Friday, January 17, 2025

Bills Introduced – 1-16-25

Yesterday, with both the House and Senate in session, there were 138 bills introduced. Two of those bills will receive additional coverage in this blog:

HR 477 To advance scientific research and technology development of hypersonic vehicles, and for other purposes. Fong, Vince [Rep.-R-CA-20]

HR 494 To amend the Cybersecurity Enhancement Act of 2014 to make improvements to the Federal Cyber Scholarship for Service Program, and for other purposes. Connolly, Gerald E. [Rep.-D-VA-11]

Transportation Chemical Incidents – Week of 12-14-24

Reporting Background

See this post for explanation, with the most recent update here (removed from paywall).

Data from PHMSA’s online database of transportation related chemical incidents that have been reported to the agency.

Incidents Summary

• Number of incidents – 435 (412 highway, 41 air, 4 rail, 0 water)

• Serious incidents – 2 (2 Bulk release, 0 evacuation, 0 injury, 0 death, 1 major artery closed, 0 fire/explosion, 35 no release)

• Largest container involved – 9,700-gal DOT406 Tank Truck {Gasoline Includes Gasoline Mixed With Ethyl Alcohol, With Not More Than 10% Alcohol} Tank punctured during vehicle accident.

• Largest amount spilled – 850-gal DOT406 Tank Truck {Gasoline Includes Gasoline Mixed With Ethyl Alcohol, With Not More Than 10% Alcohol} Tank punctured during vehicle accident.

NOTE: No links available to the Form 5800.1 for the described incidents.

Most Interesting Chemical: Allyl Bromide – A clear colorless to light yellow liquid with an irritating unpleasant odor. Flash point 30°F. Irritates eyes, skin, and respiratory system. Toxic by skin absorption. Denser than water and slightly soluble in water. Vapor is heavier than air and may travel a considerable distance to a source of ignition and flash back. (Source: CameoChemicals.NOAA.gov).

 



Thursday, January 16, 2025

Short Takes – 1-16-25

Blue Origin launches New Glenn rocket to orbit for the first time, marking a milestone for Jeff Bezos. GeekWire.com article. Pull quote: “NG-1’s primary payload was Blue Ring Pathfinder, which was designed to demonstrate the technologies that Blue Origin is incorporating in its Blue Ring vehicle. The development effort is supported by a Defense Innovation Unit program aimed at facilitating greater in-space mobility for the Pentagon. NG-1 will also serve as Blue Origin’s first certification flight for the National Security Space Launch program.”

Vought nomination signals bruising spending wars under Trump. TheHill.com article. Pull quote: “He said whether Trump decides to claim impoundment authority to block congressional funding on certain priorities is “something his team would have to consider when they are confirmed in [their] roles.””

Speaker Johnson removes Mike Turner as Intelligence Committee chair. TheHill.com article. Pull quote: “Turner has also been a strong Republican supporter of aid to Ukraine, and supported an extension of surveillance powers known Section 702 in the Foreign Intelligence Surveillance Act — both of which have drawn the ire of Trump-allied, America First conservatives.”

Two lunar landers are on the way to the Moon after SpaceX’s double moonshot. ArsTechnica.com article. Pull quote: "That market, right now, is very nascent. It's very, very immature. And one of the reasons for that is that it's very difficult for companies that are contemplating making investments on equipment, experiments, etc., to put on the lunar surface and lunar orbit," Garan said. "It's very difficult to make those investments, especially if they're long-term investments, because there really hasn't been a proof of concept yet."

Amid H5N1, CDC Wants Faster Influenza A Subtyping for Hospitalized Cases. MedPageToday.com article. Pull quote: “The agency also released a Health Alert Network (HAN) health advisoryopens in a new tab or window, recommending that clinicians take an exposure history from hospitalized patients with suspected or confirmed flu, including potential exposures to wild and domestic animals -- including pets like cats -- and animal products such as poultry, dairy products, raw cow milk, raw cow milk products, and raw meat-based pet foods.” This is the first time I have seen ‘raw meat-based pet foods’ as a potential source of bird flu infection.

Review – 8 Advisories and 4 Updates Published 1-16-25

Today CISA’s NCCIC-ICS published eight control system security advisories for product from Schneider Electric, Hitachi Energy (2), Fuji Electric, and Siemens (4). They also updated advisories for products from Mitsubishi (2), Johnson Controls, and Delta Electronics.

Advisories

Schneider Advisory - This advisory describes two vulnerabilities in the Schneider Data Center Expert.

Hitachi Energy Advisory #1 - This advisory describes a relative path traversal advisory in the Hitachi Energy FOX61x Products.

Hitachi Energy Advisory #2 - This advisory describes an improper validation of certificate with host mismatch vulnerability in the Hitachi Energy FOX61x, FOXCST, and FOXMAN-UN products.

Fuji Advisory - This advisory describes a stack-based buffer overflow vulnerability in the Fuji Alpha5 SMART servo drive system.

Siemens Advisory #1 - This advisory describes a files or directories accessible to external parties vulnerability in the Siemens SIPROTEC 5 products.

Siemens Advisory #2 - This advisory discusses an insertion of sensitive information into a log file vulnerability in the Siemens Siveillance Video Device Pack.

Siemens Advisory #3 - This advisory describes a cross-site scripting vulnerability in the Siemens Industrial Edge Management.

Siemens Advisory #4 - This advisory describes an LDAP injection vulnerability in the Siemens Mendix LDAP. The vulnerability was self-reported.

Updates

Mitsubishi Update #1 - This update provides additional information on the FA Engineering Software products advisory that was originally published on January 30th, 2024 and most recently updated on October 31st, 2024.

Mitsubishi Update #2 - This update provides additional information on the Multiple Factory Automation products advisory that was originally published on February 27th, 2024.

Johnson Controls Update - This update provides additional information on the Software House C●CURE 9000 advisory that was originally published on July 9th, 2024.

Delta Update - This update provides additional information on the DRASimuCAD advisory that was originally published on January 9th, 2025.

 

For more information on these advisories , including a link to a third-party advisory and a description of duplicate CISA advisory, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/8-advisories-and-4-updates-published  [link added 11:30 pm EDT 1-16-15] - subscription required.

Short Takes – 1-16-25 – Federal Register Edition

Request for Information Regarding Treatment and Disposal of Elemental Mercury. Federal Register DOE request for information. Summary: “The U.S. Department of Energy's (DOE) Environmental Management Consolidated Business Center and Office of Environmental Management are currently in the acquisition planning and regulatory planning stages for a potential future treatment and disposal (T&D) acquisition activity and fee rulemaking activities for elemental mercury waste. This planning supports DOE's efforts to implement the requirements of the Mercury Export Ban Act of 2008, as amended by the Frank R. Lautenberg Chemical Safety for the 21st Century Act. DOE's Office of Environmental Management is issuing this RFI for the purpose of conducting market research in accordance with the Federal Acquisition Regulation (FAR). This RFI is also being issued to potentially support a future rulemaking action that would establish a fee to provide long-term management and storage of elemental mercury. No contract solicitation is available through this RFI.”

Vinyl Chloride; Draft Scope of the Risk Evaluation Under the Toxic Substances Control Act (TSCA); Notice of Availability and Request for Comment. Federal Register EPA notice. Summary: “The Environmental Protection Agency (EPA or Agency) is announcing the availability of and seeking public comment on the draft scope of the risk evaluation to be conducted under the Toxic Substances Control Act (TSCA) for vinyl chloride (ethene, chloro-; CASRN 75-01-4). Under TSCA, the scope documents must include the conditions of use, hazards, exposures, and the potentially exposed or susceptible subpopulations that EPA expects to consider in conducting the risk evaluation for this chemical substance. The purpose of risk evaluations under TSCA is to determine whether a chemical substance presents an unreasonable risk of injury to health or the environment under the conditions of use, including unreasonable risk to potentially exposed or susceptible subpopulations identified as relevant to the risk evaluation by EPA, and without consideration of costs or non-risk factors.” Comments due March 3rd, 2025.

Controls on Certain Laboratory Equipment and Related Technology To Address Dual Use Concerns About Biotechnology. Federal Register BIS interim final rule – Summary: “With this interim final rule (IFR), the Bureau of Industry and Security (BIS) is revising the Export Administration Regulations (EAR) to address the accelerating development and deployment of advanced biotechnology tools contrary to U.S. national security and foreign policy interests. This rule institutes new controls on certain biotechnology equipment and related technology. It further solicits public comments on the changes it implements.”

Implementation of Additional Due Diligence Measures for Advanced Computing Integrated Circuits; Amendments and Clarifications; and Extension of Comment Period. Federal Register BIS comment extension. Summary: “BIS is revising the Export Administration Regulations (EAR) in response to requests from the public to provide additional due diligence procedures regarding advanced computing integrated circuits (ICs). This interim final rule (IFR) will protect the national security of the United States and assist foundries and Outsourced Semiconductor Assembly and Test (“OSATs”) companies in complying with provisions of the EAR pertaining to advanced computing ICs in the supply chain. This IFR also revises the EAR to make amendments and clarifications to the EAR for changes made to the EAR in an IFR released by BIS on December 2, 2024, “Foreign-Produced Direct Product Rule Additions, and Refinements to Controls for Advanced Computing and Semiconductor Manufacturing Items,” (FDP IFR), including extending the deadline for written comments for the FDP IFR to March 14, 2025.”

Securing the Information and Communications Technology and Services Supply Chain: Connected Vehicles. Federal Register BIS final rule. Summary: “This final rule, published by the Department of Commerce's (Department) Bureau of Industry and Security (BIS), sets forth regulations and procedures to address undue or unacceptable risks to national security and U.S. persons posed by classes of transactions involving information and communications technology and services (ICTS) that are designed, developed, manufactured, or supplied by persons owned by, controlled by, or subject to the jurisdiction or direction of certain foreign adversaries and that are integral to connected vehicles as defined herein.” Effective date: March 17th, 2025.

Review - EPA Publishes 30-day ICR Notice for Generic TSCA Risk Assessment RFI

Today the EPA published a 30-day ICR notice in the Federal Register (90 FR 4741-4742) for “Toxic Substances Control Act (TSCA) Existing Chemical Risk Evaluation and Management: Generic Information Collection Request for Surveys (Renewal). The 60-day ICR notice was published on May 15th, 2024. This is the first renewal of this ICR (originally approved February 28th, 2022). Un-explained changes have been made in the burden estimate.

The table below shows the apparently ongoing revisions to the burden estimate for this ICR.


EPA uses this ‘generic’ ICR to collect information from industry, academia and the public to support their risk assessments under the TSCA Existing Chemical Risk Evaluation and Management program. They call this a ‘generic’ collection because it would be used for a variety of different chemical risk assessments.

Public Comments

The EPA is soliciting public comment on this ICR notice. Comments may be submitted via the Federal eRulemaking Portal (www.Regulations.gov; Docket # EPA-HQ-OPPT-2018-0611). Comments should be submitted by February 18th, 2025.

 

For more information on this ICR notice, including a look at the change in burden estimate, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/epa-publishes-30-day-icr-notice-for - subscription required.

Wednesday, January 15, 2025

Short Takes – 1-15-25

DJI will no longer stop drones from flying over airports, wildfires, and the White House. TheVerge.com article. Pull quote: “But confusingly, amidst the greatest US outpouring of drone distrust in years, and an incident of a DJI drone operator hindering LA wildfire fighting efforts, DJI is getting rid of its strong geofence. DJI will no longer enforce “No-Fly Zones,” instead only offering a dismissible warning — meaning only common sense, empathy, and the fear of getting caught by authorities will prevent people from flying where they shouldn’t.”

Fortinet warns of a phishing campaign using legitimate links to hijack PayPal accounts, tricking users into granting unauthorized access. SecurityAffairs.com article. Hackers continue to be creative. Pull quote: ““The beauty of this attack is that it doesn’t use traditional phishing methods. The email, the URLs, and everything else are perfectly valid. Instead, the best solution is the Human Firewall—someone who has been trained to be aware and cautious of any unsolicited email, regardless of how genuine it may look.” concludes the repor. “This, of course, highlights the need to ensure your workforce is receiving the training they need to spot threats like this to keep themselves—and your organization—safe.””

Cases of HMPV are trending up in the US, especially in these states, CDC data shows. TheHill.com article. Pull quote: “There are no vaccines or treatment therapies for HMPV, which makes preventing the spread of HMPV especially important. Health experts recommend washing your hands often and avoiding contact with those who are infected with HMPV if possible.”

Availability of Five Draft Toxicological Profiles; Extension of Comment Period. Federal Register ATSDR comment extension notice. Summary: “On November 8, 2024, the Agency for Toxic Substances and Disease Registry (ATSDR), within the Department of Health and Human Services (HHS), announced the opening of a docket to obtain comments on drafts of five updated toxicological profiles. This notice extends the comment period to February 13, 2025.”

Pipeline Safety: Safety of Gas Transmission Pipelines: Repair Criteria, Integrity Management Improvements, Cathodic Protection, Management of Change, and Other Related Amendments: Corrections To Conform to Judicial Review. Federal Register PHMSA correcting amendments. Summary: “These amendments conform part 192 of the Code of Federal Regulations (CFR) to the August 2024 order of the United States Court of Appeals for the District of Columbia Circuit by removing several vacated provisions.”

 
/* Use this with templates/template-twocol.html */