Saturday, August 31, 2024

Short Takes – 8-31-24

Analysis Of Cellular Based Internet of Things (IOT) Technology. Rapid7.com research report. Pull quote: “CAT-M1 features include upload and download speeds of up to 1 mbps, which is higher than NB-IoT, and lower latency of 10 to 15 ms. In addition, the CAT-M1 standard supports half or full-duplex, and has enough bandwidth to support voice communication if needed. As a result, CAT-M1 is commonly used for IoT machine communication where more bandwidth is required. Examples of devices that use CAT-M1 include camera systems, alarm systems, and vehicle data collection devices.”

Secretive SR-72 Hypersonic Aircraft, Successor to Lockheed Martin’s Legendary SR-71, Could Soon Take Flight. TheDebrief.org article. Pull quote: “Amidst such 21st-century realities, by 2013, Lockheed Martin seemed confident that its vision of a new unmanned hypersonic aircraft capable of flight at six times the speed of sound would soon become a reality. Citing cost-saving production methods and recent advancements made with Aerojet Rocketdyne to “integrate an off-the-shelf turbine with a supersonic combustion ramjet air-breathing jet engine to power the aircraft,” the 2013 article seemed to indicate that the forthcoming wonder machine that Aviation Week had already nicknamed the “son of Blackbird” would soon take flight.” I saw the SR-71 one time shortly after it took off from Beale AFB, CA; impressive bird.

SpaceX finally has a new date for Polaris Dawn to achieve the highest Earth orbit since the Apollo. News.SatNews.com article. Pull quote: “Weather conditions are anticipated to be clear for a projected launch date of Polaris Dawn, SpaceX’s Falcon 9 rocket that will launch Crew Dragon spacecraft on September 1 at 3:38 a.m. EDT (0738 UTC) from LC-39A, Kennedy Space Center, Florida. This is a project that has suffered numerous delays over years, from November and December 2022, March 2023, April 2024, early summer 2024, August 26 and 27.”

West Nile Virus cases triple in GA within the past week. Here are symptoms to look out for. WSBTV.com article. Pull quote: “While the number isn’t high, and nationally there are still fewer than 300 cases total, 33 states have reported cases of West Nile virus this year. The CDC said 195 of those cases were the neuro-invasive disease version, meaning it is the severe form of the virus that can cause hospitalization or death.”

Ortho-phthalaldehyde; Receipt of Application for Emergency Exemption, Solicitation of Public Comment. Federal Register EPA notice. Summary: “EPA has received a specific exemption request from the National Aeronautics and Space Administration (NASA) to use the pesticide ortho-phthalaldehyde (OPA, CAS No. 643-79-8) to treat the coolant fluid of the internal active thermal control system of the International Space Station to control aerobic/microaerophilic bacteria in the aqueous coolant. The applicant proposes the use of a new chemical which has not been registered by EPA. Therefore, in accordance with the Code of Federal Regulations, EPA is soliciting public comment before making the decision whether to grant the exemption.” Comments due: September 18th, 2024.

Di-isononyl phthalate (DINP); Draft Risk Evaluation Under the Toxic Substances Control Act (TSCA); Notice of Availability, Webinar and Request for Comment. Federal Register EPA TSCA notice. Summary: “The Environmental Protection Agency (EPA or Agency) is announcing the availability of and seeking public comment on a draft risk evaluation under the Toxic Substances Control Act (TSCA) for di-isononyl phthalate (DINP) (1,2-Benzene- dicarboxylic acid, 1,2- diisononyl ester) (CASRN 28553-12-0). The purpose of risk evaluations under TSCA is to determine whether a chemical substance presents an unreasonable risk of injury to health or the environment, without consideration of costs or non-risk factors, including unreasonable risk to potentially exposed or susceptible subpopulations identified as relevant to the risk evaluation by EPA, under the conditions of use (COU). EPA has used the best available science to prepare this draft risk evaluation and to preliminarily determine that DINP poses unreasonable risk to human health.”

OMB Approves TSA Real ID Enforcement NPRM

Yesterday, the OMB’s Office of Information and Regulatory Affairs (OIRA) announced that it had approved a notice of proposed rulemaking (NPRM) from the TSA on REAL ID Phased Approach for Card-Based Enforcement. TSA sent the NPRM to OIRA on May 3rd, 2024.

According to the Spring 2024 Unified Agenda entry for this rulemaking:

“TSA will issue an NPRM that would explicitly allow some Federal agencies to implement the card-based enforcement provisions of the REAL ID regulations under a phased approach beginning on the May 7, 2025, enforcement deadline for REAL ID compliance.  TSA intends to propose a framework under which agencies may exercise enforcement discretion through implementation of a phased enforcement plan that takes into consideration REAL ID-compliant card adoption rates, security, and operational feasibility.  To ensure that agencies’ enforcement plans consistently and appropriately advance the objectives of the REAL ID regulations, this rule would require agencies’ plans be coordinated with DHS and that full enforcement is in place by May 5, 2027.  Through this rule, DHS seeks to ensure that Federal agencies are well-positioned to begin enforcing the REAL ID regulations on May 7, 2025, in a manner that meets the objectives of the REAL ID Act and regulations while ensuring that agencies have flexibility to begin enforcement in a manner that minimizes operational and security risks to the Federal agencies and the public.  As TSA continues to develop this regulation, we seek to engage Federal agencies, State and territorial licensing jurisdictions, and members of the public affected by implementation of REAL ID requirements.”

I do not expect to cover this rulemaking in any detail, but I will announce it’s publication in the appropriate ‘Short Takes’ post.

BIS Sends Spacecraft Export Regulation Final Rule to OMB

Yesterday, the OMB’s Office of Information and Regulatory Affairs (OIRA) announced that it had received a final rule from the DOC’s Bureau of Industry and Security on “Export Administration Regulations: Removal of License Requirements for Certain Spacecraft and Related Items for Australia, Canada, and the United Kingdom”. There has been no notice of proposed rulemaking, so this final rule is probably an interim final rule.

This rulemaking was not listed in the Spring 2024 Unified Agenda.

This may have something to do with Reuters.com article from last month about intentions of SpaceX to land a Starship rocket off the coast of Australia. That article noted that:

“Discussions in recent weeks between SpaceX executives and U.S. and Australian officials have focused on regulatory hurdles in bringing a recovered Starship booster ashore in a foreign country, the sources said. Because the talks are ongoing, the timing of any Starship landing off Australia remained unclear.”

NOTE: The Reuters article was reported here, in a Short Takes – Space Geek Edition on July 29th.

Chemical Incident Reporting – Week of 8-24-24

NOTE: See here for series background.

PLAQUEMINES PARISH, LA – 8-18-24

Local news reports: Here, here, and here.

An offshore natural gas pipeline exploded while undergoing maintenance work. One worker was killed.

Not a CSB reportable since pipelines are considered transportation, thus the investigation would be conducted by NTSB and/or the Coast Guard because it was offshore.

Amarillo, TX – 8-27-24

Local news reports: Here, here, and here.

Chlorine leak at food processing facility. 7 people were taken to hospital.

Possible CSB reportable, depending on whether any of the 7 were admitted to hospital.

GAINESVILLE, Ga  - 8-29-24

Local news reports: Here, here, and here.

Peracetic acid spill when forklift punctures plastic totebin. One employee at a neighboring facility was transported to hospital.

Possible CSB reportable, depending on whether the employee was admitted to the hospital.

Review – Public ICS Disclosures – Week of 8-24-24

This week we have 21 vendor advisories from Beckhoff (4), B&R, Dassault Systèmes (4), Elecom (2), Hitachi, Hitachi Energy, HP (2), Meinberg, Panasonic, TRUMPF (2), and Wireshark. There are also eight vendor updates from B&R, Dell, Elecom (5), and Moxa. Finally, we have five exploits for products from Aruba and Elber (4).

Advisories

Beckhoff Advisory #1 - CERT-VDE published an advisory that describes a cross-site scripting vulnerability in the Beckhoff TwinCAT/BSD-based products.

Beckhoff Advisory #2 - CERT-VDE published an advisory that describes an authentication bypass by alternate path or channel vulnerability in the Beckhoff TwinCAT/BSD-based products.

Beckhoff Advisory #3 - CERT-VDE published an advisory that describes a classic buffer overflow vulnerability in the Beckhoff TwinCAT/BSD-based products.

Beckhoff Advisory #4 - CERT-VDE published an advisory that describes an allocation of resources without limit or throttling vulnerability in the Beckhoff TwinCAT/BSD-based products.

B&R Advisory - B&R published an advisory that describes three vulnerabilities in their  APROL condition monitoring software.

Dassault Systèmes  Advisory #1 - Dassault Systèmes published an advisory that describes a cross-site scripting vulnerability in their ENOVIA Collaborative Industry Innovator.

Dassault Systèmes  Advisory #2 - Dassault Systèmes published an advisory that describes a cross-site scripting vulnerability in their 3DSwym in 3DSwymer.

Dassault Systèmes  Advisory #3 - Dassault Systèmes published an advisory that describes a cross-site scripting vulnerability in their 3DDashboard in 3DSwymer.

Dassault Systèmes  Advisory #4 - Dassault Systèmes published an advisory that describes a cross-site scripting vulnerability in their 3DDashboard in 3DSwymer.

Elecom Advisory #1 - JP-CERT published an advisory that describes four vulnerabilities in the Elecom wireless LAN routers and access points.

Elecom Advisory #2 - JP-CERT published an advisory that describes three vulnerabilities in the Elecom wireless LAN routers.

Hitachi Advisory - Hitachi published an advisory that describes an authentication bypass vulnerability in their Ops Center Common Services product.

Hitachi Energy Advisory - Hitachi Energy published an advisory that describes an SQL injection vulnerability in their MicroSCADA X SYS600 product.

HP Advisory #1 - HP published an advisory that discusses two vulnerabilities in their Z4, Z6, and Z8 workstations.

HP Advisory #2 - HP published an advisory that discusses an incorrect default permissions vulnerability in their notebook PC’s.

Meinberg Advisory - Meinberg published an advisory that discusses three vulnerabilities (all with publicly available exploits) in their LANTIME product.

Panasonic Advisory - JP-CERT published an advisory that describes a stack-based buffer overflow vulnerability in the Panasonic Control FPWIN Pro7.

Trumpf Advisory #1 - CERT-VDE published an advisory that discusses the regreSSHion vulnerability.

Trumpf Advisory #2 - CERT-VDE published an advisory that discusses a use after free vulnerability (listed in the CISA Known Exploited Vulnerability Catalog) in the Trumpf TruControl laser control software products.

Wireshark Advisory - Wireshark published an advisory that describes an out-of-bounds read vulnerability in their NTLMSSP dissector.

Updates

B&R Updates - B&R published an update for their Automation Runtime advisory that was originally published on August 9th, 2024.

Dell Update - Dell published an update for their Dell ThinOS advisory that was originally published on June 12th, 2024, and most recently updated on July 19th, 2024.

Elecom Update #1 - JP-CERT published an update for their ELECOM and LOGITEC network devices advisory that was originally published on August 10th, 2024.

Elecom Update #2 - JP-CERT published an update for their wireless LAN routers advisory that was originally published on July 30th, 2024.

Elecom Update #3 - JP-CERT published an update for their wireless LAN routers and wireless LAN repeater advisory that was originally published on March 26th, 2024 and most recently updated on May 28th, 2024.

Elecom Update #4 - JP-CERT published an update for their wireless LAN routers advisory that was originally published on March 26th, 2024 and most recently updated on May 28th, 2024.

Elecom Update #5 - JP-CERT published an update for their wireless LAN routers advisory that was originally published on May 28th, 2024.

Moxa Update - Moxa published an update for their regreSSHion advisory that was originally published on August 2nd, 2024, and most recently updated on August 9th, 2024.

Exploits

Aruba Exploit - Hosein Vita published an exploit for a remote code execution vulnerability in the Aruba 501 CN12G5W0XX wireless access point.

Elber Exploit #1 - LiquidWorm published an exploit for an authentication bypass vulnerability in the Elber ESE DVB-S/S2 Satellite Receiver.

Elber Exploit #2 - LiquidWorm published an exploit for a device configuration vulnerability in the Elber ESE DVB-S/S2 Satellite Receiver.

Elber Exploit #3 - LiquidWorm published an exploit for an authentication bypass vulnerability in the Elber Wayber Analog/Digital Audio.

Elber Exploit #4 - LiquidWorm published an exploit for a device configuration vulnerability in the Elber Wayber Analog/Digital Audio.

 

For more information about these disclosures, including links to 3rd party advisories, researcher reports, and exploits, as well as a brief summary of changes made in updates, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-8-631 - subscription required.

Friday, August 30, 2024

Short Takes – 8-30-24

When Get-Out-The-Vote Efforts Look Like Phishing. KrebsOnSecurity.com article. Pull quote: “Multiple media reports this week warned Americans to be on guard against a new phishing scam that arrives in a text message informing recipients they are not yet registered to vote. A bit of digging reveals the missives were sent by a California political consulting firm as part of a well-meaning but potentially counterproductive get-out-the-vote effort that had all the hallmarks of a phishing campaign.”

SpaceX Falcon 9 rocket grounded for 2nd time in 2 months following explosive landing failure. LiveScience.com article. Pull quote: “The Aug. 28 mishap not only ended that particular Falcon 9 rocket's record-breaking recovery streak but also cut short an even longer chain of successful SpaceX landings; before Wednesday's incident, the company had aced 267 consecutive Falcon 9 or Falcon Heavy booster landings, according to Space.com.”

SpaceX’s Falcon 9 rocket cleared to fly again with two high-profile missions ahead. CNN.com article. ““The SpaceX Falcon 9 vehicle may return to flight operations while the overall investigation of the anomaly during (Wednesday’s) mission remains open, provided all other license requirements are met,” the agency said in an emailed statement. “SpaceX made the return to flight request on Aug. 29 and the FAA gave approval on Aug. 30.””

European drill and mini lab secure ride to the Moon. ESA.int article. Pull quote: ““Prospect joins a new wave of lunar science and exploration that could open the door to the use of lunar resources. For example, extracting oxygen directly from lunar rocks and dust could be an efficient way to supply oxygen for human habitats or spacecraft propulsion,” says Richard Fisackerly, Prospect project manager.”

Can Pulling Carbon from Thin Air Slow Climate Change? ScientificAmerican.com article. Pull quote: “For its goal of reaching net-zero emissions by 2050, the Biden administration is trying to slash carbon pollution by building renewables, electrifying everything from cars to home heating, and encouraging carbon capture and sequestration at power plants. But emissions that are difficult to eliminate, such as those from long-distance air travel, shipping, agriculture, and cement and steel production, will probably have to be removed from the atmosphere, so the government is trying to ramp up DAC. Humans built machines that made a mess; now we’ll build more machines to clean it up. And if the world could start taking more emissions out than it’s putting in—so-called negative emissions—carbon removal could even begin lowering the global temperature slightly.”

Clearing the Air: Georgia Tech Takes Leading Role in Scrubbing the Atmosphere. D.NewsWise.com article. Pull quote: “Almost all of our policy around DAC is carrots,” said Thomas. “I like carrots, but there are so many, and the question becomes, when do we need sticks? Subsidizing technology and research to make things better is great. But were we more serious about limiting the emission of greenhouse gases, that would make it easier for the technology to take us where we want to go.””

NASA cuts 2 from next SpaceX flight to make room for astronauts stuck at space station. TheHill.com article. Pull quote: “NASA’s Nick Hague and Russian Aleksandr Gorbunov will launch in September aboard a SpaceX rocket for the orbiting laboratory. The duo will return with Suni Williams and Butch Wilmore in February. NASA decided it’s too risky for Williams and Wilmore to fly home in their Boeing Starliner capsule, marred by thruster troubles and helium leaks.”

Mpox outbreaks in Africa could be ended in 6 months, WHO chief says. TheHill.com article.  Pull quote: “Earlier this week, the head of Africa’s Centers for Disease Control and Prevention said the continent was hoping to receive about 380,000 doses of mpox vaccines promised by donors, including the U.S. and the European Union. That’s less than 15% of the doses authorities have said are needed to end the mpox outbreaks in Congo.”

Transportation Chemical Incidents – Week of 7-27-24

Reporting Background

See this post for explanation, with the most recent update here (removed from paywall).

Data from PHMSA’s online database of transportation related chemical incidents that have been reported to the agency.

Incidents Summary

• Number of incidents – 621 (508 highway, 111 air, 2 rail, 0 water)

• Serious incidents – 0 (0 Bulk release, 1 evacuation, 3 injury, 0 death, 0 major artery closed, 1 fire/explosion, 32 no release)

• Largest container involved – 9,500-gal DOT 406 Trailer{Diesel Fuel} Overfilled.

• Largest amount spilled – 75-gal IBC {SODIUM HYDROXIDE, SOLUTION} Unsecured freight.

NOTE: Links above are to Form 5800.1 for the described incidents.

Most Interesting Chemical: Deuterium, Compressed - Deuterium is an isotope of hydrogen but it is chemically identical. It is a colorless, odorless gas. It is easily ignited. Once ignited it burns with a pale blue, almost invisible flame. The vapors are lighter than air. It is flammable over a wide range of vapor/air concentrations. Under prolonged exposure to fire or intense heat the containers may rupture violently and rocket. It is not toxic but is a simple asphyxiate by the displacement of oxygen in the air.  (Source: CameoChemicals.NOAA.gov).


Review - New CISA Voluntary Cyber Incident Reporting Initiative

Yesterday, CISA announced a new effort targeting efforts to get organizations to voluntarily report cyber incidents. The new website “is designed to help entities that may be considering voluntarily reporting cyber incidents understand “who” CISA recommends report an incident, “why and when” CISA recommends they report, as well as “what and how to report.””

Commentary

While this is strictly a voluntary incident reporting system, I am reasonably sure that CISA will be using this as a part of their effort to develop the mandatory critical infrastructure reporting system required by Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). Pushing this voluntary system will allow CISA to work out any bugs in the reporting system before it is rolled out live next year.

 

For more information about this new initiative, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/new-cisa-voluntary-cyber-incident - subscription required.

Thursday, August 29, 2024

Short Takes – 8-29-24

Why Russia has struggled to halt Ukraine’s incursion in the Kursk region. TheHill.com article. Pull quote: ““The Russian system is very hierarchical and stiff, so it always takes them a significant amount of time to adapt to a new situation,” Lange said, “but we will have to see how Ukraine can sustain there, once Russia has adapted and comes with full force.””

New algorithms could enhance autonomous spacecraft safety. Phys.org article. Pull quote: “Chung and his co-authors envision that the proposed method will establish a new way of making expensive space exploration safer and more cost effective. "Space systems make autonomous operations necessary since we cannot grab and fix spacecraft and Mars helicopters operating in a world far away from us," Chung says. "Space is our ultimate 'proving ground' for any autonomy research we do for Earth-based vehicle systems."”

Large patch of the Atlantic Ocean near the equator has been cooling at record speeds — and scientists can't figure out why. LiveScience.com article. Pull quote: “Using data from satellites, oceanic buoys and other meteorological tools, Tuchen and McPhaden are among several climate scientists who are intently tracking the cold patch and any forthcoming effects it would have on the surrounding continents — which could take months to become apparent.”

'Sloth Fever' Virus Is Spreading. Here’s What You Need to Know about Oropouche. ScientificAmerican.com article. Pull quote: “What also raises concern is the finding of local transmission in Cuba for the first time. and imported cases in Europe and in the United States. As the Culicoides paraensis midge is found throughout the Americas, from the United States to Argentina, whenever there are infected people and there are vectors, there may be local transmission events. So, any infected individual can generate a local epidemic, that’s the main concern.”

The US Grid Is Adding Batteries at a Much Faster Rate Than Natural Gas. Wired.com article. Pull quote: “While solar power is growing at an extremely rapid clip, in absolute terms, the use of natural gas for electricity production has continued to outpace renewables. But that looks set to change in 2024, as the US Energy Information Agency (EIA) has run the numbers on the first half of the year and found that wind, solar, and batteries were each installed at a pace that dwarfs new natural gas generators. And the gap is expected to get dramatically larger before the year is over.”

Blue Origin sends six people on suborbital space trip, marking a first for researchers. Geekwire.com article. Pull quote: “During today’s flight at Blue Origin’s Launch Site One in West Texas, Ferl activated an experiment that was meant to document how plants respond to the transitions to and from microgravity.” Researcher actually flew with the experiment.

Review - TSA Publishes HME Fee Change Notice

Today, the TSA published a notice in the Federal Register (89 FR 70201-70202) on “Hazardous Materials Endorsement (HME) Threat Assessment Program Security Threat Assessment Fees for Non-Agent States”. The notice announces an increase in the assessment fee collected by TSA from Non-Agent States for conducting HME threat assessments.

TSA conducted an assessment of the cost of processing applicant information provided by Non-Agent States and determined that the current fees did not cover the cost of processing of those STA’s. The table below shows the increases set forth in this notice. The fee charged for processing applications from Agent States (taken from the TSA website) is provided for comparison.


Note: The ‘Reduced Fee’ application is for STAs in which the applicant has already completed a comparable STA and does not need to undergo the full standard STA and the applicant is filing in a Non-Agent State. Applicants in an Agent State would pay $41.00 for a reduced fee application.

 

For more information about the HME fees, including a description of the differences between Agent States and Non-Agent States, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/tsa-publishes-hme-fee-change-notice - subscription required.

Review – 2 Advisories and 1 Update Published

Today, CISA’s NCCIC-ICS published two control system security advisories for products from Delta Electronics and Rockwell Automation. They also updated an advisory for products from Rockwell.

Advisories

Delta Advisory - This advisory describes a deserialization of untrusted data vulnerability in the Delta DTN Soft temperature controller.

Rockwell Advisor - This advisory describes three vulnerabilities in the Rockwell ThinManager ThinServer.

Updates

Rockwell Update - This update provides additional information on an advisory that was originally published on August 13th, 2024.

 

For more information on these advisories, including a look at the change in the NIST.NVD reporting on their problem keeping up with the flow of vulnerability reporting, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/2-advisories-and-1-update-published-8aa - subscription required. 

Review - APHIS Publishes Dairy HPAI Testing 60-day ICR Renewal Notice

Today, the USDA’s Animal and Plant Health Inspection Service (APHIS) published a 60-day information collection request renewal notice in the Federal Register (89 FR 70162-70163) for “Highly Pathogenic Avian Influenza; Testing, Surveillance, and Reporting of Highly Pathogenic Avian Influenza in Livestock; Dairy Herd Certification”. The current version of the ICR was approved on an emergency basis on July 23rd, 2024. There is no change in the burden estimate for this extension.

Public Comments

APHIS is soliciting public comments on this ICR notice. Comments may be submitted via the Federal eRulemaking Portal (www.Regulations.gov; Docket # APHIS-2024-0043) Comments should be submitted by October 28th, 2024.

 

For more details about this ICR notice, including changes that could have been made, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/aphis-publishes-dairy-hpai-testing - subscription required.

Wednesday, August 28, 2024

Short Takes – 8-28-24

Welcome to our 125th anniversary issue! TechnologyReview.com editorial. Pull quote: “The longer you report on tech, the more you realize how often we get the future wrong. Predictions have a way of not coming true. The things that seem so clear now can shift and change, rearranging themselves into wholly new forms we never thought of.”

For His Second Trip to Space, Billionaire Has Grander, Riskier Aspirations. NYTimes.com article (free). Pull quote: “Mr. Isaacman recalled that he and Ms. Gillis had gone to NASA’s test facility at White Sands, N.M., to observe small projectiles fired at the spacesuits to see how they would stand up. “We obviously weren’t in them," he said, “but to see how the suit performs in a micrometeorite environment.”

SpaceX postpones historic mission featuring first private spacewalk. Phys.org article. Pull quote: “But SpaceX announced Tuesday it was pushing back the launch plans "due to unfavorable weather forecasted in Dragon's splashdown areas off the coast of Florida," in a message on X.”

The latest mpox outbreak and its threat to vision. D.NewsWise.com article. Pull quote: “In a new review article, NIH-funded researchers summarize the natural history of mpox, its modes of transmission, and its clinical course with special attention to the virus' effects on the eye. The authors also address mpox epidemiology and potential approaches to prevention and treatment.” ScienceDirect.com article.

Both Harris and Trump are historically behind on presidential transition planning. GovExec.com article. Pull quote: “Transition planning for Vice President Harris, who only became the presumptive Democratic nominee in July after President Joe Biden dropped out, might seem easy. However Stier noted that one of the worst presidential handovers in modern history was the “friendly” transition between Ronald Reagan and George H. W. Bush.”

Short Takes – 8-28-24 – Federal Register Edition

Sunshine Act Meetings. Federal Register CSB meeting announcement. Quarterly public meeting dates. Summary: “The Chemical Safety and Hazard Investigation Board (CSB) will convene public meetings on October 24, 2024; January 23, 2025; April 24, 2025; and, July 24, 2025, at 2 p.m. ET. These meetings serve to fulfill the CSB's requirement to hold a minimum of four public meetings for Fiscal Year 2025 pursuant to 40 CFR 1600.5(c). The Board will review the CSB's progress in meeting its mission and as appropriate highlight safety products newly released through investigations and safety recommendations.”

Public Engagement Webinars; Pre-Prioritization and Consideration of Existing Chemical Substances for Future Prioritization Under the Toxic Substances Control Act (TSCA). Federal Register EPA TSCA webinar announcement. Summary: “The Environmental Protection Agency (EPA or Agency) is announcing the scheduling of two virtual public meetings to provide information regarding existing chemical pre-prioritization and prioritization activities under the Toxic Substances Control Act (TSCA). Prioritization is the initial step in the process of evaluating existing chemicals under TSCA and implementing regulations. The purpose of prioritization is to designate a chemical substance as being either high priority for immediate further risk evaluation, or low priority, for which risk evaluation is not warranted at the time. The webinars will take place on two separate days, but the content presented at each meeting will be identical. EPA will explain the prioritization process and provide an overview of information that may be used to inform the considerations that ultimately support a High- or Low-Priority Substance designation, such as information on conditions of use and health effects resulting from exposure to the chemicals of interest.” Webinar dates: September 30th, 2024, and October 1st, 2024.

Comment Request; Chemical Weapons Convention Provisions of the Export Administration Regulations. Federal Register BIS 60-day information collection request notice. Abstract: “The Chemical Weapons Convention (CWC) is a multilateral arms control treaty that seeks to achieve an international ban on chemical weapons (CW). The CWC prohibits, the use, development, production, acquisition, stockpiling, retention, and direct or indirect transfer of chemical weapons. This collection implements the following export provision of the treaty in the Export Administration Regulations:” Schedule 1 notification and report, and Schedule 3 End-Use Certificates. Comments due: October 28th, 2024.

Bills Introduced – 8-27-24

Yesterday, with the House and Senate meeting in pro forma session. There were 15 bills introduced. One of those bills will receive additional attention in this blog:

HR 9412 To enhance the cybersecurity of the Healthcare and Public Health Sector. Crow, Jason [Rep.-D-CO-6] 

Tuesday, August 27, 2024

Short Takes – 8-27-24

Recent Massive Data Breaches. WHMurray.blogpost.com post. Pull quote: “Business should rely on full name and address or name and place and date of birth, not SSNs, as identifiers; no one else with my name lives where I live or was born at the same place and time.  SSNs were necessary when storage (in 80 column cards) was dear.  They are not even necessary in modern databases and cheap storage.  The last four digits of the SSN may be used for verification and as tie breakers in some applications.”

A skeptic’s guide to humanoid-robot videos. TechnologyReview.com article. Interesting things to look for. Pull quote: “Lastly, is the video sped up? Oftentimes that can be totally reasonable if it’s skipping over things that don’t demonstrate much about the robot (“I don’t want to watch the paint dry,” Goldberg says). But if the video is sped up to intentionally hide something or make the robot seem more effective than it is, that’s worth flagging. All of these editing decisions should, ideally, be disclosed by the robotics company or lab.”

System Safety Assessments. Federal Register FAA final rule. May have cybersecurity implications. Summary: “The FAA is amending certain airworthiness regulations to standardize the criteria for conducting safety assessments for systems, including flight controls and powerplants, installed on transport category airplanes. With this action, the FAA seeks to reduce risk associated with airplane accidents and incidents that have occurred in service, and reduce risk associated with new technology in flight control systems. The intended effect of this rulemaking is to improve aviation safety by making system safety assessment (SSA) certification requirements more comprehensive and consistent.” Effective Date: “September 26th, 2024.

Harris County settles lawsuit against Arkema over 2017 chemical plant fire. HoustonPublicMedia.org article. Pull quote: “Under the $1.1 million settlement, Arkema agreed to implement safety and flood mitigation measures at the Crosby plant, like upgrading fire safety and reinforcing buildings. The company also agreed to notify the public and government agencies within two hours “after becoming aware of any release of pollutants with potentially adverse health or safety impacts.””

'The tropics are broken:' So where are all the Atlantic hurricanes? USAToday.com article. Pull quote: “"The Atlantic tropics are broken – for now," meteorologist Ryan Maue posted on X Sunday, adding that developing storms near Africa are encountering at least one problem: "Ocean temperatures at this latitude are way too cool to sustain a rain shower."”

Short Takes – 8-27-24 – Space Geek

SpaceX delays Polaris Dawn launch after helium leak is detected. TheHill.com article. Pull quote: ““Teams are taking a closer look at a ground-side helium leak on the Quick Disconnect umbilical,” the company wrote on X. “Falcon and Dragon remain healthy, and the crew continues to be ready for their multi-day mission to low-Earth orbit.””

Clearance of Renewed Approval of Information Collection: License Requirements for Operation of a Launch Site. Federal Register, FAA 30-day ICR renewal notice. Summary: “In accordance with the Paperwork Reduction Act of 1995, FAA invites public comments about our intention to request the Office of Management and Budget (OMB) approval to renew an information collection. The Federal Register Notice with a 60-day comment period soliciting comments on the following collection of information was published on January 26, 2024. The information to be collected includes data required for performing launch site location analysis. The launch site license is valid for a period of 5 years. Respondents are licensees authorized to operate sites.” Comments Due: September 26th, 2024.

'Space junk' that fell in Eastern Cape was a car-size meteorite. Phys.org article. Pull quote: “Wits University is one of a few internationally-accredited repositories for meteorites in South Africa. Gibson and his colleagues keep a close watch on meteorite finds and falls in the country. The last meteor fall in South Africa occurred in Lichtenburg in 1973.”

JAXA Officially Wraps Up its SLIM Lander Mission. UniverseToday.com article. Pull quote: “During its time on the lunar surface, SLIM accomplished many scientific objectives and exceeded expectations in many ways. The soft landing was a high-precision maneuver with a position error of just 10 meters (~33 ft) from the landing site, constituting the world’s first successful pinpoint landing. In addition, the lander’s Multi-Band Camera (MBC) successfully performed spectral observations on ten different lunar rock samples in ten wavelength bands. Last, but not least, the mission remained operational for three lunar nights, which was not part of the original mission parameters.”

Boeing faces hard questions about Starliner and its future in space. NPR.org article. Pull quote: ““Almost all of Boeing's problems are cultural,” says Richard Aboulafia, an aviation industry analyst at AeroDynamic Advisory. “It's a management team that was completely disconnected from the folks who actually did the design, integration and manufacture of the company's products. That's a recipe for trouble. And you've seen it in jetliners and defense products and now, of course, in space systems.””

Firefly Aerospace’s lunar lander begins pre-launch environmental tests. SpaceNews.com article. Pull quote: ““Firefly is proud to follow in the footsteps of the Surveyor landers that were tested in the same JPL facilities,” Peter Schumacher, interim chief executive of Firefly Aerospace, said in a statement, referring to the 1960s-era NASA robotic lunar landers. “The extensive environmental testing we’ll complete at JPL combined with the robust testing we’ve already completed in house will further reduce our risk posture and set us up for a successful soft landing.””

New data on radiation show missions to Jupiter's moon Europa are possible. Phys.org article. Pull quote: “Juno's ASC star camera images of stars to determine the spacecraft's orientation in space, which is vital to the success of the spacecraft's MAG experiment. But the four star cameras—located on Juno's magnetometer boom—have also proved to be valuable detectors of high-energy particle fluxes in Jupiter's magnetosphere. They record "hard radiation"—ionizing radiation of high-penetrating power that impacts a spacecraft with sufficient energy to pass through the ASC star camera's shielding.”

Review - GSA Publishes Contract HAZMAT Information 60-day ICR Revision Notice

Today, the General Services Administration published a 60-day information collection request revision notice in the Federal Register (89 FR 68616-68617) for “Hazardous Material Information - GSAR Section Affected: 552.223-72” (Control # 3090-0205). The revision is a minor change in the burden hours estimate for the ICR. The table below shows the change in burden estimate.

Background

According to the Abstract for the current version of the ICR:

“The Federal Hazardous Substance Act (Pub. L. 86-613) and Hazardous Material Transportation Act (Pub. L. 93-633) prescribe standards for packaging of hazardous substances. To meet the requirements of the Acts, the General Services Administration Regulation prescribes provision 552.223-72 [link added], Hazardous Material Information, to be inserted in solicitations that provides for delivery of hazardous materials on an f.o.b. origin basis. The provision requires the contractor to identify for each National Stock Number (NSN) the Department of Transportation (DOT) Shipping Name, DOT Hazards Class, and whether the item requires a DOT label.”

Public Comments

GSA is soliciting public comments on this ICR revision notice. Comments may be submitted via the Federal eRulemaking Portal (www.Regulations.gov: Docket # GSA-GSA-2024-0001-00023). Comments should be submitted by October 28th, 2024

 

For more information on the changes in the ICR burden estimate, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/gsa-publishes-contract-hazmat-information - subscription required. 

Monday, August 26, 2024

Short Takes – 8-26-24

Unusual La Niña may be forming in the Atlantic: ‘almost unprecedented’. TheHill.com article. Pull quote: “Another big difference between Pacific and Atlantic La Niñas is the scope of their impacts. While a Pacific La Niña has global weather implications, including all around the U.S., “everything is a bit smaller” with an Atlantic La Niña, Tuchen explained. They don’t last as long and really only have regional weather impacts.”

Deadly mosquito virus has Mass. towns urging people to stay in at night. WashingtonPost.com article. Pull quote: ““We have not seen an outbreak of EEE [eastern equine encephalitis] for four years in Massachusetts,” Robbie Goldstein, the state’s department of public health commissioner, said in a statement. “We need to use all our available tools to reduce risk and protect our communities. We are asking everyone to do their part.””

Birth of a hurricane: What meteorologists look for as they hunt for early signs of a tropical cyclone forming. TheConversation.com article. Pull quote: “One of the primary tools meteorologists currently use to forecast the early formation of hurricanes is satellite imagery, which provides real-time data on cloud patterns, sea surface temperatures and other atmospheric conditions. For instance, the GOES satellites operated by NOAA help meteorologists track the development of hurricanes with unprecedented clarity. These satellites can capture images at multiple wavelengths, allowing forecasters to analyze various aspects of the storm, such as cloud formation, precipitation and lightning activity.”

Planet launches 1st Tanager-1 (Hyperspectral Satellite) + 36 SuperDoves with SpaceX. News.Satnews.com article. Pull quote: “In addition to Tanager-1, the Transporter-11 rocket delivered 36 SuperDoves to orbit to contribute to Planet’s flagship daily, global monitoring mission (please see www.planet.com/pulse/36-planet-superdoves-successfully-launch-on-spacexs-falcon-9-rocket/). PlanetScope data is used by hundreds of customers in defense and intelligence, civil government, and commercial markets to take informed action, and better contextualize events they’re seeing on the ground now. Planet’s daily scan and deep archive of data across the globe is unique within the industry and provides customers with a continuous and comprehensive view of their areas of interest. Further, the archive acts as a rich training ground for predictive machine-learning and advanced artificial-intelligence models, accelerating users’ ability to draw insights from the terabytes of data collected by Planet each day.”

Is the vulnerability disclosure process glitched? How CISOs are being left in the dark. CSOOnline.com article. Another informative article by Cynthia Brumfield. Pull quote: “Like the other experts, Childs emphasizes that another critical step in addressing disclosure process problems is for vendors to make it easier for researchers to report vulnerabilities. “Even if you don’t have a formal piece or you’re not overflowing with engineers, just make it easy to report bugs, and people will work with you.””

Ukraine’s Kursk offensive isn’t just a raid. It’s upending assumptions. WashingtonPost.com commentary (free). Pull quote: “Whatever happens in Kursk, the success the Ukrainians have so far enjoyed reveals that Russian red lines are not as menacing as President Joe Biden seems to imagine in setting sharp limitations on the use of U.S. weaponry against Russian territory. Far from going nuclear, Putin is trying to minimize the Ukrainian incursion by pretending it’s business as usual for the Kremlin. “It shows the final hollowness of all the nuclear threats that have been used for years to limit aid to Ukraine,” Phillips P. Obrien, a professor of strategic studies at the University of St. Andrews, wrote last week on Substack.”

WHO unveils effort to fight mpox outbreak. TheHill.com article. Pull quote: “As of Aug. 22, there have been a total of 3,326 confirmed and 17,979 suspected cases of mpox, along with 590 deaths from the disease across 12 African countries so far this year, according to the Africa Centers for Disease Control and Prevention.” 

Review - HR 9074 Introduced – 2-Person Freight Crew

Last month, Rep Sykes (D,OH) introduced HR 9074, the Safe Freight Act of 2024. The bill would mandate the use of 2-person rail crews for most freight train operations and provides limited exceptions to the requirement. No new funding is authorized by the bill.

The bill would add a new §20154, Freight train crew size safety standards, to 49 USC,

Moving Forward

Sykes is a member of the House Transportation and Infrastructure Committee to which this bill was assigned for consideration. This means that there may be sufficient influence to see the bill considered by the Committee. Having said that, with the FRA recently completing a rule making on the subject, I would expect the Committee leadership to resist revisiting this subject until there has been a chance to see how the recent regulatory change works in practice.

 

For more information on the provisions of this bill, including a brief look at the recent regulatory change, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/hr-9074-introduced - subscription required.

Saturday, August 24, 2024

Short Takes – 8-24-24

‘This is how Toyota knows if your GR Corolla went over 85 mph to void warranty’: Expert reveals how to remove the GPS tracker the dealership puts on your car. DailyDot.com article. Pull quote: ““So yeah there you go. Toyota is tracking your car wherever you go,” he shares. “If that’s something you guys signed up for for lo jack definitely just leave that alone.” He did provide a repeat warning, however, reminding his viewers that these modules can cause battery drain.”

Zapping sand to create rock could help curb coastal erosion. ScienceNews.org article. Pull quote: “But sending low voltage electricity through waterlogged sands can induce the formation of minerals that help bind the sediments, Rotta Loria and his colleagues report online August 22 in Communications Earth & Environment. The components of the minerals are already dissolved in the seawater, the researchers note.”

NASA Decides to Bring Starliner Spacecraft Back to Earth Without Crew. NASA.gov news-release. Pull quote: “NASA and SpaceX currently are working several items before launch, including reconfiguring seats on the Crew-9 Dragon, and adjusting the manifest to carry additional cargo, personal effects, and Dragon-specific spacesuits for Wilmore and Williams. In addition, NASA and SpaceX now will use new facilities at Space Launch Complex-40 at Cape Canaveral Space Force Station in Florida to launch Crew-9, which provides increased operational flexibility around NASA’s planned Europa Clipper launch.”

NASA Extends Boeing Starliner Astronauts’ Space Station Stay to 2025. NYTimes.com article. Pull quote: ““These clusters have experienced more stress, more heating,” Mr. Stich said, “and so there’s a little bit more concern for how they would perform during the deorbit burn, holding the orientation of the vehicle, and then also the maneuvers required after that.”

Notice of President's National Infrastructure Advisory Council Meeting. Federal Register DHS-NIAC meeting notice. Agenda: “The National Infrastructure Advisory Council will meet on Tuesday, September 10, 2024, from 1:00 p.m. to 5:00 p.m. EDT to discuss NIAC activities. The open session will include: (1) a keynote address on critical infrastructure security and resilience;(2) a period for public comment; (3) subcommittee updates and member discussion.” Watch ‘NIAC Meetings and Resources’ page for upcoming agenda and previous meeting notes.

‘I hope I get the opportunity to fly’: Meet Paralympian-turned-astronaut John McFall. Nature.com article. Pull quote: “We also looked at the requirements of spacecraft and ISS operations — for example, assessing whether I can undertake all the safety and emergency procedures in the spacecraft. We did some parabolic, zero-gravity flights to look at whether I could move around in microgravity. And we did some assessments to make sure that my prosthesis would still fit and still be comfortable irrespective of changes in the size of my stump, because of the shift of fluid that you get in microgravity.”

This startup wants to find out if humans can have babies in space. TechnologyReview.com article. Pull quote: “Now Edelbroek is CEO of SpaceBorn United, a biotech startup seeking to pioneer the study of human reproduction away from Earth. Next year, he plans to send a mini lab on a rocket into low Earth orbit, where in vitro fertilization, or IVF, will take place. If it succeeds, Edelbroek hopes his work could pave the way for future space settlements.”

Review - CISA Publishes NSCR 60-day ICR Notice

CISA published (available online today) an 60-day information collection request in Monday’s Federal Register (89 FR 68459-68460) for Nationwide Cyber Security Review Assessment (NCSR). According to the preamble to this ICR, the “CSD [CISA’s Cybersecurity Division] developed the NCSR to measure the gaps and capabilities of cybersecurity programs within SLTT [State, Local, Tribal, and Territorial] governments.” The preamble further explains:

 

“The NCSR is an annual voluntary self-assessment that is hosted on LogicManager [link added], which is a technology platform that provides a foundation for managing policies, controls, risks, assessments, and deficiencies across organizational lines of business. The NCSR self-assessment runs every year, usually from October-February. In efforts to increase participation, the deadline is sometimes extended. The target audience for the NCSR are personnel within the SLTT community who are responsible for the cybersecurity management within their organization.”

 

The table below shows the currently approved burden estimate and the new estimate being offered in this ICR.

Public Comments

CISA is soliciting comments on this ICR notice. Comments may be submitted via the Federal eRulemaking Portal (www.Regulations.gov: Docket # CISA-2024-0021). Comments should be submitted by October 25th, 2024.

 

For more details about this notice and the changes from the currently approved ICR, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/cisa-publishes-nscr-60-day-icr-notice - subscription required.


2024 Chemical Sector Seminar Presentations Online

CISA has updated their ‘Chemical Security Summit’ web page to include a link to a new page that provides .pdf copies of some of the presentations from last month’s 2024 Chemical Security Seminars. That page includes the following presentations:

Drone Policy and Impacts to Critical Infrastructure,

The Impacts of Artificial Intelligence on Chemical Security,

Response Strategies for Hazardous Chemical Incidents,

State of Chemical Security, and

"Wicked Problems" in Chemical Security

As always, these static presentations provide a great deal of interesting information, but a great deal of the information that was included in the live/virtual presentation is missing from these slides. Hopefully, we will be seeing links to copies of the live-streamed presentations on this new page in the near future.

The following presentations have not yet been made available:

• Transnational Threats Impacting Chemical Security,

• Federal Partner Priorities for Addressing Emerging Chemical Threats,

• The Impacts of Artificial Intelligence on Chemical Security, and

• Tactics and Resources for Managing Physical and Cyber Threats

The absence of the ‘transnational threats’ presentation is not surprising. The press was restricted from participating in this presentation because of the sensitive information included. That information is still sensitive.

Interestingly the AI presentation seems to have been included in the ‘Wicked Problems’ presentation that is available today.

CSB Adds 4th Active Investigation

Yesterday, the Chemical Safety Board updated their ‘Current Investigations’ webpage, adding a fourth active investigation to the list. They added an investigation of the “TS USA Molten Salt Eruption”, this fatal incident occurred on May 30th, 2024 (not 20254 as listed on the page, not that I have ever had typos on my sites) in Chattanooga, TN. The CSB announced sending an investigation team to the site on June 4th, 2024.

In addition to the TS USA investigation, the CSB has announced sending investigators to two other incidents since June:

June 10th, Honeywell facility in Geismar, LA, and

August 1st, Cuisine Solutions, Inc., Loudon County, VA

The CSB has not yet provided any updates on the status of any of these investigations.

Review – Public ICS Disclosures – Week of 8-17-24

This week we have eleven vendor disclosures from Bosch, Dassault Systèmes (3), HPE, Palo Alto Networks, Moxa, Panasonic, Rockwell, SonicWall, and Welotec. There are also three vendor updates from Cisco and HPE.

Advisories

Bosch Advisory - Boach published an advisory that describes a missing authentication vulnerability in their CPP13 and CPP14 IP cameras.

Dassault Systèmes Advisory #1 – Dassault Systèmes published an advisory that describes an open redirect vulnerability in their 3DSwymer product.

Dassault Systèmes Advisory #2 – Dassault Systèmes published an advisory that describes a reflected cross-site scripting vulnerability in their ENOVIA Collaborative Industry Innovator product.

Dassault Systèmes Advisory #3 – Dassault Systèmes published an advisory that describes an open redirect vulnerability in their 3DSwymer product.

HPE Advisory - HPE published an advisory that discusses nine vulnerabilities in their HPE SimpliVity AMD Servers.

Palo Alto Networks Advisory - Palo Alto Networks published an advisory that discusses OpenSSL’s exposure of sensitive information to an unauthorized actor vulnerability.

Moxa Advisory - Moxa published an advisory that discusses the regreSSHion vulnerability. Moxa provides a list of the affected products.

Panasonic Advisory - Panasonic acknowledges a stack-based buffer overflow vulnerability in their Control FPWIN Pro product.

Rockwell Advisory - Rockwell published an advisory that describes three vulnerabilities in their ThinManager ThinServer product.

SonicWall Advisory - SonicWall published an advisory that describes an improper access control vulnerability in their SonicOS product.

Welotec Advisory - CERT-VDE published an advisory that discusses the regreSSHion vulnerability.

UPDATES

Cisco Update #1 - Cisco published an update for their regreSSHion advisory that was originally published on July 2nd, 2024 and most recently updated on August 2nd, 2024.

Cisco Update #2 - Cisco published an update for their Blast-Radius advisory that was originally published on July 10th, 2024, and most recently updated on August 9th, 2024.

HPE Update - HPE published an update for their ProLiant DL/ML/XL, Synergy, MicroServer, and Edgeline Servers that was originally published on August 13th, 2024.

 

For more information on these disclosures, including links to 3rd party advisories and researcher reports, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-8-e17 - subscription required. 

Friday, August 23, 2024

Short Takes – 8-23-24

Five ways the brain can age: 50,000 scans reveal possible patterns of damage. Nature.com article. Pull quote: “For example, dementia and its precursor, mild cognitive impairment, had links to three of the five patterns. Intriguingly, the researchers also found evidence that the patterns they identified could potentially be used to reveal the likelihood of more brain degeneration in the future. “If you want to predict progression from cognitively normal status to mild cognitive impairment, one [pattern] was the most predictive by far,” says Davatzikos. “At later stages, the addition of a second [pattern] enriches your prediction, which makes sense because this kind of captures the propagation of the pathology.” Other patterns were linked to conditions including Parkinson’s disease and Alzheimer’s disease, and one combination of three patterns was highly predictive of mortality.”

Electrification of process heat stands to slash industry’s emissions. ChemistryWorld.com article. Pull quote: “‘When you electrify you replace your thermal load that you previously supplied with natural gas with electricity, but you need different infrastructure for that. You have the natural gas connection, but these are typically in the area of double-digit megawatts – and some industrial sites only have 5–10MW electricity connections, which they are already using, and so would have to extend the electricity grid connection. That’s something that takes a lot of time. I know that for Germany, it can take four, five years or longer to do this,’ says Rehfeldt. ‘And that means that your window of opportunity for reinvestment is long gone. If you have to wait four years to invest in your core business, then you just invest in the fossil installation and not in the electric one, even if you would have had a business case for it.’” Missing discussion of chemical process facility’s needs for both process heating and cooling.

The citation black market: schemes selling fake references alarm scientists. Nature.com article. Pull quote “The team then approached a company, which they found while analysing suspicious citations linked to one of the authors in their data set, that seemed to be selling citations to Google Scholar profiles. The study authors contacted the firm by e-mail and later communicated through WhatsApp. The company offered 50 citations for $300 or 100 citations for $500. The authors opted for the first option and 40 days later 50 citations from studies in 22 journals — 14 of which are indexed by scholarly database Scopus — were added to the fictional researcher’s Google Scholar profile.”

NASA will decide Saturday if Boeing's new capsule is safe enough to fly 2 astronauts back from space. Phys.org article. Pull quote: “Administrator Bill Nelson and other top officials will meet Saturday. An announcement is expected from Houston once the meeting ends.”

Europe delivers for Artemis III. Phys.org article. Pull quote: “ESA has already provided two European Service Modules for NASA: The first was used during the successful Artemis I uncrewed mission, and the second is currently at NASA's Kennedy Space Center for testing in the lead up to the Artemis II mission scheduled next year.”

Review - HR 9071 Introduced – Declassify UAS Threats

Last month, Rep Nunn (R,IA) introduced HR 9071, the UAS Threat Disclosure Act. The bill would require the Director of National Intelligence (DNI) to declassify information related to the security threats posed by Chinese unmanned aircraft systems and provide an unclassified report to Congress on the same. No new funding is authorized by this legislation.

Moving Forward

Neither Nunn nor his two cosponsors are member of the House Permanent Select Committee on Intelligence to which this bill was assigned for consideration. This means that it is unlikely that there is sufficient influence to see the bill considered in Committee. I do not expect that there would be a great deal of interest in that Committee for seeing this information declassified. They already have access to the classified versions of the data and would generally be more supportive of the continuing protections of ‘means and sources’ that such security classifications provide.

Commentary

This is an odd bill. Nunn and his cosponsors are all members of the House Armed Services Committee, so they should be well familiar with the intelligence communities’ interest in protecting means and sources. Requiring unredacted information in an unclassified report to Congress would be sure to raise the ire of the DNI. Furthermore, the bill does not provide any reasoning to support the need for this widespread declassification mandate. Finally, the ‘unless’ clause in §2(a)(3) is an admission by the crafters of this bill that they are looking for too wide a declassification effort.

 

For more details about the provisions of this bill, including expanded commentary, see my article on CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/hr-9071-introduced - subscription required.

Transportation Chemical Incidents – Week of 7-20-24

Reporting Background

See this post for explanation, with the most recent update here (removed from paywall).

Data from PHMSA’s online database of transportation related chemical incidents that have been reported to the agency.

Incidents Summary

• Number of incidents – 638 (545 highway, 87 air, 5 rail, 1 water)

• Serious incidents – 5 (5 Bulk release, 0 evacuation, 1 injury, 0 death, 1 major artery closed, 0 fire/explosion, 33 no release)

• Largest container involved – 23,975-gal DOT 117J100W railcar {Fuel Oil (NO. 1, 2, 4, 5, or 6)} Defective manway lid gasket.

• Largest amount spilled – 20,000-lbs Hopper Railcar {Ammonium Nitrate, With Not More Than 0.2%  Of Combustible Materials, Including Any Organic Substance Calculated As Carbon To The Exclusion Of Any Other Added Substance} Hard coupled from humping operations caused 6’x0.5” tear in well of hopper A.

NOTE: Links above are to Form 5800.1 for the described incidents.

Most Interesting Chemical: Valeraldehyde- A colorless liquid. Slightly soluble in water and less dense than water. Flash point 54°F. Vapors heavier than air. Used to make artificial flavorings and rubber. (Source: CameoChemicals.NOAA.gov).

 


INSERT UN 2058 Placard

Thursday, August 22, 2024

Short Takes – 8-22-24

“Worrisome” research findings of a common industrial chemical’s harmful effects. D.NewsWise.com article. Pull quote: “The findings, published as the cover article in the May 2024 issue of the journal Toxics, their paper, “Environmentally Relevant Concentrations of Triphenyl Phosphate (TPhP) Impact Development in Zebrafish,” send a clarion call for more research, Williams says. “We know that TPhP is a ubiquitous environmental contaminant that many organisms, including humans, are exposed to. Now we know that it is likely a developmental toxicant at environmentally relevant levels. That’s worrisome. It’s critical to understand the implications of that exposure.””

Predetermined Change Control Plans for Medical Devices; Draft Guidance for Industry and Food and Drug Administration Staff; Availability. Federal Register FDA draft guidance availability notice. “The Food and Drug Administration (FDA or Agency) is announcing the availability of the draft guidance entitled “Predetermined Change Control Plans for Medical Devices.” [link added] A predetermined change control plan (PCCP) is the documentation describing what modifications will be made to a device and how the modifications will be assessed. This draft guidance provides FDA's current thinking on a policy for PCCPs and recommendations on the information to include in a PCCP in a marketing submission for a device. This draft guidance is not final nor is it for implementation at this time.” Includes discussions about the applicability to software changes.

How we could turn plastic waste into food. TechnologyReview.com article. Pull quote: “Research into edible microorganisms dates back at least 60 years, but the body of evidence is decidedly small. (One review estimated that since 1961, an average of seven papers have been published per year.) Still, researchers in the field say there are good reasons for countries to consider microbes as a food source. Among other things, they are rich in protein, wrote Sang Yup Lee, a bioengineer and senior vice president for research at Korea Advanced Institute of Science and Technology, in an email to Undark. Lee and others have noted that growing microbes requires less land and water than conventional agriculture. Therefore, they might prove to be a more sustainable source of nutrition, particularly as the human population grows.” Protein supplements for long-term space missions?

We finally have a definition for open-source AI. TechnologyReview. Com article. Pull quote: “According to the group, an open-source AI system can be used for any purpose without securing permission, and researchers should be able to inspect its components and study how the system works. It should also be possible to modify the system for any purpose—including to change its output—and to share it with others to use, with or without modifications, for any purpose. In addition, the standard attempts to define a level of transparency for a given model’s training data, source code, and weights.

 
/* Use this with templates/template-twocol.html */