Short Takes – 10-3-23

CISA implements OASIS CSAF 2.0 standard to security advisories for ICS, OT, medical devices. IndustrialCyber.co article. Pull quote: “With this strategy in consideration, CISA now provides machine-readable CSAF documents alongside every new ICS Advisory and those dating back to 2017, the CISA executives wrote. “Our ICS CSAF advisories will be located within the human-readable advisories themselves, or directly via CISA’s GitHub CSAF repository. This shift to CSAF format will also drive other vulnerability response and coordination initiatives at CISA to automate and streamline the drafting and publication process for these ever increasing and critical ICS Advisories,” they added.”

Batteries Will Not Solve Renewable Energy Storage Problem, Says Royal Society. DailySceptic.org article. Pull quote: “The report, lacking a practical answer to wind and solar intermittency, seems to have been ignored by mainstream media. The news that batteries cannot play any significant part in the collectivist Net Zero project is unwelcome to those who have been betting the ranch on this solution for many years. Francis Menton of the Manhattan Contrarian sees the report as an “enormous improvement” on every other effort on the subject of large scale energy storage systems. But in the end, the authors’ “quasi-religious commitment” to a fossil-free future leads them to minimise and divert attention away from critical cost and feasibility issues. “As a result, the report, despite containing much valuable information, is actually useless for any public policy purpose,” he concludes.”

Starfish Space wins NASA contract to plan demonstration of orbital debris inspection. GeekWire.com article. Pull quote: ““This type of mission would entail rendezvous and proximity operations (RPO) and the detailed characterization of the debris,” he said. “Before any disposal mission can commence, an inspection acts as a preliminary step. It’s essential to first inspect the object, gather relevant data and pinpoint potential docking sites.””

NTSB shares update on Teutopolis wreck, chemical spill during press conference. MyWabashValley.com article. Pull quote: “The tank containing 7,000 gallons anhydrous ammonia, a chemical known primarily in industrial and agricultural uses, lost 4,000 gallons of that ammonia after a hole six inches in diameter was created from the wreck.”

Federal Acquisition Regulation: Cyber Threat and Incident Reporting and Information Sharing. Federal Register DOD, GSA, and NASA NPRM. Summary: “DoD, GSA, and NASA are proposing to amend the Federal Acquisition Regulation (FAR) to partially implement an Executive order on cyber threats and incident reporting and information sharing for Federal contractors and to implement related cybersecurity policies.” Comments due December 4^th, 2023.

Federal Acquisition Regulation: Standardizing Cybersecurity Requirements for Unclassified Federal Information Systems. Federal Register DOD, GSA, and NASA NPRM. Summary: “DoD, GSA, and NASA are proposing to amend the Federal Acquisition Regulation (FAR) to partially implement an Executive Order to standardize cybersecurity contractual requirements across Federal agencies for unclassified Federal information systems, and a statute on improving the Nation's cybersecurity.” Comments due December 4^th, 2023.

Positive Train Control Regulations About Emergency Rerouting. Federal Register FRA notice. Summary: “The purpose of this notice is to inform the public about FRA's regulations permitting railroads to temporarily reroute a train equipped with a positive train control (PTC) system onto a track not equipped with a PTC system, in the event an emergency prevents usage of the regularly used track. This notice contains information about the process a railroad must follow to notify FRA and/or obtain FRA's approval, depending on the duration of the rerouting.”

House makes history, removes McCarthy as Speaker. TheHill.com article. Pull quote: “No votes are expected in the House the rest of the week, and Republicans said they would meet to select their pick for Speaker next Tuesday.”

House Passes H Res 757 – Office of Speaker Vacant

Today, the House took up Rep Gaetz’ (R,FL) motion to vacate the Office of the Speaker of the House, H Res 757. The House passed the resolution by a vote of 216 to 210 [link added, 5:44 pm EDT]. Rep McCarthy (R,CA) is no longer Speaker of the House. In accordance with House Rules, Rep McHenry (R,NC) is now the Speaker Pro Tempore. House is currently in recess subject to the call of the Chair to allow the two caucuses a chance to meet to consider ‘the way forward’.

Earlier a motion was made to table H Res 757. That motion failed by a vote of 208 to 218.

We are almost certainly in for a remake of the vote for Speaker in January. I suspect that McCarthy’s and that of Rep Jeffries (D,NC) will be among the names nominated for Speaker.

Needless to say, there will be no further consideration of HR 4394, the EWR spending bill. Before the House considered H Res 757, the House took up H Res 756, the rule for the consideration of HR 4394. That rule passed by a nearly party-line vote of 218 to 208 with Rep Rogers (R,AL) voting Nay.

Review - House to Begin Consideration of HR 4394 – FY 2024 EWR Spending

As expected, the House is scheduled to take up HR 4394, the Energy and Water Development and Related Agencies [EWR] Appropriations Act, 2024, under a structured rule. The House Rules Committee met yesterday to formulate that rule. That rule adopts one of the spending-reduction proposed amendments and provides for the consideration of 60 amendments on the House floor, including two of the three amendments {Fallon (#17) and Walberg (#18)} that I mentioned yesterday.

Moving Forward

The House will begin consideration today and have a final vote on the bill tomorrow. This means that the House is unlikely to conduct a late session this evening. There is a chance that the bill will not receive enough votes to pass, Democrats will all vote against and we might see some moderate Republican reject the spending reductions in the bill.

Commentary  

Anyone that expected a change in the influence of the Republican 11 after this weekend’s passage of the continuing resolution would be surprised at the spending reduction attempts authorized by the Rules Committee. They should not be; spending cuts are still a strong part of the Republican agenda. It will be interesting to see, however, if moderate Republicans continue to allow the more conservative elements of the party to control these spending bills.

 

For more details about the consideration of the bill, including highlights of the spending reduction amendments, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/house-to-begin-consideration-of-hr - subscription required.

Bills Introduced – 10-2-23

Yesterday, with just the House in session (the Senate returns to Washington today) there were 15 bills introduced. One of those bills may received additional attention in this blog:

HR 5871 To enhance safety requirements for trains, and for other purposes. Stansbury, Melanie Ann [Rep.-D-NM-1]

I will be watching this bill for language and definitions that would specifically include freight trains transporting hazardous chemicals within the scope of the requirements of the legislation.

Short Takes – 9-2-23

Derailment Performance of DOT-117J Tank Cars. NTSB.gov investigation report. Pull quote: “The majority of the ethanol released leaked from tank car service equipment (such as manway covers and bottom outlet valves) that remained intact during the derailment but sustained damage from the pool fire. We found that the gaskets used in the service equipment were made of materials that are vulnerable to damage when exposed to fire. Using gaskets made of more thermally resistant materials would likely increase the survival time of tank cars exposed to fire and reduce the severity of hazardous material releases.”

Member Conference Call | September 26, 2023. CISA.gov NSTAC meeting summary. Summary of September 26^th, 2023, meeting.

It's official: Gaetz to force vote on McCarthy's speakership. Politico.com article. Pull quote: “Democratic leaders have stayed quiet so far about their own approach to the McCarthy ouster vote, waiting for Gaetz to make good on his promise to come after the speaker. Now that the gambit has become official, Minority Leader Hakeem Jeffries (D-N.Y.) will have to decide whether to push his members — particularly centrists who might be tempted to bail out McCarthy — to withhold their votes.”

Johnson Controls' attack on the heels of MGM and Caesars fuels speculation for a mega-disruption. InsideCyberWarefare.com article (subscription required). Pull quote: “Two back-to-back ransomware attacks against Caesar’s and MGM Resorts on September 10 and 13 respectively have insiders worrying that these attacks might have been test beds for much more ambitious ransomware attacks that are in the works against the Formula 1 Las Vegas Grand Prix (Nov 16-18) and/or Super Bowl LVIII (Feb 11, 2024) at Allegiant Stadium.”

HR 4502 Passed in House – Cybersecurity Hiring

Today, the House took up HR 4502 [removed from paywall], the Modernizing the Acquisition of Cybersecurity Experts Act, under the suspension of the rules process. With only 16 minutes of debate, the legislation was passed by a strongly bipartisan vote of 394 to 1. Rep Lesko (R,AZ) was the only vote against the bill.

The bill would restrict agencies from establishing minimum educational requirements for cybersecurity positions. It would allow such requirements “only if a minimum education qualification is required by law to perform the duties of the position in the State or locality where the duties of the position are to be performed”.

Moving Forward

The strong bipartisan support for this bill in the House would seem to indicate that this bill could be considered under the Senate’s unanimous consent process. This is important because the bill is not politically important enough to take up the Senate’s time under regular order.

OMB Approves BIS 2022 Wassenaar Final Rule

On Friday, the OMB’s Office of Information and Regulatory Affairs (OIRA) announced that it had approved a final rule from DOC’s Bureau of Industry and Security (BIS) on “Implementation of 2022 Wassenaar Arrangement Decisions”. The rule was submitted to OIRA on July 18^th, 2023.

According to the entry for this rule making in the Spring 2023 Unified Agenda:

“The Bureau of Industry and Security is amending the Export Administration Regulations.  This final rule revises the Commerce Control List to reflect implementation of 2022 Wassenaar Arrangement decisions.”

As I noted in my earlier post: “At this point it would be hard to determine from public documents whether this rule will include changes affecting cyber or cybersecurity product classifications.”

We may see this final rule published in the Federal Register later this week.