Review - Spring 2024 Unified Agenda – FAA and UAS

Earlier this month the Biden Administration published their Spring 2024 Unified Agenda. The DOT portion of that Agenda includes 34 entries for rulemakings by the Federal Aviation Administration. Two of those rulemakings deal with unmanned aircraft systems (UAS) In the separate Long-Term Actions portion of the Unified Agenda the 15 listed FAA actions include three that address UAS issues.

For more details about these FAA UAS rulemakings, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/spring-2024-unified-agenda-fb1 - subscription required.

Short Takes – 7-15-24 – Space Geek Edition

SpaceX Rocket Fails in Orbit. NYTimes.com article (free). Pull quote: “But on Friday, SpaceX provided an update on its website that the second stage had experienced a liquid oxygen leak and was unable to complete a second, short engine burn needed to put 20 Starlink satellites in the correct orbit.”

NASA Mission to Europa Imperiled by Chips Aboard Spacecraft. NYTimes.com article. Pull quote: “Because it is expected that Europa Clipper would take more than five years to reach Jupiter after an October launch, engineers at the Jet Propulsion Lab would have time to find ways to salvage some of the mission’s science, likely through different trajectories that avoid the worst of the region’s radiation, among other strategies. But the data they return in that scenario may fall short of what scientists sought.”

This desert moss has the potential to grow on Mars. ScienceDaily.com article. Pull quote: “Finally, the researchers tested the moss's ability to endure Mars-like conditions using the Chinese Academy of Sciences' Planetary Atmospheres Simulation Facility. The simulator's Martian conditions included air composed of 95% CO2, temperatures that fluctuated from −60°C to 20°C, high levels of UV radiation, and low atmospheric pressure. Dried moss plants achieved a 100% regeneration rate within 30 days after being subjected to the Martian conditions for 1, 2, 3, and 7 days. Hydrated plants, which were only subjected to the simulator for one day, also survived, though they regenerated more slowly than their desiccated counterparts.”

China’s Long March 6A rocket appears to have an orbital debris problem. SpaceNews.com article. Pull quote: “S2a systems, a Swiss company which develops and operates customized systems for optical space surveillance worldwide, detected a series of objects surrounding the Long March 6A upper stage.”

Stranded starliner spacecraft’s thrusters have been overheating, NASA admits. Futurism.com article. Pull quote: “Starliner's four thrusters are, as Ars explains, situated around the circumference of the rocket in propulsion pods that agency officials refer to as "doghouses." Due to a design flaw that appears to have been discovered during those tests, the doghouses result in a thermos-like insulation that keeps heat in, which in turn causes them to overheat.”

Review – Public ICS Disclosures – Week of 7-6-23 – Part 2

For Part 2 this week, we have 24 vendor updates from Schneider (3) and Siemens (21). There are three researcher reports for products from SonicWall, Synology, and TP-Link. There was one exploit published for products from VMware. Finally, we have an article from Siemens that should be of interest.

Updates

Schneider Update #1 - Schneider published an update for their SAGE RTU advisory that was originally published on June 11^th, 2024.

Schneider Update #2 - Schneider published an update for their EcoStruxure Control Expert advisory that was originally published on February 13^th, 2024.

Schneider Update #3 - Schneider published an update for their Modicon Controllers advisory that was originally published on December 8^th, 2020 and most recently updated on February 13th, 2020.

Siemens Update #1 - Siemens published an update for their SIMATIC IPCs advisory that was originally published on September 12^th, 2023 and most recently updated on November 14^th, 2023.

Siemens Update #2 - Siemens published an update for their Industrial Products advisory that was originally published on May 14^th, 2024.

Siemens Update #3 - Siemens published an update for their RUGGEDCOM APE1808 devices advisory that was originally published on March 12^th, 2024 and most recently updated on June 11^th, 2024.

Siemens Update #4 - Siemens published an update for their PROFINET Devices advisory that was originally published on February 11^th, 2020 and most recently updated on April 11^th, 2024.

Siemens Update #5 - Siemens published an update for their SIMATIC WinCC advisory that was originally published on February 13^th, 2024 and most recently updated on June 11^th, 2024.

Siemens Update #6 - Siemens published an update for their RUGGEDCOM APE1808 devices advisory that was originally published on April 19^th, 2024.

Siemens Update #7 - Siemens published an update for their SIMATIC WinCC advisory that was originally published on April 9^th, 2024.

Siemens Update #8 - Siemens published an update for their n OpenSSL (CVE-2022-0778) advisory that was originally published on June 14^th, 2022, and most recently updated on May 14^th, 2024.

Siemens Update #9 - Siemens published an update for their OPC UA Implementation advisory that was originally published on September 12^th, 2023, and most recently updated on June 11^th, 2024.

Siemens Update #10 - Siemens published an update for their Industrial Products using Intel CPUs advisory that was originally published on February 14^th, 2023, and most recently updated on August 8^th, 2023.

Siemens Update #11 - Siemens published an update for their SegmentSmack advisory that was originally published on April 14^th, 2020, and most recently updated on May 14^th, 2024.

Siemens Update #12 - Siemens published an update for their SINEMA Remote Connect Server advisory that was originally published on June 14^th, 2022.

Siemens Update #13 - Siemens published an update for their PROFINET Devices advisory that was originally published on October 8^th, 2018, and most recently updated on May 9^th, 2023.

Siemens Update #14 - Siemens published an update for their RUGGEDCOM APE1808 devices advisory that was originally published on April 9^th, 2024, and most recently updated on May 14^th, 2024.

Siemens Update #15 - Siemens published an update for their PROFINET Stack advisory that was originally published on April 12^th, 2022 and most recently updated on June 11^th, 2024.

Siemens Update #16 - Siemens published an update for their GNU/Linux subsystem advisory that was originally published on December 12^th, 2023, and most recently updated on June 11^th, 2024.

Siemens Update #17 - Siemens published an update for their SNMP Interface advisory that was originally published on November 23, 2017, and most recently updated on February 8^th, 2022.

Siemens Update #18 - Siemens published an update for their TIM 1531 IRC advisory that was originally published on June 11^th, 2024.

Siemens Update #19 - Siemens published an update for their PROFINET DCP Implementation advisory that was originally published on May 8^th, 2017, and most recently updated on February 8^th, 2022.

Siemens Update #20 - Siemens published an update for their GNU/Linux subsystem advisory that was originally published on April 9^th, 2024 and most recently updated on May 14^th, 2024.

Siemens Update #21 - Siemens published an update for their SINEC NMS advisory that was originally published on October 10^th, 2023.

Researcher Reports

SonicWall Report - SSD published a report that describes two vulnerabilities in the SonicWall SMA100 platform.

Synology Report - Claroty published a report that describes a classic buffer overflow vulnerability in the Synology BC500 cameras.

TP Link Report - Claroty published a report that describes three vulnerabilities in the TP-Link ER605 routers.

Exploits

VMware Exploit - Sina Kheirkhah published an exploit for a command injection vulnerability (that is listed in the CISA Known Exploited Vulnerability Catalog) in the VMware Aria Operations product.

Articles

Siemens Article - Siemens published an article on “RADIUS Advisory and the benefits of ProductCERT’s improved formats”.

 

For additional information about these disclosures, including a brief summary of the changes made in the updates, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-7-86f - subscription required.

Short Takes – 7-13-24

CISA broke into a US federal agency, and no one noticed for a full 5 months. TheRegister.com article. Pull quote: “CISA said the exercise demonstrated the need for FCEB agencies to apply defense-in-depth principles – multiple layers of detection and analysis measures for maximum effectiveness. Network segmentation was recommended and the red team wanted to stress the danger of over-relying on known IOCS.”

3 new cases of possible bird flu reported in Colorado. TheHill.com article. Pull quote: “The Colorado Department of Public Health and Environment said in a release Friday that it had identified three presumptive positive cases of avian influenza in workers who were responding to an outbreak of the virus at a commercial egg operation.”

Senate's FY25 spending bills gain bipartisan momentum. GovExec.com article. Pull quote: “The committee did, however, unveil a deal to increase funding for both defense and non-defense agencies above levels agreed to in a two-year budget plan President Biden struck with House Republicans last year. Under the Fiscal Responsibility Act, funding for both sides of the ledger are set to increase by just 1% next year. Sens. Patty Murray, D-Wash., and Susan Collins, R-Maine, the chair and vice chair of the spending panel, have agreed to boost those totals using “emergency” funding. Non-defense agencies would receive a total of $13.5 billion in extra spending, while the Pentagon would get an extra $21 billion.”

Ozempic Quiets Food Noise in the Brain—But How? ScientificAmerican.com article. Pull quote: ““We all have the same reward systems that are absolutely essential to normal functioning,” Pontzer says, “and it’s only when we get toward the real far end of the spectrum on those reward responses that we get into trouble.” This hormonal system is evolutionarily ancient. “And we are now, in 2024, finding the advantages of the system through these drugs—we have hijacked it, if you will,” Hayes says. “We are at the precipice of the ­beginning.””

‘Frog Saunas’ Could Protect Species from Devastating Fungal Disease. ScientificAmerican.com article. Pull quote: “Just because the setup worked with green and golden bell frogs, of course, doesn’t mean it would work for all frog species that are currently threatened by chytrid. For example, alpine frogs used to cold temperatures would struggle to survive in a sauna, Waddle says. But he adds that the study’s findings represent an important change of tone for a field that has recently been dominated by despair. “The prevailing idea from these pillars in our field was that nothing’s going to work,” he says.”

House Rejected HR 8772 – FY 2025 Legislative Spending Bill

On Thursday, the House took up HR 8772, the Legislative Branch Appropriations Act, 2025. After agreeing to one amendment and rejecting three others, the House rejected the bill by a vote of 205 to 213 with 15 members (8 R’s and 7 D’s) not voting. Ten Republicans voted Nay and three Democrats voted Yay.

One of the Republicans voting against the bill, Rep Clyde (R,GA), objected to the bill in floor debate (H4594) because of §214 of the bill violates the provisions of the 27^th Amendment that require any changes made to congressional pay will not take effect in the session in which the changes were enacted. That was the only Republican voice raised in the opposition to the bill during the general debate. Interestingly, there were no Republican votes against the rule for the consideration of this bill in the Rules Committee.

This failure to pass this bill shows that the Republican House is going to continue to have problems getting the 12 spending bills to the President. There is going to be substantial opposition in the Senate to many of the provisions (and the spending amounts) in the House bills, but if the leadership cannot even get bills through the house they nominally (VERY nominally) control, they will have the same problems they had last year forcing the Senate to acquiesce to any of their demands. To be fair, no one who has watched Washington for the last couple of years expected any different.

NOTE: This post is a little late, but the Congressional Record for Thursday was just published today. That combined with the Florida vacation the wife and I took earlier this week, are the reasons for the delay in this discussion.

OMB Approves 3 BIS Rulemakings – 7-12-24

Yesterday, the OMB’s Office of Information and Regulatory Affairs announced that it had approved three rulemaking actions by the DOC’s Bureau of Industry and Security:

Interim Final Rule - Standards-Related Activities and the Export Administration Regulations – Submitted May 17^th, 2024,

NPRM - Proposed Amendments to the Export Administration Regulations: Crime Controls and Expansion/Update of U.S. Persons Controls. – Submitted May 9^th, 2024,

NPRM - Proposed Amendments to End-Use and End-User Based Export Controls, Including U.S. Persons Activities Controls: Military and Intelligence End Uses and End Users. Submitted November 3^rd, 2023,

None of these rulemakings look like they are going to be of specific interest here, but you never can tell with the BIS. At the very least, I will mention the publication of these rules in my ‘Short Takes’ blog post on the day of publication.

Bills Introduced – 7-12-24

Yesterday, neither the House nor the Senate were in session, but three bills were introduced. I will be covering all three bills:

HR 9027 Agriculture, Rural Development, Food and Drug Administration, and Related Agencies Appropriations Act, 2025 Harris, Andy [Rep.-R-MD-1]

HR 9028 Transportation, Housing and Urban Development, and Related Agencies Appropriations Act, 2025 Womack, Steve [Rep.-R-AR-3] 

HR 9029 Departments of Labor, Health and Human Services, and Education, and Related Agencies Appropriations Act, 2025 Aderholt, Robert B. [Rep.-R-AL-4]