CISA “cyber hygiene” guidance for OT?
SCADAMag.Infracritical.com article.
Pull quote: “This is a disappointing list of mitigations which call out for the
issuing of a version 2. Some words of advice to the authors at CISA. Instead of
relying on “in house” government expertise, CISA should augment their efforts
by collaborating with those who work closer to the actual physical processes
going on in OT and ICS. For example, standards organisations like ISA, IEC,
IEEE and other organisations that represent operators of “critical
infrastructure entities.” Some
defenders assert that CISA does have access to such expertise. My reply is to
show me an example of where this expertise appears. Not very evident in these
CISA recommendations.”
Perfluoroalkyl and Polyfluoroalkyl Substances (PFAS) Data
Reporting and Recordkeeping Under the Toxic Substances Control Act (TSCA);
Change to Submission Period. Federal Register EPA interim
final rule. Summary: “The Environmental Protection Agency (EPA or Agency)
is amending the data submission period for the Toxic Substances Control Act
(TSCA) PFAS reporting rule by changing the start date for submissions and
making corresponding changes to the end dates for the submission period, i.e.,
the data submission period begins on April 13, 2026, and ends on October 13,
2026, with an alternate end date for small manufacturers reporting exclusively
as article importers of April 13, 2027. As promulgated in October 2023, the
regulation requires manufacturers (including importers) of perfluoroalkyl and
polyfluoroalkyl substances (PFAS) in any year between 2011-2022 to report
certain data to EPA related to exposure and environmental and health effects.
This change is necessary because EPA requires more time to prepare the
reporting application to collect this data. The Agency is separately
considering reopening certain aspects of the rule to public comment. The
delayed reporting date ensures that EPA has adequate time to consider the
public comments and propose and finalize any modifications to the rule before
the submission period begins.” Comments
due: 6-12-25.
Federal Emergency Management Agency Review Council
Meeting. Federal Register FEMA meeting
notice. Pull quote: “OPE is publishing this emergency notice to announce
that the President's Federal Emergency Management Agency (FEMA) Review Council
(“Council”) will meet in person on Tuesday, May 20, 2025. This meeting will be
open virtually to members of the public. This meeting will be led by the
Secretary of Homeland Security and the Secretary of Defense to discuss the work
ahead for the Council and the potential future of FEMA.”
Notice of Request for Public Comments on Section 232
National Security Investigation of Imports of Commercial Aircraft and Jet
Engines and Parts for Commercial Aircraft and Jet Engines. Federal Register
BIS §232
investigation notice. Summary: “On May 1, 2025, the Secretary of Commerce
initiated an investigation to determine the effects on the national security of
imports of commercial aircraft and jet engines, and parts for commercial
aircraft and jet engines. This investigation has been initiated under section
232 of the Trade Expansion Act of 1962, as amended (Section 232) [19
USC 1862]. Interested parties are invited to submit written comments, data,
analyses, or other information pertinent to the investigation to the Department
of Commerce's (Department) Bureau of Industry and Security (BIS), Office of
Strategic Industries and Economic Security. This notice identifies issues on
which the Department is especially interested in obtaining the public's views”.
Comments due: June 3rd, 2025.
Two Trump appointees escorted out of Library of Congress
amid White House takeover, report says. The-Indepenent.com article.
Pull quote: ““Donald Trump’s termination of Register of Copyrights, Shira
Perlmutter, is a brazen, unprecedented power grab with no legal basis. It is
surely no coincidence he acted less than a day after she refused to
rubber-stamp Elon Musk’s efforts to mine troves of copyrighted works to train
AI models,” Joe Morelle, a New York House Democrat, said in a statement
Saturday.”
ENISA launches EU Vulnerability Database to strengthen
cybersecurity under NIS2 Directive, boost cyber resilience.
IndustrialCyber.co article.
Pull quote: “The agency also highlighted that notifying of actively exploited
vulnerabilities will become mandatory for manufacturers by September 2026. The
notification process will apply to vulnerabilities impacting hardware and
software products with digital elements. The Single Reporting Platform (SRP)
provided for by the Cyber
Resilience Act (CRA) will be the tool to use for such purpose. It
is important
to highlight that the SRP is therefore different from the EUVD
established by the NIS2
Directive.”
Supreme Court Chief Justice Gives Biggest Sign Yet of Trump Disapproval. NewsBreak.com article.
Pull quote: “Last week, the chief justice seemed to once again reference the
judicial turmoil at a speaking event in New York. The courts are a “coequal
branch of government,” he said, and said their job is to “check the excesses of
Congress or of the executive.””