Thursday, July 18, 2024

Short Takes – 7-18-24 – Federal Register Edition

Public Safety and Homeland Security Bureau Requests Comment on Implementation of the Cybersecurity Labeling for Internet of Things Program. Federal Register FCC proposed rule. Summary: “In this document, the Federal Communications Commission (Commission or FCC) seeks comment on additional items to further the efficient and timely rollout of the IoT Labeling program. These items include the format of Cybersecurity Label Administrator (CLA) and Lead Administrator applications; filing fees for CLA applications; criteria for selecting CLAs and the Lead Administrator; CLA sharing of Lead Administrator expenses; Lead Administrator neutrality; processes for withdrawal of CLA and Lead Administrator approvals; recognition of CyberLABs outside the United States; complaint processes; confidentiality and security requirements; and the IoT registry.” Comments due: August, 19th, 2024.

Redesignation of Regulations for Securing the Information and Communications Technology and Services Supply Chain. Federal Register BIS final rule. Summary: “This rule redesignates regulations governing the procedures for the review of certain transactions involving information and communications technology and services (ICTS) designed, developed, manufactured, or supplied by persons owned by, controlled by, or subject to the jurisdiction or direction of a foreign adversary and which pose or may pose undue or unacceptable risks to the United States or U.S. persons. This action reflects the transfer of responsibility for implementing these regulations from the Secretary of Commerce to the Bureau of Industry and Security (BIS), Office of Information and Communications Technology and Services (OICTS).” Effective date: July 18th, 2024.

Standards-Related Activities and the Export Administration Regulations. Federal Register BIS interim final rule. Summary: “In this interim final rule, the Bureau of Industry and Security (BIS) amends the Export Administration Regulations (EAR) to revise the scope and the terms used in the EAR to describe “standards-related activities” that are subject to the EAR. BIS is making these revisions to ensure that export controls and associated compliance concerns do not impede the participation and leadership of U.S. companies in legitimate standards-related activities.” Effective date: July 18th, 2024.

CSB Published Update on 2023 Geismar, LA HF Release

Yesterday, the Chemical Safety Board announced the publication of an update for their investigation of the 2023 explosion and toxic chemical release at the Honeywell facility at Geismer, LA. The update provides background information on the process involved, a summary of the incident timeline, and a description of the damage that resulted from the accident.

It is interesting to note that the Board’s investigators are having to rely on Honeywell investigation data for much of the physical data related to the incident. This is because there was a significant delay in the initiation of the Board’s investigation; the Board announced the start of the investigation in April, 2023. In early 2023, the Board was still fully engaged in clearing the investigation backlog that plagued the Board since before 2021.

Wednesday, July 17, 2024

Short Takes – 7-17-24

Study: Rising sea levels causing longer days. article. Pull quote: “The study’s authors found that during the 20th century, the rate of slowing fell between 0.3 and 1 milliseconds per century but has increased to 1.3 milliseconds since 2000 as the melting of polar ice accelerated. Researchers estimated that the current rate of slowing is already likely the highest in thousands of years.”

Baltic countries notify Russia and Belarus they will exit the Moscow-controlled electricity grid. article. Pull quote: “The three former Soviet republics do not currently buy electricity from Russia, but remain physically connected to a grid in which the electricity frequency is controlled by Moscow under the 2001 BRELL agreement. The Baltic systems plan to synchronize with the continental European system on Feb. 9, 2025. Both systems use 50 Hz alternating current.”

Europe Announces New Mission to Infamous Asteroid Apophis. article. Pull quote: “DellaGiustina and her colleagues are confident that they can use the mission’s data to reconstruct how the close pass with Earth affected Apophis. But a mission like Ramses, which is targeting a six-month stay at Apophis beginning two months before the encounter with Earth, could offer priceless observations of the asteroid’s pre-flyby state. Ramses may even provide a whole-asteroid view of Apophis responding to the tug of Earth’s gravity, says Paolo Martino, an engineer at ESA leading the Ramses project. The agency also hopes to equip the spacecraft with a smaller, deployable companion that could touch down on Apophis before the encounter for a firsthand, ground-truth report.”

Is It Time for U.S. Farmworkers to Get Bird Flu Shots? article. Pull quote: “He and others stressed that the United States should be doing everything it can to curb infections before flu season starts in October. The vaccine could provide an additional layer of protection on top of testing, wearing gloves, and goggles, and disinfecting milking equipment. Scientists worry that if people get the bird flu and the seasonal flu simultaneously, bird flu viruses could snag adaptations from seasonal viruses that allow them to spread swiftly among humans.”

Review - FRA Publishes Hot Bearing Wayside Detector Safety Advisory Update

Today, the DOT’s Federal Railroad Administration (FRA) published a safety advisory update in the Federal Register (89 FR 58243-58245) on “Safety Advisory 2023-01; Evaluation of Policies and Procedures Related to the Use and Maintenance of Hot Bearing Wayside Detectors (Second Supplement)”. The original advisory was published on March 3rd, 2023 and then updated on June 14th, 2024. This latest supplement expands on the recommendations to incorporate the findings of FRA's ongoing evaluations by emphasizing:

•The importance of trend analysis and the opportunity to integrate wayside detector data types to evaluate railcar health,

•The need to establish and follow appropriate processes in analyzing and responding to HBD data,

•The need for railroads to ensure that adequate staff are assigned to monitor and respond to wayside detector data, and

•The need for railroads to maximize the use of HBD data, including sharing wayside detector data between railroads, as a train travels from one railroad's tracks to another railroad's track.


For more information on today’s supplement, see my article at CFSN Detailed Analysis - - subscription required.

Tuesday, July 16, 2024

Short Takes – 7-16-24

Cave discovered on Moon could be home for humans. article. Pull quote: ““We have very good images of the surface - up to 25cm of resolution - we can see the Apollo landing sites - but we know nothing about what lies below the surface. There are huge opportunities for discovery,” Francesco Sauro, Coordinator of the Topical Team Planetary Caves of the European Space Agency, told BBC News.”

Underground cave found on moon could be ideal base for explorers. article. Pull quote: “Robert Wagner, a researcher at Arizona State University, said one of the biggest challenges would be access. “Getting into that pit requires descending 125 metres before you reach the floor, and the rim is a steep slope of loose debris where any movement will send little avalanches down on to anyone below,” he said. “It’s certainly possible to get in and out, but it will take a significant amount of infrastructure.””

National Hazardous Materials Route Registry. Federal Register FMCSA revision notice. Summary: “This notice provides revisions to the National Hazardous Materials Route Registry (NHMRR) reported to FMCSA from April 1, 2023, through March 31, 2024. The NHMRR is a listing, as reported by States and Tribal governments, of all designated and restricted roads and preferred highway routes for transportation of highway route controlled quantities of Class 7 radioactive materials (HRCQ/RAM) and non-radioactive hazardous materials (NRHM).”

A Victim of Crime and a Threat to Democracy. article. Pull quote: “But at the end of the day, I do not remotely repent the role we, and I personally, have played in discussing the issues Trump’s conduct has put before the American polity. I do not accept responsibility for contributing to a climate that led to the events of this past weekend, though I cannot deny we have raised the awareness level of the danger Trump presents and I acknowledge that some people do reckless horrible things with knowledge and awareness. More fundamentally, I have no intention of stopping, even as I insist that violence has no legitimate place in our political system and condemn both this act specifically and any physical attacks on politicians or anyone else for their political expression.”

Review – 1 Advisory Published – 7-16-24

Today, CISA’s NCCIC-ICS published a control system security advisory for products from Rockwell Automation.


Rockwell Advisory - This advisory describes an incorrect permission assignment for critical resource vulnerability in the Rockwell Pavilion 8 Model Predictive Control (MPC) solution.


For more information on this advisory, and two others, see my article at CFSN Detailed Analysis - - subscription required.

Review - S 4369 Introduced – Smart Port Security

Last month, Sen Casey (D,PA) introduced S 4369, the Secure Smartports Act of 2024. The bill would require that the DNI’s National Counterintelligence and Security Center (NCSC) develop a strategy  on the risks of smartport technology of the People's Republic of China “to the national security of the United States, the security of United States supply chains, and commercial activity, including with respect to delays, interruption, and lockout of access to systems and technologies that enable the free flow of commerce.” No new funding is authorized by this legislation.

Moving Forward

Both Casey and his sole cosponsor {Sen Kelly (D,AZ)} are members of the Senate Select Committee on Intelligence to which this bill was assigned for consideration. This means that there could be sufficient influence to see the bill considered in committee. I suspect that there would be sufficient bipartisan support for this bill to be successfully reported out of committee. As we frequently see in the Senate, this bill is not politically important enough to take up the time of that body to be considered under regular order.

This bill would have a decent chance of being considered under the Senate’s unanimous consent process, but it would probably be better served as being added as an amendment to the FY 2025 intelligence authorization bill. It would fit well within the scope of that bill.

Missing Cybersecurity Focus

A frequently unmentioned, or quickly glossed over, aspect of any sort of smart technology provided by an adversarial nation, is that once that technology is attached to a critical network, it has potentially allowed that adversary behind a significant part of the protective boundaries of that network. Protecting the remainder of the network from that potentially malignant tool inside the box is an important cybersecurity issue. For that reason, CISA should be added to the list of coordination agencies specified in §2(c).


For more information on the provisions of this bill, including some literary concerns, see my article at CFSN Detailed Analysis - - subscription required.

/* Use this with templates/template-twocol.html */