Review - Bills Introduced – 5-13-25

Yesterday, with both the House and Senate in session, there were 96 bills introduced. Of those there are three that may receive additional coverage in this blog:

HR 3334 To authorize the United States Capitol Police to take action with respect to threats from unmanned aircraft systems, and for other purposes. Crane, Elijah [Rep.-R-AZ-2]

HR 3376 To establish a trust fund to provide for adequate funding for water and sewer infrastructure, and for other purposes. Watson Coleman, Bonnie [Rep.-D-NJ-12] 

S 1730 A bill to provide adequate funding for water and sewer infrastructure, and for other purposes. Sanders, Bernard [Sen.-I-VT]

Space Geek

I would like to mention this space related bill as part of my limited Space Geek coverage. I do not expect to cover this bill in any detail.

S 1722 A bill to fund human spaceflight infrastructure and commercialization of space support at Johnson Space Center. Cornyn, John [Sen.-R-TX]

For more information on these bills, including legislative history for similar bills in the 118^th, as well as a mention in passing about a bill to oppose the presidential 747 from Qatar, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/bills-introduced-5-13-25 - subscription required.

FAA Sends UAS Beyond Visual Line of Sight NPRM to OMB

Yesterday the OMB’s Office of Information and Regulatory Affairs (OIRA) announced that it had received a notice of proposed rulemaking (NPRM) from the DOT’s Federal Aviation Administration (FAA) on “Normalizing Unmanned Aircraft Systems Beyond Visual Line of Sight Operations”. This rulemaking would create new operational and design requirements for unmanned aircraft (up to 1,320 lbs) issued a special airworthiness certificate, enabling routine beyond visual line of sight (BVLOS) operations without waivers or exemptions.

According to the Fall 2024 Unified Agenda entry for this rulemaking:

“This action would normalize certain low altitude unmanned aircraft systems (UAS) operations, while ensuring the safety and efficiency of the United States airspace. It is the next step in integrating UAS into the national airspace system (NAS), providing for significant safety, societal, and economic advantages and benefits. This action is expected to dramatically expedite the introduction of beyond visual line of sight (BVLOS) UAS operations in the NAS. Using consensus-based standards, this action would establish a regulatory process for issuing a special airworthiness certificate (SAC) for unmanned aircraft (up to 1,320 pounds), as well as the acceptance of their associated elements. It would create new operational and design requirements for unmanned aircraft issued a SAC, enabling routine beyond visual line of sight (BVLOS) operations without waivers or exemptions. The rulemaking would prescribe a new BVLOS rating for the remote pilot certificate. It would also build new operating rules for UAS cargo delivery for compensation or hire under the new part. Finally, this action would create a defined regulatory approval pathway for third-party services, to include UAS Traffic Management (UTM) service suppliers.”

I do not expect that I will be covering this rulemaking in any depth, but I will at least mention its publication in the respective “Short Takes” post.

DOT Sends UAS Flight Restriction Application NPRM to OMB

Yesterday the OMB’s Office of Information and Regulatory Affairs (OIRA) announced that it had received a notice of proposed rulemaking (NPRM) from the DOT’s Federal Aviation Administration (FAA) on “Designation - Restrict the Operation of an Unmanned Aircraft in Close Proximity to a Fixed Site Facility”. This rulemaking was required by §2209 of the FAA Extension, Safety and Security Act (PL 114-190, 130 STAT. 634), and was supposed to have been completed by January 11^th, 2017.

According to the Fall 2024 Unified Agenda entry for this rulemaking:

“This action would implement section 2209, Applications for designation, of Public Law 114-190, the FAA Extension, Safety and Security Act of 2016 (130 Stat. 634). Specifically, this rule would establish the criteria and procedures for the operator or proprietor of eligible fixed site facilities to apply to the FAA for an unmanned aircraft-specific flight restriction. In addition, this rule would establish the substantive criteria based on the enumerated statutory considerations (i.e. national security and aviation safety) that the FAA will use in determining to grant or deny a petition, as well as the procedures for notifying the petitioner of the determination made and the process for resubmission of any denial. Lastly, this rule would establish the process to be used by the FAA to implement the unmanned aircraft-specific flight restriction and notify the public.”

This rulemaking will almost certainly not provide any authority to facilities to take actions to enforce the flight restrictions. That would require additional legislative action.

Short Takes – 5-13-25

CISA “cyber hygiene” guidance for OT? SCADAMag.Infracritical.com article. Pull quote: “This is a disappointing list of mitigations which call out for the issuing of a version 2. Some words of advice to the authors at CISA. Instead of relying on “in house” government expertise, CISA should augment their efforts by collaborating with those who work closer to the actual physical processes going on in OT and ICS. For example, standards organisations like ISA, IEC, IEEE and other organisations that represent operators of “critical infrastructure entities.”   Some defenders assert that CISA does have access to such expertise. My reply is to show me an example of where this expertise appears. Not very evident in these CISA recommendations.”

Perfluoroalkyl and Polyfluoroalkyl Substances (PFAS) Data Reporting and Recordkeeping Under the Toxic Substances Control Act (TSCA); Change to Submission Period. Federal Register EPA interim final rule. Summary: “The Environmental Protection Agency (EPA or Agency) is amending the data submission period for the Toxic Substances Control Act (TSCA) PFAS reporting rule by changing the start date for submissions and making corresponding changes to the end dates for the submission period, i.e., the data submission period begins on April 13, 2026, and ends on October 13, 2026, with an alternate end date for small manufacturers reporting exclusively as article importers of April 13, 2027. As promulgated in October 2023, the regulation requires manufacturers (including importers) of perfluoroalkyl and polyfluoroalkyl substances (PFAS) in any year between 2011-2022 to report certain data to EPA related to exposure and environmental and health effects. This change is necessary because EPA requires more time to prepare the reporting application to collect this data. The Agency is separately considering reopening certain aspects of the rule to public comment. The delayed reporting date ensures that EPA has adequate time to consider the public comments and propose and finalize any modifications to the rule before the submission period begins.”  Comments due: 6-12-25.

Federal Emergency Management Agency Review Council Meeting. Federal Register FEMA meeting notice. Pull quote: “OPE is publishing this emergency notice to announce that the President's Federal Emergency Management Agency (FEMA) Review Council (“Council”) will meet in person on Tuesday, May 20, 2025. This meeting will be open virtually to members of the public. This meeting will be led by the Secretary of Homeland Security and the Secretary of Defense to discuss the work ahead for the Council and the potential future of FEMA.”

Notice of Request for Public Comments on Section 232 National Security Investigation of Imports of Commercial Aircraft and Jet Engines and Parts for Commercial Aircraft and Jet Engines. Federal Register BIS §232 investigation notice. Summary: “On May 1, 2025, the Secretary of Commerce initiated an investigation to determine the effects on the national security of imports of commercial aircraft and jet engines, and parts for commercial aircraft and jet engines. This investigation has been initiated under section 232 of the Trade Expansion Act of 1962, as amended (Section 232) [19 USC 1862]. Interested parties are invited to submit written comments, data, analyses, or other information pertinent to the investigation to the Department of Commerce's (Department) Bureau of Industry and Security (BIS), Office of Strategic Industries and Economic Security. This notice identifies issues on which the Department is especially interested in obtaining the public's views”. Comments due: June 3^rd, 2025.

Two Trump appointees escorted out of Library of Congress amid White House takeover, report says. The-Indepenent.com article. Pull quote: ““Donald Trump’s termination of Register of Copyrights, Shira Perlmutter, is a brazen, unprecedented power grab with no legal basis. It is surely no coincidence he acted less than a day after she refused to rubber-stamp Elon Musk’s efforts to mine troves of copyrighted works to train AI models,” Joe Morelle, a New York House Democrat, said in a statement Saturday.”

ENISA launches EU Vulnerability Database to strengthen cybersecurity under NIS2 Directive, boost cyber resilience. IndustrialCyber.co article. Pull quote: “The agency also highlighted that notifying of actively exploited vulnerabilities will become mandatory for manufacturers by September 2026. The notification process will apply to vulnerabilities impacting hardware and software products with digital elements. The Single Reporting Platform (SRP) provided for by the Cyber Resilience Act (CRA) will be the tool to use for such purpose. It is important to highlight that the SRP is therefore different from the EUVD established by the NIS2 Directive.”

Supreme Court Chief Justice Gives Biggest Sign Yet of Trump Disapproval. NewsBreak.com article. Pull quote: “Last week, the chief justice seemed to once again reference the judicial turmoil at a speaking event in New York. The courts are a “coequal branch of government,” he said, and said their job is to “check the excesses of Congress or of the executive.””

Review – 4 Advisories Published – 5-13-25

Today CISA’s NCCIC-ICS published four control system security advisories for products from ABB Automation, and Hitachi Energy (3).

Advisories

ABB Advisory - This advisory describes two incorrect permission assignment for critical function vulnerabilities in the ABB Automation Builder product.

Hitachi Energy Advisory #1 - This advisory describes four vulnerabilities in Hitachi Energy MACH gateway station product.

Hitachi Energy Advisory #2 - This advisory describes a classic buffer overflow vulnerability in the Hitachi Energy Relion 670/650/SAM600-IO series products.

Hitachi Energy Advisory #3 - This advisory discusses 16 vulnerabilities (one with publicly available exploit) in the Hitachi Energy Service Suite.

 

For more information on these advisories, including links to exploits, as well as a discussion about a recent CISA information sharing policy change, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/4-advisories-published-5-13-25 - subscription required.

Review – Bills Introduced – 5-12-25

Yesterday, with just the Senate in Washington (the House arrives today), there were 17 bills introduced. Of those there was one bill that may receive additional attention in this blog:

S 1708 A bill to improve agency rulemaking, and for other purposes. Lankford, James [Sen.-R-OK] 

 

For more information on these bills, including legislative history for similar bills in the 118th, including a Chinese automotive technology bill mentioned in passing, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/bills-introduced-5-12-25 - subscription required.

Short Takes – 5-12-25

Small businesses dread tariff fallout. WashingtonPost.com briefing. Pull quote: “As Trump pushes through punishing tariffs on some of the country’s biggest trading partners, small-business owners fear they could be caught in the crosshairs. Without the large margins to weather abrupt changes in their supply chains or the lobbying power to ask for special exemptions, many small businesses are bracing for devastating losses. Even if Trump were to go back on his tariffs, multiple small-business owners said the breakneck changes in policy make planning difficult and can have a chilling effect on growth.”

Budget cuts and the fraying of international partnerships. TheSpaceReview.com article. Pull quote: ““You take something like Gateway, for instance. Europe may not stop their development just because the US changes their strategy,” said Peter Cannito, CEO of Redwire Space, in an earnings call Monday. “They may just repurpose or redirect or look for new partners internationally to continue that development.””

The hidden ways Trump, DOGE are shutting down parts of the U.S. government. WashingtonPost.com article. Pull quote: “At the National Oceanic and Atmospheric Administration, key work on weather forecasting has slowed to a crawl because Commerce Secretary Howard Lutnick must sign off personally on many contracts and grants. And at the Social Security Administration, some employees are running out of paper, pens and printer toner because the U.S. DOGE Service has placed a $1 spending limit on government-issued credit cards. (DOGE stands for Department of Government Efficiency, though it is not a Cabinet-level agency.)”

Flights Could Be Disrupted Across U.S., Transportation Secretary Warns. NYTimes.com article. Pull quote: “Still, Mr. Duffy said that the country and Congress had not paid enough attention to improving the “antiquated systems” across major airports, and described the recent issues at Newark as a consequence of “stress on an old network.” ⁋ “What you see in Newark is going to happen in other places across the country,” Mr. Duffy said in the interview, on NBC’s “Meet the Press With Kristen Welker.” “It has to be fixed.”