Short Takes – 4-4-25

National Security Agency and Cyber Command chief Gen. Timothy Haugh ousted. WashingtonPost.com article (free). Pull quote: “The named acting NSA director is Lt. Gen. William J. Hartmann, who was the Cyber Command deputy, one of the officials said. Sheila Thomas, who was the executive director at the NSA, was named acting deputy, the official said.” Very little information in the story, but I suppose that is to be expected with the NSA.

House Republicans bash Senate’s Trump agenda blueprint: ‘This is offensive’. TheHill.com article. Pull quote: “Lending Johnson a boost, Florida voters on Tuesday sent two Republicans to the House, filling empty seats vacated by GOP lawmakers following November’s elections. The development gives GOP leaders a slightly larger cushion, and the Speaker said he was “elated” after swearing in the new pair on Wednesday.”

Significant New Use Rules on Certain Chemical Substances (24-4.5e). Federal Register, EPA notice of proposed rulemaking. Summary: “EPA is proposing significant new use rules (SNURs) under the Toxic Substances Control Act (TSCA) for certain chemical substances that were the subject of premanufacture notices (PMNs) and are also subject to an Order issued by EPA pursuant to TSCA. The SNURs require persons who intend to manufacture (defined by statute to include import) or process any of these chemical substances for an activity that is proposed as a significant new use by this rulemaking to notify EPA at least 90 days before commencing that activity. The required notification initiates EPA's evaluation of the conditions of that use for that chemical substance. In addition, the manufacture or processing for the significant new use may not commence until EPA has conducted a review of the required notification, made an appropriate determination regarding that notification, and taken such actions as required by that determination.” Comments due May 5^th, 2025.

Shingles is awful, but here’s another reason to get vaccinated: It may fight dementia. APNews.com article. Pull quote: “Stanford’s Geldsetzer took advantage of “a natural experiment” in Wales, which opened shingles vaccinations with an age limit: anyone 80 or older on Sept. 1, 2013, was ineligible but those still 79 could squeeze in. Comparing seniors who just met or just missed that cutoff would mimic a research study that randomly assigned otherwise similar people to be vaccinated or not.”

Review - HR 1258 Introduced – Contractor VDP

Back in February Rep Lieu (D,CA) introduced HR 1258, the Improving Contractor Cybersecurity Act. The bill would require federal contractors to have a vulnerability disclosure program (VDP). No new funding is provided.

The bill is essentially the same as HR 5310 that was introduced by Liew in August, 2023. No action was taken on that bill in the 118^th Congress.

The bill would amend Chapter 47, of division C, of subtitle I, of 41 USC, adding a new §4715, Vulnerability disclosure policy and program required.

Moving Forward

Lieu is not a member of the House Oversight and Government Reform Committee to which this bill was assigned for consideration. This means that there is probably not sufficient influence for the bill to be considered in Committee, the same problem that Lieu had with HR 5310 in the 118^th Congress. I suspect that there would be some Republicans that would oppose this bill as an unneeded, and potentially expensive, requirement for federal contractors. While there may possibly be sufficient bipartisan support for this bill to pass in Committee, I am not sure that there would be the necessary leadership interest to see this bill move forward.

Commentary

While the definition of ‘information technology’ used in this bill is broadly enough written to include control systems and operational technologies, there is an interesting shortcoming; it only applies to “the equipment [that] is used by the executive agency directly or is used by a contractor under a contract with the executive agency that requires the use” of the equipment. It specifically excludes any equipment acquired by a federal contractor incidental to a federal contract.” Thus, devices networked to ‘federally required equipment’ need not be included in the required VDP.

 

For more information on the provisions of this bill, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/hr-1258-introduced - subscription required.

Transportation Chemical Incidents – Week of 3-1-25

Reporting Background

See this post for explanation, with the most recent update here (removed from paywall).

Data from PHMSA’s online database of transportation related chemical incidents that have been reported to the agency.

Incidents Summary

• Number of incidents – 390 (359 highway, 27 air, 4 rail, 0 water)

• Serious incidents – 0 (0 Bulk release, 0 evacuation, 0 injury, 0 death, 0 major artery closed, 0 fire/explosion, 24 no release)

• Largest container involved – 30,420-gal DOT 117J100W Railcar {Alcohols, N.O.S.} 4 loose manway swing bolts.

• Largest amount spilled – 115-gal Plastic totebin {Corrosive Liquid, Acidic, Inorganic, N.O.S.} Forklift puncture. Detailed incident response reporting.

NOTE: Links above are to Form 5800.1 for the described incidents.

Most Interesting Chemical: Toluene - A clear colorless liquid with a characteristic aromatic odor. Flash point 40°F. Less dense than water (7.2 lb / gal) and insoluble in water. Hence floats on water. Vapors heavier than air. May be toxic by inhalation, ingestion or skin contact. Used in aviation and automotive fuels, as a solvent, and to make other chemicals. (Source: CameoChemicals.NOAA.gov).

 

Short Takes – 4-3-25

Watch live plant cells build their cell walls. ScienceNews.org article. Pull quote: “The researchers identified four stages of cell wall development. First, enzymes in the cell’s outer layer pump out short pieces of cellulose that “swim around” on the cell’s surface, Lam says. Next, those fragments start to collide and attach to one another. Then, as the cellulose fibers continue to thicken and elongate, they also link up with perpendicular fibers to form a mesh. Finally, that mesh of cellulose keeps rearranging itself and compacting until it becomes a rigid, stable cell wall.”

How North Korea Cheated Its Way to Crypto Billions. WSJ.com article (free). Pull quote: “North Korea’s success reflects the major resources dedicated to the task. The regime commands more than 8,000 hackers as though they were in a military unit, with the country’s brightest minds. State support means its hackers can wait months or years to exploit a single slip in a company’s digital security. Pyongyang’s desperation for cash, and its lack of concern for diplomatic blowback, have fueled its drive to be better than anyone else.”

We should talk more about air-conditioning. TechnologyReview.com article. Pull quote: “Another piece of this whole thing: It’s not just about how much total electricity we need to run air conditioners but about when that demand tends to come. As we’ve covered in this newsletter before, your air-conditioning habits aren’t unique. Cooling devices tend to flip on around the same time—when it’s hot. In some parts of the US, for example, air conditioners can represent more than 70% of residential energy demand at times when the grid is most stressed.”

A New Frontier in Radios: Rocket Lab Announces Expanded Radio Products for Reliable Command and Control. RocketLabUSA.com press release. Pull quote: ““We are excited to add this suite of software-defined radios to our expanding portfolio of products,” said Brad Clevenger, Vice President of Rocket Lab Space Systems.  “We continue to demonstrate our ability to deliver high reliability, high performance products at constellation scale.  While much of the industry struggles with supply chain challenges, Rocket Lab continues to demonstrate that it is the right partner for merchant component supply to the most demanding missions.””

Voyager Technologies to acquire LEOcloud. SpaceNews.com article. Pull quote: “LEOcloud is preparing to install its Space Edge micro datacenter on the International Space Station with support from the Center for the Advancement of Science in Space, which manages the ISS National Laboratory. Testing on ISS is a precursor to establishing cloud infrastructure for low-Earth Orbit.”

Contractors could hack back against adversaries, top cyber Democrat says. NextGov.com article. Pull quote: “Directing the private sector to hack back may present legal challenges because private firms would have to consider the consequences of mistakenly harming civilians. But that dynamic may have to become a part of a Trump administration strategy to hack back, as Chinese cyber operatives have often used stolen credentials to target various civilian critical infrastructure systems around the country.”

Rivals are rising to challenge the dominance of SpaceX. TechnologyReview.com article. Pull quote: “Regardless of the politics, the commercial competition will surely heat up throughout 2025. But SpaceX has a considerable head start, Bingen argues: “It’s going to take a lot for these companies to effectively compete and potentially dislodge SpaceX, given the dominant position that [it has] had.””

Trump backs Luna push for House parental proxy voting. TheHill.com article. Pull quote: ““I’m gonna let the Speaker make the decision, but I like the idea of being able to — if you’re having a baby, I think you should be able to call in and vote. I’m in favor of that,” Trump added.” Trump playing both sides.

EO 14250 - Addressing Risks From WilmerHale. Federal Register.

EO 14251 - Exclusions From Federal Labor-Management Relations Programs. Federal Register.

EO 14252 - Making the District of Columbia Safe and Beautiful. Federal Register.

EO 14253 - Restoring Truth and Sanity to American History. Federal Register.

EO 14254 - Combating Unfair Practices in the Live Entertainment Market. Federal Register.

EO 14255 - Establishing the United States Investment Accelerator. Federal Register.

Review – 5 Advisories Published – 4-3-25

Today CISA’s NCCIC-ICS published five control system security advisories for products from B&R, ABB (2), and Hitachi Energy (2).

Advisories

B&R Advisory - This advisory describes 13 vulnerabilities in the B&R APROL control system.

ABB Advisory #1 - This advisory discusses 15 vulnerabilities in the ABB Low Voltage DC Drives.

ABB Advisory #2 - This advisory discusses 15 vulnerabilities in the ABB ACS880 Drives.

Hitachi Energy Advisory #1 - This advisory describes three vulnerabilities in the Hitachi Energy TRMTracker.

Hitachi Energy Advisory #2 - This advisory describes four vulnerabilities in the Hitachi Energy RTU500 series products.

 

For more information on these advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/5-advisories-published-4-3-25 - subscription required.

Review – Bills Introduced – 4-2-25

Yesterday, with the Senate in Washington and the House meeting in pro forma session, there were 57 bills introduced. Four of those bills may receive additional coverage in this blog:

HR 2594 To establish a Water Risk and Resilience Organization to develop risk and resilience requirements for the water sector. Crawford, Eric A. "Rick" [Rep.-R-AR-1]

HR 2613 To improve public-private partnerships and increase Federal research, development, and demonstration related to the evolution of next generation pipeline systems, and for other purposes. Weber, Randy K. Sr. [Rep.-R-TX-14]

S 1249 A bill to prescribe zoning authority with respect to commercial unmanned aircraft systems and to preserve State, local, and Tribal authorities and private property with respect to unmanned aircraft systems, and for other purposes. Lee, Mike [Sen.-R-UT]

S 1250 A bill to authorize Counter-UAS activities on and off commercial service airport property, and for other purposes. Lee, Mike [Sen.-R-UT]

 

For more information on these bills, including legislative history for similar bills in the 118^th, as well as a brief look at one Space Geek bill, and a national security bill mentioned in passing, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/bills-introduced-4-2-25 - subscription required.

Short Takes – 4-3-25 – Space Geek Edition

Remember that asteroid everyone was worried about 2 months ago? The JWST just got a clear view of it. Space.com article. Pull quote: “The JWST also helped scientists study how quickly the space rock heats up and cools down. According to Rivkin, these thermal properties in 2024 YR4 are "not like what we see in larger asteroids," likely due to the fact that it spins very quickly and that its surface is "dominated by rocks that are maybe fist-sized or larger," rather than fine grains of sand.”

Secretive Russian military satellites release mystery object into orbit. Space.com article. Pull quote: “The released object could be used for a number of objectives, including military experiments, such as satellite inspection or target practice, testing technology for docking or formation flying. It may also be a scientific payload or even the result of an unintentional fragmentation, though this would usually result in numerous pieces of debris.”

Floating blue-eyed robot keeps watch on the ISS: Space photo of the day. Space.com article. Pull quote: “The Int-Ball2 is remotely operated by controllers with the Japan Aerospace Exploration Agency (JAXA) on Earth, but is also equipped with an Epson-designed inertial measurement unit (IMU) that when used in collaboration with a visual location and mapping system, enables the ball to maintain its orientation and navigate through the space station.”

Watch chilling 1st views of Earth's poles seen by SpaceX Fram2 astronauts (video). Space.com article. Pull quote: “The Fram2 is hoping their mission will live up to its predecessor and namesake through nearly two dozen science experiments planned for their time on orbit. One of these includes the first attempt to grow mushrooms in space. The crew also plans to take the first on-orbit X-rays of the human body.” Includes videos from Fram2.

SpaceX Hits New Milestone with Fram2, the First-Ever Crewed Polar Mission. ScientificAmerican.com article. Pull quote: “None of this means that sending humans into that orbit isn’t a legitimately impressive feat. It is—all the more so because SpaceX’s Falcon 9 rocket not only safely delivered the Crew Dragon to polar orbit; it also had enough leftover fuel to still perform a pinpoint soft landing on an awaiting barge in the Atlantic Ocean. But Fram2’s “polarity” overshadows the more mundane but no less astonishing “new normal,” in which private human spaceflight has rapidly shifted from the stuff of science fiction to a decidedly unexceptional reality.”

Starliner’s flight to the space station was far wilder than most of us thought. ArsTechnica.com article. Pull quote: “"That was not easy to do. I have lived rendezvous orbital dynamics going back decades. [Wilmore is one of only two active NASA astronauts who has experience piloting the space shuttle.] Ray Bigonesse is our rendezvous officer. What a motivated individual. Primarily him, but me as well, we worked to develop this manual rendezvous capability over the years. He's a volunteer fireman, and he said, 'Hey, I'm coming off shift at 5:30 Saturday morning; will you meet me in the sim?' So we'd meet on Saturdays. We never got to the point of saying lose four thrusters. Who would've thought that, in the same direction? But we're in there training, doing things, playing around. That was the preparation."”