Corps of Engineers Sends NWP NPRM to OMB

Yesterday the OMB’s Office of Information and Regulatory Affairs (OIRA) announced that it had received a notice of proposed rulemaking (NPRM) from the DOD’s Corps of Engineers on “Reissuance and Modification of Nationwide Permits”.

According to the Fall 2024 Unified Agenda entry for this rulemaking:

“The U.S. Army Corps of Engineers (Corps) issues nationwide permits (NWPs) under section 404 of the Clean Water Act and section 10 of the Rivers and Harbors Act of 1899.  The NWPs authorize specific categories of activities in jurisdictional waters and wetlands that have no more than minimal individual and cumulative adverse environmental effects. The NWPs may be issued for a period of no more than five years per statute, and the Corps has the authority to modify or revoke the NWPs before they expire. In January 2021, the Corps reissued or modified 12 existing NWPs and issued four new NWPs along with NWP general conditions and definitions (RIN 0710-AA84) which are set to expire in March 2026.  In December 2021, the Corps reissued or modified 40 existing NWPs and issued one new NWP (RIN 0710-AB29) which are also set to expire in March 2026.  The Corps is proposing to reissue or modify the 2021 NWPs [link added to COE NWP summary chart]. This proposal to reissue or modify the NWPs will incorporate comments obtained during the formal review of NWP 12 (RIN 0710-AB51).”

This periodic (every five years) rulemaking will be the Trump Administration’s first environmental rulemaking. While the rulemaking was initiated under the Biden Administration, there has been enough time (especially considering Project 2025 and its preparatory work on regulations) for the new Administration to place their stamp on the rulemaking.

I do not currently plan to cover this rulemaking in any depth (mostly depending on the effect on off-shore oil and gas activities), but I will certainly mention the publication of the NPRM in the appropriate ‘Short Takes’ post.

Short Takes – 4-2-25

Lesley, What Happened to the “Cybersecurity Skills Shortage”? Tisiphone.net blog post. This is a take on cybersecurity jobs that I have not seen elsewhere. Pull quote: “So now we have a big, Big, BIG problem. The universities, colleges, and boot camps sold the hell out of an entry level skills shortage that does not practically exist, and everybody in those programs just graduated, all at once. I cannot express how numerically and logistically dire things are. In the US, my peers are reporting upwards of 100 qualified candidates (after HR screening) for SOC roles. Red team has always been far worse. These numbers mean HR and recruiters can (and sometimes must) keep raising the minimum bar to entry to the most basic, entry level cybersecurity roles. “

Who's in Charge of OT Security? IHSOnline.org article. Long form discussion by Joe Weiss on the  ssues associated with OT Security. Pull quote: “CSO’s need to work with engineering and operations to develop, implement, and maintain control system cyber programs as well as identify control system cyber incidents. Without understanding control system issues, cyber protections may not be sufficient to prevent cyberattacks that can damage hardware and cause injuries. On the other hand, inappropriate technologies or testing can, and have caused, the same impacts as hackers.”

JAXA institute studying Mars lander concept. SpaceNews.com article. Pull quote: ““Instead of having a complicated operational supersonic parachute and a hard aeroshell, you can do all the job just with this single technology,” he said of the inflatable aeroshell. “If we’re focusing on small missions, this is the key technology for enabling our way of Mars landing missions.””

Fermenting miso in orbit reveals how space can affect a food’s taste. ScienceNews.org article. Pull quote: “The researchers could not isolate the ISS miso’s fermentation variables, including radiation, temperature and microgravity, to attribute specific properties to them, Coblentz says. But all those environmental features — or the “space terroir” — contributed to the miso, imparting a unique taste of space.”

Postponement of Effectiveness for Certain Provisions of Trichloroethylene (TCE); Regulation Under the Toxic Substances Control Act (TSCA). Federal Register EPA delayed enforcement notice. Summary: “The Environmental Protection Agency (EPA or Agency) is postponing the effectiveness of certain regulatory provisions of the final rule entitled “Trichloroethylene (TCE); Regulation Under the Toxic Substances Control Act (TSCA)” for 90 days pending judicial review. Specifically, this postponement applies to the conditions imposed on the uses with TSCA exemptions.” New enforcement date: June 20^th, 2025.

Comments in Aid of Analyses of the Terrorism Risk Insurance Program. Federal Register Treasury Department Request for comment. Summary: “The Terrorism Risk Insurance Act of 2002 (TRIA) created the Terrorism Risk Insurance Program (Program) to address disruptions in the market for terrorism risk insurance, to help ensure the continued availability and affordability of commercial property and casualty insurance for terrorism risk, and to allow for the private markets to stabilize and build insurance capacity to absorb any future losses for terrorism events. The Secretary of the Treasury (Secretary) administers the Program, with the assistance of the Federal Insurance Office (FIO). Treasury requests comments from interested parties regarding the issues that FIO will be analyzing in connection with its upcoming study related to the participation of small insurers in the Program, including any competitive challenges such insurers face in the terrorism risk insurance marketplace.” Comments due May 19^th, 2025.

Review - HR 1223 Introduced – ANCHOR Act

Back in February Rep Fong (R,CA) introduced HR 1223, the Accelerating Networking, Cyberinfrastructure, and Hardware for Oceanic Research (ANCHOR) Act. The bill would require the National Science Foundation (NSF) to submit a plan to improve the cybersecurity and telecommunications of the Academic Research Fleet. No new funding is authorized by the legislation.

The bill is similar to HR 7630, the Accelerating Networking, Cyberinfrastructure, and Hardware for Oceanic Research (ANCHOR) Act, that was introduced by Rep Garcia (R,CA) in March, 2024. The House Science, Space, and Technology Committee held a markup hearing on March 20^th, 2024 and ordered the bill reported favorably by a vote of 38 to 0. The Committee Report was published on May 23^rd, 2024. The bill was taken up by the full House on September 23^rd, 2024 under the suspension of the rules process and passed by a voice vote. No action was taken in the Senate on this bill, nor on a similar bill (S 3943, the ANCHOR Act) introduced by Sen Padilla (D,CA) in March of 2024. Padilla has introduced a similar bill (S 318) this session.

Moving Forward

Fong and all three of his cosponsors {Rep Stevens (D,MI), Rep Obernolte (D,CA), and Rep McBride (D,DE)} are members of the House Science, Space, and Technology Committee to which this bill was assigned for consideration. This means that there may be sufficient influence to see this bill considered in Committee. While last session, the earlier bill moved through the Committee and the floor of the House with no significant opposition, the focus of the 119^th Congress is somewhat different than that of the 118^th. I suspect that if HR 1223 were considered it would still receive strong bipartisan support, the question remains whether the leadership would remain as supportive in the new legislative environment.

 

For more information about the provisions of this bill, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/hr-1223-introduced - subscription required.

Review - Bills Introduced – 4-1-25

Yesterday, with both the House and Senate in session, there were 76 bills introduced. One of those bills may receive additional coverage in this blog:

HR 2546 To establish the position of Secretary of the Coast Guard, and for other purposes. Ezell, Mike [Rep.-R-MS-4]

 

For more information on these bills, including legislative history for similar bills in the 118th, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/bills-introduced-4-1-25 - subscription required.

Short Takes – 4-1-25

What’s My Daily Life Like (in OT DFIR)? Tisiphone.net blog post. Pull quote: “What that means for the digital forensics side of things is that my cases involve sometimes very strange and very old computing equipment. Legacy is prevalent in OT. I must be able to figure out forensics on computers from the 80s or 90s. I also must be able to work with low level systems like PLCs and embedded computers. I still must create timelines of modern attacks, with corroborated and court-admissible evidence. There’s little EDR, and a lot of our forensics work is quite manual. I have a soldering iron in my bag to deal with non-standard connectors.”

SpaceX launches private Fram2 astronauts on historic spaceflight over Earth's poles. Space.com article. Pull quote: “Fram2 carries on the exploration spirit of its ocean-going predecessor. It carries a total of 22 experiments the crew will conduct during the mission, including the first attempt to grow mushrooms in space and a machine that will capture the first on-orbit X-rays of the human body. Other experiments will investigate the effects of microgravity on the human musculoskeletal system during spaceflight.”

FAA closes investigation into SpaceX Starship Flight 7 explosion. Space.com article. Pull quote: “Both the Starship Flight 7 and New Glenn mishap reports were closed on Friday (March 28), FAA officials said. Neither incident caused any public injuries, and New Glenn's failed return to Earth didn't damage any public property. Starship Flight 7 debris caused one confirmed report of "minor vehicle damage" in the Turks and Caicos, according to the FAA.” Still waiting on Flight 8 investigation results.

Cyber-Physical Analysis of Weapons of Mass Destruction Detection Systems: Part 1 - DARPA's SIGMA. Reversemode.com article. Pull quote: “It is important to recognize that this analysis is limited by the scope of available data and the specific context in which it was conducted. While the research might offer valuable insights for improvement, external factors and considerations (some of which may not be immediately apparent) could influence the assessment of the issues discussed. That’s why I’ve taken a cautious approach in classifying something as a ‘vulnerability’” Lots of detail (more than a little over my head due to my background) but some interesting suggestions about potential vulnerabilities.

SpaceX's Fram2 astronaut flight over Earth's poles will be the 1st to grow mushrooms in space. Space.com article. Pull quote: “"In space, food often tastes bland due to altered taste perception and the need for a low-sodium diet to help counteract the negative effects of microgravity on bone health," Flávia said in the statement. "Mushrooms are rich in umami flavor, being one of the only tastes that remains strong in space. Oyster mushrooms are also highly resilient, scalable and capable of growing using 100% of the inedible plant waste, and even cotton t-shirts in their growth medium."” 

Rule Rejected in House – Luna’s Proxy Bill Saved

Today the House took up H Res 282, the rule for the consideration of this week’s legislation under ‘regular’ order. The measure was defeated by a vote of 206 to 222, with nine Republicans voting with the Democrats against the resolution. Unlike similar no votes last session, the Republicans voting no were not members of the Freedom Caucus, rather today these votes came from moderates.

The main purpose of the resolution was to provide the ‘rule’ for the consideration of three bills:

SJ Res 28 – A joint resolution disapproving the rule submitted by the Bureau of Consumer Financial Protection relating to "Defining Larger Participants of a Market for General-Use Digital Consumer Payment Applications",

HR 1526 – No Rogue Rulings Act of 2025, and

HR 22 - Safeguard American Voter Eligibility Act

All three bills are part of the Trump agenda and have been expected to pass with mainly party line votes, with no objections known from any Republicans. Democrats were expected to vote against the HJ Res 282 as a matter of course.

What happened is that the Rules Committee, this morning, added a §5 to the resolution before it was approved in Committee. Section 5 was added to stop the House from considering H Res 23, the Proxy Voting for New Parents Resolution. This resolution was introduced by Rep Luna (R,FL) to modify the House Rules to allow for new parents to vote by proxy, with certain limitations. This bill has been opposed by the Republican leadership, mainly as a keeping-the-faith opposition to the proxy voting allowed by the Democrats during the Covid epidemic. Luna was able to get a majority of the House members to sign a discharge petition to force a vote on the floor.

With eleven Republicans willing to sign the discharge petition it was almost a foregone conclusion that H Res 23 is going to pass if it were to come to the floor. To prevent such ‘objectionable’ legislation from getting to the floor, §5 was added to the rule that would have made a special exception to the rules pertaining to discharge petitions specifically for H Res 23 or substantially similar language for the remainder of the session. The leadership was betting that the desire to support the Trump agenda items included in the rule would override the interest in voting for proxy voting rule.

With the votes on the covered bills at least temporarily stopped, there will be no more votes scheduled on the floor of the House this week. This still leaves the matter of the discharge petition unresolved.

Politico is reporting that Luna resigned from the Freedom Caucus over this issue.

Review – 1 Advisory and 1 Update Published – 4-1-25

Today CISA’s NCCIC-ICS published a control system security advisory for products from Rockwell Automation. They also updated an advisory for products from Hitachi Energy.

Advisories

Rockwell Advisory - This advisory discusses a deserialization of untrusted data vulnerability (with publicly available exploit code) in the Rockwell Lifecycle Services with Veeam Backup and Replication.

Updates

Hitachi Energy Update - This update provides additional information on the Hitachi Energy MicroSCADA advisory that was originally published on November 26^th, 2024.

 

For more information on these advisories, including a down-the-rabbit-hole look at the Veeam vulnerability, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/1-advisory-and-1-update-published-1a0 - subscription required.