Short Takes – 7-31-24

The Bird Flu Threat Keeps Growing. Wired.com article. Pull quote: “The CDC’s sequencing of the virus from the sixth human case reported from Colorado shows that it is related to the viruses detected in recent poultry outbreaks and infected dairy cattle herds. It contains a marker of mammalian adaptation that has been identified in more than 99 percent of dairy cow sequences, as well as in the first Michigan human case.”

Joint Counter-Small UAS Office conducts successful counter drone-swarm demonstration. Army.mil article. Pull quote: “Parent said that the JCO will look to begin prototyping specific C-sUAS proposals in 2025 based on specific capabilities and the needs of combatant commanders. The JCO scheduled its next C-sUAS demonstration between the second and third quarters of fiscal year 2025.” Long lead time for quickly changing tactical situation.

With a landmark launch, the Pentagon is finally free of Russian rocket engines. ArsTechnica.com article. Pull quote: “The launch Tuesday morning was the end of an era born in the 1990s when US government policy allowed Lockheed Martin, the original developer of the Atlas V, to use Russian rocket engines during its first stage. There was a widespread sentiment in the first decade after the fall of the Soviet Union that the United States and other Western nations should partner with Russia to keep the country's aerospace workers employed and prevent "rogue states" like Iran or North Korea from hiring them.”

Spacecraft travels to metal object orbiting Earth, snaps stunning views. Mashable.com article. Pull quote: “The discarded three-ton rocket, a robust piece of space junk some 36 feet (11 meters) long, is the type of problematic debris agencies seek to remove from our planet's orbit. A future collision could spawn thousands more objects, posing threats to satellites and potentially the International Space Station. The Japanese satellite technology company Astroscale plans to remove this spent rocket stage, but is first gathering more information on the rocket's condition and motion.”

HSGA Takes Action on 3 Bills of Interest –

Today, the Senate’s Homeland Security and Governmental Affairs Committee held the continuation of last week’s Business Meeting. While not all of the bills listed on the agenda were addressed today, the three bills that I identified as being of potential interest here were amended and recommended reported favorably by a vote of 10 to 1 in all three instances. There were four additional yeah votes cast by proxy, but those are only reported, not counted in the official vote tally. The three bills were:

S 4630, Streamlining Federal Cybersecurity Regulations Act,

S 4697, Healthcare Cybersecurity Act of 2024, and

S 4715, Federal Cyber Workforce Training Act of 2024

The Committee does not typically publish substitute language, or other amendments. We will have to wait for the publication of the Committee’s reports on the bills to see what changes have been made.

In all three cases, the Committee adopted substitute language from the original author. For S 4630 and S 4697, that language was further modified by unanimous consent. The one Nay vote for each of the bills came from Sen Paul (R,KY). Paul’s opposition practically means that there is little chance of the bill being considered under the Senate’ unanimous consent process, as he is quick to use his objection to thwart the consideration of bills that he opposes. Since Paul is the Ranking Member, he has effective veto of these bills being considered as amendments to bills being considered on the floor of the Senate.

Review - HR 8590 Introduced – Counter UAS Training

Back in June, Rep Strong (R,AL) introduced HR 8950, the National Training Center for Counter-Unmanned Aircraft Systems Act. The bill would amend the Homeland Security Act of 2002 by adding two new sections dealing with counter UAS training. No new funding is authorized by the bill.

Moving Forward

Strong is not a member of either the House Judiciary Committee (to which primary consideration was assigned) nor the Transportation and Infrastructure Committee (to which the secondary consideration was assigned). This means that the bill is not likely to have enough influence behind it to see it considered in either committee. I suspect that were the bill to be considered, it would receive some level of bipartisan support. I am not sure that it would be enough to see the bill move to the floor of the House under the suspension of the rules process. This bill I is not currently politically important enough to be considered under a rule.

Commentary

Section 124n provides limited authority for DOJ and DHS to conduct some counter UAS activities. The authority to conduct such activities at a ‘covered facility’ {see §124n(k)(3)} will terminate on October 1^st, 2024. This date has been moved in relatively small increments while Congress tries to work out a deal on rewriting §124n (or §210G of the Homeland Security Act of 2002). If this does not get ‘fixed’ permanently, the need for this legislation will pretty much disappear as the other cUAS uses authorized in §124n are relatively limited.

 

For more details about the provisions of this bill, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/hr-8590-introduced - subscription required.

Short Takes – 7-31-24 – Federal Register Edition

Banned Hazardous Substances: Aerosol Duster Products Containing More Than 18 mg in Any Combination of HFC-152a and/or HFC-134a. Federal Register CPSC notice of proposed rulemaking. Summary: “The U.S. Consumer Product Safety Commission (Commission or CPSC) is proposing to declare that any aerosol duster products that contain more than 18 mg in any combination of HFC-152a and/or HFC-134a are banned hazardous substances under the Federal Hazardous Substances Act (FHSA). For the ten-year period from 2012 to 2021, CPSC is aware of more than 1,000 deaths, and estimates 21,700 treated injuries involving the inhalation of aerosol duster products. The proposed rule addresses deaths and injuries associated with the propellants HFC-152a and HFC-134a used in aerosol duster products. The Commission is providing an opportunity for interested parties to submit written comments on this notice of proposed rulemaking (NPR).” Comment period ends September 30^th, 2024.

Agency Information Collection Activities: Requests for Comments; Clearance of a Renewed Approval of Information Collection: Small Unmanned Aircraft Systems (sUAS) Safety Event Reporting. Federal Register FAA 60-day ICR renewal notice. Background: “The title of this information collection is being changed from “Small Unmanned Aircraft Systems (sUAS) Accident Reporting” to “Small Unmanned Aircraft Systems (sUAS) Safety Event Reporting” to reflect the change made to the title of the applicable regulation (14 CFR, 107.9) in 2022. 14 CFR part 107.9 requires that a small unmanned aircraft system safety event be reported if it causes: (1) serious injury to any person or any loss of consciousness; or (2) damage to any property, other than the small unmanned aircraft, unless the cost of repair or fair market value in the event of total loss does not exceed $500. The information collected by the FAA through its DroneZone web portal, Flight Standards District Offices, one of the Regional Operations Centers, or the Washington Operations Center for each small UAS safety event will be used to investigate and determine regulatory compliance. In addition, the safety event information will go into the FAA aircraft accident database for safety analysis purposes by the FAA Office of Accident Investigation and Analysis, pursuant to its statutory safety mission.” Comments due: September 30^th, 2024.

Agency Information Collection Activities: VULNERABILITY DISCOVERY PROGRAM, OMB CONTROL NO. 1601-0028.  Federal Register DHS 60-day ICR renewal notice. Background: “DHS is requesting pursuant to 44 US Code 33554(a)(1)(B), that the information collection continue to be designated for any Federal agency's ability to utilize the standardized DHS online Vulnerability Disclosure Form to collect their own agency's vulnerability information and post the information on their own agency websites.”  Comments due: September 30^th, 2024. 

Short Takes – 7-30-24

Hikers are infecting Virginia wildlife with COVID-19, study finds. TheHill.com article. Pull quote: “The method of infection seemed to be discarded food from infected hikers, researchers said.”

Air Defense: High Speed Drone Interceptors. StrategyPage.com article. Pull quote: “So far the Ukrainians have not demonstrated they can mass produce enough of these attack drones to become a major problem for the Russians. Ukraine does have access to large manufacturing facilities in NATO countries. The problem is whether or not NATO countries move quickly enough to provide more manufacturing for new drone designs Ukraine needs. The Ukrainians have become accustomed to innovating and then manufacturing new drones quickly. Manufacturers in the United States, Europe, and Russia are not accustomed to going that way. They might be if, like Ukraine, they were fighting for survival.”

Boeing says Starliner hot fire test on ISS went well with return date decision coming up. Phys.org article. Pull quote: “Boeing is on contract to provide six trips to the ISS, but NASA on Friday revealed the earliest that the first mission, Starliner-1, would take place would be August 2025, which would allow Boeing time to put in corrective fixes to the service module based on this mission's findings.”

For the ISS, to be or not to be? TheSpaceReview.com article. Not well written, but an interesting idea none-the-less. Pull quote: “Another scenario maybe to have government and commercial entities share the cost of maintaining it at 800 kilometers, perhaps as a waystation to the Moon, sort of like in 2001: A Space Odyssey, and maybe as fuel depot. At $10,000 per pound to LEO, the 450-ton ISS's value is in its position and velocity. It would be asinine to lose that. The cost of $9–10 billion is perhaps a bean-counter argument, but it’s much worse to lose an incredible historic treasure that should not be measured in dollars and cents. Civilizations are not always built on bean counting. There has to be other considerations or we would not have any national parks, just a takeover by salivating land developers showing large bottom lines.”

Is Russia Trying to Poison Finland’s Water? ForeignPolicy.com article. Bit of click-bait headline, but interesting discussion. Pull quote: “Authorities are also asking: Who would have an interest in breaking into Finnish water plants? So far, they haven’t apprehended anyone or publicly identified a suspect. The intruders, though, are unlikely to have been ordinary criminals. “These are not the sort of break-ins criminals would commit,” said retired Maj. Gen. Pekka Toveri, a former chief of Finnish military intelligence who is now a member of the European Parliament.”

The CDC’s Test for Bird Flu Works, but It Has Issues. ScientificAmerican.com article. Pull quote: “As the CDC came under fire at the July 23 congressional hearing, Daniel Jernigan, director of the CDC’s National Center for Emerging and Zoonotic Infectious Diseases, noted that testing is just one tool. The agency needs money for another promising area — looking for the virus in wastewater. Its current program uses supplemental funds, he said: “It is not in the current budget and will go away without additional funding.””

Cybersecurity Labeling for Internet of Things. Federal Register FCC final rule. Summary: “In this document, the Federal Communications Commission (Commission or FCC) establishes a voluntary cybersecurity labeling program [emphasis added] for wireless consumer Internet of Things, or IoT, products. The program will provide consumers with an easy-to-understand and quickly recognizable FCC IoT Label that includes the U.S. Cyber Trust Mark and a QR code linked to a dynamic, decentralized, publicly available registry of more detailed cybersecurity information. This program will help consumers make safer purchasing decisions, raise consumer confidence regarding the cybersecurity of the IoT products they buy, and encourage manufacturers to develop IoT products with security-by-design principles in mind.” Effective date: August 29^th, 2024.

Review - S 4420 Introduced – USDA National Security

Back in May, Sen Padilla (D,CA) introduced S 4420, the Agriculture and National Security Act of 2024. The bill would require the Secretary of Agriculture to appoint a Senior Advisor for National Security to serve in the Office of the Secretary. The Advisory would serve as the Departments liaison with the National Security Council and would coordinate national security matters across the Department. No new funding would be authorized for this position.

Moving Forward

Neither Padilla nor this sole cosponsor {Sen Young (R,IN)} are members of the Senate Agriculture, Nutrition, and Forestry Committee to which this bill was assigned for consideration. This means that there is probably not sufficient influence to see the bill considered in Committee. I suspect that were the bill considered it would enjoy some level of bipartisan support. I see nothing in the bill that would engender any organized opposition that would rule out the bill being favorably considered on the floor of the Senate under the unanimous consent process, though unrelated issues could still result a consideration blocking objection.

Commentary

The USDA already has a Office of Homeland Security that is already responsible for dealing with national security issues through its National Security Division. That Division is already the Department’s “bridge to the Intelligence Community, National Security Council, and interagency working groups on national security threats and policy coordination”. Elevating a separate ‘Senior Advisor for National Security’ is a bureaucratic slap at that division. This bill should probably have formally established that Division and given it responsibility for the actions assigned here to the Advisor. Lacking that, the Division should have been elevated to the Office of the Secretary and headed by the Senior Advisor.

 

For more details about the provisions of the bill, including a brief description of a minor cybersecurity reporting requirement, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/s-4420-introduced - subscription required.

Review - S 4715 Introduced – Cyber Workforce Development

Earlier this month Sen Rounds (R,SD) introduced S 4715, the Federal Cyber Workforce Training Act of 2024. The bill would require the National Cyber Director to formulate a plan for the establishment of a federal cyber training institute. It does not authorize the actual establishment of the institute, that would require subsequent legislation. The bill specifically does not authorize new spending.

Moving Forward

This bill is scheduled to be taken up by the Senate Homeland Security and Governmental Affairs Committee tomorrow. This typically means that there is consensus on how to move forward with the bill. I suspect that there will be significant bipartisan support for the bill. The main question is whether or not Sen Paul (R,KY) will support the bill. While the bill can (and probably will) pass without Paul’s vote, his opposition will signal that the bill would not be able to be considered under the Senate’s unanimous consent process, nor would it likely be able to be considered as an amendment to another, more politically important bill.

Commentary

While the proposed institute is not a cybersecurity institute, all cyber work roles should include some level of cybersecurity responsibilities. I think it would be helpful to delineate a responsibility for the institute to establish a minimum level of cybersecurity training for all cyber personnel. To that end, I would like to suggest the insertion of a new §2(b)(2)(C):

“(C) establish a common skill level cybersecurity curriculum for all entry level positions and a more advanced cybersecurity training program for personnel transitioning to mid-career level positions;”

 

For more details about the provisions of this bill, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/s-4715-introduced - subscription required.

 

Short Takes – 7-29-24 – Space Geek Edition

NASA Aims to Restore Space Station Traffic After SpaceX and Boeing Problems. NYTimes.com article. Pull quote: “NASA has to juggle the comings and goings because there are only two ports at the space station where the Crew Dragon and Starliner can dock. With Starliner and one Crew Dragon already there, someone has to leave before the next Crew Dragon can arrive.”

SpaceX prepares for Starship flight with first 'chopstick' landing. NewScientist.com article. Pull quote: “Flight five is likely to be the first attempt at catching Starship’s Super Heavy booster – the first stage of the rocket – on the launch pad. SpaceX’s launch tower, called Mechazilla, is equipped with a pair of “chopsticks” that will ultimately grab the booster at a specific point and secure it, allowing it to be later lowered the remaining distance to the ground.”

SpaceX in talks to land and recover Starship rocket off Australia's coast. Reuters.com article. Pull quote: “The plan would be to launch Starship from a SpaceX facility in Texas, land it in the sea off Australia's coast and recover it on Australian territory. Getting permission to do so would require loosening U.S. export controls on sophisticated space technologies bound for Australia, according to the sources, who spoke on condition of anonymity.”

NASA Supports Burst Test for Orbital Reef Commercial Space Station. NASA.gov article. Pull quote: “Demonstrating the habitat’s ability to meet the recommended factor of safety through full-scale ultimate burst pressure testing is one of the primary structural requirements on a soft goods article, such as Sierra Space’s LIFE habitat, seeking flight certification.”

Announcing the launch of Starris: Optimax Space Systems, lifting precision optical payloads from idea to orbit in one year. SpaceNews.com article. Pull quote: “Starris will develop payloads from idea to launch-ready in less than one year for applications that include earth observing (land use, weather, natural resources, supply chain, emissions monitoring), space infrastructure (star trackers, navigation, docking), resource exploitation (survey and mining of the moon and asteroids), space manufacturing (microgravity production of pharmaceutics and advanced materials), and defense (earth orbiting and surveillance).”

HSGA Committee Announces Continuation of Markup Hearing – 7-31-24

Today, the Senate Homeland Security and Governmental Affairs Committee announced that it had rescheduled last week’s business meeting for Wednesday. Last week’s meeting only ended up covering one bill (S 1171, the ETHICS Act) out of the 33 scheduled. There are three bills of interest here that are on the list of bills to be considered:

S 4630, Streamlining Federal Cybersecurity Regulations Act,

S 4697, Healthcare Cybersecurity Act of 2024, and

S 4715, Federal Cyber Workforce Training Act of 2024.

Review - Committee Hearings – Week of 7-28-24

This week with just the Senate in session (the House leadership picked up their marbles and went home a week early) there is a fairly light hearing schedule with two markup hearings of interest.

Commerce Markup

The Senate Commerce, Science, and Transportation Committee will hold a business meeting on Wednesday to consider 33 bills and some nominations (none of the nominations are of particular interest here). Of those bills, are of interest here:

S 3943, Accelerating Networking Cyberinfrastructure and Hardware for Oceanic Research (ANCHOR) Act, and

S 3959, Transportation Security Screening Modernization Act,

Appropriations Markup

The Senate Appropriations Committee will hold a business meeting on Thursday to complete the full committee markup of five spending bills:

• Energy and Water Development,

• Defense,

• Labor, Health, and Human Services,

• Homeland Security, and

• Financial Services and General Government Appropriations Acts

NDAA Action on the Floor

There is a remote chance that the Senate may start their consideration of the National Defense Authorization Act this week, though it is more likely that they will take up S 4638 (or the House version HR 8070) after they return in September.

InsideEPA.com is reporting that there is an industry effort being made to have the Senate take action on an amendment to the NDAA that would extend the currently expired CFATS program through October 1^st, 2026. The American Chemical Society is part of the coalition of 15 chemical organizations that sent a letter to Sen Schumer (D,NY) and Sen McConnel (R,KY). That letter references amendment SA 2502 that was submitted in the Senate on July 11^th, 2023, one of 670 amendments submitted to the NDAA on that day.

 

For more details about these hearings and the NDAA CFATS amendment, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/committee-hearings-week-of-7-28-24 - subscription required.

Review - S 4697 Introduced – Healthcare Cybersecurity

Earlier this month, Sen Rosen (D,NV) introduced S 4697, the Healthcare Cybersecurity Act of 2024. The bill establishes requirements for: CISA-HHS coordination, CISA healthcare cybersecurity training, CISA developed sector security plans, and developing criteria for identifying high-risk covered assets. No new funding is authorized by this legislation.

Moving Forward

Rosen and one of her cosponsors {Sen Ossoff (D,GA)} are members of the Senate Homeland Security and Governmental Affairs Committee to which this bill was assigned for consideration. This means that there could be sufficient influence to see the bill considered in Committee. I suspect that there would be some level of bipartisan support for this bill, but the Ranking Member {Sen Paul (R,KY)} would be expected to oppose the bill. This would complicate passage in Committee.

Commentary

There is no discussion, or even mention, of the role cybersecurity vulnerabilities in medical software and devices have in the abetting the malicious cyberattacks discussed in the §3 findings. This bill would be the ideal place to formalize which agency (FDA or CISA) would be responsible for receiving, coordinating and publishing reports about vulnerabilities in medical software and devices. The FDA has the benefit of being the regulatory agency responsible for oversight of the safety and efficacy of such systems, thus lending gravitas to their potential coordination efforts. Meanwhile, CISA has the technical expertise and experience (and the current de facto responsibility) to manage this effort. I would suggest inserting a new §4(c) into the bill:

“(c) The Agency will assist the Department with establishing within the Food and Drug Administration an office to receive, coordinate, and make public information related to security vulnerabilities (as defined in 6 U.S.C. 650) in medical software and devices.”

 

For more details about the provisions of this bill, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/s-4697-introduced - subscription required.

Review - S 4630 Introduced – Cybersecurity Harmonization

Earlier this month, Sen Peters (D,MI) introduced S 4630, the Streamlining Federal Cybersecurity Regulations Act. The bill would require the National Cyber Director to “establish an interagency committee to be known as the Harmonization Committee to enhance the harmonization of cybersecurity requirements that are applicable within the United States.” In turn, the Committee would be required to “develop a regulatory framework for achieving harmonization of the cybersecurity requirements of each regulatory agency.” No funding is authorized by this legislation.

Moving Forward

This bill was supposed to be considered by the Senate Homeland Security and Governmental Affairs Committee last week. Only one bill was actually considered in that meeting. The meeting was adjourned to a date to be determined by the Chair. I suspect that the bill will have some level of bipartisan support. Unfortunately, as with most bills introduced in the Senate, this bill is not politically important enough to take up the time of the Senate necessary for consideration under regular order. There will be some opposition to the bill, so it will not be a good candidate being taken up under the Senate’s unanimous consent process.

Commentary

The inclusion of OIRA on the Harmonization Committee was designed to ensure that rulemakings submitted to that office for pre-publication review, appropriately reflect adherence to the regulatory framework developed by the Committee. While that adherence review is appropriate, there is nothing in this bill that would require agencies to discuss the framework in the preamble to notices of proposed rulemakings and final rules published in the Federal Register. Requiring such discussions would make the process more transparent to the public and regulated communities. Unfortunately, adding this to the bill would require a substantial re-write to add amendments to 5 USC Chapters 5 and 7.

 

For more information about the provisions of this legislation, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/s-4630-introduced - subscription required.

Short Takes – 7-28-24

A new dashboard underscores the severity of the logjam that’s plagued the agency since February. NextGov.com article. Pull quote: ““We’ve observed that the number of vulnerabilities have been going up.” Said Bryan Cowan, a product owner and security researcher at Fortress who’s overseen the dashboard’s development. Since Analygence was brought on to untangle the backlog, marginal improvements have been made to the analysis process, but it’s not clear at this point if that assessment rate will increase, he said.”

Vaccines in US stockpile may protect against current H5N1 virus strain. CEN.ACS.org article. Pull quote: ““This data shows that at least a good percentage of people who were vaccinated with those vaccines induced antibodies that, at least theoretically, would provide some protection against the 2.3.4.4b viruses,” says Richard Webby, a virologist at St. Jude Children’s Research Hospital who was not involved in the research. “I think it’s really good news. It suggests that those older stockpile vaccines are still useful.””

NASA Did Not Say It Found Life on Mars. But It’s Very Excited About This Rock. NYTimes.com article (free). Pull quote: “The rock, which scientists named Cheyava Falls, possesses features that are reminiscent of what microbes might have left behind when this area was warm and wet several billion years ago, part of an ancient river delta. The scientists clarified that they did not spot anything that they thought might be actual fossilized organisms.”

Fast charging supercapacitors. ChemistryWorld.com article. Long read. Pull quote: “This transition has already begun, Dunn says. ‘Electric vehicle circuit designers are not waiting around for one material to do everything, they are already combining supercapacitors with batteries to optimise performance,’ he says. Whether the ultimate device combines supercapacitors and batteries at the device level or the material level remains to be seen, he adds. ‘But that’s why you investigate materials.’”

EPA Sends PBT TSCA Final Rule to OMB

Yesterday the OMB’s Office of Information and Regulatory Affairs (OIRA) announced that it had received a final rule from the EPA on “Decabromodiphenyl Ether and Phenol, Isopropylated Phosphate (3:1); Revision to the Regulations of Persistent, Bioaccumulative, and Toxic Chemicals Under the Toxic Substances Control Act (TSCA)”.  The notice of proposed rulemaking for this action was published on November 24^th, 2023.

According to the Spring 2024 Unified Agenda entry for this rulemaking:

“The Environmental Protection Agency (EPA) is proposing revisions to the regulations for decabromodiphenyl ether (decaBDE) and phenol, isopropylated phosphate (3:1) (PIP (3:1)), two of the five persistent, bioaccumulative, and toxic (PBT) chemicals addressed in final rules issued under the Toxic Substances Control Act (TSCA) in January 2021. After receiving additional comments following the issuance of the 2021 PBT final rules, the Agency has determined that revisions to the decaBDE and PIP (3:1) regulations are necessary to address implementation issues and to reduce further exposures. As required under TSCA, these proposed requirements would, if finalized, reduce the potential for exposures to humans and the environment to decaBDE and PIP (3:1) to the extent practicable. The Agency is not proposing to revise the existing regulations for the other three PBT chemicals (2,4,6-TTBP, HCBD, and PCTP) at this time.”

The EPA has additional information available on their “Persistent, Bioaccumulative, and Toxic (PBT) Chemicals under TSCA Section 6(h)” web page.

Bills Introduced – 7-26-24

Yesterday, with the House meeting in pro forma session, there were 6 bills introduced. One of those bills will receive additional attention in this blog:

HR 9182 To amend the National Agricultural Research, Extension, and Teaching Policy Act of 1977 to direct the Secretary of Agriculture to establish a program under which the Secretary awards grants for purposes of providing training and any related assistance to dairy producers and dairy workers on implementation of risk mitigation strategies related to biosecurity threats, to amend the Agricultural Act of 2014 with respect to emergency assistance for certain losses due to highly pathogenic avian influenza, and for other purposes. Slotkin, Elissa [Rep.-D-MI-7] 

CRS Reports – Week of 7-20-24 – CrowdStrike

This week, the Congressional Research Service (CRS) published two reports dealing with the July 19^th, CrowdStrike outage. The two reports are:

IT Outage from CrowdStrike’s Update: Impacts to Certain Public Safety Systems and Considerations for Congress, and

IT Disruptions from CrowdStrike’s Update: Frequently Asked Questions

One major question that was not asked: How did the incident affect operational technology and cyber-physical systems?

 

For a more detailed discussion about the reports, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/crs-reports-week-of-7-20-24-crowdstrike - subscription required.

Chemical Incident Reporting – Week of 7-20-24

NOTE: See here for series background.

Riverside, CA – 7-17-24

Local news reports: Here, here, and here.

Sketchy news reports about a chemical spill at a public swimming pool. Reports say that 2 children were “hospitalized” but it is not clear if they were admitted or just taken to the hospital and released.

Possible CSB reportable, if either child was admitted.

Portsmouth, RI – 7-19-24

Local news reports: Here.

Another swimming-pool chemical accident, this time mixing pool-treatment chemicals (always dangerous). One person transported to hospital.

Possible CSB reportable, if the person was admitted to the hospital.

Boise, ID – 7-22-24

Local news reports: Here and here.

About 200-lbs of sodium hydroxide spilled in truck trailer when totebins shifted in trailer. Trailer flooring damaged. Driver was hospitalized.

Not CSB reportable, this was a transportation incident.

Easton, MD – 7-24-24

Local news reports: Here and here.

Muriatic acid spill in pool chemical truck caused a reaction with other pool chemicals generating chlorine cloud. Driver taken to hospital. Interesting comments about the use of drone in incident response.

Not CSB reportable, transportation accident.

Review – Public ICS Disclosures – Week of 7-20-24

This week we have two CrowdStrike outage advisories. We also have 18 other vendor advisories for products from Broadcom, Draeger, Hitachi, HPE (4), Meinberg, National Instruments (7), WithSecure (2), and Zyxel. We have three vendor updates from Cisco (2) and HP. There is also a researcher report for vulnerabilities in products from Perkin Elmer. Finally, we have an exploit for products from Softing.

CrowdStrike Outage

GE Vernova published an advisory that discussed the impact on some of their Monitoring & Diagnostics products.

Philips published an advisory that provides a list of potentially affected products.

Advisories

Broadcom Advisory - Broadcom published an advisory that discusses ten vulnerabilities in the Azul Zulu component of their Brocade SANnav product.

Draeger Advisory - Draeger published an advisory that discusses a deserialization of untrusted data vulnerability (listed in the CISA Known Exploited Vulnerability Catalog).

Hitachi Advisory - Hitachi published an advisory that discusses 27 vulnerabilities in their Disk Array Systems.

HPE Advisory #1 - HPE published an advisory that describes three vulnerabilities in their Aruba EdgeConnect SD-WAN Orchestrator.

HPE Advisory #2 - HPE published an advisory that discusses 21 vulnerabilities (6 with known exploits) in their Unified OSS Console Assurance Monitoring (UOCAM) product.

HPE Advisory #3 - HPE published an advisory that discusses seven vulnerabilities (one with known exploit) in their Aruba EdgeConnect SD-WAN Gateways.

HPE Advisory #4 - HPE published an advisory that discusses an out-of-bounds write vulnerability in their ProLiant DL/ML/SY/XL and Alletra Servers.

Meinberg Advisory - Meinberg published an advisory that discusses ten vulnerabilities (2 with known exploits) in their Lantime product.

National Instruments Advisory #1 - National Instruments published an advisory that describes two missing authorization vulnerabilities in their VeriStand Gateway product.

National Instruments Advisory #2 - National Instruments published an advisory that describes two deserialization of untrusted data vulnerabilities in their VeriStand product.

National Instruments Advisory #3 - National Instruments published an advisory that describes a path traversal vulnerability in their VeriStand product.

National Instruments Advisory #4 - National Instruments published an advisory that describes a deserialization of untrusted data vulnerability in their VeriStand Project File product.

National Instruments Advisory #5 - National Instruments published an advisory that describes an integer overflow or wraparound vulnerability in their TDMS Files in LabVIEW.

National Instruments Advisory #6 - National Instruments published an advisory that describes an incorrect default permissions vulnerability in their SystemLink Redis Service.

National Instruments Advisory #7 - National Instruments published an advisory that describes an out-of-date component with multiple vulnerabilities vulnerability in their SystemLink Server.

WithSecure Advisory #1 - WithSecure published an advisory that describes a denial of service vulnerability in their WithSecure Mac antivirus software.

WithSecure Advisory #2 - WithSecure published an advisory that describes a privilege escalation vulnerability in their WithSecure Mac Products.

Zyxel Advisory - Zyxel published an advisory that describes an improper privilege management vulnerability in their Zyxel AP products.

Updates

Cisco Update #1 - Cisco published an update for their Blast-Radius advisory that was originally published on July 10^th, and most recently updated on July 19^th, 2024.

Cisco Update #2 - Cisco published an update for their regreSSHion advisory that was originally published on July 2^nd, 2024, and most recently updated on July 19^th, 2024.

HP Update - HP published an update for their Display Control Software advisory that was originally published on July 15^th, 2024.

Researcher Reports

Perkin Elmer Report - Cyber Danube published a report that describes three vulnerabilities in the Perkin Elmer ProcessPlus measurement software.

Exploits

Softing Exploit - Mr me published a Metasploit module for two vulnerabilities in the Softing Secure Integration Server.

 

For more information on these disclosures, including links to 3rd party advisories, researcher reports and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-7-d58 - subscription required.

Short Takes – 7-26-24

AT&T failed to test disastrous update that kicked all devices off network. ArsTechnica.com article. Pull quote: “The Bureau finds that the extensive scope and duration of this outage was the result of several factors, all attributable to AT&T Mobility, including a configuration error, a lack of adherence to AT&T Mobility's internal procedures, a lack of peer review, a failure to adequately test after installation, inadequate laboratory testing, insufficient safeguards and controls to ensure approval of changes affecting the core network, a lack of controls to mitigate the effects of the outage once it began, and a variety of system issues that prolonged the outage once the configuration error had been remedied.”

Researchers discover battery-free technology which harvests power from radio and Wi-Fi signals for low-powered devices. TomsHardware.com article. Pull quote: “Radio Frequency Energy Harvesting (RF-EH) technologies have been researched by many scientists who also published their findings- including those who have reviewed design, methodologies and potential applications. It indicates that energy harvesting is possible from frequencies used for LTE, DTV, GSM, WLAN, HIPERLAN and C-Band typically used in urban and semi-urban areas. While it couldn't solve issues created by larger applications, it plays a vital role in not using batteries for certain devices. But only time will tell what devices we could expect from such potential implementations.”

Redcar chemical plant workers to strike over ‘serious’ public safety concerns. UniteTheUnions.org article.  Pull quote: “Unite general secretary Sharon Graham said: “Our members are seriously concerned about public safety should Huntsman go ahead with its [headcount reduction] plans. These are highly skilled and specialised workers who are worried enough to strike. They have Unite’s total support – Huntsman Polyurethanes will not be allowed to ignore their concerns.”

Spending fight turns to stopgap as House GOP stumbles. The CR debate begins; December or March. TheHill.com article. Pull quote: ““[In 2017] We forced [Trump] to have to sign bills that he did not get to negotiate. … Frankly, they didn’t even have an [Office of Management and Budget] director at the time, we got [them] done,” he said. “I don’t think you do that to a new president, and honestly, I don’t think you do it to a new Congress.””

Falcon 9 cleared to resume launches. SpaceNews.com article. Pull quote: ““After a comprehensive review, the FAA determined no public safety issues were involved in the anomaly that occurred during the SpaceX Starlink Group 9-3 launch on July 11,” the agency stated. “This public safety determination means the Falcon 9 vehicle may return to flight operations while the overall investigation remains open, provided all other license requirements are met.””

SpaceX moving Crew Dragon splashdowns to West Coast after multiple space debris incidents. Space.com article. Pull quote: “Repeated issues with large chunks of debris from Dragon — "trunks" where the fuel and electrical supplies are held — have repeatedly crashed down in areas ranging from Australia to North Carolina. One measure to fix that will be tasking future spacecraft after Crew-9, perhaps as soon as Crew-10, to splash down on the U.S. Pacific coast, SpaceX said during a press conference today (July 26).”

Bills Introduced – 7-26-24

Yesterday, with both the House and Senate in Washington (and the House preparing to leave for their summer recess a week early) there were 109 bills introduced. Five of those bills will receive additional attention in this blog:

S 4795 An original bill making appropriations for the Departments of Commerce and Justice, Science, and Related Agencies for the fiscal year ending September 30, 2025, and for other purposes. Shaheen, Jeanne [Sen.-D-NH]

S 4796 An original bill making appropriations for the Departments of Transportation, and Housing and Urban Development, and related agencies for the fiscal year ending September 30, 2025, and for other purposes. Schatz, Brian [Sen.-D-HI]

S 4797 An original bill making appropriations for the Department of State, foreign operations, and related programs for the fiscal year ending September 30, 2025, and for other purposes. Coons, Christopher A. [Sen.-D-DE]

S 4802 An original bill making appropriations for the Department of the Interior, environment, and related agencies for the fiscal year ending September 30, 2025, and for other purposes. Merkley, Jeff [Sen.-D-OR] 

S 4813 A bill to establish a grant program within the Department of Labor to support the creation, implementation, and expansion of registered apprenticeship programs in cybersecurity. Rosen, Jacky [Sen.-D-NV] 

Transportation Chemical Incidents – Week of 6-22-24

Reporting Background

See this post for explanation, with the most recent update here (removed from paywall).

Data from PHMSA’s online database of transportation related chemical incidents that have been reported to the agency.

Incidents Summary

• Number of incidents – 719 (594 highway, 114 air, 11 rail, 0 water)

• Serious incidents – 1 (1 Bulk release, 1 evacuation, 0 injury, 0 death,0 major artery closed, 0 fire/explosion, 23 no release)

• Largest container involved – 30,360-gal 117R100W railcar {Alcohols, N.O.S.} Leaking bottom outlet valve and bad gasket on bottom outlet valve cap.

• Largest amount spilled – 275-gal Metal IBC {Diethylenetriamine} Fork lift puncture on unloading dock. The bottom valve was opened during the loading process.

NOTE: Links above are to Form 5800.1 for the described incidents.

Most Interesting Chemical: Sulfamic acid - A white crystalline solid. Density 2.1 g / cm3. Melting point 205°C. Corrosive and combustible. Irritates skin, eyes, and mucous membranes. Low toxicity. Used to make dyes and other chemicals.

 

CSB Publishes Remote Isolation Safety Study

Yesterday, the Chemical Safety Board announced the publication of a new safety study on Remote Isolation of Process Equipment”. The RIPE study looks at the historical record of industrial chemical accidents, including a number of CSB accident investigation reports, to determine how useful remote isolation valves would have been in preventing or reducing damages, deaths and injuries. The Study resulted in the publication of three recommendations that were released on Wednesday:

• American Petroleum Institute (API) - 2024-01-H-1,

• Environmental Protection Agency (EPA) - 2024-01-H-2, and

• Occupational Safety and Health Administration (OSHA) - 2024-01-H-3

NOTE: No direct links are currently available to those recommendations, but they can be found listed on the CSB’s Recent Recommendation Status Updates page.

The three recommendations are:

API - “Develop a new publication or revise an existing publication or publications that should be applicable to various facility types such as refineries, chemical and petrochemical facilities, terminals, etc. with major process equipment and atmospheric storage tanks, that details conditions that necessitate the installation of remote isolation devices [use “shall” instead of “should” language] that may be automatically activated or remotely activated from a safe location, particularly during an emergency. When establishing these conditions refer to the guidance published by CCPS entitled Guidelines for Fire Protection in Chemical, Petrochemical, and Hydrocarbon Processing Facilities, Sections 8.1.10 and 8.1.11. At a minimum, the conditions should address major process equipment and atmospheric storage tanks, material volumes/weight as well as flammability, corrosivity, and toxicity”

 

EPA - “Update the Risk Management Program (RMP) rule by expanding the requirements of 40 CFR Part 68 to include an evaluation of the need for remote isolation devices for major process equipment that can be remotely activated from a safe location or automatically activated during a release. The evaluation should be included in hazard assessments, hazard reviews, and process hazard analyses.”

 

OSHA - “Update the Process Safety Management (PSM) standard by expanding the Process Hazard Analysis (PHA) requirements under 29 CFR 1910.119(e)(3) to include an evaluation of the need for remote isolation devices for major process equipment that can be remotely activated from a safe location or automatically activated during a release.”

Short Takes – 7-25-24

How SpaceX Will Turn a Workhorse Vehicle into a Hulking Destroyer of Space Stations. SCientificAmerican.com article. Pull quote: “In addition to nearly tripling the number of engines of a typical Dragon, SpaceX’s plan calls for the deorbit vehicle to launch with some 16,000 kilograms (about 35,000 pounds) of propellant. That’s six times more than a standard Dragon, said Sarah Walker, director of Dragon mission management at SpaceX, during the press conference.”

How the Nutrition Facts Label Has Changed Food in the U.S. TheConversation.com article. Pull quote: “Surprisingly, the Nutrition Facts label’s greatest impact may have been driving the food industry to reformulate products to achieve appealing nutrient profiles – even if consumers weren’t closely reading the labels. While envisioned as an education tool, I believe the Nutrition Facts label in practice has worked more like a market infrastructure, reshaping the food supply to meet shifting dietary trends and public health goals long before consumers find those foods at the supermarket.”

From Iron Dome to Cyber Dome: Defending Israel’s Cyberspace. IDSA.in article. Pull quote: “The cyber-dome initiative fundamentally constitutes an active defence encompassing enhanced detection, investigation and mitigation of threats along with the expansion of existing information-sharing mechanisms. The coordinated detection and response efforts involving all agencies, including the IDF, underscore the importance of collaborative action in an interconnected domain. The centralised, real-time and AI-enabled system proactively protecting Israeli cyberspace is an extension of its national and international cybersecurity strategy.”

A New Way to Make Element 116 Opens the Door to Heavier Atoms. NewsWise.com article. Pull quote: “If discovered, element 120 would be the heaviest atom created and would sit on the eighth row of the periodic table. It falls on the shores of the “island of stability,” a theorized group of superheavy elements with unique properties. While the superheavy elements discovered so far break apart almost instantaneously, the right combination of protons and neutrons could create a more stable nucleus that survives for longer – giving researchers a better chance to study it. Exploring elements at the extremes can provide insights into how atoms behave, test models of nuclear physics, and map out the limits of atomic nuclei.”

Mini lungs make major COVID-19 discoveries possible. NewsWise.com article. Pull quote: “In another surprising result, Leibel, Snyder and team discovered that the mini lungs have their own intrinsic “first response” system in reaction to sensing SARS-CoV-2. Even though the mini lungs lack any connection to an immune system, this study shows that lung cells can initiate many of the same biologic and cell signaling changes in response to a viral threat that are observed when the immune system is present.”

Using AI, CIPHER bird flu study shows greater antibody evasion in newer H5N1 strains. NewsWise.com article. Pull quote: “According to the study, virus mutations related to “host-shifts” from birds to mammals had a statistically significant negative impact on the ability of antibodies to bind to and fight off H5N1. Researchers also found that based on the wide variety of host species and geographic locations in which H5N1 was observed to have been transmitted from birds to mammals, there does not appear to be a single central reservoir host species or location associated with H5N1’s spread. This indicates that the virus is well on its way to moving from epidemic to pandemic status in the near future.”

Short Takes – 7-25-24 – Space Geek Edition

Elon Musk revived L.A. aerospace with SpaceX. Will it thrive without him? LATimes.com article. An interesting look the history of aerospace industry in LA Basin. Pull quote: “SpaceX hasn’t commented on how many jobs will be affected by the relocation, and industry observers say it’s likely the company will maintain significant manufacturing operations in Los Angeles County, where it employed about 6,000 people in 2023, according to an annual survey by the Los Angeles Business Journal.”

Polaris Dawn crew completes final milestones ahead of historic spacewalk mission. FoxWeather.com article. Pull quote: “The Polaris Dawn team recently shared an update after completing testing at NASA's Johnson Space Center in Houston. The team used a JSC test chamber, which previously supported testing America's first spacesuits and spacecraft during the Gemini and Apollo programs. The facilities are part of the National Register of Historic Places and remain in use today.”

NASA delays ISS spacewalks indefinitely to investigate spacesuit coolant leak. Space.com article.  Pull quote: “NASA's and private industry's newer generations of spacesuits are emphasizing better flexibility with updated materials, alongside improved sizing to accommodate all genders. The EMU is biased towards larger and male sizes, due to being designed in an era when most astronauts were male recruits from the then nearly single-gender armed forces. In June, Collins Aerospace backed out of its contract to design newer ISS suits, saying its schedule for development "would not support the space station's schedule and NASA's mission objectives."”

China plans to deflect near-Earth asteroid in 2030. NewAtlas.com article. Pull quote: “These observations will take place over three to six months after the spacecraft goes into orbit around the asteroid in 2030. After the observation is completed, a kinetic impactor will be fired at the asteroid and the spacecraft will remain on station for six to 12 months to measure the effects of the impact. This includes assessing changes in the asteroid's orbit, studying the impact crater, and analyzing the ejected materials.” Journal article link.

 

Russia unveils timeline for building its new space station, starting in 2027. Space.com article. Pull quote: “The first module of the X-shaped outpost, a research and power node, is expected to be launched into a near-polar orbit in 2027, TASS reported. By 2030, it plans to have docked its four major modules, with two "special-purpose" modules scheduled for attachment by 2033. Roscosmos plans to send the first cosmonauts to the station in 2028 and has suggested the station can be operated without crew.”

 

Rolls Royce’s 120-inch-long mini space nuclear reactor gets funding boost. InterestingEngineering.com article. Pull quote: “The tiny reactor, which is claimed to be 3.3 feet (40 inches) in width and 10 feet (120 inches) in length, is not yet able to generate any electricity. If all goes as planned, it will take roughly six years and several million dollars to prepare the reactor for its first space flight.”

Review – 2 Advisories Published – 7-25-24

Today, CISA’s NCCIC-ICS published two control system security advisories for products from Positron and Siemens.

Advisories

Positron Advisory - This advisory describes an authentication bypass using an alternate path or channel vulnerability (with known exploit) in the Positron Broadcast Signal Processor TRA7005.

Siemens Advisory - This advisory describes two vulnerabilities in the Siemens SICAM products.

 

For more information on these advisories, including links to researcher reports and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/2-advisories-published-7-25-24 - subscription required. 

Review - CSB Updates Accidental Release Reporting Data – 7-23-24

Yesterday in preparation for their quarterly business meeting today, the CSB updated their published list of reported chemical release incidents. They added 32 new incidents that occurred since the previous version was published [removed from paywall] in April. They also inserted three ‘new’ incidents, and removed one, that occurred before April. These are not incidents that the CSB is investigating, these are incidents that were reported to the CSB under their Accidental Release Reporting rules (40 CFR 1604).

The table below shows the top five states based upon the number of reported incidents since the April update was published.

 

For more information on the incidents added to the database, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/csb-updates-accidental-release-reporting-7bf - subscription required.

Short Takes – 7-25-24 – Federal Register Edition

Proposed High-Priority Substance Designations Under the Toxic Substances Control Act (TSCA); Notice of Availability. Federal Register EPA notice. Summary: “Under the Toxic Substances Control Act (TSCA) and related implementing regulations, the Environmental Protection Agency (EPA or Agency) is proposing to designate acetaldehyde (CASRN 75-07-0), acrylonitrile (CASRN 107-13-1), benzenamine (CASRN 62-53-3), vinyl chloride (CASRN 75-01-4), and 4,4-methylene bis(2-chloroaniline) (MBOCA) (CASRN 101-14-4) as High-Priority Substances for risk evaluation. EPA is providing a 90-day comment period, during which interested persons may submit comments on the proposed designations of these chemicals as High-Priority Substances for risk evaluation.”

Standards-Related Activities and the Export Administration Regulations; Corrections. Federal Register BIS IFR correction notice. Summary: “On July 18, 2024, the Bureau of Industry and Security published an interim final rule that revised the Export Administration Regulations (EAR). That rule inadvertently revised language related to recent changes to the Entity List. This document corrects the inadvertent revisions introduced in the July 18, 2024, rule.”

Pipeline Safety: 2024 Risk Modeling Public Workshop. Federal Register PHMSA meeting notice. Summary: “This notice announces a public workshop on risk modeling methodologies and tools for the evaluation of gas, carbon dioxide (CO2), and hazardous liquid pipelines. The notice also requests comment on the topic, including submission of supporting abstracts of relevant engineering and technical modeling considerations to support improvement and advancement in pipeline risk management, such as modeling methods that follow PHMSA's report on Pipeline Risk Modeling, Overview of Methods, and Tools for Improved Implementation, issued in February 2020.”

Review - CSB Adds Three New Safety Recommendations – 7-23-24

Yesterday, the Chemical Safety Board added three new safety recommendations to their list of open recommendations. The new recommendations are based upon an as of yet unpublished safety study: “CSB Safety Study: Remote Isolation of Process Equipment”. I expect that the report will be released at today’s Public Business Meeting.

In regards to the study, the CSB notes:

“Over the last several years, the U.S. Chemical Safety and Hazard Investigation Board (CSB) has reviewed and investigated numerous incidents where the consequences of these occurrences escalated following a loss of containment due to the lack of effective remote isolation equipment. These incidents resulted in serious injuries, fatalities, environmental contamination, and severe damage to facilities.”

The recommendations were made to the following entities:

• American Petroleum Institute - 2024-01-H-1,

• Environmental Protection Agency - 2024-01-H-2, and

• Occupational Safety and Health Administration - 2024-01-H-3

Short Takes – 7-24-24

Colorado requiring dairies to test milk for bird flu. TheHill.com article. Pull quote: ““Mandatory surveillance of highly pathogenic avian influenza across all of Colorado’s Grade A commercial dairies is a critical next step to tamping down the virus and protecting the food system,” state Agriculture Commissioner Kate Greenberg said in a statement.”

Are Doctors Missing Cases of H5N1 Bird Flu in People Who Drink Raw Milk? MedPageToday.com article. Pull quote: “Lawler said, ideally, animal caretakers who sell raw milk should recognize that milk from an animal with symptoms "shouldn't be put into the supply chain." However, cows early in infection, or with latent infection, or those that are only mildly symptomatic "still have high amounts of virus in their milk" and thus pose a risk to the supply chain.”

Meet the Cyber Action Team. FBI.gov article. Pull quote: “"We respond onsite to victims who may include national government entities, private companies, or even sometimes foreign partner networks that have been compromised by an adversary," said Scott Ledford, head of the Cyber Action Team and the Advanced Digital Forensics Team. "Our job is to help conduct the investigation—we collect digital evidence and locate, identify, and reverse engineer malware. We also help the victim understand when they were compromised and how, writing a timeline and a narrative of that intrusion with the ultimate goal of identifying who is responsible, attributing that attack."”

Republican funding plans crumbling as House eyes early exit. TheHill.com article. Pull quote: “Asked about plans for the House to tackle its outstanding funding bills, Scalise defended the House’s work so far, while noting the challenges staunch Democratic opposition and defections on the GOP side pose to party efforts to approve the remaining measures.” See additional reporting here - https://x.com/AnthonyAdragna/status/1815877835577516190

FRA report on East Palestine derailment differs slightly from NTSB analysis. Trains.com article. Pull quote: “But the NTSB, in its recommendations, urged the FRA to update its vent-and-burn guidance: “Update and re-publish your 2007 vent and burn reports to include clear instructions to consult the shipper when considering a vent and burn, more comprehensive guidance on what products are candidates for a vent and burn along with what chemical and other hazards may result, and an updated process flow chart incorporating lessons from the East Palestine vent and burn; the re-published reports should identify the questions an incident commander should ask when considering a vent and burn, distinguish the meaning of the answers, and identify the resources necessary to make an informed decision.”” FRA report link.

Short Takes – 7-24-24 – Space Geek Edition

New extremely r-process-enhanced star detected. Phys.org article. A tad bit geeky. Pull quote: “Now, a team of astronomers led by Xiao-Jin Xie of CAS [Chinese Academy of Sciences] reports the detection of a new RPE star. They employed GTC's [Gran Telescopio Canarias] High Optical Resolution Spectrograph (HORuS) to observe a star designated LAMOST J020623.21+494127.9 (or J 0206+4941 for short). The observational campaign led to the classification of this object as an extremely r-process-enhanced [rapid neutron capture] star.”

Expiring medications could pose challenge on long space missions. Phys.org article. An unusual Mars-trip problem. Pull quote: “Expired medications can lose their strength by a little—or a lot. The actual stability and potency of medications in space compared to Earth remain largely unknown. The harsh space environment, including radiation, could reduce the effectiveness of medications.”

Lunar exploration ground sites will enhance the Near Space Network's communications services. Phys.org article. Pull quote: “To support NASA's Moon to Mars initiative, NASA is adding three new LEGS antennas to the Near Space Network. As NASA works toward sustaining a human presence on the moon, communications and navigation support will be crucial to each mission's success. The LEGS antennas will directly support the later Artemis missions, and accompanying missions such as the human landing system, lunar terrain vehicle, and Gateway.

ABL loses rocket after static-fire test. SpaceNews.com article. Pull quote: ““After a pre-flight static fire test on Friday, a residual pad fire caused irrecoverable damage to RS1. The team is investigating root cause and will provide updates as the investigation progresses,” the company stated. It did not disclose additional details about the incident.”

Federal Review May Delay the Next SpaceX Flight. GovTech.com article. Pull quote: “Neither the FAA nor SpaceX would describe the requested changes, but the agency said previously that if the company changes the craft's configuration or flight profile, a new license would be required.”

No End in Sight for Falcon 9 Grounding. SpaceAndDefense.io article. Pull quote: “Meanwhile, NASA is in a bind. The Falcon 9 rocket is the only US-made rocket capable of carrying astronauts to the International Space Station, and it was due to operate the Crew-9 mission in mid-August. NASA says crew safety and mission assurance are its top priorities so it will review that launch date.”

House Passed HR 8998 – FY 2025 IER Spending Bill

The House resumed consideration of HR 8998, the Department of the Interior, Environment, and Related Agencies [IER] Appropriations Act, this morning. They just finished action on the bill, passing it by a straight party-line vote of 210 to 202.

No action was taken on HR 8897, the Energy and Water Development and Related Agencies Appropriations Act, 2025, even though the House completed consideration of all the authorized amendments yesterday. A planned vote for last night was cancelled when it was apparent to the leadership that there were not enough votes to pass the bill.

Review - HR 8537 Introduced – East Palestine Health Study

Back in May, Rep Joyce (R,OH) introduced HR 8537, the East Palestine Health Impact Monitoring Act of 2024. The bill would require HHS to conduct a study on the health effects of the 2023 East Palestine, OH train derailment. The bill would authorize “such sums as may be necessary for fiscal year 2025, to remain available until September 30, 2029, to carry out this Act”.

This bill is nearly identical to the reported version of S 4045. The Senate Health, Education, Labor and Pensions Committee approved that revised language in markup hearing on May 23^rd, 2024. No further action has been taken in the Senate.

Moving Forward

Neither Joyce, nor any of his four cosponsors are members of the House Energy and Commerce Committee to which this bill was assigned for consideration. This means that there probably is no sufficient influence to see the bill considered in Committee. With the vague funding language, I suspect that if the bill were considered, it would receive some level of bipartisan support in Committee. Whether it would be enough to allow the bill to reach the floor under the suspension of the rules process remains to be seen.

 

For more details about the provisions of this bill, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/hr-8537-introduced - subscription required.

OMB Approves HPAI Emergency ICR for Dairy Cattle

Yesterday the OMB’s Office of Information and Regulatory Affairs (OIRA) announced that it had approved an emergency information collection request from USDA’s Animal and Plant Health Inspection Service (APHIS) for “HPAI: Testing, Surveillance, and Reporting of HPAI in Livestock; Dairy Herd Certification”. OIRA notes that APHIS has already been collecting this information without an approved ICR, that may explain the delay (request submitted June 28^th, 2024) in approving the emergency ICR.

The supporting document for this ICR provides a good summary of the problems associated with the recent discovery of Highly Pathogenic Avian Influenza (HPAI) in dairy herds and the USDA’s response activities.

OMB Approves EPA 1-Bromopropane TSCA NPRM

Yesterday, the OMB’s Office of Information and Regulatory Affairs (OIRA) announced that it had approved a notice of proposed rulemaking from the EPA on “1-Bromopropane (1-BP); Regulation Under the Toxic Substances Control Act (TSCA)”. The NPRM was submitted to OIRA on December 12^th, 2023.

According to the Spring 2024 Unified Agenda entry for this rulemaking:

“This proposed rulemaking will address the unreasonable risk of injury to health presented by 1-bromopropane (1-BP). Section 6(a) of the Toxic Substances Control Act (TSCA) requires EPA address by rule any unreasonable risk identified in a TSCA risk evaluation and apply requirements to the extent necessary so the chemical no longer presents unreasonable risk. The Agency’s development of this rule incorporates significant stakeholder outreach and public participation, including over 40 external meetings as well as required Federalism, Tribal, and Environmental Justice consultations and a Small Businesses Advocacy Review Panel. Specifically, EPA engaged in discussions with industry, non-governmental organizations, other government agencies, technical experts and users of 1-BP, and the general public to hear from users, academics, manufacturers, and members of the public health community about practices related to commercial uses of 1-BP. EPA's risk evaluation for 1-BP, describing the conditions of use, is in docket EPA-HQ-OPPT-2019-0235 [link added], with the 2022 unreasonable risk determination and additional materials in docket EPA-HQ-OPPT-2016-0741 [link added].”

Additional information is available on the EPA’s Risk Evaluation for 1-Bromopropane (1-BP) web site.

As with most TSCA risk reduction rules, I will probably not cover this rulemaking in any detail. I will, however, at least mention it’s publication in the appropriate Short Takes post.

Short Takes – 7-23-24

How Russia-Linked Malware Cut Heat to 600 Ukrainian Buildings in Deep Winter. Wired.com article. Pull quote: “The malware, which Dragos is calling FrostyGoop, represents one of less than 10 specimens of code ever discovered in the wild that's designed to interact directly with industrial control-system software with the aim of having physical effects. It's also the first malware ever discovered that attempts to carry out those effects by sending commands via Modbus, a commonly used and relatively insecure protocol designed for communicating with industrial technology.” Dragos report link.

Can light spark superconductivity? A new study reignites debate. ScienceNews.org article. Pull quote: “Physicist Nan-Lin Wang of Peking University is convinced that magnetic fields are expelled when the laser pulse hits the YBCO. But whether that implies superconductivity as it is normally defined is unclear. It might be the result of preexisting, small-scale superconducting currents being amplified, rather than of typical large-scale superconductivity. “The underlying physics could be very complicated,” he says.”

Discovery of 'dark oxygen' from deep-sea metal lumps could trigger rethink of origins of life. LiveScience.com article. Pull quote: “"For aerobic life to begin on the planet, there has to be oxygen and our understanding has been that Earth's oxygen supply began with photosynthetic organisms," he said. "But we now know that there is oxygen produced in the deep sea, where there is no light. I think we therefore need to revisit questions like: where could aerobic life have begun?"”