Short Takes – 9-25-24

LunaRecycle Challenge Phase 1. Federal Register NASA notice. Summary: “NASA seeks to stimulate research and technology solutions to support future missions and inspire new national aerospace capabilities through public prize competitions called Centennial Challenges. The LunaRecycle Challenge is one such competition. Centennial Challenges are managed at NASA's Marshall Space Flight Center in Huntsville, Alabama and are part of the Prizes, Challenges, and Crowdsourcing program within NASA's Space Technology Mission Directorate (STMD) at the agency's Headquarters in Washington.”

Cyberthreats to railroads loom as industry and TSA grow an uneasy partnership. TheRecord.media article. There is a difference between a ‘security directive’ and a regulation. Pull quote: “Rail infrastructure — from tracks to switches to substations — spreads across vast distances, making security upgrades difficult and time-consuming. Some equipment can’t be upgraded and requires extensive planning to replace. And rail operators allow a wide variety of computer engineers to access their networks, often without strict controls.”

Congress poised to pass short-term funding bill ahead of campaign’s final stretch. Politico.com article. Pull quote: “The Senate: Earlier this week, weekend work was on the table. But that has been set aside: The Senate is set to move swiftly Wednesday night on the spending measure after House passage. On Tuesday night, the upper chamber locked in a time agreement to expedite debate time and speed towards a final vote. Once they receive the House-passed bill, the Senate will debate for up to two hours and then vote.”

Radian Aerospace completes its first round of ground testing for prototype space plane. GeekWire.com article. Pull quote: ““Let’s just put it this way,” Holder said. “The interest in the program is global, and that’s really, really good. The interest in UAE is very high, and I would say that spans from government to private concerns. There’s benefit to being in this space, so people who are interested in maybe being potential users or investors can see some of the work firsthand.””

How Likely Is That To Kill Anyone? LinkedIn.com commentary. An interesting look at why patching control systems can be so difficult. Pull quote: “This is in sharp contrast with some aspects of enterprise cybersecurity programs that in some domains apply constant, aggressive change to stay ahead of the adversary: the latest security updates, as quickly as practical, the latest anti-virus signatures, and the latest software versions and keys and cryptosystems. These “constant change” practices fly in the face of the ECC discipline. There is simply no way to keep industrial equipment patched as aggressively as we patch enterprise networks. One consequence of this limitation is that most industrial equipment is vulnerable to known exploits for much longer periods of time than is typical of enterprise equipment.”