Tuesday, October 3, 2023

Short Takes – 10-3-23

CISA implements OASIS CSAF 2.0 standard to security advisories for ICS, OT, medical devices. IndustrialCyber.co article. Pull quote: “With this strategy in consideration, CISA now provides machine-readable CSAF documents alongside every new ICS Advisory and those dating back to 2017, the CISA executives wrote. “Our ICS CSAF advisories will be located within the human-readable advisories themselves, or directly via CISA’s GitHub CSAF repository. This shift to CSAF format will also drive other vulnerability response and coordination initiatives at CISA to automate and streamline the drafting and publication process for these ever increasing and critical ICS Advisories,” they added.”

Batteries Will Not Solve Renewable Energy Storage Problem, Says Royal Society. DailySceptic.org article. Pull quote: “The report, lacking a practical answer to wind and solar intermittency, seems to have been ignored by mainstream media. The news that batteries cannot play any significant part in the collectivist Net Zero project is unwelcome to those who have been betting the ranch on this solution for many years. Francis Menton of the Manhattan Contrarian sees the report as an “enormous improvement” on every other effort on the subject of large scale energy storage systems. But in the end, the authors’ “quasi-religious commitment” to a fossil-free future leads them to minimise and divert attention away from critical cost and feasibility issues. “As a result, the report, despite containing much valuable information, is actually useless for any public policy purpose,” he concludes.”

Starfish Space wins NASA contract to plan demonstration of orbital debris inspection. GeekWire.com article. Pull quote: ““This type of mission would entail rendezvous and proximity operations (RPO) and the detailed characterization of the debris,” he said. “Before any disposal mission can commence, an inspection acts as a preliminary step. It’s essential to first inspect the object, gather relevant data and pinpoint potential docking sites.””

NTSB shares update on Teutopolis wreck, chemical spill during press conference. MyWabashValley.com article. Pull quote: “The tank containing 7,000 gallons anhydrous ammonia, a chemical known primarily in industrial and agricultural uses, lost 4,000 gallons of that ammonia after a hole six inches in diameter was created from the wreck.”

Federal Acquisition Regulation: Cyber Threat and Incident Reporting and Information Sharing. Federal Register DOD, GSA, and NASA NPRM. Summary: “DoD, GSA, and NASA are proposing to amend the Federal Acquisition Regulation (FAR) to partially implement an Executive order on cyber threats and incident reporting and information sharing for Federal contractors and to implement related cybersecurity policies.” Comments due December 4th, 2023.

Federal Acquisition Regulation: Standardizing Cybersecurity Requirements for Unclassified Federal Information Systems. Federal Register DOD, GSA, and NASA NPRM. Summary: “DoD, GSA, and NASA are proposing to amend the Federal Acquisition Regulation (FAR) to partially implement an Executive Order to standardize cybersecurity contractual requirements across Federal agencies for unclassified Federal information systems, and a statute on improving the Nation's cybersecurity.” Comments due December 4th, 2023.

Positive Train Control Regulations About Emergency Rerouting. Federal Register FRA notice. Summary: “The purpose of this notice is to inform the public about FRA's regulations permitting railroads to temporarily reroute a train equipped with a positive train control (PTC) system onto a track not equipped with a PTC system, in the event an emergency prevents usage of the regularly used track. This notice contains information about the process a railroad must follow to notify FRA and/or obtain FRA's approval, depending on the duration of the rerouting.”

House makes history, removes McCarthy as Speaker. TheHill.com article. Pull quote: “No votes are expected in the House the rest of the week, and Republicans said they would meet to select their pick for Speaker next Tuesday.”

House Passes H Res 757 – Office of Speaker Vacant

Today, the House took up Rep Gaetz’ (R,FL) motion to vacate the Office of the Speaker of the House, H Res 757. The House passed the resolution by a vote of 216 to 210 [link added, 5:44 pm EDT]. Rep McCarthy (R,CA) is no longer Speaker of the House. In accordance with House Rules, Rep McHenry (R,NC) is now the Speaker Pro Tempore. House is currently in recess subject to the call of the Chair to allow the two caucuses a chance to meet to consider ‘the way forward’.

Earlier a motion was made to table H Res 757. That motion failed by a vote of 208 to 218.

We are almost certainly in for a remake of the vote for Speaker in January. I suspect that McCarthy’s and that of Rep Jeffries (D,NC) will be among the names nominated for Speaker.

Needless to say, there will be no further consideration of HR 4394, the EWR spending bill. Before the House considered H Res 757, the House took up H Res 756, the rule for the consideration of HR 4394. That rule passed by a nearly party-line vote of 218 to 208 with Rep Rogers (R,AL) voting Nay.

Review - House to Begin Consideration of HR 4394 – FY 2024 EWR Spending

As expected, the House is scheduled to take up HR 4394, the Energy and Water Development and Related Agencies [EWR] Appropriations Act, 2024, under a structured rule. The House Rules Committee met yesterday to formulate that rule. That rule adopts one of the spending-reduction proposed amendments and provides for the consideration of 60 amendments on the House floor, including two of the three amendments {Fallon (#17) and Walberg (#18)} that I mentioned yesterday.

Moving Forward

The House will begin consideration today and have a final vote on the bill tomorrow. This means that the House is unlikely to conduct a late session this evening. There is a chance that the bill will not receive enough votes to pass, Democrats will all vote against and we might see some moderate Republican reject the spending reductions in the bill.


Anyone that expected a change in the influence of the Republican 11 after this weekend’s passage of the continuing resolution would be surprised at the spending reduction attempts authorized by the Rules Committee. They should not be; spending cuts are still a strong part of the Republican agenda. It will be interesting to see, however, if moderate Republicans continue to allow the more conservative elements of the party to control these spending bills.


For more details about the consideration of the bill, including highlights of the spending reduction amendments, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/house-to-begin-consideration-of-hr - subscription required.

Bills Introduced – 10-2-23

Yesterday, with just the House in session (the Senate returns to Washington today) there were 15 bills introduced. One of those bills may received additional attention in this blog:

HR 5871 To enhance safety requirements for trains, and for other purposes. Stansbury, Melanie Ann [Rep.-D-NM-1]

I will be watching this bill for language and definitions that would specifically include freight trains transporting hazardous chemicals within the scope of the requirements of the legislation.

Monday, October 2, 2023

Short Takes – 9-2-23

Derailment Performance of DOT-117J Tank Cars. NTSB.gov investigation report. Pull quote: “The majority of the ethanol released leaked from tank car service equipment (such as manway covers and bottom outlet valves) that remained intact during the derailment but sustained damage from the pool fire. We found that the gaskets used in the service equipment were made of materials that are vulnerable to damage when exposed to fire. Using gaskets made of more thermally resistant materials would likely increase the survival time of tank cars exposed to fire and reduce the severity of hazardous material releases.”

Member Conference Call | September 26, 2023. CISA.gov NSTAC meeting summary. Summary of September 26th, 2023, meeting.

It's official: Gaetz to force vote on McCarthy's speakership. Politico.com article. Pull quote: “Democratic leaders have stayed quiet so far about their own approach to the McCarthy ouster vote, waiting for Gaetz to make good on his promise to come after the speaker. Now that the gambit has become official, Minority Leader Hakeem Jeffries (D-N.Y.) will have to decide whether to push his members — particularly centrists who might be tempted to bail out McCarthy — to withhold their votes.”

Johnson Controls' attack on the heels of MGM and Caesars fuels speculation for a mega-disruption. InsideCyberWarefare.com article (subscription required). Pull quote: “Two back-to-back ransomware attacks against Caesar’s and MGM Resorts on September 10 and 13 respectively have insiders worrying that these attacks might have been test beds for much more ambitious ransomware attacks that are in the works against the Formula 1 Las Vegas Grand Prix (Nov 16-18) and/or Super Bowl LVIII (Feb 11, 2024) at Allegiant Stadium.”

HR 4502 Passed in House – Cybersecurity Hiring

Today, the House took up HR 4502 [removed from paywall], the Modernizing the Acquisition of Cybersecurity Experts Act, under the suspension of the rules process. With only 16 minutes of debate, the legislation was passed by a strongly bipartisan vote of 394 to 1. Rep Lesko (R,AZ) was the only vote against the bill.

The bill would restrict agencies from establishing minimum educational requirements for cybersecurity positions. It would allow such requirements “only if a minimum education qualification is required by law to perform the duties of the position in the State or locality where the duties of the position are to be performed”.

Moving Forward

The strong bipartisan support for this bill in the House would seem to indicate that this bill could be considered under the Senate’s unanimous consent process. This is important because the bill is not politically important enough to take up the Senate’s time under regular order.

OMB Approves BIS 2022 Wassenaar Final Rule

On Friday, the OMB’s Office of Information and Regulatory Affairs (OIRA) announced that it had approved a final rule from DOC’s Bureau of Industry and Security (BIS) on “Implementation of 2022 Wassenaar Arrangement Decisions”. The rule was submitted to OIRA on July 18th, 2023.

According to the entry for this rule making in the Spring 2023 Unified Agenda:

“The Bureau of Industry and Security is amending the Export Administration Regulations.  This final rule revises the Commerce Control List to reflect implementation of 2022 Wassenaar Arrangement decisions.”

As I noted in my earlier post: “At this point it would be hard to determine from public documents whether this rule will include changes affecting cyber or cybersecurity product classifications.”

We may see this final rule published in the Federal Register later this week.

Review - Rules Committee to Look at HR 4394 – FY 2024 EWR Spending

The House Rules Committee will hold a rule hearing this afternoon that would include HR 4394, the Energy and Water Development and Related Agencies [EWR] Appropriations Act, 2024. The deadline for submitting amendments for the Committee to consider including in the Rule was last Friday, 122 amendments have been submitted.

Three of the 122 amendments may be of specific interest here:





Version 1

Hudson (NC)


Version 1

Fallon (TX)


Version 1

Walberg (MI) , Latta (OH)

Moving Forward

The Rules Committee meets at 4:00 pm EDT. Barring some drama from the three Republican 11 representatives on the Committee, a rule will be formulated for this and HR 4364, the Legislative Branch spending bill. The House will begin taking up the two bills on Tuesday.


The House was scheduled to start a two-week District Work Period. Normally, this would be a break from Washington while the two appropriations committees started work on an omnibus spending bill. It appears that McCarthy still intends on attempting to pass standalone bills. Between the time the Senate needs to act on these bills and the individual conference committees needed to reconcile the House an Senate versions, this will take up every bit of the time to the new November 17th deadline.


For more information about the upcoming meeting, including the details of the three amendments, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/rules-committee-to-look-at-hr-4394 - subscription required.

HR 4364 Introduced – FY 2024 Legislative Branch Spending

Back in June, Rep Amodei (R,NV) introduced HR 4364, the Legislative Branch Appropriations Act, 2024. At the same time, the House Appropriations Committee published their Report on the bill. While there are a couple of cybersecurity mentions in the bill, they are entirely (and legitimately) focused on protecting the information technology systems used by members of congress. There is one building control system security mention in the Report (pg 19); a $2.1 million listing for “BASnet Cybersecurity Hardware and Network Programming Upgrades”.

Moving Forward

The House Rules Committee will be meeting on Monday afternoon to formulate the rule for the consideration of this bill, along with HR 4394 [removed from paywall], the Energy and Water Development and Related Agencies [EWR] Appropriations Act, 2024. To date, only one amendment has been proposed for the Committee’s consideration. This bill normally gets substantial bipartisan support and this year should be no different.


Okay, I have to mention this because it is video surveillance related. The one amendment proposed to the House Rules Committee was submitted by Rep Massie (R,KY). The amendment reads:

“No funds appropriated in this bill shall be used to allow the department of defense (sic) to install or operate cameras on the Capitol complex.”

Just a tad bit of paranoia showing? Besides if an outside agency (and DOD would not be my first suspect) would use their own funds to install such a camera network (if they did not just hack the current security camera system) and if the capital security folks were compromised sufficiently to allow such installation, it would not take any ‘funding’ from Congress to ‘allow’ the installation. Of course, seeing the poor-quality camera images from Saturday’s FireAlarmGate incident, maybe Congress should get DOD to install their internal surveillance systems. DOD certainly has access to better quality cameras.

Saturday, September 30, 2023

Short Takes – 9-30-23

WATCH OUT! CVE-2023-5129 IN LIBWEBP LIBRARY AFFECTS MILLIONS APPLICATIONS. SecurityAffairs.com article. Pull quote: ““While the vulnerability initially seems to target Chromium-based applications, now that we know better, we understand that it possesses the potential to affect a much wider range of software and applications relying on the ubiquitous libwebp package for WebP codec functionality.” reads the analysis published by Rezilion. “This package stands out for its efficiency, outperforming JPEG and PNG in terms of size and speed. Consequently, a multitude of software, applications, and packages have adopted this library, or even adopted packages that libwebp is their dependency, creating a complex challenge when attempting to identify vulnerable systems. The sheer prevalence of libwebp extends the attack surface significantly, raising serious concerns for both users and organizations.”” The next Log4Shell???

House sends Senate bill to avert government shutdown. TheHill.com article. Pull quote: “Senate Minority Leader Mitch McConnell (R-Ky.) announced shortly before the House voted that members of his conference would not allow the upper chamber’s bipartisan continuing resolution (CR) to advance, deferring to the House plan. The Senate’s proposal would keep the government funded through Nov. 17 and it includes $5.99 billion in disaster relief and $6.15 billion in Ukraine aid.”

Pakistan nuclear weapons, 2023. TheBulletin.org article. Pull quote: “We estimate that Pakistan now has a nuclear weapons stockpile of approximately 170 warheads (See Table 1). The US Defense Intelligence Agency projected in 1999 that Pakistan would have 60 to 80 warheads by 2020 (US Defense Intelligence Agency 1999, 38), but several new weapon systems have been fielded and developed since then, which leads us to a higher estimate. Our estimate comes with considerable uncertainty because neither Pakistan nor other countries publish much information about the Pakistani nuclear arsenal.” Easy to forget that Pakistan was 5th nuclear power before North Korea.

America’s Advanced Manufacturing Problem—and How to Fix It. AmericanAffairsJournal.com article. Pull quote: “The United States does not currently have the correct institutional infrastructure and accompanying operational mechanisms to support ad­vanced manufacturing. Industry, government, and academia are largely unlinked when it comes to advanced production technology and processes, and there is a similar lack of interagency coordination within the government. Pathways necessary for diffusing new technologies and getting them to market are missing, including a lack of scale-up financing mechanisms. The vocational education system has withered as has the corporate lab system.”

First-of-Its Kind Dataset Shows Future Flooding Risk at Neighborhood Level. HomelandSecurityNewswire.com article. Pull quote: “A new data portal, the Climate Risk and Resilience Portal (ClimRR), houses all the data from these [flood risk] simulations for the continental United States. ClimRR was recently launched at Argonne with support from AT&T and FEMA and won a 2023 Climate Leadership Award and an R&D 100 Award.”

The Southern Border Poses Terrorism Risks. Homegrown Threats Still Loom Larger. HomelandSecurityNewswire.com article. Pull quote: “Most modern acts of American terrorism directed or inspired by foreign terrorist organizations—such as ISIS-inspired attacks in the cities of San Bernardino, Orlando, and New York between 2015 and 2017—are instead committed by “homegrown” legal immigrants or U.S. citizens. This was in fact a deliberate strategy pursued by groups such as the self-proclaimed Islamic State, which calculated—correctly—that it would be far easier to inspire lone actors in the United States than attempt to send operatives into the country.”

Requests for Comments; Clearance of a Renewed Approval of Information Collection: Survey of Uncrewed-Aircraft-Systems Operators. Federal Register FAA 60-day ICR notice. Summary: “The information collection involves a survey of uncrewed-aircraft-systems (UAS) operators within the United States. The information gathered through the survey's questionnaire on flight behavior and fleet characteristics is used to inform UAS rule making and guide investment in UAS research and infrastructure. This renewal seeks to continue the survey and improve the survey design to increase the generalization of survey results.”

Senate Passes HR 5860 – Clean CR

This evening, after hours of backroom dealing, the Senate took up HR 5860, the clean continuing resolution that the House pressed through earlier today, and passed it by a vote of 88 to 9. The Senate needed an unanimous consent process to consider the bill today and there was an open question about whether deals were in place to ensure that no one objected. The bill continues the FY 2023 funding rates for the government through November 17th, 2023. The bill will be signed by the President tonight; even if it is slightly after midnight, there will be no governmental shutdown this week.

While the House bucked the control of the Republican 11 to pass the CR, that does not guarantee that the same deals will allow the passage of additional spending bills or approving conference committee versions of the final bill. There is also a question of a possible vacate the chair motion next week as the Republican fringe decides whether or not they will try to punish the Speaker for working with Democrats to pass the CR.

Chemical Incident Reporting – Week of 9-16-23

NOTE: See here for series background.

Teutopolis, IN – 9-29-23

Local news reports: Here, here, and here.

Anhydrous ammonia leak from tanker truck involved in traffic accident – 5 dead and five injured.

Not CSB reportable as this is a transportation incident not a fixed facility. NTSB would be federal investigative agency and an NTSB team is investigating.

OMB Approves DOD NISPOM Amendment

On Wednesday, the OMB’s Office of Information and Regulatory Affairs (OIRA) announced that that it had approved a DOD notice of proposed rulemaking for “National Industrial Security Program Operating Manual (NISPOM); Second Amendment”. According to the Spring 2023 Unified Agenda entry for this rulemaking:

“Based on public comments, DoD is proposing additional amendments to a rule last published on December 21, 2020. This amendment addresses comments received on requests for guidance and the cost to implement Security Executive Agent Directive (SEAD) 3, as well as to provide clarification on safeguarding procedures for the protection and reproduction of classified information. It also includes DoD’s response to public comments received regarding controlled unclassified information, National Interest Determination requirements for cleared contractors operating under a Special Security Agreement for Foreign Ownership, Control or Influence, and eligibility determinations for personnel security clearance processes and requirements, among others.”

DOD Sends CMMC Guidance Docs to OMB

On Wednesday, the OMB’s Office of information announced that it had received guidance documents from the Department of Defense for their Cybersecurity Maturity Model Certification program upgrade. As is typical for guidance document submissions, none of these rulemakings were listed in the Spring 2023 Unified Agena. The submitted documents include:


CMMC Scoping Guide - Level 3

Pending Review


CMMC Scoping Guide - Level 2

Pending Review


CMMC Scoping Guide - Level 1

Pending Review


CMMC Hashing Guide

Pending Review


CMMC Assessment Guide - Level 3

Pending Review


CMMC Assessment Guide - Level 2

Pending Review


CMMC Assessment Guide - Level 1

Pending Review


CMMC Model Overview

Pending Review

HR 5860 Passed in House – Clean Republican CR

In a surprise move, the House took up HR 5860 (committee print), the ‘Continuing Appropriations Act, 2024 and Other Extensions Act, under the suspension of the rules process, and passed it by a bipartisan vote of 335 to 91 with 90 Republicans voting Nay. The bill was not added to the schedule until just before it was brought to the floor by Rep Granger (R,TX) the Chair of the House Appropriations Committee. The bill would extend FY 2023 funding rates for the federal government through November 17th, 2023. Section 129 of the bill adds $16 billion for FEMA’s disaster relief fund. A last-minute amendment was made to the bill by unanimous consent.

The Senate was scheduled to vote at 1:00 pm on the substitute language for HR 3935 that includes slightly dirtier continuing resolution language. That language would add supplemental spending for Ukraine, a controversial provision that is guaranteed to draw some opposition from Republicans. Interestingly, there are currently no Senators in the Senate chambers, I suspect that there are two separate conference meetings taking place determining if they can reach an agreement to consider HR 5860 under unanimous consent today.

It is possible that there will not be a government shutdown tonight, or (even more likely) if there is one, that it will be short.

GAO Reports – Week of 9-23-23 – Cybersecurity Audits

This week the Government Accounting Office (GAO) published a report on “Cybersecurity Program Audit Guide”. Rather than the normal GAO report on the results of an audit, this report outlines “the methodologies, techniques, and audit procedures they [auditors] need to evaluate the components of agencies' cybersecurity programs and systems.” It identifies six major components of a cybersecurity program audit:

• Asset and risk management: developing an understanding of the cyber risks to assets, systems, information, and operational capabilities.

• Configuration management: identifying and managing security features for system hardware and software and controlling changes to the configuration.

• Identity and access management: protecting computer resources from modification, loss, and disclosure by limiting authorized access.

• Continuous monitoring and logging: maintaining ongoing awareness of cybersecurity vulnerabilities and threats to an organization's systems.

• Incident response: taking action when security incidents occur.

• Contingency planning and recovery: developing contingency plans and executing successful restoration of capabilities.

Review – Public ICS Disclosures – Week of 9-23-23

This week we have 15 vendor disclosures from Belden, Hitachi (5), Hitachi Energy, HPE, Panasonic, Pilz, Rockwell (2), SEL, Synology, and VMware. There are three vendor updates from Broadcom.


Belden Advisory - Belden published an advisory that discusses 14 vulnerabilities in a number of their Hirschmann products.

Hitachi Advisory #1 - Hitachi published an advisory that discusses an observable discrepancy vulnerability in their Command Suite and Configuration Manager products.

Hitachi Advisory #2 - Hitachi published an advisory that discusses an integer overflow or wraparound vulnerability in their Cosminexus HTTP Server.

Hitachi Advisory #3 - Hitachi published an advisory that discusses an integer overflow or wraparound vulnerability in their Cosminexus HTTP Server.

Hitachi Advisory #4 - Hitachi published an advisory that discusses an integer overflow or wraparound vulnerability in their Cosminexus HTTP Server.

Hitachi Advisory #5 - Hitachi published an advisory that discusses an allocation of resources without limit or throttling vulnerability in their Cosminexus HTTP Server.

Hitachi Energy Advisory - Hitachi Energy published an advisory that discusses 14 vulnerabilities in their AFS65x, AFS67x, AFR67x and AFF66x series Products.

HPE Advisory - HPE published an advisory that describes two authentication bypass vulnerabilities in their OneView product.

Panasonic Advisory - JP-CERT published an advisory that describes two vulnerabilities in the Panasonic KW Watcher product.

Pilz Advisory - Pilz published an advisory that discusses five vulnerabilities in multiple Pilz products.

Rockwell Advisory #1 - Rockwell published an advisory that discusses five vulnerabilities (listed in CISA’s KEV) in their Connected Components Workbench.

Rockwell Advisory #2 - Rockwell published an advisory that describes an out-of-bounds write vulnerability in their Logix Communication Modules.

SEL Advisory - SEL published a software update for their Configuration API which addressed three cybersecurity vulnerabilities and included two cybersecurity enhancements.

Synology Advisory - Synology published an advisory that describes a security bypass vulnerability in their Synology Router Manager (SRM).

VMware Advisory - VMware published an advisory that describes a privilege escalation vulnerability in their Aria Operations product.

Wago Advisory - CERT-VDE published an advisory that describes two vulnerabilities in their Codemeter product.


Broadcom Update #1 - Broadcom published an update for their Apache HTTP Server advisory that was originally published on August 1st, 2023.

Broadcom Update #2 - Broadcom published an update for their Apache HTTP Server advisory that was originally published on August 1st, 2023.

Broadcom Update #3 - Broadcom published an update for their sctp_make_strreset_req function advisory that was originally published on August 1st, 2023.


For more details on these disclosures, including links to researcher reports, 3rd party advisories, and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-9-e63 - subscription required. [added link to CFSN article, 23:15 EDT, 9-30-23]

Bills Introduced – 9-29-23


Yesterday, with both the House and Senate in session, there were 58 bills introduced. One of those bills will receive additional attention in this blog:

HR 5840 To require the Transportation Security Administration to streamline the enrollment processes for individuals applying for a Transportation Security Administration security threat assessment for certain programs, including the Transportation Worker Identification Credential and Hazardous Materials Endorsement Threat Assessment programs of the Administration, and for other purposes. Graves, Garret [Rep.-R-LA-6]

Friday, September 29, 2023

Short Takes – 9-29-23

Johnson Controls International Disrupted by Major Cyberattack. DarkReading.com article. Pull quote: “The gang has allegedly stolen over 27TB of data and encrypted the company's VMware ESXi machines in a ransomware attack.”

Tris(2-chloroethyl) Phosphate (TCEP); Draft Risk Evaluation under the Toxic Substances Control Act (TSCA); Letter Peer Review; Request for Nominations of Expert Reviewers. Federal Register EPA notice. Summary: “The Environmental Protection Agency (EPA) is seeking public nominations of scientific and technical experts to review the draft Risk Evaluation for Tris(2-chloroethyl) Phosphate (TCEP) conducted under the Toxic Substances Control Act (TSCA). The draft risk evaluation will be released for public review and comment in December 2023 through a separate Federal Register document and subsequently submitted for letter peer review by the expert reviewers.”

In a shift, McCarthy floats a clean stopgap without Ukraine aid. TheHill.com article. Pull quote: “What is clear is that House Republicans will no longer leave Washington for the next two weeks for a scheduled recess as they work through the funding issues and shutdown.”

HR 5525 Failed in House – Republican CR Dead

This afternoon, the House took up HR 5525, the Continuing Appropriations and Border Security Enhancement Act, 2024. The House had earlier approved H Res 741, the rule for the consideration of HR 5525 by a vote of 218 to 210. After limited debate, the bill was rejected by a vote of 198 to 232 with 21 Republicans joining all of the House Democrats in voting no.

There were no votes held today on HR 3935, the FAA reauthorization bill which the Senate will be using as the vehicle for their CR. According to @SenateCloakroom on TWITTER.com, the Senate will vote tomorrow afternoon “to invoke cloture on substitute amendment #1292 to Cal. #211, H.R.3935, legislative vehicle for the Continuing Resolution (November 17th).”

The House is currently scheduled to meet tomorrow morning at 10:00 am EDT. There is nothing on the Majority Leaders ‘Daily Schedule’ about what is planned. There is an outside chance that the Senate could conclude their work on HR 3935 tomorrow (Sunday or Monday is more likely, but still not a given). If the Senate does approve the bill (more likely than was the House passing HR 5525 today) on Saturday, the soonest the House could consider it would be Sunday (if the Rules Committee acted favorably Saturday night, which is probably why the House will be ‘in session’ tomorrow). In any case, the government is going to shut down on Sunday.


The House taking up the Senate CR would be a major shift for Speaker McCarthy, and it would take a serious deal with the House Democrats because those 21 Republican ‘no votes’ will certainly be ‘no votes’ on a Democratic CR and there would likely be a number of others as well. The deal would probably have to include Democratic votes for McCarthy on multiple vacate the chair motions while the CR was wending its way through the House. If the House leadership was smart the deal would include a change to the House Rules that would rewrite the vacate the chair process, probably using Pelosi’s 50% of the conference process.

House Completed Consideration of Spending Bills – 9-27-23

Yesterday, the House continued their consideration of amendments for the three spending bill that they began consideration of on Tuesday, including HR 4365 (DOD spending), HR 4367 (DHS spending) HR 4368 (ARD spending) HR 4665 (State Dept spending), and HR 5692 (Ukraine supplemental). The House considered 60 amendments and passed 26. None of the amendments were of specific interest here.

Final Action

The House completed action on all five spending bills:

HR 4368 (ARD) Failed by a vote of 191 to 237 (27 Republicans voted Nay),

HR 4367 (DHS) Passed by a vote of 220 to 208 (2 Democrats vote Yea),

HR 5692 (Ukraine) Passed by a vote of 311 to 117 (117 Republicans voted Nay),

HR 4365 (DOD) Passed by a vote of 218 to 210 (2 Republicans voted Nay, 2 Democrats vote Yea)

HR 4665 (State) Passed by a vote of 216 to 212 (2 Republicans vote Nay)

Moving Forward

Three of the bills (HR 5692, HR 4365, and HR 4665) will now be forwarded to the Senate for action. The DHS bill will not be forwarded to the Senate until HR 2 (the House Republican signature border security bill) is enacted (this was included in §15 of H Res 723 that passed in the House on Tuesday). It is not yet clear what if any action will be taken in the Senate. If the provisions of the Senate CR included in the Senate version of HR 3539 (which I have not seen yet) are enacted, we will almost certainly see an Omnibus spending bill sometime after the first of the year. In that case no action will be taken on these bills. If HR 5525 (the House version of a short term CR being considered today) is enacted, the Senate would probably take up the DOD and DHS spending bills (perhaps as its own minibus), substitute Senate language and pass those bills. But the Senate would probably first resume consideration of HR 4366, their first minibus that includes the ARD spending. HR 5692 will likely be taken up in the Senate in either case and will probably pass without change.


Of course, this discussion presupposes that the House will pass a continuing resolution. At this point, I do not think that that is possible. While the House was able to pass four of the five spending bill, it was only at the cost of including language that would have no chance of being considered in the Senate, of surviving a conference committee, or being signed by the President. The language of HR 5525 fits in the same mold. Unfortunately for the House leadership, there are probably enough of the Republican 11 that see any CR as an anathema that I will be surprised to see the House approve the rule for the consideration of HR 5525, much less pass the bill.

At this point, I do not see anyway that any CR makes it to President Biden’s desk before midnight Saturday, the government (well vast swaths of it anyway) will shutdown on Sunday. IF HR 5525 passes, it will be some relatively lengthy period before serious negotiations are able to proceed on a bill that would reopen the government as the Republican 11 will volubly insist on maintaining all of the provisions of HR 5525 in any deal, a non-starter as a negotiating position. If HR 5525 fails (and I expect that it will) and the Senate passes HR 3539 (FAA reauthorization) with CR provisions, Speaker McCarthy will be faced with deciding to make a deal with Democrats and facing an inevitable floor fight for retaining his speakership. In either case, McCarthy is going to have to make a deal with Democrats and face the ire of the Republican 11. Now it is just waiting to see how long it will take him to realize that.

Bills Introduced – 9-28-23

Yesterday, with both the House and Senate in session, there were 96 bills introduced. Two of those bills will receive additional coverage in this blog:

HR 5786 To establish in the National Nuclear Security Administration a Cybersecurity Risk Inventory, Assessment, and Mitigation Working Group. Carbajal, Salud O. [Rep.-D-CA-24]

S 2980 A bill to amend title 49, United States Code, to eliminate the requirement for cost-benefit analyses in the establishment of minimum safety standards for pipeline transportation and pipeline facilities, and for other purposes. Markey, Edward J. [Sen.-D-MA] 


Thursday, September 28, 2023

Short Takes – 9-28-23

EVs just got a big boost. We’re going to need a lot more chargers. TechnologyReview.com article. Pull quote: “EV owners would shoulder the cost of installing at-home charging equipment, but there could be additional barriers. Most homes require some electrical work to support EV charging, which can be expensive if it involves retrofitting. “The building stack generally isn’t ready for charging,” says Dan O’Brien, a modeling analyst at Energy Innovation.”

Biden approves emergency declaration in Louisiana for saltwater intrusion that threatens New Orleans. CNN.com article.  Pull quote: “Extreme drought spread across parts of the Mississippi River Basin this summer and pushed water levels to near-record lows. As the river’s flow rate weakened, a surge of saltwater from the Gulf of Mexico pushed upstream, polluting drinking water for thousands of residents south of New Orleans.”

New approaches to the tech talent shortage. TechnologyReview.com article. Pull quote: “But tech doesn’t just need short-term bridges. It needs long-term solutions. That’s why some companies are looking earlier in the pipeline — and even building their own pipeline. Innovative tech leaders have begun targeting less traditionally qualified candidates, including those who have just finished secondary school, and they are cultivating that future potential through new early-career programs.” Advertorial for a free report.

Freedom Caucus presses McCarthy for answers before supporting stopgap. TheHill.com article. Pull quote: ““We remain ready to continue working in good faith with our colleagues across the Republican Conference to advance appropriations; likewise, we expect you to take every step necessary to pass these bills — starting with the four bills now under consideration to fund approximately two-thirds of the federal government,” the letter later said.”

We were promised smaller nuclear reactors. Where are they? TechnologyReview.com article. Pull quote: “The true promise of SMRs will be realized only when it’s time to build the second, the third, the fifth, and the hundredth reactor, DOE’s Huff says, and both companies and regulators are learning how to speed up the process to get there. But the benefits of SMRs are all theoretical until reactors are running, supplying electricity without the need for fossil fuels.”

One of the most intense El Niños ever observed could be forming. WashingtonPost.com article. Pull quote: “And Yeager said the research behind the latest El Niño forecast is part of a broader effort to better predict weather and climate phenomena over scales of one to two years. The research team is looking at whether the current El Niño could be followed in the spring by a rapid transition to La Niña, as has occurred in the past.”

Review – 2 Advisories and 1 Update – 9-28-23

Today, CISA’s NCCIC-ICS published two control system security advisories for products from DEXMA and Rockwell Automation. They also updated an advisory for products from Hitachi Energy.


DEXMA Advisory - This advisory describes five vulnerabilities in the DEXMA DEXGate gateway.

Rockwell Advisory - This advisory discusses an improper input validation vulnerability in the Rockwell PanelView 800 product.


Hitachi Energy Update - This update provides additional information on an advisory that was originally published on May 5th, 2023.


For more details about these advisories, including links to 3rd party advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/2-advisories-and-1-update-9-28-23 - subscription required.

House Considered Spending Bills – 9-27-23

Yesterday, the House continued their consideration of amendments for the three spending bill that they began consideration of on Tuesday, including HR 4365 (DOD spending), HR 4367 (DHS spending) and HR 4368 (ARD spending). The House considered 101 amendments and passed 60. None of the amendments were of specific interest here. However…

$1 Dollar Salary

One of the little noted additions made to the House Rules earlier this year was the reinstatement of the Holman Rule. This allows for amendments to spending bills that would reduce the salary of specific government employees to $1, effectively (hopefully according to author of the amendment) firing the employee without having to go through the impeachment process. This process was successfully used six times yesterday:

H.Amdt.331 (HR 4368) – Boebert (R,CO) – USDA Deputy Undersecretary Stacy Dean,

H.Amdt.371 (HR 4365) – Green (R,GA) – DOD Secretary Lloyd James Austin III,

H.Amdt.381 (HR 4365) – Roy (R,TX) – DOD Director of Office for Diversity, Equity, and Inclusion Cyrus Salazar,

H.Amdt.399 (HR 4367) – Tenney (R,NY) - DHS Secretary Mayorkas,

H.Amdt.408 (HR 4367) – Boebert – USCIS Director Ur M. Jaddou, and

H.Amdt.415 (HR 4367) – Greene – DHS Secretary Mayorkas,


All of these amendments were approved by voice votes with no attempt made to force a roll call vote. This is one of the problems with marathon legislative session (exacerbated in this case by considering multiple bills), controversial amendments can slip through the process. The Republican managers had little incentive to raise objection to these amendments, they have to be careful about how much they antagonize the radical fringe as every vote counts. And, of course, no one expects these amendments to survive the inevitable conference committee.

House to Consider HR 5962 – Ukraine Security Assistance

Yesterday, the House Rules Committee met to formulate a rule for the consideration of HR 5962 [Rules Committee Print], a bill making supplemental appropriations in support of Ukraine. The rule (H Res 730) provides a closed rule (limited debate, no amendments). The rule also makes amendments to the versions of HR 4365 (DOD spending) and HR 4367 (ARD spending) that are still being considered by the House.

Nothing in HR 5962, nor the amendments to the other two bills, are strictly of interest here in this blog. But they do provide a clear and public example of the horse trading that goes on during the consideration of major pieces of legislation.

The language of H 5962 provides for $300 million dollars in supplemental spending for the Ukraine Security Assistance Initiative. The language providing that funding is nearly identical to the wording in §8104 that the Rule removes from HR 4365. There is additional language added in HR 5962 provides that $20 million of the monies will go to fund a Special Inspector General for Ukraine Assistance.


Removing the Ukraine funding provisions from the DOD spending bill provides cover for some Republicans {Rep Greene (R,GA) is the most obvious example} to vote for the DOD spending while still opposing funding for Ukraine. At the same time, Democrats that would oppose the DOD spending bill will now be able to vote to support funding for the Ukraine, negating the opposition of a relatively small number of Republicans. Passing this bill will also provide the Speaker with some leverage (probably not much, but McCarthy needs all that he can get) with negotiations with the Senate and the President on an as of yet unconsidered CR.

Interesting side light. HR 4365 contains language (§8105) prohibiting any monies provided in HR 4365 from being used to support the Azov Battalion. Moving the language of §8104 to this bill removes that restriction from the monies appropriated. Not an intended consequence, I am sure (mostly sure), but a consequence just the same.

Bills Introduced – 9-27-23

Yesterday, with both the House and Senate in session, there were eighty bills introduced. One of those bills may receive additional coverage in this blog:

HR 5759 To amend the National Quantum Initiative Act and the Cyber Security Research and Development Act to advance the rapid deployment of post quantum cybersecurity standards across the United States economy, support United States cryptography research, and for other purposes. Jackson, Jeff [Rep.-D-NC-14] 

I will be watching this bill for language and definitions that would specifically include industrial control systems and operational technologies within the scope of the requirements of the legislation.

Mention in Passing

I would like to mention two bills that were introduced yesterday that will probably not receive additional coverage in this blog:

HR 5750 To direct the Nuclear Regulatory Commission, the Secretary of Energy, and the Secretary of Agriculture to collaborate to determine the feasibility of creating the Green Nuclear Fertilizer Program, and for other purposes. Donalds, Byron [Rep.-R-FL-19]

S 2950 A bill to align the fiscal year with the calendar year. Kaine, Tim [Sen.-D-VA]

Donalds has been trying to drag the country into implementing advanced nuclear technology since he came into Congress. Unfortunately, he has not been a member of the committees to which his bills have been assigned for coverage which makes it very difficult to move the bills forward. And his association with the anti-McCarthy folks during the election of the Speaker does not make it any easier to gain bipartisan support for his legislation. Still, his efforts deserve recognition.

S 2950 looks to be very similar to HR 5612 which I mentioned in passing last week. If for no other reason than to reduce the need for continuing resolutions to give law makers additional time to work out spending deals (and contrary to what the Republican 11 hope, deals will almost always need to be made to move spending bills in a narrowly divided congress), these two bills deserve action.

Wednesday, September 27, 2023

Short Takes – 9-27-23

Senate grabs wheel from House in bid to avoid shutdown. TheHill.com article. Pull quote: “They [un-named Senators] believe that if he saves the country from going through an unpopular government shutdown, he’ll have enough political capital to beat back any move by conservative critics such as Rep. Matt Gaetz (R-Fla.) to push through a motion to kick him out of the top leadership job.” Political calculus or wishful thinking?

Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions; Guidance for Industry and Food and Drug Administration Staff; Availability. Federal Register FDA notice of availability. Summary: “The Food and Drug Administration (FDA or Agency) is announcing the availability of a final guidance entitled “Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions.” As more medical devices are becoming interconnected, cybersecurity threats have become more numerous, more frequent, more severe, and more clinically impactful. As a result, ensuring medical device safety and effectiveness includes adequate medical device cybersecurity, as well as its security as part of the larger system. This final guidance supersedes the final guidance “Content of Premarket Submissions for Management of Cybersecurity in Medical Devices,” issued October 2, 2014.”

McCarthy told conference he won’t allow vote on Senate stopgap: GOP lawmakers. TheHill.com article. Pull quote: “Good told reporters that McCarthy’s stopgap measure would keep the government open for 30 days, decrease spending to a top-line level of $1.471 trillion for that duration and include border security provisions. Good also noted that McCarthy wants to pass the stopgap “in conjunction with continuing to move our spending bills,” which has been a key demand among conservatives.”

House GOP agriculture spending bill on thin ice. TheHill.com article. Pull quote: “The House GOP’s bill to fund the Department of Agriculture, rural development and the Food and Drug Administration (FDA) is on thin ice after a handful of moderate Republicans said they are opposed to the legislation because of a provision that would limit access to an abortion pill.”

21 Amendments Considered for HR 4368 – FY 2024 ARD Spending Bill – 9-27-23

Yesterday (ending at about 0300 EDT today) the House started considering HR 4368, the Agriculture, Rural Development, Food and Drug Administration, and Related Agencies Appropriations Act, 2024 (ARD Spending) under provisions of H Res 723. There were 21 amendments addressed (actually the 1st amendment was an en bloc amendment with  40 amendments listed in H Rept 118-226, the Rules Committee Report for H Res 712) adopted by a mix of voice votes and recorded votes. None of the amendments were of any specific interest here.

A significant number of the amendments were reductions in spending for various agencies and programs. These were from base numbers that were already lower than the spending agreement made earlier this year between the President and the Speaker. While many of the amendments reduced spending by a specific amount or per cent, the majority of the reductions were to levels in specific earlier fiscal years. Nine of those amendments failed by recorded vote:

H.Amdt.306 - Failed by recorded vote: 175 – 254,

H.Amdt.307 - Failed by recorded vote: 119 – 307,

H.Amdt.308 - Failed by recorded vote: 106 – 323,

H.Amdt.310 - Failed by recorded vote: 86 – 343.

H.Amdt.311 - Failed by recorded vote: 89 - 341

H.Amdt.312 - Failed by recorded vote: 68 – 362,

H.Amdt.315 - Failed by recorded vote: 83 – 348,

H.Amdt.317 - Failed by recorded vote: 81 – 350, and

H.Amdt.318 - Failed by recorded vote: 105 – 325,

Today’s Consideration

The House returned to the chambers at 9:00 this morning and instead of continuing with the ARD spending bill, they took up HR 4365, the DOD spending bill. At about 3:00 pm it stopped considering the DOD bill (without completing their work) and started on HR 4367, the DHS spending bill. At about 4:30 pm, they stopped consideration of that bill (again without completing their work) and resumed working on the ARD bill. At about 5:50 pm they finished work on the amendments to the ARD bill, but did not vote on the bill, instead resuming consideration of the amendments for the DOD bill. At 6:30 pm the House completed consideration of those amendments, but did not vote on the bill, instead they resumed working on amendments for the DHS bill. That is what they are working on as I write this post.

Interestingly, HR 4665, the State Department spending bill, which was included in H Res 723, has not been considered by the House as of yet.

I will have more details on today’s considerations after the Congressional Record is printed sometime tomorrow afternoon.


This is an unusual way to consider legislation, but at this point, it is hardly surprising that the Republican lead is working an unusual process. It looks like McCarthy is trying to get all of the detail work of the legislative process complete before they start the final vote process. I wonder if he has concerns about the results of the votes, like perhaps a couple of the Republican 11 voting against one of more of the bills because not enough spending cuts were made.

OMB Approves BIS Missile Technology Export Final Rule

Yesterday, OMB’s Office of Information and Regulatory Affairs (OIRA) announced that it had approved a final rule from DOC’s Bureau of Industry and Security on “Revisions to the Export Administration Regulations Based on 2018, 2019, 2021, and 2022 Missile Technology Control Regime Plenary Agreements; and Revisions to License Exception Eligibility”. The rule was submitted to OMB on August 25th, 2023.

The entry for this rulemaking in the 2023 Spring Unified Agenda notes:

“This final rule makes revisions to the Export Administration Regulations based on 2021 and 2022 Missile Technology Control Regime Plenary Agreements; and Revisions to License Exception Eligibility”

Unless you closely follow these international arms control discussions (and I do not), there is no reasonable way to determine what BIS may include in these rules. Since cybersecurity issues have been covered in the past, I mention these now.

Tuesday, September 26, 2023

Short Takes – 9-26-23

Space Force chief says commercial satellites may need defending. ArsTechnica.com article. Pull quote: “In a modern war, "there are going to be commercial entities, commercial organizations, commercial capabilities and assets that get caught up in the conflicts," Saltzman said. "Space is no different than sea lanes. It’s no different than civilian airliner traffic in Europe right now. The US has a long history of saying we’re going to protect the things that we need to be successful. So it would stand to reason that that same philosophy would extend into space, and I have no reason to believe that that will be different.””

CISA Releases Hardware Bill of Materials Framework (HBOM) for Supply Chain Risk Management. CISA.gov press release. Pull quote: ““The HBOM Framework [link added] offers a consistent and repeatable way for vendors and purchasers to communicate about hardware components, enabling effective risk assessment and mitigation in the supply chain. With standardized naming, comprehensive information, and clear guidance, organizations can safeguard against economic and security risks, enhancing overall resilience,” said CISA National Risk Management Center Assistant Director and ICT SCRM Task Force Co-Chair Mona Harrington. “By enhancing transparency and traceability through HBOM, stakeholders can identify and address potential risks within the supply chain, ensuring that the digital landscape remains robust and secure against emerging threats and challenges.””

Potential link found between Merck antiviral and mutated COVID strains. TheHill.com article. A little geeky, requires more study. Pull quote: ““Importantly, the divergence of the molnupiravir mutation spectrum from standard SARS-CoV-2 mutational dynamics might allow the virus to explore the fitness of distinctive parts of the possible genomic landscape to those it is already widely exploring in the general population,” the study stated.”

COVID drug molnupiravir may be driving the virus to mutate — should we worry? LiveScience.com article. A more nuanced look. Pull quote: “"We have yet to see evidence of more fit sequences arising from molnupiravir" — meaning viruses that can more easily spread and multiply — "but this work certainly provides pause for thought and should weigh heavily in considerations around future use of the drug, necessitating at the very least mitigations of the risks of this effect, alongside real world data on the effectiveness of the drug," Aris Katzourakis, a professor of evolution and genomics at the University of Oxford who was not involved in the research, told Live Science in an email.”

Cybersecurity Labeling for Internet of Things. Federal Register FCC comment extension. Summary: “In this document, the Federal Communications Commission extends the comment and reply comment periods of the Notice of the Proposed Rulemaking [link added to my blog post on NPRM, removed from paywall) (NPRM) in PS Docket No. 23–239 that was released on August 10, 2023. This document also corrects a Uniform Resource Locator (URL) link in the summary of the NPRM that was published in the Federal Register on August 25, 2023.” New comment deadline November 10th, 2023.

A Laser Fusion Breakthrough Gets a Bigger Burst of Energy. NYTimes.com article. Pull quote: “Siegfried Glenzer, a scientist at the SLAC National Accelerator Laboratory in Menlo Park, Calif., who led the initial fusion experiments at the Livermore facility years ago, said of the July advance, “The fact that the gain has gone up on the last shot is encouraging news and shows that the current implosions are not yet fully optimized.””

The Beekeepers Who Don’t Want You to Buy More Bees. NYTimes.com article. Pull quote: “Honey bees, it turns out, are a commercially managed animal — essentially livestock, like cows — and large beekeeping operations are remarkably adept at replacing colonies that die. In the United States, about one million hives are trucked each year to places like California, where honey bees pollinate almonds and other crops, Mr. Black said. It’s a major industry.”

Senate Reaches Spending Deal to Head Off Government Shutdown. NYTimes.com article. Pull quote: “The Senate proposal would meet stiff resistance from House Republicans because it includes assistance for Ukraine that many of them oppose and maintains federal funding at current levels. Many House Republicans are demanding steep cuts in even an interim funding plan. As a result, Mr. McCarthy would need Democratic votes to pass it, and leaning on Democrats would stir a backlash from his own party.”

House Actually Moves on Spending Bills

This evening the House took up H Res 723 [link is to a Rules Committee print of the bill], the rule for the consideration of four spending bills this week. The rule was adopted by a near party-line vote of 216 to 212. The sole dissenting Republican vote was Rep Greene (GA). This is the first positive vote on a spending bill in the House since they passed HR 4366, the MilCon spending bill in July.

The House then moved to begin consideration of HR 4368, the ARD spending bill. Debates and votes on amendments will begin later. No telling how late the House will working tonight. If they intend to get all four bills considered this week, they will be voting until the wee hours of the morning.


This does nothing to deal with the impending Saturday midnight deadline for funding the government, but after the last two weeks of Republican legislative-ineptitude, it is good to see some movement on spending bills. Meanwhile, on the other side of the Hill, the Senate voted 77 to 19 to close debate on the motion to consider debate on HR 4395, the FAA authorization bill. That bill will be the vehicle for a bipartisan, relatively clean, continuing resolution. More on that tomorrow when the Congressional Record is published.

CISA Community Bulletin – 9-25-23

Yesterday, CISA emailed out the latest version of their ‘CISA Community Bulletin’. This special edition of the Bulletin is focused on the upcoming Cybersecurity Awareness Month. CISA notes:

“Each week in October, CISA will spotlight one of the four key behaviors we encourage all to take now to protect ourselves online– using strong passwords and a password manager; enabling multifactor authentication; recognizing and reporting phishing; and frequently updating software. Engage with cybersecurity experts to learn more about these actions through CISA’s webinar series, as we take a deeper dive into why we need to take these actions now.”

The four scheduled webinars are:

October 3rd, 2023 - How to Create Stronger Passwords and Debunking Myths About Password Managers,

October 10th, 2023 - The Importance of Multifactor Authentication,

October 17th, 2023 - How to Recognize and Report Phishing, and

October 24th, 2023 - Keeping Software Up to Date

You can register for these webinars here.

NOTE: Normally, I am able to provide a link to the latest version of the Bulletin, but the link provided in yesterday’s email was “%20”; not helpful at all. You can sign up to receive these bulletins (and others from CISA) from the Public.GovDelivery.gov.

/* Use this with templates/template-twocol.html */