Bills Introduced – 7-26-24

Yesterday, with both the House and Senate in Washington (and the House preparing to leave for their summer recess a week early) there were 109 bills introduced. Five of those bills will receive additional attention in this blog:

S 4795 An original bill making appropriations for the Departments of Commerce and Justice, Science, and Related Agencies for the fiscal year ending September 30, 2025, and for other purposes. Shaheen, Jeanne [Sen.-D-NH]

S 4796 An original bill making appropriations for the Departments of Transportation, and Housing and Urban Development, and related agencies for the fiscal year ending September 30, 2025, and for other purposes. Schatz, Brian [Sen.-D-HI]

S 4797 An original bill making appropriations for the Department of State, foreign operations, and related programs for the fiscal year ending September 30, 2025, and for other purposes. Coons, Christopher A. [Sen.-D-DE]

S 4802 An original bill making appropriations for the Department of the Interior, environment, and related agencies for the fiscal year ending September 30, 2025, and for other purposes. Merkley, Jeff [Sen.-D-OR] 

S 4813 A bill to establish a grant program within the Department of Labor to support the creation, implementation, and expansion of registered apprenticeship programs in cybersecurity. Rosen, Jacky [Sen.-D-NV] 

Transportation Chemical Incidents – Week of 6-22-24

Reporting Background

See this post for explanation, with the most recent update here (removed from paywall).

Data from PHMSA’s online database of transportation related chemical incidents that have been reported to the agency.

Incidents Summary

• Number of incidents – 719 (594 highway, 114 air, 11 rail, 0 water)

• Serious incidents – 1 (1 Bulk release, 1 evacuation, 0 injury, 0 death,0 major artery closed, 0 fire/explosion, 23 no release)

• Largest container involved – 30,360-gal 117R100W railcar {Alcohols, N.O.S.} Leaking bottom outlet valve and bad gasket on bottom outlet valve cap.

• Largest amount spilled – 275-gal Metal IBC {Diethylenetriamine} Fork lift puncture on unloading dock. The bottom valve was opened during the loading process.

NOTE: Links above are to Form 5800.1 for the described incidents.

Most Interesting Chemical: Sulfamic acid - A white crystalline solid. Density 2.1 g / cm3. Melting point 205°C. Corrosive and combustible. Irritates skin, eyes, and mucous membranes. Low toxicity. Used to make dyes and other chemicals.

 

CSB Publishes Remote Isolation Safety Study

Yesterday, the Chemical Safety Board announced the publication of a new safety study on Remote Isolation of Process Equipment”. The RIPE study looks at the historical record of industrial chemical accidents, including a number of CSB accident investigation reports, to determine how useful remote isolation valves would have been in preventing or reducing damages, deaths and injuries. The Study resulted in the publication of three recommendations that were released on Wednesday:

• American Petroleum Institute (API) - 2024-01-H-1,

• Environmental Protection Agency (EPA) - 2024-01-H-2, and

• Occupational Safety and Health Administration (OSHA) - 2024-01-H-3

NOTE: No direct links are currently available to those recommendations, but they can be found listed on the CSB’s Recent Recommendation Status Updates page.

The three recommendations are:

API - “Develop a new publication or revise an existing publication or publications that should be applicable to various facility types such as refineries, chemical and petrochemical facilities, terminals, etc. with major process equipment and atmospheric storage tanks, that details conditions that necessitate the installation of remote isolation devices [use “shall” instead of “should” language] that may be automatically activated or remotely activated from a safe location, particularly during an emergency. When establishing these conditions refer to the guidance published by CCPS entitled Guidelines for Fire Protection in Chemical, Petrochemical, and Hydrocarbon Processing Facilities, Sections 8.1.10 and 8.1.11. At a minimum, the conditions should address major process equipment and atmospheric storage tanks, material volumes/weight as well as flammability, corrosivity, and toxicity”

 

EPA - “Update the Risk Management Program (RMP) rule by expanding the requirements of 40 CFR Part 68 to include an evaluation of the need for remote isolation devices for major process equipment that can be remotely activated from a safe location or automatically activated during a release. The evaluation should be included in hazard assessments, hazard reviews, and process hazard analyses.”

 

OSHA - “Update the Process Safety Management (PSM) standard by expanding the Process Hazard Analysis (PHA) requirements under 29 CFR 1910.119(e)(3) to include an evaluation of the need for remote isolation devices for major process equipment that can be remotely activated from a safe location or automatically activated during a release.”

Short Takes – 7-25-24

How SpaceX Will Turn a Workhorse Vehicle into a Hulking Destroyer of Space Stations. SCientificAmerican.com article. Pull quote: “In addition to nearly tripling the number of engines of a typical Dragon, SpaceX’s plan calls for the deorbit vehicle to launch with some 16,000 kilograms (about 35,000 pounds) of propellant. That’s six times more than a standard Dragon, said Sarah Walker, director of Dragon mission management at SpaceX, during the press conference.”

How the Nutrition Facts Label Has Changed Food in the U.S. TheConversation.com article. Pull quote: “Surprisingly, the Nutrition Facts label’s greatest impact may have been driving the food industry to reformulate products to achieve appealing nutrient profiles – even if consumers weren’t closely reading the labels. While envisioned as an education tool, I believe the Nutrition Facts label in practice has worked more like a market infrastructure, reshaping the food supply to meet shifting dietary trends and public health goals long before consumers find those foods at the supermarket.”

From Iron Dome to Cyber Dome: Defending Israel’s Cyberspace. IDSA.in article. Pull quote: “The cyber-dome initiative fundamentally constitutes an active defence encompassing enhanced detection, investigation and mitigation of threats along with the expansion of existing information-sharing mechanisms. The coordinated detection and response efforts involving all agencies, including the IDF, underscore the importance of collaborative action in an interconnected domain. The centralised, real-time and AI-enabled system proactively protecting Israeli cyberspace is an extension of its national and international cybersecurity strategy.”

A New Way to Make Element 116 Opens the Door to Heavier Atoms. NewsWise.com article. Pull quote: “If discovered, element 120 would be the heaviest atom created and would sit on the eighth row of the periodic table. It falls on the shores of the “island of stability,” a theorized group of superheavy elements with unique properties. While the superheavy elements discovered so far break apart almost instantaneously, the right combination of protons and neutrons could create a more stable nucleus that survives for longer – giving researchers a better chance to study it. Exploring elements at the extremes can provide insights into how atoms behave, test models of nuclear physics, and map out the limits of atomic nuclei.”

Mini lungs make major COVID-19 discoveries possible. NewsWise.com article. Pull quote: “In another surprising result, Leibel, Snyder and team discovered that the mini lungs have their own intrinsic “first response” system in reaction to sensing SARS-CoV-2. Even though the mini lungs lack any connection to an immune system, this study shows that lung cells can initiate many of the same biologic and cell signaling changes in response to a viral threat that are observed when the immune system is present.”

Using AI, CIPHER bird flu study shows greater antibody evasion in newer H5N1 strains. NewsWise.com article. Pull quote: “According to the study, virus mutations related to “host-shifts” from birds to mammals had a statistically significant negative impact on the ability of antibodies to bind to and fight off H5N1. Researchers also found that based on the wide variety of host species and geographic locations in which H5N1 was observed to have been transmitted from birds to mammals, there does not appear to be a single central reservoir host species or location associated with H5N1’s spread. This indicates that the virus is well on its way to moving from epidemic to pandemic status in the near future.”

Short Takes – 7-25-24 – Space Geek Edition

Elon Musk revived L.A. aerospace with SpaceX. Will it thrive without him? LATimes.com article. An interesting look the history of aerospace industry in LA Basin. Pull quote: “SpaceX hasn’t commented on how many jobs will be affected by the relocation, and industry observers say it’s likely the company will maintain significant manufacturing operations in Los Angeles County, where it employed about 6,000 people in 2023, according to an annual survey by the Los Angeles Business Journal.”

Polaris Dawn crew completes final milestones ahead of historic spacewalk mission. FoxWeather.com article. Pull quote: “The Polaris Dawn team recently shared an update after completing testing at NASA's Johnson Space Center in Houston. The team used a JSC test chamber, which previously supported testing America's first spacesuits and spacecraft during the Gemini and Apollo programs. The facilities are part of the National Register of Historic Places and remain in use today.”

NASA delays ISS spacewalks indefinitely to investigate spacesuit coolant leak. Space.com article.  Pull quote: “NASA's and private industry's newer generations of spacesuits are emphasizing better flexibility with updated materials, alongside improved sizing to accommodate all genders. The EMU is biased towards larger and male sizes, due to being designed in an era when most astronauts were male recruits from the then nearly single-gender armed forces. In June, Collins Aerospace backed out of its contract to design newer ISS suits, saying its schedule for development "would not support the space station's schedule and NASA's mission objectives."”

China plans to deflect near-Earth asteroid in 2030. NewAtlas.com article. Pull quote: “These observations will take place over three to six months after the spacecraft goes into orbit around the asteroid in 2030. After the observation is completed, a kinetic impactor will be fired at the asteroid and the spacecraft will remain on station for six to 12 months to measure the effects of the impact. This includes assessing changes in the asteroid's orbit, studying the impact crater, and analyzing the ejected materials.” Journal article link.

 

Russia unveils timeline for building its new space station, starting in 2027. Space.com article. Pull quote: “The first module of the X-shaped outpost, a research and power node, is expected to be launched into a near-polar orbit in 2027, TASS reported. By 2030, it plans to have docked its four major modules, with two "special-purpose" modules scheduled for attachment by 2033. Roscosmos plans to send the first cosmonauts to the station in 2028 and has suggested the station can be operated without crew.”

 

Rolls Royce’s 120-inch-long mini space nuclear reactor gets funding boost. InterestingEngineering.com article. Pull quote: “The tiny reactor, which is claimed to be 3.3 feet (40 inches) in width and 10 feet (120 inches) in length, is not yet able to generate any electricity. If all goes as planned, it will take roughly six years and several million dollars to prepare the reactor for its first space flight.”

Review – 2 Advisories Published – 7-25-24

Today, CISA’s NCCIC-ICS published two control system security advisories for products from Positron and Siemens.

Advisories

Positron Advisory - This advisory describes an authentication bypass using an alternate path or channel vulnerability (with known exploit) in the Positron Broadcast Signal Processor TRA7005.

Siemens Advisory - This advisory describes two vulnerabilities in the Siemens SICAM products.

 

For more information on these advisories, including links to researcher reports and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/2-advisories-published-7-25-24 - subscription required. 

Review - CSB Updates Accidental Release Reporting Data – 7-23-24

Yesterday in preparation for their quarterly business meeting today, the CSB updated their published list of reported chemical release incidents. They added 32 new incidents that occurred since the previous version was published [removed from paywall] in April. They also inserted three ‘new’ incidents, and removed one, that occurred before April. These are not incidents that the CSB is investigating, these are incidents that were reported to the CSB under their Accidental Release Reporting rules (40 CFR 1604).

The table below shows the top five states based upon the number of reported incidents since the April update was published.

 

For more information on the incidents added to the database, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/csb-updates-accidental-release-reporting-7bf - subscription required.

Short Takes – 7-25-24 – Federal Register Edition

Proposed High-Priority Substance Designations Under the Toxic Substances Control Act (TSCA); Notice of Availability. Federal Register EPA notice. Summary: “Under the Toxic Substances Control Act (TSCA) and related implementing regulations, the Environmental Protection Agency (EPA or Agency) is proposing to designate acetaldehyde (CASRN 75-07-0), acrylonitrile (CASRN 107-13-1), benzenamine (CASRN 62-53-3), vinyl chloride (CASRN 75-01-4), and 4,4-methylene bis(2-chloroaniline) (MBOCA) (CASRN 101-14-4) as High-Priority Substances for risk evaluation. EPA is providing a 90-day comment period, during which interested persons may submit comments on the proposed designations of these chemicals as High-Priority Substances for risk evaluation.”

Standards-Related Activities and the Export Administration Regulations; Corrections. Federal Register BIS IFR correction notice. Summary: “On July 18, 2024, the Bureau of Industry and Security published an interim final rule that revised the Export Administration Regulations (EAR). That rule inadvertently revised language related to recent changes to the Entity List. This document corrects the inadvertent revisions introduced in the July 18, 2024, rule.”

Pipeline Safety: 2024 Risk Modeling Public Workshop. Federal Register PHMSA meeting notice. Summary: “This notice announces a public workshop on risk modeling methodologies and tools for the evaluation of gas, carbon dioxide (CO2), and hazardous liquid pipelines. The notice also requests comment on the topic, including submission of supporting abstracts of relevant engineering and technical modeling considerations to support improvement and advancement in pipeline risk management, such as modeling methods that follow PHMSA's report on Pipeline Risk Modeling, Overview of Methods, and Tools for Improved Implementation, issued in February 2020.”

Review - CSB Adds Three New Safety Recommendations – 7-23-24

Yesterday, the Chemical Safety Board added three new safety recommendations to their list of open recommendations. The new recommendations are based upon an as of yet unpublished safety study: “CSB Safety Study: Remote Isolation of Process Equipment”. I expect that the report will be released at today’s Public Business Meeting.

In regards to the study, the CSB notes:

“Over the last several years, the U.S. Chemical Safety and Hazard Investigation Board (CSB) has reviewed and investigated numerous incidents where the consequences of these occurrences escalated following a loss of containment due to the lack of effective remote isolation equipment. These incidents resulted in serious injuries, fatalities, environmental contamination, and severe damage to facilities.”

The recommendations were made to the following entities:

• American Petroleum Institute - 2024-01-H-1,

• Environmental Protection Agency - 2024-01-H-2, and

• Occupational Safety and Health Administration - 2024-01-H-3

Short Takes – 7-24-24

Colorado requiring dairies to test milk for bird flu. TheHill.com article. Pull quote: ““Mandatory surveillance of highly pathogenic avian influenza across all of Colorado’s Grade A commercial dairies is a critical next step to tamping down the virus and protecting the food system,” state Agriculture Commissioner Kate Greenberg said in a statement.”

Are Doctors Missing Cases of H5N1 Bird Flu in People Who Drink Raw Milk? MedPageToday.com article. Pull quote: “Lawler said, ideally, animal caretakers who sell raw milk should recognize that milk from an animal with symptoms "shouldn't be put into the supply chain." However, cows early in infection, or with latent infection, or those that are only mildly symptomatic "still have high amounts of virus in their milk" and thus pose a risk to the supply chain.”

Meet the Cyber Action Team. FBI.gov article. Pull quote: “"We respond onsite to victims who may include national government entities, private companies, or even sometimes foreign partner networks that have been compromised by an adversary," said Scott Ledford, head of the Cyber Action Team and the Advanced Digital Forensics Team. "Our job is to help conduct the investigation—we collect digital evidence and locate, identify, and reverse engineer malware. We also help the victim understand when they were compromised and how, writing a timeline and a narrative of that intrusion with the ultimate goal of identifying who is responsible, attributing that attack."”

Republican funding plans crumbling as House eyes early exit. TheHill.com article. Pull quote: “Asked about plans for the House to tackle its outstanding funding bills, Scalise defended the House’s work so far, while noting the challenges staunch Democratic opposition and defections on the GOP side pose to party efforts to approve the remaining measures.” See additional reporting here - https://x.com/AnthonyAdragna/status/1815877835577516190

FRA report on East Palestine derailment differs slightly from NTSB analysis. Trains.com article. Pull quote: “But the NTSB, in its recommendations, urged the FRA to update its vent-and-burn guidance: “Update and re-publish your 2007 vent and burn reports to include clear instructions to consult the shipper when considering a vent and burn, more comprehensive guidance on what products are candidates for a vent and burn along with what chemical and other hazards may result, and an updated process flow chart incorporating lessons from the East Palestine vent and burn; the re-published reports should identify the questions an incident commander should ask when considering a vent and burn, distinguish the meaning of the answers, and identify the resources necessary to make an informed decision.”” FRA report link.

Short Takes – 7-24-24 – Space Geek Edition

New extremely r-process-enhanced star detected. Phys.org article. A tad bit geeky. Pull quote: “Now, a team of astronomers led by Xiao-Jin Xie of CAS [Chinese Academy of Sciences] reports the detection of a new RPE star. They employed GTC's [Gran Telescopio Canarias] High Optical Resolution Spectrograph (HORuS) to observe a star designated LAMOST J020623.21+494127.9 (or J 0206+4941 for short). The observational campaign led to the classification of this object as an extremely r-process-enhanced [rapid neutron capture] star.”

Expiring medications could pose challenge on long space missions. Phys.org article. An unusual Mars-trip problem. Pull quote: “Expired medications can lose their strength by a little—or a lot. The actual stability and potency of medications in space compared to Earth remain largely unknown. The harsh space environment, including radiation, could reduce the effectiveness of medications.”

Lunar exploration ground sites will enhance the Near Space Network's communications services. Phys.org article. Pull quote: “To support NASA's Moon to Mars initiative, NASA is adding three new LEGS antennas to the Near Space Network. As NASA works toward sustaining a human presence on the moon, communications and navigation support will be crucial to each mission's success. The LEGS antennas will directly support the later Artemis missions, and accompanying missions such as the human landing system, lunar terrain vehicle, and Gateway.

ABL loses rocket after static-fire test. SpaceNews.com article. Pull quote: ““After a pre-flight static fire test on Friday, a residual pad fire caused irrecoverable damage to RS1. The team is investigating root cause and will provide updates as the investigation progresses,” the company stated. It did not disclose additional details about the incident.”

Federal Review May Delay the Next SpaceX Flight. GovTech.com article. Pull quote: “Neither the FAA nor SpaceX would describe the requested changes, but the agency said previously that if the company changes the craft's configuration or flight profile, a new license would be required.”

No End in Sight for Falcon 9 Grounding. SpaceAndDefense.io article. Pull quote: “Meanwhile, NASA is in a bind. The Falcon 9 rocket is the only US-made rocket capable of carrying astronauts to the International Space Station, and it was due to operate the Crew-9 mission in mid-August. NASA says crew safety and mission assurance are its top priorities so it will review that launch date.”

House Passed HR 8998 – FY 2025 IER Spending Bill

The House resumed consideration of HR 8998, the Department of the Interior, Environment, and Related Agencies [IER] Appropriations Act, this morning. They just finished action on the bill, passing it by a straight party-line vote of 210 to 202.

No action was taken on HR 8897, the Energy and Water Development and Related Agencies Appropriations Act, 2025, even though the House completed consideration of all the authorized amendments yesterday. A planned vote for last night was cancelled when it was apparent to the leadership that there were not enough votes to pass the bill.

Review - HR 8537 Introduced – East Palestine Health Study

Back in May, Rep Joyce (R,OH) introduced HR 8537, the East Palestine Health Impact Monitoring Act of 2024. The bill would require HHS to conduct a study on the health effects of the 2023 East Palestine, OH train derailment. The bill would authorize “such sums as may be necessary for fiscal year 2025, to remain available until September 30, 2029, to carry out this Act”.

This bill is nearly identical to the reported version of S 4045. The Senate Health, Education, Labor and Pensions Committee approved that revised language in markup hearing on May 23^rd, 2024. No further action has been taken in the Senate.

Moving Forward

Neither Joyce, nor any of his four cosponsors are members of the House Energy and Commerce Committee to which this bill was assigned for consideration. This means that there probably is no sufficient influence to see the bill considered in Committee. With the vague funding language, I suspect that if the bill were considered, it would receive some level of bipartisan support in Committee. Whether it would be enough to allow the bill to reach the floor under the suspension of the rules process remains to be seen.

 

For more details about the provisions of this bill, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/hr-8537-introduced - subscription required.

OMB Approves HPAI Emergency ICR for Dairy Cattle

Yesterday the OMB’s Office of Information and Regulatory Affairs (OIRA) announced that it had approved an emergency information collection request from USDA’s Animal and Plant Health Inspection Service (APHIS) for “HPAI: Testing, Surveillance, and Reporting of HPAI in Livestock; Dairy Herd Certification”. OIRA notes that APHIS has already been collecting this information without an approved ICR, that may explain the delay (request submitted June 28^th, 2024) in approving the emergency ICR.

The supporting document for this ICR provides a good summary of the problems associated with the recent discovery of Highly Pathogenic Avian Influenza (HPAI) in dairy herds and the USDA’s response activities.

OMB Approves EPA 1-Bromopropane TSCA NPRM

Yesterday, the OMB’s Office of Information and Regulatory Affairs (OIRA) announced that it had approved a notice of proposed rulemaking from the EPA on “1-Bromopropane (1-BP); Regulation Under the Toxic Substances Control Act (TSCA)”. The NPRM was submitted to OIRA on December 12^th, 2023.

According to the Spring 2024 Unified Agenda entry for this rulemaking:

“This proposed rulemaking will address the unreasonable risk of injury to health presented by 1-bromopropane (1-BP). Section 6(a) of the Toxic Substances Control Act (TSCA) requires EPA address by rule any unreasonable risk identified in a TSCA risk evaluation and apply requirements to the extent necessary so the chemical no longer presents unreasonable risk. The Agency’s development of this rule incorporates significant stakeholder outreach and public participation, including over 40 external meetings as well as required Federalism, Tribal, and Environmental Justice consultations and a Small Businesses Advocacy Review Panel. Specifically, EPA engaged in discussions with industry, non-governmental organizations, other government agencies, technical experts and users of 1-BP, and the general public to hear from users, academics, manufacturers, and members of the public health community about practices related to commercial uses of 1-BP. EPA's risk evaluation for 1-BP, describing the conditions of use, is in docket EPA-HQ-OPPT-2019-0235 [link added], with the 2022 unreasonable risk determination and additional materials in docket EPA-HQ-OPPT-2016-0741 [link added].”

Additional information is available on the EPA’s Risk Evaluation for 1-Bromopropane (1-BP) web site.

As with most TSCA risk reduction rules, I will probably not cover this rulemaking in any detail. I will, however, at least mention it’s publication in the appropriate Short Takes post.

Short Takes – 7-23-24

How Russia-Linked Malware Cut Heat to 600 Ukrainian Buildings in Deep Winter. Wired.com article. Pull quote: “The malware, which Dragos is calling FrostyGoop, represents one of less than 10 specimens of code ever discovered in the wild that's designed to interact directly with industrial control-system software with the aim of having physical effects. It's also the first malware ever discovered that attempts to carry out those effects by sending commands via Modbus, a commonly used and relatively insecure protocol designed for communicating with industrial technology.” Dragos report link.

Can light spark superconductivity? A new study reignites debate. ScienceNews.org article. Pull quote: “Physicist Nan-Lin Wang of Peking University is convinced that magnetic fields are expelled when the laser pulse hits the YBCO. But whether that implies superconductivity as it is normally defined is unclear. It might be the result of preexisting, small-scale superconducting currents being amplified, rather than of typical large-scale superconductivity. “The underlying physics could be very complicated,” he says.”

Discovery of 'dark oxygen' from deep-sea metal lumps could trigger rethink of origins of life. LiveScience.com article. Pull quote: “"For aerobic life to begin on the planet, there has to be oxygen and our understanding has been that Earth's oxygen supply began with photosynthetic organisms," he said. "But we now know that there is oxygen produced in the deep sea, where there is no light. I think we therefore need to revisit questions like: where could aerobic life have begun?"”

Spending Bills Considered in the House – HR 8997 and HR 8998 – 7-23-24

The House began consideration today of two spending bills, HR 8997 (the FY 2025 EWR spending bill) and HR 8998 (the FY 2025 IER spending bill), under the provisions of H Res 1370, which was approved earlier this morning by a straight party-line vote of 211 to 197 (with 24 members not voting).

HR 8997

Consideration started with HR 8997, starting with an en bloc amendment that contained 28 separate amendments. This en bloc included Amendment #30 offered by Rep Moylan (R,Guam) that calls for a CESER assessment on the cybersecurity of Guam's energy installations.  

There was an additional cybersecurity amendment that I had missed in yesterday’s post. Amendment #74 was offered by Rep Van Drew (R,NJ). It would move $10,000,000 from renewable energy programs to enhance the security of existing electrical transformers from cyber threats and from physical attacks from individuals. It was debated for 6-minutes, and a recorded vote was demanded. The amendment subsequently passed by a vote of 214 to 203 with 9 Republicans voting Nay and 10 Democrats voting Aye.

Action was completed on all amendments and a final vote was postponed, probably until tomorrow.

HR 8998

The House began consideration of HR 8998 at about 6:00 pm EDT. None of the amendments to be considered under H Res 1370 are of particular interest here. As of the time of this writing (10:43 pm EDT), the House is debating Amendment #42. With a total of 97 amendments to consider the House is unlikely to try to finish up tonight.

We will probably see final votes on both bills tomorrow afternoon.

House Passes HR 8812 – Water Resources Development Act

Yesterday, the House took up HR 8812 [removed from paywall], the Water Resources Development Act of 2024, under the suspension of the rules process. After almost 30 minutes of debate a vote was demanded in lieu of a voice vote on the bill. Subsequently, the House voted 359 to 13 (with 59 members not voting) to pass the bill. Twelve Republicans (no points for guessing who) voted against the bill.

Only one member spoke in opposition to the bill during the debate, Rep Cole (R,OK). Cole noted that (H4705):

“Creating self-funded agencies also removes them from the top-line spending caps on appropriations, thereby increasing total spending and taking another piece of total spending outside of fiscal controls. Finally, it is the Appropriations Committee’s exclusive jurisdiction to determine how much funding each Federal agency must work with, by carefully balancing the needs of the entire Federal Government. Putting certain agencies or activities outside of appropriations makes comprehensive budgeting more difficult, as agencies evade congressional controls.”

Cole voted to pass the bill.

There is one cybersecurity provision in the bill (Section 136). It provides restrictions on the Army Corps of Engineers new employment of remote operations of at a navigation or hydroelectric power generating facility without first notifying Congress that certain actions have been taken. Those action would include specific activities to address “cyber and physical security risks”.

Bills Introduced – 7-22-24

Yesterday with the House in Washington and the Senate meeting in pro forma session, there were 27 bills introduced. One of those bills will receive additional attention in this blog:

HR 9083 To amend the Energy Policy and Conservation Act to require States to include supporting the physical security, cybersecurity, and resilience of local distribution systems in State energy security plans. Latta, Robert E. [Rep.-R-OH-5].

Review – 3 Advisories and 1 Update – 7-23-24

Today, CISA’s NCCIC-ICS published control system security advisories for products from National Instruments (2) and Hitachi Energy. They also published an update for products from Mitsubishi.

Advisories

National Instruments Advisory #1 - This advisory describes three vulnerabilities in the NI LabVIEW product.

National Instruments Advisory #2 - This advisory describes a stack-based buffer overflow vulnerability in the NI I/O TRACE products.

Hitachi Energy Advisory - This advisory discusses four vulnerabilities in the Hitachi Energy AFS/AFR series managed switches.

Hitachi Energy Update - This update provides additional information on the IED Connectivity Packages advisory that was originally published on November 29^th, 2022.

 

For more information on these advisories, including links to 3^rd party advisories and researcher reports, see  my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/3-advisories-and-1-update-7-23-24 - subscription required.

Siemens Published Two Out-of-Zone Advisories – 7-22-24

Yesterday, Siemens published two unusual out-of-zone cybersecurity advisories. The first describes vulnerabilities in multiple SICAM products. The second is an update for their Radius Protocol advisory.

SICAM Advisory - This advisory describes two vulnerabilities in three SICAM products.

NOTE: I suspect that we will see a similar advisory from CISA either later today or on Thursday.

Radius Update - This update provides additional information on their RADIUS Protocol advisory that was originally published on July 9^th, 2024.

NOTE: CISA no longer publishes updates for their advisories (ICSA-24-193-05 in this case) covering Siemens products.

 

For more details about these two advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/siemens-published-two-out-of-zone - subscription required.

Short Takes – 7-22-24

A stellar explosion may add a temporary ‘new star’ to the night sky this summer. ScienceNews.org article. Pull quote: “The brightening point of light will not be a new star, but a nova eruption about 3,000 light-years from Earth. There, a white dwarf star orbiting a red giant tears material from its larger companion. When enough mass collects on the white dwarf’s surface, the rising pressure and temperature will trigger a blast that can be seen from Earth with the naked eye — but for only a few days to a week.”

The power of proprioception: how to improve your ‘sixth sense’ – and become healthier and happier. TheGuardian.com article. Pull quote: “Proprioceptors are receptors mainly located in the muscles, tendons and joints, which work in conjunction with our body’s other sensory systems to deliver us information on our movements and environment. These let you sense the position of your limbs or even digits – “Think about splaying out your toes: you know it’s happening without looking at them, right?” says McDowell – but also gauge the weight of objects you’re interacting with, or pick up on changes in the surface you’re walking on.”

Timeline slipping for House GOP funding plans. TheHill.com article. Pull quote: “But in a new floor schedule, the House laid out plans to only vote on two bills [instead of the originally planned four bills] this week, including measures to fund the departments of Interior and Energy for much of 2025, while punting plans to vote on funding proposals for agencies like the Department of Agriculture and financial services.”

H Res 1370 – Rule for Consideration of HR 8997 and HR 8998

Earlier today, the House Rules Committee met to formulate the rule for the consideration of HR 8997, the FY 2025 EWR spending bill, and HR 8998, the FY 2025 IER spending bill. The Committee crafted H Res 1370 to govern the consideration of the two bills. The Committee also published their Report to accompany H Res 1370.

The rule provides that both bills will be addressed separately under nearly identical structured rules. This limits debate and provides a limited number of amendments that will be considered for each bill on the floor of the House. The allowed amendments are listed in appendixes to Committee’s Report; 65 amendments for HR 8997 and 97 amendments for HR 8998. Text of the authorized amendments are included in the Report.

In my CFSN Detailed Analysis post (subscription required) for HR 8997 I identified one amendment submitted by Rep Moylan (R,Guam) that might be of interest here; that amendment was included in the list of 65 amendments to be offered on the floor – Amendment # 30 (link to original amendment submitted to the Rules Committee). That amendment proposed to increase and decreases the Department of Energy Energy Programs, Cybersecurity, Energy Security, and Emergency Response account to emphasize the need of Guam Power Authority for a Department of Energy assessment on the cybersecurity of Guam's energy installations.

In my CFSN Detailed Analysis post (subscription required) for HR 8997 I identified one amendment submitted by Rep DeSaulnier (D,CA) that might be of interest here; that amendment was not included in the floor package for the bill. DeSaulnier’s amendment would have increased the FY 2025 spending for the Chemical Safety Board by $1 million.

 

Review - Congressional Hearings – Week of 7-21-24

This week, with both the House and Senate back in Washington (and looking forward to their August Recess). In addition to some high-profile hearings (not covered here) on the attempted Trump assassination, there is a full slate of hearings in both bodies. Spending bills are being teed up in the House with a Rules Committee hearing. There are two transportation related hearings in the House. There is one cybersecurity regulatory panel scheduled.

Spending Bills

The House Rules Committee will meet today to formulate the rule for the consideration of four spending bills (FinServices, IER, EWR, and ARD).

The Senate Appropriations Committee will hold a hearing on Thursday to mark up four spending bill; CJS, IER, State, and Thud.

Transportation Hearings

On Tuesday, the Subcommittee on Railroads, Pipelines, and Hazardous Materials of the House Transportation and Infrastructure Committee will hold a hearing on “Examining the State of Rail Safety in the Aftermath of the Derailment in East Palestine, Ohio”.

On Wednesday, the Subcommittee on Highways and Transit of the House Transportation and Infrastructure Committee will hold a hearing on “Examining the Department of Transportation’s Regulatory and Administrative Agenda”.

will not be a DOT spokesperson on the panel.

Cybersecurity

On Thursday, the Subcommittee on Cybersecurity, Information Technology, and Government Innovation of the House Oversight and Accountability Committee will hold a hearing on “Enhancing Cybersecurity by Eliminating Inconsistent Regulations”.

Markup Hearings

On Wednesday, the Senate Homeland Security and Governmental Affairs Committee will hold a business meeting. The bills of interest here include:

S 4630, Streamlining Federal Cybersecurity Regulations Act,

S 4697, Healthcare Cybersecurity Act of 2024, and

S 4715, Federal Cyber Workforce Training Act of 2024

On the Floor

In addition to the two spending bills described above, The House will be taking up 20 bills under the suspension of the rules process, including the following bill of interest here: HR 8812, Water Resources Development Act. That will be considered today, though a final vote (if needed) may not happen until later this week.

 

For more details about these hearings, including witness lists, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/congressional-hearings-week-of-7 - subscription required.

Review - HR 8998 Introduced – FY 2025 IER Spending

Earlier this month, Rep Simpson (R,ID) introduced HR 8898, the Department of the Interior, Environment, and Related Agencies [IER] Appropriations Act, 2024. The House Appropriations Committee published their Report on the bill. There is no specific cybersecurity funding mentioned in the bill. The bill does contain reduced funding for the Chemical Safety and Hazard Investigation Board (CSB) and one chemical safety funding restriction. The Report discusses one cybersecurity spending issue and several chemical safety initiatives.

Moving Forward

This very partisan spending bill is scheduled to be considered this week. There will be no Democrats voting to support this bill, so the leadership will need nearly every Republican vote to pass the bill. The question is, will the radical wing of the party think that the bill goes far enough to castrate the operations of the EPA. If their answer is no, this bill will not pass.

 

For more details about the provisions of this legislation, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/hr-8998-introduced - subscription required.

Review - HR 8997 Introduced – FY 2025 EWR Spending

Earlier this month Rep Fleischmann (R,TN) introduced HR 8997, the Energy and Water Development and Related Agencies Appropriations Act, 2025. The House Appropriations Committee published their Report on the bill. The bill only contains one cybersecurity mention, but the report discusses multiple cybersecurity issues as well as some unique chemical processing issues.

Moving Forward

The House is expected to consider the bill this coming week. This was one of the spending bills that was passed last year, and it will probably pass again. It is highly unlikely that the Senate will take up their version of the bill before the end of the September. That means that once again, we are going to see conflict between the House leadership and the spending radicals on how to pass minibus spending bills. This year, that conflict is going to be aggrevated by whatever election results we end up with in November.

 

For more information on the cybersecurity and chemical provisions of the bill, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/hr-8997-introduced - subscription required.

EPA Sends TCE TSCA Final Rule to OMB

Thursday, the OMB’s Office of Information and Regulatory Affairs (OIRA0 announced that it had received a final rule from the EPA on “Trichloroethylene (TCE); Regulation Under the Toxic Substances Control Act (TSCA)”. The notice of proposed rulemaking was published on October 31^st, 2023.

According to the Spring 2024 Unified Agenda Entry for this rulemaking:

“On October 31, 2023, EPA issued a proposed rule to address the unreasonable risk of injury to human health presented by trichloroethylene (TCE) under its conditions of use as documented in EPA's November 2020 Risk Evaluation for TCE and January 2023 revised risk determination for TCE pursuant to the Toxic Substances Control Act (TSCA). TCE is widely used as a solvent in a variety of industrial, commercial and consumer applications including for hydrofluorocarbon (HFC) production, vapor and aerosol degreasing, and in lubricants, greases, adhesives, and sealants. TSCA requires that when EPA determines a chemical substance presents unreasonable risk that EPA address by rule the unreasonable risk of injury to health or the environment and apply requirements to the extent necessary so the chemical no longer presents unreasonable risk. EPA determined that TCE presents an unreasonable risk of injury to health due to the significant adverse health effects associated with exposure to TCE, including non-cancer effects (liver toxicity, kidney toxicity, neurotoxicity, immunotoxicity, reproductive toxicity, and developmental toxicity) as well as cancer (liver, kidney, and non-Hodgkin lymphoma) from chronic inhalation and dermal exposures to TCE. TCE is a neurotoxicant and is carcinogenic to humans by all routes of exposure. The most sensitive adverse effects of TCE exposure are non-cancer effects (developmental toxicity and immunosuppression) for acute exposures and developmental toxicity and autoimmunity for chronic exposures. To address the identified unreasonable risk, EPA is proposing to: prohibit all manufacture (including import), processing, and distribution in commerce of TCE and industrial and commercial use of TCE for all uses, with longer compliance timeframes and workplace controls for certain processing and industrial and commercial uses (including proposed phaseouts and time-limited exemptions); prohibit the disposal of TCE to industrial pre-treatment, industrial treatment, or publicly owned treatment works, with a time-limited exemption for cleanup projects; and establish recordkeeping and downstream notification requirements.”

CRS Reports – Week of 7-13-24 – Automotive Right-to-Repair

This week the Congressional Research Service (CRS) published a report on “Access to Motor Vehicle Software and Data”. This report is a relatively lengthy discussion of the issues related to the ownership and use of data produced by and stored in modern motor vehicles. It includes an analysis of HR 906 (has not been covered here), the Right to Equitable and Professional Auto Industry Repair (REPAIR) Act, which addresses those issues.

Sections of the report addresses: 

• Motor Vehicle and Aftermarket Industries,

• Software-Defined Vehicles (SDVs),

• Potential Direct OEM-Consumer Relationship and Bypass of Dealers,

• Executive Branch Oversight of Aftermarket,

• Copyright Laws Related to the SDV Aftermarket,

• State Laws and Reactions: 2012-2024, and

• Options for Congress

In the discussion about copyright laws (particularly 17 USC §1201), there is a detailed (and thoroughly footnoted) review of the proposed extension of the Library of Congress’ current exemption “{§1201(a)(1)} allowing a person may circumvent access controls on computer programs when doing so is a necessary step for diagnosing, maintaining, or repairing a motorized land vehicle, such as a personal automobile or commercial vehicle. The current exemption expires on October 27^th, 2024.

Review - Public ICS Disclosures – Week of 7-13-24 - DTRH

During today’s Public ICS Disclosure research I ran across an interesting statement on the Rockwell advisories:

Customers can use Stakeholder-Specific Vulnerability Categorization to generate more environment specific prioritization.

It looks like this is now part of the boilerplate for Rockwell advisories. Looking through past advisories it was added to the boilerplate in October of last year.

New (?) CISA Tool

The link provided in the Rockwell advisory leads to a CISA web page that has probably been around for a while now, but CISA does not date their pages, so no telling how long. That page notes:

“Carnegie Mellon University's Software Engineering Institute (SEI), in collaboration with CISA, created the Stakeholder-Specific Vulnerability Categorization (SSVC) system in 2019 to provide the cyber community a vulnerability analysis methodology that accounts for a vulnerability's exploitation status, impacts to safety, and prevalence of the affected product in a singular system. CISA worked with SEI in 2020 to develop its own customized SSVC decision tree to examine vulnerabilities relevant to the United States government (USG), as well as state, local, tribal, and territorial (SLTT) governments, and critical infrastructure entities. Implementing SSVC has allowed CISA to better prioritize its vulnerability response and vulnerability messaging to the public.”

The CISA tool allows users to prioritize vulnerability response at the user level. The user provides information about an individual vulnerability and the tool assigns the vulnerability to one of the following response categories:

• Track – remediate within standard update timelines,

• Track* - remediate within standard update timelines, but monitor closely for vulnerability status changes,

• Attend – requires management attention, remediate sooner than standard update timelines, and

• Act – remediate as soon as possible.

 

For more details about the SSVC, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-7-252 - subscription required.

Chemical Incident Reporting – Week of 7-13-24

NOTE: See here for series background.

Savannah, GA – 7-13-24

Local News Reports: Here, here, and here.

There was a fire with an explosion at a large wood-chip storage facility. Heat related injuries with no hospitalization and no damage estimates are available yet. There are mentions of a rail car being involved, but no details

Possible CSB reportable if damage costs are high enough. This could involve a dust explosion which the Board has taken direct interest in in the past.

Review – Public ICS Disclosures – Week of 7-13-24

This week we have three vendor disclosures on the regreSSHion vulnerability from Bosch, Broadcom, HMS  We have 14 additional vendor disclosures from ABB, Dell, Fujitsu, Hitachi, HP (4), HPE (3), Rockwell (2), and Wireshark. There are also five vendor updates from BD and HPE (4). Finally, we have four researcher reports about vulnerabilities in products from Asus, Synology, and Unitronics (2).

RegreSSHion Advisories

Bosch published an advisory that lists affected products and fixed versions.

Broadcom published an advisory that lists the products that are not affected.

HMS published an advisory that lists the affected products and announces that fixes have been applied.

Advisories

ABB Advisory - ABB published an advisory that describes an unquoted search path or element vulnerability in their Mint Workbench product.

Dell Advisory - Dell published an advisory that lists a large number (nope, I am not counting them all) of 3^rd party vulnerabilities in their ThinOS product.

Fujitsu Advisory - JP-CERT published an advisory that describes a path traversal vulnerability in the Fujitsu Network Edgiot GW1500 product.

Hitachi Advisory - Hitachi published an advisory that discusses 42 vulnerabilities in their Disc Array Systems products.

HP Advisory #1 - HP published an advisory that describes a buffer overflow vulnerability in multiple desk top computers.

HP Advisory #2 - HP published an advisory that describes two privilege escalation vulnerabilities in their display control software.

NOTE: The HP Security Bulletins page lists two additional advisories (here and here), but neither page currently opens.

HPE Advisory #1 - HPE published an advisory that describes a remote bypass of a security restriction vulnerability in their 3PAR Service Processor Software.

HPE Advisory #2 - HPE published an advisory that discusses 17 vulnerabilities (one with known exploits) in their Unified OSS Console Assurance Monitoring (UOCAM) product.

HPE Advisory #3 - HPE published an advisory that discusses two vulnerabilities in their ProLiant DL/ML/XL, Synergy, Edgeline and Alletra Servers.

Rockwell Advisory #1 - Rockwell published an advisory that describes an improper input validation vulnerability in their SequenceManager Server.

Advisory #2 - Rockwell published an advisory that describes an improper input validation vulnerability in their 5015 – AENFTXT product.

Wireshark Advisory - Wireshark published an advisory that describes a packet injection vulnerability in their SPRT dissector product.

Updates

BD Update - BD published an update for their Third-Party ESET advisory that was originally published on March 29^th, 2024.

HPE Update #1 - HPE published an update for their Intel Thunderbolt Driver advisory that was originally published on May 14^th, 2024 and most recently updated on June 17^th, 2024.

HPE Update #2 - HPE published an update for their Intel PROSet/Wireless WiFi and Bluetooth advisory that was originally published on May 14^th, 2024 and most recently updated on June 17^th, 2024.

HPE Update #3 - HPE published an update for their Intel Chipset Device Software advisory that was originally published on June 28^th, 2024.

HPE Update #4 - HPE published an update for their Intel 2024.1 IPU - Chipset Software advisory that was originally published on March 13^th, 2024 and most recently updated on April 10^th, 2024.

Researcher Reports

Asus Report - BugProve published a report describing a stack-based buffer overflow vulnerability in the Asus RT-AC87U router.

Synology Report - Claroty published a report that describes a classic buffer overflow vulnerability in the Synology BC 500 IP camera.

Unitronics Reports - Claroty published two reports about individual vulnerabilities in the Unitronics Vision Plc.

 

For more information about these disclosures, including links to 3rd party advisories and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-7-3e2 - subscription required.

Short Takes – 7-19-24

EU Shell-Production Capacity, Supplies To Ukraine Fall Far Short Of Promises. RFERL.org article. Pull quote: “"For 30 years, no one has invested in this, and now everyone has rushed to this limited pool of people, production facilities, and components," Byelyeskov said. "It's clear that [boosting production in the EU] will take time. The market is responding, but not as quickly as we would like."”

Ransomware attacks are hitting energy, oil and gas sectors especially hard, report finds. CyberScoop.com article. Pull quote: “According to Sophos, nearly half of successful attacks occurred because of an unpatched or unmitigated vulnerability, while just over a quarter were due to compromised credentials, per the report. Researchers also noted that energy, oil and gas, and utilities make up the sector “most likely to fall victim to the exploitation of unpatched vulnerabilities.””

Looking ahead to the next 25 years of private space stations. Space.com article. Pull quote: “Both Axiom Space and Blue Origin have received support for these initiatives from NASA's Commercial Low Earth Orbit Development Program. The Starlab space station — a project involving Nanoracks, Voyager Space and Lockheed Martin — also won a NASA award and could come as soon as 2028.”

Short Takes – 7-18-24 – Space Geek Edition

NASA Spent $450 Million on a Moon Rover. Now It’s Canceling the Mission. NYTimes.com article (free). Pull quote: “NASA is planning to disassemble VIPER and use the instruments and other components on the other missions. However, NASA said it was willing to listen to proposals from American companies or international partners for using the VIPER system as is, as long as there would be no additional cost to the federal government.”

How NASA and SpaceX will bring down the space station when it's retired. Phys.org article. Pull quote: “NASA wants to bring back some small items from inside the space station for museum display, like the ship's bell and logs, panels with patches and other mementos. Those can come down in SpaceX supply ships in the final year or two. "Unfortunately, we can't bring home really, really big stuff," said NASA's Ken Bowersox. "The emotional part of me would love to try and save some," but the most practical approach is to bring everything down in one destructive stroke, he said.”

Boiling Macaroni in Space? You’ll Need a Weirdly Shaped Pot. ScientificAmerican.com article. Pull quote: “Another problem concerns the science of boiling itself. On Earth, buoyancy-driven convection, in which cooler and denser water falls below hotter liquid, relies on gravity to distribute heat evenly and remove bubbles from the surface. In space, that doesn’t happen. Boiling water instead forms larger bubbles that loll around in place; this could lead to poorly cooked food. Thus, food has never been cooked by boiling in space. On the H0TP0T, however, heating elements are screwed to the outside of the aluminum shell to heat a large surface area of the pot, which lessens the need for gravity-driven convection to heat the water evenly. The container’s metal lid also has a pressure valve to release steam.”

After Falcon 9 Rocket Anomaly, SpaceX Seeks Rapid Return to Flight. ScientificAmerican.com article. Pull quote: “The Federal Aviation Administration (FAA) received a request from SpaceX on Monday (July 15) to continue launching Falcon 9 flights during the mandatory mishap investigation following the ill-fated Starlink 9-3 mission in which the rocket's upper stage experienced a liquid oxygen leak. SpaceX has asked the FAA to make a public safety determination, which would allow the company to resume launches if the administration determines the anomaly "did not involve safety-critical systems or otherwise jeopardize public safety," SpaceflightNow reported reported on Tuesday (July 16). The FAA also provided Space.com with the statement, after a request.”

NASA, Boeing Complete Starliner Engine Testing, Continue Analysis. Blogs.NASA.gov post. Pull quote: “NASA and Boeing engineers are evaluating results from last week’s engine tests at NASA’s White Sands Test Facility in New Mexico as the team works through plans to return the agency’s Boeing Crew Flight Test from the International Space Station in the coming weeks.

Teams completed ground hot fire testing at White Sands and are working to evaluate the test data and inspect the test engine. The ongoing ground analysis is expected to continue throughout the week. Working with a reaction control system thruster built for a future Starliner spacecraft, ground teams fired the engine through similar inflight conditions the spacecraft experienced on the way to the space station. The ground tests also included stress-case firings, and replicated conditions Starliner’s thrusters will experience from undocking to deorbit burn, where the thrusters will fire to slow Starliner’s speed to bring it out of orbit for landing in the southwestern United States. For a detailed overview of the test plans, listen to a replay of a recent media teleconference with NASA and Boeing leadership.”

NASA’s Curiosity Rover Discovers a Surprise in a Martian Rock. JPL.NASA.gov article. ““Finding a field of stones made of pure sulfur is like finding an oasis in the desert,” said Curiosity’s project scientist, Ashwin Vasavada of NASA’s Jet Propulsion Laboratory in Southern California. “It shouldn’t be there, so now we have to explain it. Discovering strange and unexpected things is what makes planetary exploration so exciting.””

Transportation Chemical Incidents – Week of 6-8-24

Reporting Background

See this post for explanation, with the most recent update here (removed from paywall).

Data from PHMSA’s online database of transportation related chemical incidents that have been reported to the agency.

Incidents Summary

• Number of incidents – 623 (538 highway, 76 air, 8 rail, water 1)

• Serious incidents – 5 (4 Bulk release, 1 evacuation, 0 injury, 0 death,0 major artery closed, 1 fire/explosion, 29 no release) Note: The fire was not reported as a ‘Serious’ incident.

• Largest container involved – 33,693-gal 112J340W railcar {Propane} Minor release (odor report), valve open and plug less that tool tight and needed new Teflon tape.

• Largest amount spilled – 200-gal Metal IBC, 275-gal{Corrosive Liquid, Acidic, Inorganic, N.O.S} Fork lift puncture on unloading dock.

NOTE: Links above are to Form 5800.1 for the described incidents.

Most Interesting Chemical: Nitroglycerin Solution in Alcohol With Not More Than 1 Percent Nitroglycerin – Primary hazard is the flammability of the ethyl alcohol, but if the alcohol is allowed to evaporate, the explosive hazard of the nitroglycerin becomes a potential source of ignition. Standard firefighting warning for ethyl alcohol, it burns with an ‘invisible’ flame, so fire detection can be a problem. Also, ethyl alcohol dissolved in water can burn, causing water runoff problems.

 

Bills Introduced – 7-18-24

Yesterday, with the House and Senate meeting in pro forma session, there were 32 bills introduced. Two of those bills will receive additional attention in this blog:

HR 9071 To require the Director of National Intelligence to declassify information relating to security threats posed by covered unmanned aircraft systems, and for other purposes. Nunn, Zachary [Rep.-R-IA-3]

HR 9074 To amend title 49, United States Code, to require Class I railroad carriers to operate certain freight trains with 2-person crews, and for other purposes. Sykes, Emilia Strong [Rep.-D-OH-13]

Short Takes – 7-18-24

Will space-based solar power ever make sense? ArsTechnica.com article. Pull quote: “These plans involve large fluxes of microwave or radio radiation. But space-based solar power is relatively safe. For microwave radiation from a space-based solar power installation, “the only known effect of those frequencies on humans or living things is tissue heating,” Vijendran said. “If you were to stand in such a beam at that power level, it would be like standing in the… evening sun.” Still, Caplin said that more research is needed to study the effects of these microwaves on humans, animals, plants, satellites, infrastructure, and the ionosphere.”

New map depicts the world’s hidden reserves of groundwater in unprecedented detail. TheHill.com article. Pull quote: “These groundwater springs are resources that are often hidden and exposed to destruction by agriculture. About 53 percent of the ecosystems identified on the map are undergoing depletion, and of these declining springs, only one-fifth are under any official protection.”

How Countries Are Preparing for a Potential Bird Flu Pandemic. ScientificAmerican.com article. Pull quote: “Isabella Monne, who studies the molecular epidemiology of animal viruses at the Experimental Zooprophylactic Institute of Venice in Legnaro, Italy, is developing and evaluating tools to help laboratories across Europe to detect viral particles and antibodies, which are evidence of past infection, in cow blood and milk. Groups across Europe, Canada and the United States have started testing cow blood or bulk milk samples.”

Long Covid and Vaccination: What You Need to Know. NYTimes.com article (free). Pull quote: “In the new study, published in the New England Journal of Medicine, Dr. Al-Aly and his colleagues provided persuasive evidence that vaccines cut the risk of long Covid.”

Sea ice's cooling power is waning faster than its area of extent. NewsWise.com article. Pull quote: “Beyond disappearing ice cover, the remaining ice is also growing less reflective as warming temperatures and increased rainfall create thinner, wetter ice and more melt ponds that reflect less solar radiation. This effect has been most pronounced in the Arctic, where sea ice has become less reflective in the sunniest parts of the year, and the new study raises the possibility that it could be an important factor in the Antarctic, too—in addition to lost sea ice cover.”

Review – 3 Advisories Published – 7-18-24

Today, CISA’s NCCIC-ICS published two control system security advisories for products from Subnet Solutions and Mitsubishi Electric. They also published a medical device security advisory for products from Philips.

Advisories

Subnet Advisory - This advisory discusses a prototype pollution vulnerability with known exploits in the Subnet PowerSYSTEM Center.

Mitsubishi Advisory - This advisory discusses an improper verification of cryptographic signature vulnerability in the Mitsubishi MELSOFT MaiLab.

Philips Advisory - This advisory discusses 13 vulnerabilities (2 with known exploits) in the Philips Vue PACS product.

 

For more information on these advisories, including links to 3rd party advisories and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/3-advisories-published-7-18-24 - subscription required.

Review - HR 8544 Introduced – Right-to-Repair

Back in May, Rep Morelle (D,NY) introduced HR 8544, the Fair Repair Act. The bill would establish a requirement for original equipment manufacturers to make available “documentation, parts, and tools, inclusive of any updates to information or embedded software” for the purpose of diagnosis, maintenance or repair of equipment sold or used in the United States. It would also make the Federal Trade Commission the agency responsible for enforcement of the requirement.

Morelle introduced a similar bill last session, HR 4006 (removed from paywall). No action was taken on that bill. There have been significant changes made from that earlier version.

Moving Forward

Neither Morelle or his three cosponsors are members of the House Energy and Commerce Committee to which this bill was assigned for consideration. Generally, this means that the Committee is unlikely to consider this bill. If the bill were to be considered in Committee, it would almost certainly draw significant opposition from Republicans supporting manufacturers, and from some Democrats for privacy issues. There may not be enough votes to move the bill forward because of that opposition.

Commentary

This bill addresses an issue of some importance, but I think that more works needs to be done on the concept.

There is one particular piece that deserves specific attention, the provision concerning security measures. If this were included in a bill written by some law-and-order Republican, I would suspect that §4(1) was specifically included to provide police with a way to get around encryption on computers and communication devices. Limitations need to be put into place to ensure that this is not a tool to get around self-incrimination protections.

 

For more details about the provisions of the bill, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/hr-8544-introduced - subscription required.