated by
those agencies. It would also require OMB to publish guidance for vulnerability
disclosure programs (VDP) for security vulnerabilities relating to an unmanned
aircraft system owned or controlled by an agency. No new funding is authorized
by this legislation.</p>
<h2>Moving Forward</h2>
<p class="MsoNormal">While Warner is not a member of the Senate Commerce,
Science, and Transportation Committee to which this bill was assigned for
consideration, his sole cosponsor {Sen Thune (R,SD)} is a member. This means
that there may be sufficient influence to see this bill considered in
Committee. I see nothing in the bill that would engender any organized
opposition. I suspect that it would receive substantial bipartisan support were
the bill considered. Unfortunately, this bill is not politically important
enough for it to be considered under regular order on the floor of the Senate.
I do suspect that there would be possibly one or two Senators that would be
expected to object to the bill being considered under the Senate’ unanimous
consent process. That would mean that the provisions would have to be included
in a larger, must-pass bill for them to become law.</p>
<h2>Commentary</h2>
<p class="MsoNormal">This bill has a problem with conflicting definitions that we
have seen too often in cybersecurity language. To resolve this conflict dealing
with the coverage of UAS control systems in the provisions of the bill I would
propose to change the definition of the term ‘information systems’ in <a href="https://www.congress.gov/bill/118th-congress/senate-bill/3758/text#PH4E791337DC3B49BA9C74098C9AAB4A15">§2(4)</a>
to read:</p>
<p class="MsoNormal" style="margin-left: .5in;">“INFORMATION SYSTEM.—The term
“information system” has the meaning given the term in <s>section 3502 of title
44, United States Code</s> <i><a href="http://uscode.house.gov/quicksearch/get.plx?title=6&section=650">6
U.S.C. 650</a></i>”</p>
<p class="MsoNormal"><o:p></o:p></p><p>For more information on the provisions of the bill, see my
article at CFSN Detailed Analysis - <a href="https://patrickcoyle.substack.com/p/s-3758-introduced">https://patrickcoyle.substack.com/p/s-3758-introduced</a>
- subscription required. </p>PJCoylehttp://www.blogger.com/profile/03390039682578324978noreply@blogger.com0tag:blogger.com,1999:blog-9122514974659083342.post-38270459048479177632024-03-15T06:46:00.004-04:002024-03-15T06:46:31.868-04:00Bills Introduced – 3-14-24<p class="MsoNormal">Yesterday, with just the Senate in session, there were 37
bills introduced. Two of those bills will receive additional coverage here:</p>
<p class="MsoNormal" style="margin-left: .5in;"><a href="https://www.congress.gov/bill/118th-congress/senate-bill/3943?s=3&r=10">S
3943</a> A bill to require a plan to improve the cybersecurity and
telecommunications of the U.S. Academic Research Fleet, and for other purposes.
<a href="https://www.congress.gov/member/alex-padilla/P000145" target="_blank">Padilla,
Alex [Sen.-D-CA]</a> <o:p></o:p></p>
<p class="MsoNormal" style="margin-left: .5in;"><a href="https://www.congress.gov/bill/118th-congress/senate-bill/3959?s=3&r=26">S
3959</a> A bill to require the Transportation Security Administration to
streamline the enrollment processes for individuals applying for a
Transportation Security Administration security threat assessment for certain
programs, including the Transportation Worker Identification Credential and
Hazardous Materials Endorsement Threat Assessment programs of the
Administration, and for other purposes. <a href="https://www.congress.gov/member/roger-wicker/W000437" target="_blank">Wicker,
Roger F. [Sen.-R-MS]</a> <o:p></o:p></p>PJCoylehttp://www.blogger.com/profile/03390039682578324978noreply@blogger.com0tag:blogger.com,1999:blog-9122514974659083342.post-3559198700492176522024-03-14T22:58:00.001-04:002024-03-14T22:58:23.896-04:00Short Takes – 3-14-24 <p class="MsoNormal"><b>NASA Engineers Make Progress Toward Understanding Voyager
1 Issue</b>. Blogs.NASA.gov <a href="https://blogs.nasa.gov/sunspot/2024/03/13/nasa-engineers-make-progress-toward-understanding-voyager-1-issue/">blog
post</a>. Pull quote: “Because Voyager 1 is more than 15 billion miles (24
billion kilometers) from Earth, it takes 22.5 hours for a radio signal to reach
the spacecraft and another 22.5 hours for the probe’s response to reach
antennas on the ground. So the team received the results of the command on
March 3. On March 7, engineers began working to decode the data, and on March
10, they determined that it contains a memory readout.”</p>
<p class="MsoNormal"><b>Johnson signals shift on Ukraine to GOP senators</b>.
TheHill.com <a href="https://thehill.com/homenews/senate/4530355-johnson-signals-shift-on-ukraine-to-gop-senators/">article</a>.
Pull quote: “Some appropriators are floating the possibility of separating that
bill [DHS spending] from the other five fills funding the Departments of
Defense, Labor, Health and Human Services, State and other priorities.”
Republicans are still trying to force their issues on immigration, so this
could signal a willingness to shut down just DHS.</p>
<p class="MsoNormal"><b>12 surprising facts about pi to chew on this Pi Day</b>.
LiveScience.com <a href="https://www.livescience.com/physics-mathematics/mathematics/12-surprising-facts-about-pi-to-chew-on-this-pi-day">article</a>.
Everything that you never wanted to know about <span style="mso-bidi-font-family: "Times New Roman";">π</span>. Pull quote: “For example: Earth has a diameter of
around 7,900 miles (12,700 kilometers), which means its circumference is around
24,900 miles (40,100 km). If you were to calculate this circumference with the
first 16 digits of pi and a more accurate version of pi with hundreds of
decimal places, the difference between the two answers would be around 300
times less than the width of a human hair, according to NASA.”</p>
<p class="MsoNormal"><b>From Munich to the Moon</b>. ESA.int <a href="https://www.esa.int/Science_Exploration/Human_and_Robotic_Exploration/From_Munich_to_the_Moon">article</a>.
Pull quote: “Col-CC's [ESA's Columbus Control Centre] primary responsibility
currently lies in managing operations for Columbus, the European laboratory
aboard the International Space Station. The evolution of the control centre
will enable operational support for the key European contributions to the lunar
Gateway space station, paving the way for developing operational concepts for
infrastructure and human missions to the Moon and Mars.”</p>
<p class="MsoNormal"><b>Policy on Requiring Disclosure of Payload Contents</b>.
Federal Register FAA <a href="https://www.federalregister.gov/documents/2024/03/14/2024-05384/policy-on-requiring-disclosure-of-payload-contents">policy
notice</a>. Summary: “The FAA announces a clarification of the FAA's Office of
Commercial Space Transportation (AST) policy regarding the review of payloads
to be launched or reentered under an FAA license. Given the increasing
complexity of payloads on the growing volume of FAA-licensed launches or
reentries, the FAA is updating its payload review policy to require applicants
for a payload review to disclose the contents and composition of all payloads,
including those of all hosted payloads.”</p>
<p class="MsoNormal"><b>Live coverage: SpaceX prepares for third flight test of
its Starship rocket from southern Texas</b>. SpaceFlightNow.com <a href="https://spaceflightnow.com/2024/03/14/live-coverage-spacex-prepares-for-third-flight-test-of-its-starship-rocket-from-southern-texas/">article</a>.
Pull quote: “In a similar fashion to the crewed launches at NASA’s Kennedy
Space Center, a group of astronauts also performed a flyby of the rocket
currently perched on the Orbital Launch Mount at Starbase ahead of the launch.
This time, it was a pair of jets owned by businessman Jared Isaacman, which
carried the crew of the forthcoming Polaris Dawn mission.”</p>
<p class="MsoNormal"><b>Federal agency launches investigation into Ga.
distribution center</b>. AtlantaNewsFirst.com <a href="https://www.atlantanewsfirst.com/2024/03/13/search-warrants-executed-metro-atlanta-medical-warehouse/">article</a>.
Pull quote: “The agency made the policy change after it tested the air around a
different warehouse storing medical equipment in 2019 located in Covington,
Georgia. The findings were startling to the state; The tests revealed the
warehouse was emitting about 5,700 pounds of ethylene oxide per year, about
nine times higher than the facility where the equipment is sterilized.”<o:p></o:p></p>PJCoylehttp://www.blogger.com/profile/03390039682578324978noreply@blogger.com0tag:blogger.com,1999:blog-9122514974659083342.post-44375863773425144722024-03-14T18:48:00.006-04:002024-03-14T18:48:55.307-04:00Review – 14 Advisories and 1 Update Published – 3-14-24<p class="MsoNormal">Today, CISA’s NCCIC-ICS published fourteen control system
security advisories for products from Mitsubishi Electric, Softing, Delta
Electronics, and Siemens (11). They also updated an advisory for products from
Mitsubishi.</p><h2>Advisories</h2><p class="MsoNormal"><b>Mitsubishi Advisory </b>-
This <a href="https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14">advisory</a>
describes five vulnerabilities in the Mitsubishi MELSEC-Q/L Series products.<o:p></o:p></p><p class="MsoNormal"><b>Softing Advisory </b>-
This <a href="https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-13">advisory</a>
describes two vulnerabilities in the Softing edgeConnector and edgeAggregator
products.<o:p></o:p></p><p class="MsoNormal"><b>Delta Advisory </b>- This
<a href="https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12">advisory</a>
describes ten vulnerabilities in the Delta DIAEnergie product.<o:p></o:p></p><p class="MsoNormal"><b>RUGGEDCOM Advisory #1
</b>- This <a href="https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-11">advisory</a>
discusses 38 vulnerabilities (two on the CISA KEV catalog) in the Siemens RUGGEDCOM
APE1808 devices.<o:p></o:p></p><p class="MsoNormal"><b>RUGGEDCOM Advisory #2
</b>- This <a href="https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-05">advisory</a>
discusses seven vulnerabilities (two on KEV catalog) in the Siemens RUGGEDCOM
APE1808.<o:p></o:p></p><p class="MsoNormal"><b>Siveillance Advisory </b>-
This <a href="https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-10">advisory</a>
describes an incorrect authorization vulnerability in the Siemens Siveillance
Control physical security information management system.<o:p></o:p></p><p class="MsoNormal"><b>Sinteso Advisory </b>-
This <a href="https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-09">advisory</a>
describes three vulnerabilities in the Siemens Sinteso EN and Cerberus PRO EN fire
protection systems.<o:p></o:p></p><p class="MsoNormal"><b>SCALANCE Advisory </b>-
This <a href="https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-08">advisory</a>
describes two vulnerabilities in the Siemens SCALANCE
XB-200/XC-200/XP-200/XF-200BA/XR-300WG families.<o:p></o:p></p><p class="MsoNormal"><b>SIMATIC Advisory </b>-
This <a href="https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-07">advisory</a>
discusses 157 vulnerabilities in the Siemens SIMATIC mobile RFID reader. These
are third-party vulnerabilities.<o:p></o:p></p><p class="MsoNormal"><b>SENTRON Advisory </b>-
This <a href="https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-06">advisory</a>
describes a hidden functionality vulnerability in the Siemens SENTRON 3KC ATC6
Expansion Module Ethernet.<o:p></o:p></p><p class="MsoNormal"><b>SINEMA Advisory #1 </b>-
This <a href="https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-04">advisory</a>
describes an insertion of sensitive information into an externally-accessible
file or directory vulnerability in the Siemens SINEMA Remote Connect Client.<o:p></o:p></p><p class="MsoNormal"><b>SINEMA Advisory #2 </b>-
This <a href="https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-03">advisory</a>
discusses two vulnerabilities in the Siemens SINEMA Remote Connect Server.<o:p></o:p></p><p class="MsoNormal"><b>Solid Edge Advisory </b>-
This <a href="https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-02">advisory</a>
describes an out-of-bounds read vulnerability in the Siemens Solid Edge
product.<o:p></o:p></p><p class="MsoNormal"><b>SENTRON Advisory </b>-
This <a href="https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-01">advisory</a>
describes an improper access control vulnerability in the Siemens SENTRON 7KM
PAC3120 and 7KM PAC3220 products.</p><h2>Updates</h2><p class="MsoNormal"><b>Mitsubishi Update </b>-
This <a href="https://www.cisa.gov/news-events/ics-advisories/icsa-23-143-03">update</a>
provides additional information on an advisory that was originally published on
May 23<sup>rd</sup>, 2023 and most recently updated on September 12<sup>th</sup>,
2023.<o:p></o:p></p><p class="MsoNormal"><o:p> </o:p></p><p class="MsoNormal">
</p><p class="MsoNormal">For more information on these advisories, including links to
3<sup>rd</sup> party advisories, researcher reports, and exploits, see my
article at CFSN Detailed Analysis - <a href="https://patrickcoyle.substack.com/p/14-advisories-and-1-update-published-668">https://patrickcoyle.substack.com/p/14-advisories-and-1-update-published-668</a>
- subscription required.<o:p></o:p></p><h2><br /></h2>PJCoylehttp://www.blogger.com/profile/03390039682578324978noreply@blogger.com0tag:blogger.com,1999:blog-9122514974659083342.post-91295400711404349672024-03-14T13:52:00.002-04:002024-03-14T13:52:10.048-04:00Review - HR 7223 Introduced – Felons and TWIC<p>Last month, Rep Carter (D,LA) introduced <a href="https://www.congress.gov/118/bills/hr7223/BILLS-118hr7223ih.pdf">HR 7223</a>,
a bill requiring TSA to “develop guidelines to improve returning [from
incarceration] citizens’ access to the TWIC program.” No new funding is
authorized by the bill.</p>
<h2>Moving Forward</h2>
<p class="MsoNormal">Carter, and all three of his cosponsors {Rep Higgins (R,LA),
Rep Thompson (D,MS), and Rep Goldman (D,NY)} are members of the House Homeland
Security Committee to which this bill was assigned for consideration. This
means that there may be sufficient influence to see this bill considered in
Committee. I suspect that there will be some ‘soft on crime’ opposition to this
bill from some Republicans. Whether it will be sufficient to derail this bill
in committee is not clear. While I suspect that there would be some level of
bipartisan support for the measure, I am not sure if it would be enough to
allow consideration under the suspension of the rules process which requires a
super majority for passage.</p>
<h2>Commentary</h2>
<p class="MsoNormal">While there is apocryphal evidence that Islamic radicals,
neo-Nazis and criminal gangs recruit in US prisons (all folks that we should
probably be trying to exclude from the TWIC program), there is little hard evidence
on the extent of such recruiting. Even so, it is probably true that prison
authorities have a pretty good idea of which releasees are most likely to have
been recruited. If that information were available to the TSA as part of their
vetting process, the chance of large-scale infiltration of the port infrastructure
via the TWIC process would be significantly reduced.</p>
<p class="MsoNormal">And let’s face it, folks getting out of prison that really
want to turn their lives around need to be able to get a decent paying job
quickly upon release. A TWIC card is pretty much a ticket to good jobs. The
possession of a TWIC by a recently released felon will almost certainly be seen
as a sign that someone thinks that that holder has demonstrated some sort of potential
at rehabilitation.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">For more information about the provisions of the bill,
including a background look at crimes that are generally considered to prevent
a TWIC approval and the waiver process that provides a way around that issue,
see my article at CFSN Detailed Analysis - <a href="https://patrickcoyle.substack.com/p/hr-7223-introduced">https://patrickcoyle.substack.com/p/hr-7223-introduced</a>
- subscription required.<o:p></o:p></p>PJCoylehttp://www.blogger.com/profile/03390039682578324978noreply@blogger.com0tag:blogger.com,1999:blog-9122514974659083342.post-12201826778548195622024-03-14T06:33:00.004-04:002024-03-14T06:33:49.146-04:00Bills Introduced – 3-13-24<p class="MsoNormal">Yesterday, with just the House in session there were 44
bills introduced. Of those bills, there were two that may receive additional
coverage in this blog:</p>
<p class="MsoNormal" style="margin-left: .5in;"><a href="https://www.congress.gov/bill/118th-congress/house-bill/7655?s=2&r=12">HR
7655</a> To amend title 49, United States Code, to improve the safety of
pipeline transportation, and for other purposes. <a href="https://www.congress.gov/member/jeff-duncan/D000615" target="_blank">Duncan,
Jeff [Rep.-R-SC-3]</a><o:p></o:p></p>
<p class="MsoNormal" style="margin-left: .5in;"><a href="https://www.congress.gov/bill/118th-congress/house-bill/7659?s=2&r=16">HR
7659</a> To authorize and amend authorities, programs, and statutes
administered by the Coast Guard. <a href="https://www.congress.gov/member/sam-graves/G000546" target="_blank">Graves,
Sam [Rep.-R-MO-6]</a> </p>
<p class="MsoNormal">I will be covering HR 7655.</p>
<p class="MsoNormal">I will be watching HR 7659 for language and definitions that
would include cybersecurity and facility security issues within the scope of coverage
of the legislation.<o:p></o:p></p>PJCoylehttp://www.blogger.com/profile/03390039682578324978noreply@blogger.com0tag:blogger.com,1999:blog-9122514974659083342.post-31600085179342142672024-03-13T22:47:00.003-04:002024-03-13T22:47:19.530-04:00Short Takes – 3-13-24 <p class="MsoNormal"><b>Surface Forces: Unmanned LUSV Ships at Sea</b>.
StrategyPage.com <a href="https://www.strategypage.com/htmw/htsurf/articles/20240313.aspx">article</a>.
Pull quote: “It is possible that by 2040 over 50 percent of all commercial
shipping will be fully autonomous, making the LUSV market at that time worth
roughly $65 billion a year. This represents a significant opportunity to expand
smaller shipyards, providing a commercial export market which could increase
overall regional benefits as well as the ability to build militarized LUSV for
the United States and its allies. LUSV commercial opportunities exist to
advance existing industrial capacity and exploit research and development.
These opportunities enable the ship building industries in many nations
opportunities to participate in building LUSVs for commercial and military use.”</p>
<p class="MsoNormal"><b>Dying SpaceX rocket creates glowing, galaxy-like spiral
in the middle of the Northern Lights</b>. LiveScience.com <a href="https://www.livescience.com/space/space-exploration/dying-spacex-rocket-creates-glowing-galaxy-like-spiral-in-the-middle-of-the-northern-lights">article</a>.
Pull quote: “However, astrophotographer Olivier Staiger correctly predicted
that the Transport-10 mission would produce a spiral above the Arctic,
Spaceweather.com reported. He realized that the rocket's varied payload would
require it to spin more than normal during deployment, which would mean it
would still be spinning fast when it dumped its fuel.”</p>
<p class="MsoNormal"><b>Proposed Information Collection Request; Comment Request;
Annual Public Water Systems Compliance Report</b>. Federal Register EPA <a href="https://www.federalregister.gov/documents/2024/03/13/2024-05285/proposed-information-collection-request-comment-request-annual-public-water-systems-compliance">60-day
ICR notice</a>. Changes in estimate: “There is no change in burden from the
most recently approved ICR as currently identified in the OMB Inventory of
Approved Burdens. This is due to two considerations. First, the regulations
have not changed over the past three years and are not anticipated to change
over the next three years. Second, the growth rate for this industry is very
low or non-existent, so there is no significant change in the overall burden.”
Comments due May 13<sup>th</sup>, 2024.</p>
<p class="MsoNormal"><b>Select Updates for the Premarket Cybersecurity Guidance:
Section 524B of the Federal Food, Drug, and Cosmetic Act; Draft Guidance for
Industry and Food and Drug Administration Staff; Availability</b>. Federal
Register FDA <a href="https://www.federalregister.gov/documents/2024/03/13/2024-05295/select-updates-for-the-premarket-cybersecurity-guidance-section-524b-of-the-federal-food-drug-and">draft
guidance availability notice</a>. Summary: “This draft guidance proposes select
updates to the final guidance “Cybersecurity in Medical Devices: Quality System
Considerations and Content of Premarket Submissions.” This draft guidance, when
finalized, will identify the information FDA generally considers to be
necessary for cyber devices to support obligations under the new amendments to
the Federal Food, Drug, and Cosmetic Act (FD&C Act) for ensuring
cybersecurity of devices. This draft guidance is not final nor is it for
implementation at this time.” Comments due May 13<sup>th</sup>, 2024.<o:p></o:p></p>PJCoylehttp://www.blogger.com/profile/03390039682578324978noreply@blogger.com0tag:blogger.com,1999:blog-9122514974659083342.post-69635908546368612672024-03-13T10:04:00.007-04:002024-03-13T10:04:52.574-04:00Review - PHMSA Publishes Latest Additions to FAQ List – HAZMAT Training<p>Today, the DOT’s Pipeline and Hazardous Materials Safety Administration
(PHMSA) published a notice I the Federal Register (<a href="https://www.govinfo.gov/content/pkg/FR-2024-03-13/pdf/2024-05268.pdf">89
FR 18479-18482</a>) listing the latest additions to their list of frequently
asked questions (FAQ). Back in March of 2022, PHMSA <a href="https://patrickcoyle.substack.com/p/phmsa-to-establish-faqs-for-hmr">began
the process</a> of converting existing Letters of Interpretation (LOI) into
frequently asked questions of broader interest to the HAZMAT community. This
latest tranche of questions deals with hazardous materials safety training in support
of the hazardous materials regulations. The second set of questions <a href="https://patrickcoyle.substack.com/p/phmsa-publishes-next-set-of-hazmat">was
published</a> [removed from paywall] in August of 2023.</p>
<h2>Solicitation of Public Comments</h2>
<p class="MsoNormal">PHMSA is soliciting public comments on this proposed set of
FAQ and responses. Comments may be submitted via the Federal eRulemaking Portal
(<a href="http://www.regulations.gov/">www.Regulations.gov</a>; Docket
#PHMSA-2021-0109). Comments should be submitted by April 12<sup>th</sup>, 2024.</p>
<h2>Commentary</h2>
<p class="MsoNormal">As I found previously, PHMSA has not apparently published
the two previous sets of FAQs on their web site. There are currently two
different FAQ lists (<a href="https://www.phmsa.dot.gov/about-phmsa/phmsa-faqs">here</a>
and <a href="https://www.phmsa.dot.gov/about-phmsa/hazardous-materials-safety-faqs">here</a>).
The first was updated in September of last year and the former was updated in
2019, but neither contain the FAQs previously published as part of this
initiative. These FAQ’s would fit in very well with the first page of existing FAQs
as it has sub-pages for different topics.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">For more information on this notice, including a list of new
FAQ questions, see my article at CFSN Detailed Analysis - <a href="https://patrickcoyle.substack.com/p/phmsa-publishes-latest-additions">https://patrickcoyle.substack.com/p/phmsa-publishes-latest-additions</a>
- subscription required.<o:p></o:p></p>PJCoylehttp://www.blogger.com/profile/03390039682578324978noreply@blogger.com0tag:blogger.com,1999:blog-9122514974659083342.post-54535962093892470672024-03-13T07:04:00.004-04:002024-03-13T07:04:46.832-04:00Bills Introduced – 3-12-24<p class="MsoNormal">Yesterday, with both the House and Senate in session, there
were 56 bills introduced. One of those bills will receive additional attention
in this blog:<br style="mso-special-character: line-break;" />
<!--[if !supportLineBreakNewLine]--><br style="mso-special-character: line-break;" />
<!--[endif]--><o:p></o:p></p>
<p class="MsoNormal" style="margin-left: .5in;"><a href="https://www.congress.gov/bill/118th-congress/house-bill/7630?s=4&r=10">HR
7630</a> To require a plan to improve the cybersecurity and telecommunications
of the U.S. Academic Research Fleet, and for other purposes. <a href="https://www.congress.gov/member/mike-garcia/G000061" target="_blank">Garcia,
Mike [Rep.-R-CA-27]</a> <o:p></o:p></p>PJCoylehttp://www.blogger.com/profile/03390039682578324978noreply@blogger.com0tag:blogger.com,1999:blog-9122514974659083342.post-31691460211777852972024-03-13T06:27:00.003-04:002024-03-13T06:27:25.548-04:00Short Takes – 3-13-24 – Space Geek Edition <p class="MsoNormal"><b>Lumen Orbit emerges from stealth and raises $2.4M to put
data centers in space</b>. GeekWire.com <a href="https://www.geekwire.com/2024/lumen-orbit-stealth-2-4m-data-centers-space/">article</a>.
Pull quote: “Lumen Space’s founders aren’t the only ones aiming to put data
centers in orbit: ASCEND, a project funded by the European Union, has been
looking into the feasibility of creating a fleet of space-based data centers,
with Thales Alenia Space taking a leading role. And Texas-based Axiom Space
says it’s partnering with Kepler Space and Skyloom to set up an orbital data
center on Axiom’s first space module, which is due for launch in the 2026-2027
time frame.” It will be interesting to see how they plan on dealing with data
center cooling in space.</p>
<p class="MsoNormal"><b>Shields up: New ideas might make active shielding viable</b>.
ArsTechnica.com <a href="file:///C:/Data/010%20File/Shields%20up:%20New%20ideas%20might%20make%20active%20shielding%20viable">article</a>.
Pull quote: “The two options are to add more mass—which gets expensive
quickly—or to shorten the length of the mission, which isn’t always possible.
So solving radiation with passive mass won't cut it for longer missions, even
using the best shielding materials like polyethylene or water. This is why
making a miniaturized, portable version of the Earth’s magnetic field was on
the table from the first days of space exploration. Unfortunately, we
discovered it was far easier said than done.”</p>
<p class="MsoNormal"><b>Japan’s Lunar Landing Was Lopsided—And Transformative</b>.
ScientificAmerican.com <a href="https://www.scientificamerican.com/article/how-japans-moon-sniper-mission-hit-its-mark/">article</a>.
Pull quote: “But that doesn’t mean precision landings wouldn’t benefit sample
return missions, too. Such efforts tend to be roverless to reduce mission
complexity and cost, as most recently seen with China’s Chang’e 5 mission from
2020, which brought home 1.7 kilograms of geologically young volcanic lunar
material. A precision touchdown can ensure high-fidelity science results for
immobile landers by allowing them to reach and collect exactly what they came
for.”</p>
<p class="MsoNormal"><b>Act now to prevent a ‘gold rush’ in outer space</b>.
Nature.com <a href="https://www.nature.com/articles/d41586-024-00722-4">article</a>.
Pull quote: “India’s mission, for instance, was squarely aimed at exploring the
Moon’s southern pole — a probable storehouse of frozen water, which could be
converted into oxygen and rocket fuel. Grayling warns that human greed and
national rivalries could set off a lunar ‘gold rush’ once the investment and
engineering barriers to extracting extraterrestrial materials are surmounted.
He calls for an urgent re-examination of the laws that govern space
exploration.”<o:p></o:p></p>PJCoylehttp://www.blogger.com/profile/03390039682578324978noreply@blogger.com0tag:blogger.com,1999:blog-9122514974659083342.post-66662326485962946932024-03-12T22:32:00.001-04:002024-03-12T22:32:10.852-04:00Short Takes – 3-12-24 <p class="MsoNormal"><b>Damage a Distillation Column</b>.<span style="mso-spacerun: yes;"> </span>LinkedIn <a href="https://www.linkedin.com/posts/sihoko_several-years-ago-i-saw-a-statement-on-linkedin-activity-7173254923726245888-Mdyy?utm_source=share&utm_medium=member_desktop">discussion</a>.
Pull quote: “Actually so far I haven’t found that many process equipment
inherently secure against cyber attack. Attackers require very specific
knowledge of the local system, and it depends on the type of production
process, but once a threat actor gains access into the automation system also
distillation columns aren’t inherently safe against cyber attack.” Very
interesting discussion about physical modes for cyberattacks on process
equipment.</p>
<p class="MsoNormal"><b>Chemical manufacturer facing £233,000 [$289,439] in
penalties for endangering workers</b>. HazardExOnTheNet.net <a href="https://www.hazardexonthenet.net/article/204377/Chemical-manufacturer-facing--233-000-in-penalties-for-endangering-workers.aspx">article</a>.
Pull quote: “"Employers must evaluate and effectively control respiratory
hazards in the workplace and establish a hazard communication program that
meets or exceeds federal safety standards to protect workers. Our hazard
communication overview provides employers with the knowledge to get this done
and make their workplaces safer for all," Stawowy added.”</p>
<p class="MsoNormal"><b>CISA targeted through Ivanti VPN vulnerabilities, reports
say</b>. GovExec.com <a href="https://www.govexec.com/technology/2024/03/cisa-targeted-through-ivanti-vpn-vulnerabilities-reports-say/394851/">article</a>.
Pull quote: “The compromised systems included CISA’s Infrastructure Protection
Gateway, where DHS partners can access infrastructure protection tools, and the
[CFATS] <b><i>Chemical Security Assessment Tool</i></b> [emphasis added] that
provides private sector chemical security information, according to The Record
and CNN.”</p>
<p class="MsoNormal"><b>Security Risks of the AeroScope Upgrade Module</b>.
LinkedIn.com <a href="https://www.linkedin.com/pulse/security-risks-aeroscope-upgrade-module-edgesource-ofgbe/">article</a>.
Pull quote: “The most significant difference between [DJI] Drone ID and RID [FAA
Remote ID] is the underlying physical protocols. While Drone ID is integrated
within DJI’s proprietary OcuSync protocol (for all newer models), RID makes use
of standard WiFi and Bluetooth protocols. By and large, this means that while
Drone ID has historically been detectable for many kilometers (sometimes as
much as 30+), Remote ID will not – and is likely to achieve 1-2 km max (when in
good physical conditions). Coupling this range restriction with network
congestion and noise, the protocol is likely to be extremely difficult to
distinguish when in dense crowded environments (such as a stadium or an urban
city-center).”</p>
<p class="MsoNormal"><b>Susio secures funding to support 1,000kg per day hydrogen
generator development</b>. H2-View.com <a href="https://www.h2-view.com/story/susio-secures-funding-to-support-1000kg-per-day-hydrogen-generator-development/2107276.article/">article</a>.
“Susio’s process is expected to produce low-cost, low-carbon or zero-carbon
energy, using “novel microwave technology” to extract hydrogen from natural gas
or biogas while capturing the carbon in the form of carbon black.” While not a
greenhouse gas, carbon black has a number of unique handling and environmental
issues that are difficult to deal with.</p>
<p class="MsoNormal"><b>Automakers Are Sharing Consumers’ Driving Behavior With
Insurance Companies</b>. NYTimes.com <a href="https://www.nytimes.com/2024/03/11/technology/carmakers-driver-tracking-insurance.html">article</a>.
Pull quote: “What it contained stunned him: more than 130 pages detailing each
time he or his wife had driven the Bolt over the previous six months. It
included the dates of 640 trips, their start and end times, the distance driven
and an accounting of any speeding, hard braking or sharp accelerations. The
only thing it didn’t have is where they had driven the car.”</p>
<p class="MsoNormal"><b>Department of Defense (DoD) Defense Industrial Base (DIB)
Cybersecurity (CS) Activities</b>. Federal Register DOD <a href="https://www.federalregister.gov/documents/2024/03/12/2024-04752/department-of-defense-dod-defense-industrial-base-dib-cybersecurity-cs-activities.">final
rule</a>. Summary: “The DoD is finalizing revisions to the eligibility criteria
for the voluntary Defense Industrial Base (DIB) Cybersecurity (CS) Program.
These revisions will allow all defense contractors who own or operate an
unclassified information system that processes, stores, or transmits covered
defense information to benefit from bilateral information sharing. DoD is also
finalizing changes to definitions and some technical corrections for
readability.”<o:p></o:p></p>PJCoylehttp://www.blogger.com/profile/03390039682578324978noreply@blogger.com0tag:blogger.com,1999:blog-9122514974659083342.post-5312817179130057622024-03-12T21:37:00.001-04:002024-03-12T21:37:21.062-04:00EPA Accidental Release Rule and CFATS <p class="MsoNormal">When I first started scanning through the final rule that
the <a href="https://chemical-facility-security-news.blogspot.com/2024/03/review-epa-publishes-accidental-spill.html">EPA
published</a> on Monday on “Accidental Release Prevention Requirements” two items
caught my attention in the <a href="https://www.federalregister.gov/d/2024-04458/p-9">List of Abbreviations
and Acronyms</a>: CFATS and CVI. Given my interest in chemical security issues,
I had to investigate.</p>
<p class="MsoNormal">Both terms were used multiple times in the discussion about
comments on the EPA’s proposed change to 40 CFR 68.210 to require in a new
paragraph (d) that “the owner or operator of a stationary source to provide,
upon request by any member of the public residing within six miles of the
stationary source, certain chemical hazard information for all regulated
processes in the language requested”. Apparently a <a href="https://www.federalregister.gov/d/2024-04458/p-696">number of commentors</a>
thought that this requirement would violate provisions of the Chemical Facility
Anti-Terrorism Standards (CFATS) program, specifically requiring them to
disclose information classified as Chemical-terrorism Vulnerability Information
(CVI).</p>
<p class="MsoNormal">While the CFATS program was terminated on July 28<sup>th</sup>,
2023 because of the failure of the Senate to consider/approve <a href="https://chemical-facility-security-news.blogspot.com/2023/07/house-approves-hr-4470-cfats-extension.html">HR
4470</a>, the EPA in addressing these comments did not take the easy way out and
simply note that the program no longer existed, effectively negating the potential
legal concerns of the commentors. Instead, the preamble treats the comments as
if the program were still in force.</p>
<p class="MsoNormal">The EPA staff notes that the issue for the CFATS program in
general and for the CVI provisions specifically were addressed in the <a href="https://www.govinfo.gov/content/pkg/FR-2007-04-09/pdf/E7-6363.pdf">interim
final rule</a> that established the CFATS program in 2007. In discussing the
potential conflict between community right to laws and the new CFATS program
the IFR preamble <a href="https://www.federalregister.gov/d/E7-6363/p-370">noted
that</a>:</p>
<p class="MsoNormal" style="margin-left: .5in;">“To the extent that this approach
conflicts with existing state “right to know” or “sunshine” laws, we believe
that such laws are preempted by this IFR. At this time, we do not intend to
displace or otherwise affect any provisions of <i style="font-weight: bold;">Federal statutes </i>[emphasis added], including the
Emergency Planning and Community Right to Know Act, 42 U.S.C. 11001 et seq., <b><i>or
section 112(r)</i></b> [emphasis added] and 114 of the Clean Air Act of 1990,
as amended, 42 U.S.C. 7412(r), 7414, sections 308 and 402 of the Clean Water
Act, 33 U.S.C. 1318, 1342, and section 104(e)(7) of the Comprehensive
Environmental Response, Compensation, and Liability Act, 42 U.S.C. 9604.”</p>
<p class="MsoNormal">There is always going to be some tension between security
concerns of high-risk chemical facilities and the needs of neighbors of those
facilities to be aware of the potential local danger posed by those facilities.
That knowledge would be a fundamental tool for the neighborhood and communities
to plan for responses to accidental (or deliberately caused) chemical releases.
Such planning is fundamental to risk management and thus reinforces chemical
security mitigation.<o:p></o:p></p>PJCoylehttp://www.blogger.com/profile/03390039682578324978noreply@blogger.com0tag:blogger.com,1999:blog-9122514974659083342.post-72376389447139609492024-03-12T14:30:00.001-04:002024-03-12T14:30:25.435-04:00Review – 1 Advisory Published – 3-12-24<p class="MsoNormal">Today, CISA’s NCCIC-ICS published one control system
security advisory for products from Schneider Electric. Schneider published two
other new advisories today (in addition to <a href="https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-072-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-072-02.pdf">this
one</a>) and four updates. I will be covering those this weekend.</p>
<h2>Advisories</h2>
<p class="MsoNormal"><b style="mso-bidi-font-weight: normal;">Schneider Advisory </b>-
This <a href="https://www.cisa.gov/news-events/ics-advisories/icsa-24-072-01">advisory</a>
describes a deserialization of untrusted data vulnerability in the Schneider EcoStruxure
Power Design - Ecodial NL, INT, and FR products.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">For more information on this advisory, including looking at
the recommended ‘compute a hash’ value for project files, see my article at
CFSN Detailed Analysis - <a href="https://patrickcoyle.substack.com/p/1-advisory-published-3-12-24">https://patrickcoyle.substack.com/p/1-advisory-published-3-12-24</a>
- subscription required.<o:p></o:p></p>PJCoylehttp://www.blogger.com/profile/03390039682578324978noreply@blogger.com0tag:blogger.com,1999:blog-9122514974659083342.post-24703975217106039372024-03-12T07:47:00.001-04:002024-03-12T07:47:03.690-04:00OMB Approves CISA Software Attestation ICR<p class="MsoNormal">Yesterday, the OMB’s Office of Information and Regulatory
Affairs (OIRA) <a href="https://www.reginfo.gov/public/do/PRAViewICR?ref_nbr=202311-1670-001">announced</a>
that it had approved an information collection request (ICR) from CISA on “Secure
Software Self-Attestation Common Form”. This form was developed by CISA in
coordination with the Office of Management and Budget to meet the secure
software development attestation requirement of <a href="https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/">EO
14028</a>. A copy of the <a href="https://www.reginfo.gov/public/do/DownloadDocument?objectID=140498902">attestation
form</a> is available.</p>
<table border="1" cellpadding="0" cellspacing="0" class="MsoTableGrid" style="border-collapse: collapse; border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 0in 5.4pt 0in 5.4pt; mso-yfti-tbllook: 1184;">
<tbody><tr style="mso-yfti-firstrow: yes; mso-yfti-irow: 0;">
<td style="border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 103.25pt;" valign="top" width="138">
<p class="MsoNormal" style="line-height: normal;">Burden Estimate<o:p></o:p></p>
</td>
<td style="border-left: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 76.5pt;" valign="top" width="102">
<p class="MsoNormal" style="line-height: normal;"><o:p> </o:p></p>
</td>
</tr>
<tr style="mso-yfti-irow: 1;">
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 103.25pt;" valign="top" width="138">
<p class="MsoNormal" style="line-height: normal;"># of Responses<o:p></o:p></p>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 76.5pt;" valign="top" width="102">
<p class="MsoNormal" style="line-height: normal;">72,513<o:p></o:p></p>
</td>
</tr>
<tr style="mso-yfti-irow: 2;">
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 103.25pt;" valign="top" width="138">
<p class="MsoNormal" style="line-height: normal;">Time per Response <o:p></o:p></p>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 76.5pt;" valign="top" width="102">
<p class="MsoNormal" style="line-height: normal;">3-hrs. 20-min.<o:p></o:p></p>
</td>
</tr>
<tr style="mso-yfti-irow: 3; mso-yfti-lastrow: yes;">
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 103.25pt;" valign="top" width="138">
<p class="MsoNormal" style="line-height: normal;">Annual burden (hrs.)<o:p></o:p></p>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 76.5pt;" valign="top" width="102">
<p class="MsoNormal" style="line-height: normal;">175,709<o:p></o:p></p>
</td>
</tr>
</tbody></table>PJCoylehttp://www.blogger.com/profile/03390039682578324978noreply@blogger.com0tag:blogger.com,1999:blog-9122514974659083342.post-26884802006116271542024-03-12T06:47:00.007-04:002024-03-12T06:47:52.274-04:00Bills Introduced – 3-11-24<p class="MsoNormal">Yesterday, with both the House and Senate in session, there
were 26 bills introduced. None of the bills introduced will receive additional
coverage in this blog, but there are two bills that I would like to mention in
passing:</p>
<p class="MsoNormal" style="margin-left: .5in;"><a href="https://www.congress.gov/bill/118th-congress/house-bill/7610?s=2&r=3">HR
7610</a> To amend the Homeland Security Act of 2002 to clarify that utility
line technicians qualify as emergency response providers. <a href="https://www.congress.gov/member/clay-higgins/H001077" target="_blank">Higgins,
Clay [Rep.-R-LA-3]</a><o:p></o:p></p>
<p class="MsoNormal" style="margin-left: .5in;"><a href="https://www.congress.gov/bill/118th-congress/house-bill/7614?s=2&r=7">HR
7614</a> To prohibit the payment of the salaries of the President and members
of the cabinet if the President fails to submit the annual budget to Congress
before the first Monday in February of any year, and for other purposes. <a href="https://www.congress.gov/member/nancy-mace/M000194" target="_blank">Mace,
Nancy [Rep.-R-SC-1]</a></p>
<p class="MsoNormal">I am not sure what the practical effect of HR 7610 would be,
it depends on what portion of the Homeland Security Act is being amended. In
any event, any action that Congress would take to extend recognition for
utility line technicians would not be enough. As extreme weather events and
large grassland and forest fires become more prevalent, the more we become
dependent upon the courageous actions of these unsung heroes of the energy
grid.</p>
<p class="MsoNormal">While Congress officially requires the Administration to
submit a budget request to start the process for developing spending bills,
that budget has become an increasingly impotent part of the process. The
deadline being proposed in this bill is obviously an impossible deadline for the
first year of any administration, but even in follow on years it is becoming
increasingly difficult for budgeteers in the Executive Branch to craft spending
proposals when it takes Congress longer and longer to pass actual spending
bills.</p>
<p class="MsoNormal">HR 7614 is a political messaging bill which no one, not even
Mace, expects to receive any attention in committee and the bill will never
make it to the floor of the House, much less make it to the desk of the
President. I am pretty certain, however, that Mace plans on cashing in on the
bill in her fundraising for November.<o:p></o:p></p>PJCoylehttp://www.blogger.com/profile/03390039682578324978noreply@blogger.com0