Yesterday, with both the House and Senate in session, there were 138 bills introduced. Two of those bills will receive additional coverage in this blog:
HR
477 To advance scientific research and technology development of hypersonic
vehicles, and for other purposes. Fong,
Vince [Rep.-R-CA-20]
HR
494 To amend the Cybersecurity Enhancement Act of 2014 to make improvements
to the Federal Cyber Scholarship for Service Program, and for other purposes. Connolly,
Gerald E. [Rep.-D-VA-11]
See this post for explanation, with the most recent update here (removed from paywall).
Data from PHMSA’s online database of transportation related chemical incidents that have been reported to the agency.
• Number of
incidents – 435 (412 highway, 41 air, 4 rail, 0 water)
• Serious incidents
– 2 (2 Bulk release, 0 evacuation, 0 injury, 0 death, 1 major artery closed, 0
fire/explosion, 35 no release)
• Largest container
involved – 9,700-gal DOT406 Tank Truck {Gasoline Includes Gasoline Mixed With
Ethyl Alcohol, With Not More Than 10% Alcohol} Tank punctured during vehicle
accident.
• Largest amount
spilled – 850-gal DOT406 Tank Truck {Gasoline Includes Gasoline Mixed With
Ethyl Alcohol, With Not More Than 10% Alcohol} Tank punctured during vehicle
accident.
NOTE: No links available to the Form 5800.1 for the described incidents.
Most Interesting Chemical: Allyl Bromide – A clear
colorless to light yellow liquid with an irritating unpleasant odor. Flash
point 30°F. Irritates eyes, skin, and respiratory system. Toxic by skin
absorption. Denser than water and slightly soluble in water. Vapor is heavier
than air and may travel a considerable distance to a source of ignition and
flash back. (Source: CameoChemicals.NOAA.gov).
Blue Origin launches New Glenn rocket to orbit for the first time, marking a milestone for Jeff Bezos. GeekWire.com article. Pull quote: “NG-1’s primary payload was Blue Ring Pathfinder, which was designed to demonstrate the technologies that Blue Origin is incorporating in its Blue Ring vehicle. The development effort is supported by a Defense Innovation Unit program aimed at facilitating greater in-space mobility for the Pentagon. NG-1 will also serve as Blue Origin’s first certification flight for the National Security Space Launch program.”
Vought nomination signals bruising spending wars under Trump. TheHill.com article. Pull quote: “He said whether Trump decides to claim impoundment authority to block congressional funding on certain priorities is “something his team would have to consider when they are confirmed in [their] roles.””
Speaker Johnson removes Mike Turner as Intelligence Committee chair. TheHill.com article. Pull quote: “Turner has also been a strong Republican supporter of aid to Ukraine, and supported an extension of surveillance powers known Section 702 in the Foreign Intelligence Surveillance Act — both of which have drawn the ire of Trump-allied, America First conservatives.”
Two lunar landers are on the way to the Moon after SpaceX’s double moonshot. ArsTechnica.com article. Pull quote: "That market, right now, is very nascent. It's very, very immature. And one of the reasons for that is that it's very difficult for companies that are contemplating making investments on equipment, experiments, etc., to put on the lunar surface and lunar orbit," Garan said. "It's very difficult to make those investments, especially if they're long-term investments, because there really hasn't been a proof of concept yet."
Amid H5N1, CDC Wants Faster Influenza A Subtyping for
Hospitalized Cases. MedPageToday.com article.
Pull quote: “The agency also released a Health Alert Network (HAN) health
advisoryopens in a new tab or window, recommending that clinicians take an
exposure history from hospitalized patients with suspected or confirmed flu,
including potential exposures to wild and domestic animals -- including pets
like cats -- and animal products such as poultry, dairy products, raw cow milk,
raw cow milk products, and raw meat-based pet foods.” This is the first time I
have seen ‘raw meat-based pet foods’ as a potential source of bird flu
infection.
Today CISA’s NCCIC-ICS published eight control system security advisories for product from Schneider Electric, Hitachi Energy (2), Fuji Electric, and Siemens (4). They also updated advisories for products from Mitsubishi (2), Johnson Controls, and Delta Electronics.
Schneider Advisory -
This advisory
describes two vulnerabilities in the Schneider Data Center Expert.
Hitachi Energy
Advisory #1 - This advisory
describes a relative path traversal advisory in the Hitachi Energy FOX61x
Products.
Hitachi Energy
Advisory #2 - This advisory
describes an improper validation of certificate with host mismatch vulnerability
in the Hitachi Energy FOX61x, FOXCST, and FOXMAN-UN products.
Fuji Advisory - This
advisory
describes a stack-based buffer overflow vulnerability in the Fuji Alpha5 SMART
servo drive system.
Siemens Advisory #1 -
This advisory
describes a files or directories accessible to external parties vulnerability
in the Siemens SIPROTEC 5 products.
Siemens Advisory #2 -
This advisory
discusses an insertion of sensitive information into a log file vulnerability
in the Siemens Siveillance Video Device Pack.
Siemens Advisory #3 -
This advisory
describes a cross-site scripting vulnerability in the Siemens Industrial Edge
Management.
Siemens Advisory #4 - This advisory describes an LDAP injection vulnerability in the Siemens Mendix LDAP. The vulnerability was self-reported.
Mitsubishi Update #1 -
This update
provides additional information on the FA Engineering Software products
advisory that was originally published on January 30th, 2024 and
most recently updated on October 31st, 2024.
Mitsubishi Update #2 -
This update
provides additional information on the Multiple Factory Automation products advisory
that was originally published on February 27th, 2024.
Johnson Controls
Update - This update
provides additional information on the Software House C●CURE 9000 advisory that
was originally published on July 9th, 2024.
Delta Update - This
update
provides additional information on the DRASimuCAD advisory that was originally
published on January 9th, 2025.
For more information on these advisories , including a link to a third-party advisory and a description of duplicate CISA advisory, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/8-advisories-and-4-updates-published [link added 11:30 pm EDT 1-16-15] - subscription required.
Request for Information Regarding Treatment and Disposal of Elemental Mercury. Federal Register DOE request for information. Summary: “The U.S. Department of Energy's (DOE) Environmental Management Consolidated Business Center and Office of Environmental Management are currently in the acquisition planning and regulatory planning stages for a potential future treatment and disposal (T&D) acquisition activity and fee rulemaking activities for elemental mercury waste. This planning supports DOE's efforts to implement the requirements of the Mercury Export Ban Act of 2008, as amended by the Frank R. Lautenberg Chemical Safety for the 21st Century Act. DOE's Office of Environmental Management is issuing this RFI for the purpose of conducting market research in accordance with the Federal Acquisition Regulation (FAR). This RFI is also being issued to potentially support a future rulemaking action that would establish a fee to provide long-term management and storage of elemental mercury. No contract solicitation is available through this RFI.”
Vinyl Chloride; Draft Scope of the Risk Evaluation Under the Toxic Substances Control Act (TSCA); Notice of Availability and Request for Comment. Federal Register EPA notice. Summary: “The Environmental Protection Agency (EPA or Agency) is announcing the availability of and seeking public comment on the draft scope of the risk evaluation to be conducted under the Toxic Substances Control Act (TSCA) for vinyl chloride (ethene, chloro-; CASRN 75-01-4). Under TSCA, the scope documents must include the conditions of use, hazards, exposures, and the potentially exposed or susceptible subpopulations that EPA expects to consider in conducting the risk evaluation for this chemical substance. The purpose of risk evaluations under TSCA is to determine whether a chemical substance presents an unreasonable risk of injury to health or the environment under the conditions of use, including unreasonable risk to potentially exposed or susceptible subpopulations identified as relevant to the risk evaluation by EPA, and without consideration of costs or non-risk factors.” Comments due March 3rd, 2025.
Controls on Certain Laboratory Equipment and Related Technology To Address Dual Use Concerns About Biotechnology. Federal Register BIS interim final rule – Summary: “With this interim final rule (IFR), the Bureau of Industry and Security (BIS) is revising the Export Administration Regulations (EAR) to address the accelerating development and deployment of advanced biotechnology tools contrary to U.S. national security and foreign policy interests. This rule institutes new controls on certain biotechnology equipment and related technology. It further solicits public comments on the changes it implements.”
Implementation of Additional Due Diligence Measures for Advanced Computing Integrated Circuits; Amendments and Clarifications; and Extension of Comment Period. Federal Register BIS comment extension. Summary: “BIS is revising the Export Administration Regulations (EAR) in response to requests from the public to provide additional due diligence procedures regarding advanced computing integrated circuits (ICs). This interim final rule (IFR) will protect the national security of the United States and assist foundries and Outsourced Semiconductor Assembly and Test (“OSATs”) companies in complying with provisions of the EAR pertaining to advanced computing ICs in the supply chain. This IFR also revises the EAR to make amendments and clarifications to the EAR for changes made to the EAR in an IFR released by BIS on December 2, 2024, “Foreign-Produced Direct Product Rule Additions, and Refinements to Controls for Advanced Computing and Semiconductor Manufacturing Items,” (FDP IFR), including extending the deadline for written comments for the FDP IFR to March 14, 2025.”
Securing the Information and Communications Technology and Services Supply Chain: Connected Vehicles. Federal Register BIS final rule. Summary: “This final rule, published by the Department of Commerce's (Department) Bureau of Industry and Security (BIS), sets forth regulations and procedures to address undue or unacceptable risks to national security and U.S. persons posed by classes of transactions involving information and communications technology and services (ICTS) that are designed, developed, manufactured, or supplied by persons owned by, controlled by, or subject to the jurisdiction or direction of certain foreign adversaries and that are integral to connected vehicles as defined herein.” Effective date: March 17th, 2025.Today the EPA published a 30-day ICR notice in the Federal Register (90 FR 4741-4742) for “Toxic Substances Control Act (TSCA) Existing Chemical Risk Evaluation and Management: Generic Information Collection Request for Surveys (Renewal). The 60-day ICR notice was published on May 15th, 2024. This is the first renewal of this ICR (originally approved February 28th, 2022). Un-explained changes have been made in the burden estimate.
The table below shows the apparently ongoing revisions to the burden estimate for this ICR.
EPA uses this ‘generic’ ICR to collect information from industry, academia and the public to support their risk assessments under the TSCA Existing Chemical Risk Evaluation and Management program. They call this a ‘generic’ collection because it would be used for a variety of different chemical risk assessments.
The EPA is soliciting public comment on this ICR notice.
Comments may be submitted via the Federal eRulemaking Portal (www.Regulations.gov; Docket # EPA-HQ-OPPT-2018-0611).
Comments should be submitted by February 18th, 2025.
For more information on this ICR notice, including a look at
the change in burden estimate, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/epa-publishes-30-day-icr-notice-for
- subscription required.
DJI will no longer stop drones from flying over airports, wildfires, and the White House. TheVerge.com article. Pull quote: “But confusingly, amidst the greatest US outpouring of drone distrust in years, and an incident of a DJI drone operator hindering LA wildfire fighting efforts, DJI is getting rid of its strong geofence. DJI will no longer enforce “No-Fly Zones,” instead only offering a dismissible warning — meaning only common sense, empathy, and the fear of getting caught by authorities will prevent people from flying where they shouldn’t.”
Fortinet warns of a phishing campaign using legitimate links to hijack PayPal accounts, tricking users into granting unauthorized access. SecurityAffairs.com article. Hackers continue to be creative. Pull quote: ““The beauty of this attack is that it doesn’t use traditional phishing methods. The email, the URLs, and everything else are perfectly valid. Instead, the best solution is the Human Firewall—someone who has been trained to be aware and cautious of any unsolicited email, regardless of how genuine it may look.” concludes the repor. “This, of course, highlights the need to ensure your workforce is receiving the training they need to spot threats like this to keep themselves—and your organization—safe.””
Cases of HMPV are trending up in the US, especially in these states, CDC data shows. TheHill.com article. Pull quote: “There are no vaccines or treatment therapies for HMPV, which makes preventing the spread of HMPV especially important. Health experts recommend washing your hands often and avoiding contact with those who are infected with HMPV if possible.”
Availability of Five Draft Toxicological Profiles; Extension of Comment Period. Federal Register ATSDR comment extension notice. Summary: “On November 8, 2024, the Agency for Toxic Substances and Disease Registry (ATSDR), within the Department of Health and Human Services (HHS), announced the opening of a docket to obtain comments on drafts of five updated toxicological profiles. This notice extends the comment period to February 13, 2025.”
Pipeline Safety: Safety of Gas Transmission Pipelines:
Repair Criteria, Integrity Management Improvements, Cathodic Protection,
Management of Change, and Other Related Amendments: Corrections To Conform to
Judicial Review. Federal Register PHMSA correcting
amendments. Summary: “These amendments conform part 192 of the Code of
Federal Regulations (CFR) to the August 2024 order of the United States Court
of Appeals for the District of Columbia Circuit by removing several vacated
provisions.”
Posts
All Comments
