Short Takes – 10-31-24

New guidance published for hydrogen pipelines. HazardExOnTheNet.net article. Pull quote: ““This change will result in a more efficient application of clear, consensus-based hydrogen rules for piping systems by consolidating these rules into the standards that are most often used by our industry partners,” said Chris Cantrell, ASME’s senior managing director of standards and engineering services. “ASME would like to thank our volunteers, our staff, and PRCI staff and volunteers for working with us to meet pipeline industry needs and to advance the use of hydrogen to promote a clean energy future.”” Final report here.

Three-person crew enters China's Tiangong space station. Phys.org article. Pull quote: “The new Tiangong team will carry out experiments with an eye to the space program's goal of placing astronauts on the Moon by 2030 and eventually constructing a lunar base.” Includes diagram of Tiangong station.

Bird flu has been found in a pig for the first time in the U.S. NPR.org article. Pull quote: “The USDA has conducted genetic tests on the farm's poultry and has not seen any mutations that suggest the virus is gaining an increased ability to spread to people. That indicates the current risk to the public remains low, officials said.”

Bird flu could become deadlier if it mixes with seasonal flu viruses, experts warn. LiveScience.com article. Pull quote: “These mutations may change the shape of the hemagglutinin and, thus, the antibodies that bind to it. This difference might render the CDC's standard tests unsuitable, so the agency spent three weeks developing new antibody tests based on the mutant protein.”

Voyager 1 loses contact with NASA, turns on retro transmitter not used since 1981. LiveScience.com article. Pull quote: “On Oct. 22, engineers sent a command to confirm that the spacecraft was indeed using its backup S-band transmitter. The team successfully reestablished contact with Voyager 1 two days later. NASA engineers are now working to diagnose the issue that triggered Voyager 1's fault protection system and to restore it to normal operations.”

China wants to make its Tiangong space station bigger and better. Space.com article. Pull quote: “Also named Xuntian, the CSST is a Hubble-class space telescope that will share an orbit with Tiangong. It will be able to dock with the space station for maintenance, repairs and even upgrades.”

Empowering Chemical Technical Professionals. CEN.ACS.org discovery report. Pull quote: “These obstacles are particularly concerning for diversity in chemistry. If the only way to join the chemical workforce is to go directly to university and graduate school, the scientific community of tomorrow will not be inclusive. Skilled technical positions allow people to start their careers in science earlier and with less student debt. Some may become motivated to pursue advanced degrees later in life, while others will be successful in technical roles. Supporting these pathways means that careers in chemistry will be more accessible to more people.”

I Voted Today – 10-31-24

I voted this morning, the next to last day of early voting in Georgia. No line, no problems; I like it when duties are this easy to perform. I have voted in every Presidential election since 1972 (and lots of others as well). I was raised in a politically active family and would not be able to face my parents in the hereafter if I missed even one.

I have been a registered Republican that whole time. I worked my first campaign in 1964 (yes, I was much less than 18 in that year) in California. I worked in the local Republican Headquarters that first year, helping to make the ‘get-out-the-vote’ lists. In 68 and 72 I was one of the people going to Republican voters on election day, reminding them to get out and vote. Once I joined the Army later in 72, I left active political life behind.

Last Saturday, I was visited by a couple of Trump campaign workers who came to the house to remind me to vote. Now anyone that knows me, knows how little use I have for Trump as a candidate or a person. I was tempted to let these two know about my feelings, but I remembered making similar calls on people in 68 and 72. They were polite and non-political (beyond their Trump and MAGA buttons), so I responded with the same level of civility and assured them that I was voting early.

Please, let us all try to return civility to political discourse. Yelling and screaming has never changed anyone’s mind. It just encourages yelling and screaming in return.

Review – 1 Advisory and 3 Updates Published – 10-31-24

Today, CISA’s NCCIC-ICS published a control system security advisory for products from Rockwell. They also updated three advisories for products from Mitsubishi.

Advisories

Rockwell Advisory - This advisory describes two vulnerabilities in the Rockwell ThinManager product.

Updates

Mitsubishi Update #1 - This update provides additional information on the MELSEC iQ-R Series advisory that was originally published on June 6^th, 2023, and most recently updated on April 25^th, 2024.

Mitsubishi Update #2 - This update provides additional information on the FA Engineering Software advisory that was originally published on May 14^th, 2024.

Mitsubishi Update #3 - This update provides additional information on the FA Engineering Software advisory that was originally published on January 30^th, 2024.

 

For more information on these advisories, including brief summary of changes made in updates, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/1-advisory-and-3-updates-published-7c3 - subscription required.

CG Publishes TWIC Reader Delay Final Rule – 10-31-24

Today, the Coast Guard published a final rule in the Federal Register (89 FR 86723-86739) on “TWIC--Reader Requirements; Second Delay of Effective Date”. This rulemaking extends the enforcement date for the TWIC Reader requirements for the three categories of facilities related to Certain Dangerous Cargo listed in 33 CFR §105.253(a) until May 8^th, 2029. The notice of proposed rulemaking was published on December 6^th, 2022. The effective date of this rule is December 2^nd, 2024.

The TWIC Reader rule was controversial from its first proposal. The preamble for this rule provides a lengthy review of the regulatory convolutions that the Coast Guard has gone through on the TWIC Reader requirements. One of the developments that has had the most impact on the two ‘delay rules’ is the Congressional mandate for the Coast Guard to commission an independent study reviewing the security value of the TWIC program. The Homeland Security Operational Analysis Center (HSOAC) delivered that analysis in July, 2022; a copy of that report will be posted in the docket for this rule. The CG continues to review that report.

Review - CISA Publishes Coordinated Vulnerability Disclosure 60-day ICR Notice

Today, CISA published a 60-day information collection request (ICR) notice in the Federal Register (89 FR 86352) for a new ICR on Vulnerability Reporting Submission Form. According to the discussion in this notice:

“CISA is responsible for performing Coordinated Vulnerability Disclosure, which may originate outside the United States Government (USG) network/community and affect users within the USG and/or broader community, or originate within the USG community and affect users both within and outside of it. Often, therefore, the effective handling of security incidents relies on information sharing among individual users, industry, and the USG, which may be facilitated by and through CISA. A dedicated form on the CISA website will allow for reporting of vulnerabilities that the reporting entity believe to be CISA Coordinated Vulnerability Disclosure (CVD) eligible. Upon submission, CISA will evaluate the information provided, and then will triage through the CVD process, if all CISA scoped CVD requirements are met.”

CISA provides the following initial estimate of the annual burden that will be imposed by this collection:

Public Comments

CISA is soliciting public comments on this information collection request. Comments may be submitted via the Federal eRulemaking Portal (www.Regulations.gov; Docket #CISA-2024-0027). Comments should be submitted by December 30^th, 2024.

Commentary

What is not clear in this relatively brief ICR notice is whether CISA is owning up to the ‘sponsorship’ of Carnegie Mellon’s reporting process (see the ‘sponsored by’ notice on the bottom of the KB.CERT.org reporting page) or if CISA is going to be standing up a vulnerability coordination process separate from the MITRE system. From the perspective of a response to this ICR, this is an important distinction. If CISA is simply taking ownership of the MITRE process, then we have public access to the data collection documentation and can appropriately comment on that collection effort and the burden estimate based upon that system.

On the other hand, if CISA is starting a new program from scratch, there is no way that we can comment on the appropriateness of, for instance, the estimate of 10 minutes per response upon which the burden estimate is predicated. We would need to see a copy of the reporting format to be able to judge the accuracy of the estimate. 

 

For more information on this ICR notice, including additional commentary about missing burden elements, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/cisa-publishes-coordinated-vulnerability - subscription required.

Short Takes – 10-29-24

New Metal 3D Printing Technology for Ultra-Strong Materials used in Space! NewsWise.com article. Pull quote: “The technology allows the maximization of the strengthening effect of carbon addition to the alloy via finely distributed nano-carbides at the boundaries of nano-sized cell structure. As a result, the team achieved a combination of tensile strength (the ability to resist forces) and ductility (the ability to endure deformation before failure) that was over 140% better than carbon-free alloys in cryogenic environments. In particular, the elongation of the alloy is twice as high at 77 K compared to 298 K. This technology also offers a potential guideline for alloying design in additive manufacturing to produce high-performance products with excellent load-bearing capacity for use in cryogenic applications. Another key distinction of this technology is its ability to fine-controlling microstructure through additive manufacturing.” Journal article here.

UAH Researcher Wins $300k NSF Award to Characterize Vulnerability of Intelligent Controllers for Cyber-Physical Systems to Safeguard Smart Grids, Robotic Swarms, Autonomous Vehicles. Newswise.com article. Pull quote: ““In reinforcement learning, an agent or controller interacts with an environment by taking actions and receiving feedback in the form of rewards,” Sahoo says. “The goal is to learn an optimal policy that maximizes cumulative rewards. For example, in a microgrid – a cyber-physical system comprising generators, controllers and loads – a controller regulates parameters like voltage or frequency. The generator (acting as the environment) evaluates the controller's action and provides a reward based on how well the regulation goal was achieved.”

Long COVID Is Harming Too Many Kids. ScientificAmerican.com commentary. Pull quote: “The JAMA study comparing infected and uninfected children found that trouble with memory or focusing is the most common long COVID symptom in kids aged six to 11. Back, neck, stomach and head pain were the next most common symptoms. Other behavioral impacts included “fear about specific things” and refusal to go to school.”

Plans to Trash the Space Station Preview a Bigger Problem. ScientificAmerican.com article. Pull quote: “Experts are beginning to be concerned that that effect might actually be substantial and that it will grow more so. In samples of the rarefied air, “there’s all of this sort of metallic crap there that didn’t used to be there that looks like it’s from vaporized spacecraft,” McDowell says. He’s currently working on a paper estimating how much of that foreign material remains in the atmosphere. “We just don’t know yet what the effects are,” he says. “But that doesn’t mean you go, ‘Oh, well, no worries,’ right?””

Lumma/Amadey: fake CAPTCHAs want to know if you’re human. SecureList.com article. Really complex CAPTCHAs. Pull quote: “To avoid falling for the attackers’ tricks, it’s important to understand how they and their distribution network operate. The ad network pushing pages with the malicious CAPTCHA also includes legitimate, non-malicious offers. It functions as follows: clicking anywhere on a page using the ad module redirects the user to other resources. Most redirects lead to websites promoting security software, ad blockers, and the like – standard practice for adware. However, in some cases, the victim lands on a page with the malicious CAPTCHA.”

Starship Next Gen Upper Stage Rocket Pops Up – Is Nothing Short Of A Work Of Art. WCCFTech.com article. Pull quote: “While the new Starship upper stage will not fly on Flight 6, true to form, SpaceX has kept up with its pace of rapid iteration development and rolled the rocket out of its assembly facility in Boca Chica, Texas. Fresh images of the ship from local media show the fins pointing away from the heat shield. This is the biggest upgrade to the Starship second stage's exterior since SpaceX started its integrated flight test campaign. It also follows Musk's comments where he had confirmed that Starship fins would be "shifted leeward" to avoid damage.”

Satellite servicing industry faces uncertain military demand. SpaceNews.com article. Pull quote: “The ability to refuel satellites in orbit is particularly appealing to the U.S. military, which operates some of the most expensive spacecraft in geosynchronous orbit. Keeping these critical assets functional for as long as possible is a top priority. However, beyond basic refueling, the military remains uncertain about adopting other ISAM (in-space servicing, assembly and manufacturing) services.”

Review – 3 Advisories Published – 10-29-24

Today, CISA’s NCCIC-ICS published three control system security advisories for products from Delta Electronics, Solar-Log, and Siemens.

Advisories

Delta Advisory - This advisory describes a deserialization of untrusted data vulnerability in the Delta InfraSuite Device Master real-time device monitoring software.

Solar-Log Advisory - This advisory describes a cross-site scripting vulnerability in the Solar-Log Base 15 solar monitoring device.

Siemens Advisory - This advisory discusses four vulnerabilities in the Siemens InterMesh products.

 

For more information on these advisories, including a down-the-rabbit-hole look at the affected Solar-Log products, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/3-advisories-published-10-29-24 - subscription required.

Review - HR 9851 Introduced – Heavy Industry Hydrogen

Last month, Rep Sorensen (D,IL) introduced HR 9551, the Hydrogen for Industry Act of 2024. The bill would require DOE to establish the ‘Hydrogen Technologies for Heavy Industry Demonstration Program’ to provide grants or cooperative agreements to demonstrate industrial end-use applications of hydrogen. The bill would authorize $1.2 billion for the period of fiscal years 2025 through 2029.

The bill would amend the Energy Policy Act of 2005 by adding a new §969E, Hydrogen Technologies for Heavy Industry Demonstration Program.

HR 9851 is virtually identical to S 646 that was introduced in March of 2023. There has been no action in the Senate on that bill to date. The sole difference between the two bills is the funding authorization dates; 2025-2029 in the House bill and 2024-2028 in the Senate bill.

Moving Forward

Sorensen is a member of the House Science, Space, and Technology Committee to which the bill was assigned for consideration. This means that there may be sufficient influence to see the bill considered in Committee. Unfortunately, the new large-spending authorization on an unconventional energy source is probably a non-starter with most Republican members of the Committee. Some lower level of funding may provide an acceptable compromise, but it is unlikely that any work will proceed on this legislation in the short time remaining in the session. A Democratically controlled House in the 119^th Congress (a possibility) would make such a compromise less necessary.

 

For more information on the provisions of the bill, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/hr-9851-introduced - subscription required.

Short Takes – 10-29-24 – Federal Register Edition

Federal Railroad Administration's Procedures for Waivers and Safety-Related Proceedings. Federal Register FRA notice of proposed rulemaking. Summary: “This proposed rule would update FRA's procedures for waivers and safety-related proceedings to define the two components of the statutory waiver and suspension standard, “in the public interest” and “consistent with railroad safety.” By defining these terms, FRA intends to clarify the standard the agency will apply when evaluating petitions for regulatory relief. FRA also proposes to require petitions for relief to include evidence of meaningful consultation with appropriate stakeholders. Additionally, FRA proposes to make minor updates to agency rules of practice.” Comments required by December 30^th, 2024.

Request for Comment on Product Security Bad Practices Guidance. Federal Register CISA comment extension notice.  Summary: “On October 16, 2024, the Cybersecurity Division (CSD) within the Cybersecurity and Infrastructure Security Agency (CISA) published a request for comment [link added] in the Federal Register on the voluntary, draft Product Security Bad Practices guidance, which requests feedback on the draft guidance. CISA is extending the comment period for the draft guidance for an additional fourteen days through December 16, 2024.”

Request for Comment on Security Requirements for Restricted Transactions Under Executive Order 14117. Federal Register DHS request for comments notice. Summary: “CISA seeks public input on the development of security requirements for restricted transactions as directed by Executive Order (E.O.) 14117, “Preventing Access to Americans' Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern.” E.O. 14117 addresses national-security and foreign-policy threats that arise when countries of concern and covered persons can access bulk U.S. sensitive personal data or government-related data. The proposed CISA security requirements for restricted transactions would apply to classes of restricted transactions identified in regulations issued by the Department of Justice (DOJ).” Comments due November 29^th, 2024.

Provisions Pertaining to Preventing Access to U.S. Sensitive Personal Data and Government-Related Data by Countries of Concern or Covered Persons. Federal Register DOJ notice of proposed rulemaking. Summary: “The Department of Justice proposes a rule to implement Executive Order 14117 of February 28, 2024 (Preventing Access to Americans' Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern), by prohibiting and restricting certain data transactions with certain countries or persons.” Comments due November 29^th, 2024.

Short Takes – 10-28-24

Atmospheric Rivers Have Shifted Towards Earth's Poles, Bringing Big Changes To Weather.  IFLScience.com article. Pull quote: “For a region like southern California, the northward movement of atmospheric rivers could reduce rainfall even further, leading to more problems with water scarcity, droughts, and wildfires. Meanwhile, regions like the Pacific Northwest might see even wetter weather, unleashing issues like flooding.”

Positive Train Control Systems. Federal Register FRA notice of proposed rulemaking. Summary: “FRA is proposing to amend certain regulations governing positive train control (PTC) systems. Since December 31, 2020, by law, PTC systems have generally governed rail operations on PTC-mandated main lines, which encompass nearly 59,000 route miles today. Through FRA's oversight and continued engagement with the industry, FRA has found that its existing PTC regulations do not adequately address temporary situations during which PTC technology is not enabled, including after certain initialization failures or in cases where a PTC system needs to be temporarily disabled to facilitate repair, maintenance, infrastructure upgrades, or capital projects. FRA expects PTC systems to be reliable and robust, further reducing the occurrence of initialization failures and outages. This NPRM proposes to establish strict parameters and operating restrictions under which railroads may continue to operate safely in certain necessary scenarios when PTC technology is temporarily not governing rail operations. The purpose of this NPRM is to enable continued, safe operations and improve rail safety by facilitating prompt repairs, upgrades, and restoration of PTC system service.” Comments due: December 27^th, 2024.

Male mosquitoes sometimes suck, too. ScienceNews.org article. Pull quote: “In nature, A. aegypti is the main carrier of yellow fever, but can also spread Zika, chikungunya and dengue, while female C. tarsalis can spread West Nile, St. Louis encephalitis and related diseases (SN: 8/26/24; SN: 6/2/15). Male C. tarsalis mosquitoes can be infected with West Nile virus and produce infectious virus in their saliva just like females can, the researchers found.”

Rwanda identifies index case for current Marburg virus outbreak. CEN.ACS.org article. Pull quote: “In an earlier meeting, on Oct. 20, Nsanzimana had revealed that it's very likely the first human Marburg virus disease case in the current outbreak was in a 27-year-old man who had been exposed to fruit bats in a cave where mining occurs. The individual had sought treatment at Kigali’s King Faisal Hospital, where he was first diagnosed with and treated for malaria, and Marburg was detected only later. By then, the infection had spread to his close contacts and several health-care staff.”

One year in, TSA’s cybersecurity directive lays groundwork for railroad sector amid rising digital threats. IndustrialCyber.co article. Pull quote: ““These are the ABCs of OT cybersecurity management – fundamental practices that must be implemented correctly,” Geyer said. “It is critical to refine how these processes can be operationalized, especially given the number of vulnerabilities. Although the directive doesn’t outline an exact order of steps, organizations can look to CISA’s Known Exploited Vulnerabilities (KEV) catalog for guidance on addressing the most pressing risks.””

Review - S 5028 Introduced – Contractor VDP

Last month Sen Warner (D,VA) introduced S 5028, the Federal Contractor Cybersecurity Vulnerability Reduction Act of 2024. The bill would require changes to the Federal Acquisition Regulations to require federal contractors to have a vulnerability disclosure program. No new funding is authorized by this legislation.

This bill is very similar in intent to HR 5310 and HR 5255. The major difference between this bill and the other two is that the Senate bill is focused on the FAR as the mechanism for requiring contractors to have a vulnerable disclosure program. There has been no action taken on HR 5310, but HR 5255 was amended and ordered favorably reported back in May. That report has not yet been published.

Moving Forward

While Warner is not a member of the Senate Homeland Security and Governmental Affairs Committee to which this bill was assigned, his sole cosponsor {Lankford (R,OK)} is a member. This means that there may be sufficient influence to see the bill considered in Committee. Beyond the increased regulation of contractors which some elements of the Republican fringe have a knee-jerk opposition to, I see nothing that would cause any organized opposition to this bill. I suspect that this bill would receive some level of bipartisan support in Committee.

 

For more information about the provisions of the bill, as well as more discussion about it’s prospects, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/s-5028-introduced - subscription required.

Short Takes – 10-28-24 – Space Geek Edition

AST SpaceMobile Successfully Completes Unfolding of First Five Commercial Satellites in Low Earth Orbit. BusinessWire.com press release. Pull quote: “AST SpaceMobile’s technology features large, phased array antennas supported by over 3,450 patent and patent-pending claims. This innovative design aims to extend cellular coverage globally, eliminating dead zones and delivering space-based cellular broadband connectivity to underserved regions. These advanced phased arrays, the largest ever deployed commercially in low Earth orbit, connect directly to standard smartphones at broadband speeds. This eliminates the need for specialized equipment, enabling seamless use with existing mobile phones while enhancing and complementing mobile operator networks.”

Starship Super Heavy booster came within one second of aborting first “catch” landing. SpaceNews.com article. Pull quote: ““We’re not taking as much time as we might ideally want to have a very luxurious, like really study everything,” one person said. “But given that that is the first launch in a long time — well, really, ever — that we’ve not been FAA driven, we’re trying to go do a reasonable balance of speed and risk mitigation on the booster, specifically.””

NASA Astronaut Leaves Hospital After ‘Medical Issue’ That Followed Return From Space. NYTimes.com article (free). Still no information about what constituted the ‘medical issue’. Pull quote: “Later in the day, NASA issued an update saying that all four astronauts had been taken to a Pensacola hospital as a precaution. Another update in the afternoon said three of the astronauts had returned to Houston.”

SpaceX has caught a massive rocket. So what’s next? ArsTechnical.com article. Look at what a successful Starship timeline would look like. Pull quote: “Critics of the Starship architecture say it is inefficient because of the mass refueling that must occur in low-Earth orbit for the spacecraft to travel anywhere. For example, fully topping off a Starship that can land humans on the Moon and return them to lunar orbit may take a dozen or more tanker flights. But this only seems stupidly impractical under the old space paradigm, in which launch is expensive, scarce, and unreliable. Such criticism seems less salient if we imagine SpaceX reaching the point of launching a dozen Starships a week or more in a few years.”

Review – PHMSA Publishes Modal Hazmat Update NPRM

Today, DOT’s Pipeline and Hazardous Materials Safety Administration (PHMSA) published a notice of proposed rulemaking (NPRM) in the Federal Register (89 FR 85590-85683) on “Hazardous Materials: Advancing Safety of Highway, Rail, and Vessel Transportation”. This NPRM proposes the revision of the Hazardous Materials Regulations to adopt several modal-specific amendments that would enhance the safe transportation of hazardous materials in commerce. It is based, in part, on industry rulemaking petitions.

PHMSA is soliciting public comments on these proposed rule changes. Comments may be submitted via the Federal eRulemaking Portal {www.Regulations.gov; Docket # PHMSA-2018-0080 (HM-265)}. Comments should be submitted by January 27^th, 2025.

 

For more information about the proposed changes that would be made in this NPRM, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/phmsa-publishes-modal-hazmat-update - subscription required.

Short Takes – 10-26-24

Proportional Representation Could Reduce the Risk of Political Violence in the U.S. JustSecurity.org article. Interesting view point, but does not address the lack of governmental stability in many proportional-representation States. Pull quote: “Where winner-take-all systems tend to ossify political conflict into repeated contests between the same two dominant “camps,” multiparty coalitions shift over time. Critically, a group of scholars recently determined—based on data from 77 elections across 19 Western democracies between 1996 and 2017—that governing coalitions formed in proportional systems can help defuse partisan hostility in a way not possible with disproportional systems like the one in the United States.”

US Copyright Office “frees the McFlurry,” allowing repair of ice cream machines. ArsTechnica.com article. New DMCA 3-year exemption. Pull quote: “"The Register [of Copyrights] recommends adopting a new exemption covering diagnosis, maintenance, and repair of retail-level commercial food preparation equipment because proponents sufficiently showed, by a preponderance of the evidence, adverse effects on the proposed noninfringing uses of such equipment," the Register's findings said.”

NASA’s SpaceX Crew-8 Astronaut Returns to Houston. Blogs.NASA.gov blog post. Returning astronaut released from hospital. Pull quote: “As part of NASA’s SpaceX Crew-8 mission, the astronaut was one of four crewmates who safely splashed down aboard their SpaceX Dragon spacecraft near Pensacola on Oct. 25. The crew members completed a 235-day mission, 232 days of which were spent aboard the International Space Station conducting scientific research.”

Space shots: A tangled web of speculation surrounds Boeing, Blue Origin and Bezos. GeekWire.com article. Pull quote: “Any of those strategies would be a big step for Bezos’ space venture, which already has its hands full with New Glenn, Orbital Reef, the New Shepard suborbital space program and the Blue Moon lunar lander that’s being built for NASA’s use. But as Boeing’s executives consider how it might pare down its unprofitable lines of business, it’s worth watching what Blue Origin is doing as well.”

CRS Reports – Week of 10-19-24 – Typhoon Hacks

This week the Congressional Research Service (CRS) published a report on “Salt Typhoon Hacks of Telecommunications Companies and Federal Response Implications”. This report does not address the tools, techniques and tactics used by the apparently Chinese hacking groups behind the Volt, Flax, and Salt Typhoon attacks on communications sector target. Rather it briefly looks at the federal response to those attacks and then provides a discussion about activities that Congress might wish to consider to address the recent/current attacks and make future such attacks more difficult.

Specifically, it looks at issues related to:

• The Cyber Unified Coordination Group (Cyber UCG) that is (apparently) currently looking at the attacks,

• The Cyber Safety Review Board that has looked at similar large-scale attacks, and

• The cyber preparedness activities that CISA is supposed to undertake to prevent, protect, respond, and recover from such threats.

The first two activities are not specifically authorized (or funded) by Congress, but the report notes that Congress may wish to take actions to rectify that lack of official status.

Chemical Incident Reporting – Week of 10-19-24

NOTE: See here for series background.

DONALDSONVILLE, La – 9-18-24

Local News Reports: Here, here, and here.

A railroad derailment resulted in a spill of cyanuric acid, a non-hazardous, white chemical solid. No injuries were reported. No damage estimates have been provided.

Not CSB reportable – this is a transportation related accident which would be investigated (if necessary) the by the NTSB.

Excelsior Springs, MO – 10-16-24

Local News Reports: Here, here, and here.

One person died after an explosion and fire at an auto repair facility. The explosion occurred when a cutting torch was used to open a chemical drum.

CSB reportable.

Waller County, TX – 10-16-24

Local News Reports: Here, here, and here.

A fire at a propane packaging facility led to multiple explosions and a 30-acre grass fire around the facility. One person was transported to hospital.

Possible CSB reportable.

Auburn, ME – 10-18-24

Local News Reports: Here, here, and here.

A hose broke at a metal manufacturing facility splashing nitric acid (or ‘nitrogen oxide’ in one story) on two workers. Both were transported to the hospital, treated and released. A small fire also occurred in the area of the release.

Not CSB Reportable.

Highland Lakes, TX – 10-21-24

Local News Reports: Here, here, and here.

Aluminum sulfate was mistakenly misloaded into a sodium hypochlorite storage tank at a water treatment facility. Chlorine gas was released from the tank as a result. Facility neighbors were ordered to shelter in place. No injuries or damages were reported.

Not CSB reportable.

OMB Approves EPA Final Rule on PBTC

Yesterday, OMB’s Office of Information and Regulatory Affairs (OIRA) announced that it had approved a final rule from the EPA on “Decabromodiphenyl Ether and Phenol, Isopropylated Phosphate (3:1); Revision to the Regulations of Persistent, Bioaccumulative, and Toxic Chemicals Under the Toxic Substances Control Act (TSCA)”. The final rule was sent to OIRA on July 26^th, 2024. The notice of proposed rulemaking was published on November 24^th, 2023.

According to the Spring 2024 Unified Agenda entry for this rulemaking:

“The Environmental Protection Agency (EPA) is proposing revisions to the regulations for decabromodiphenyl ether (decaBDE) and phenol, isopropylated phosphate (3:1) (PIP (3:1)), two of the five persistent, bioaccumulative, and toxic (PBT) chemicals addressed in final rules issued under the Toxic Substances Control Act (TSCA) in January 2021. After receiving additional comments following the issuance of the 2021 PBT final rules, the Agency has determined that revisions to the decaBDE and PIP (3:1) regulations are necessary to address implementation issues and to reduce further exposures. As required under TSCA, these proposed requirements would, if finalized, reduce the potential for exposures to humans and the environment to decaBDE and PIP (3:1) to the extent practicable. The Agency is not proposing to revise the existing regulations for the other three PBT chemicals (2,4,6-TTBP, HCBD, and PCTP) at this time.”

I will not be covering this final rule in any detail, but at the very least I will be announcing the publication in the appropriate ‘Short Takes’ post when it is published.

Review – Public ICS Disclosures – Week of 10-19-24

 This week we have 11 vendor disclosures from ABB, Endress+Hauser, HP (2), HPE (5), Rockwell, and Xerox. We also have eight vendor updates from FortiGuard (2), HP (2), HPE (2), Moxa, and VMware. There are eight researcher reports for vulnerabilities in products from ABB (4), EmbedThis (3), and LAWO. Finally, we have an exploit for products from Rittal.

Advisories

ABB Advisory - ABB published an advisory that describes an improper verification of cryptographic signature vulnerability in multiple ABB products.

Endress+Hauser Advisory - CERT-VDE published an advisory that discusses five vulnerabilities in the Endress+Hauser Netilion Network Insights products.

HP Advisory #1 - HP published an advisory that discusses six vulnerabilities in their Intel 2024.3 IPU – Chipset Firmware used in multiple HP product lines.

HP Advisory #2 - HP published an advisory that discusses the PixieFail vulnerabilities in the EDK2 NetworkPkg in multiple HP product lines.

HPE Advisory #1 - HPE published an advisory that discusses 19 vulnerabilities in their HP-UX Common Internet File System.

HPE Advisory #2 - HPE published an advisory that discusses an incorrect behavior order vulnerability in their Superdome Flex and Superdome Flex 280 Servers.

HPE Advisory #3 - HPE published an advisory that discusses a mirrored regions with different values vulnerability in their Superdome Flex 280 Servers.

HPE Advisory #4 - HPE published an advisory that discusses an observable discrepancy vulnerability in their Superdome Flex 280 Servers.

HPE Advisory #5 - HPE published an advisory that discusses two improper input valications vulnerabilities in their HPE Superdome Flex and Superdome Flex 280 servers.

Rockwell Advisory - Rockwell published an advisory that describes two vulnerabilities in their ThinManager product.

Xerox Advisory - Xerox published an advisory that describes an improper input validation vulnerability in multiple Xerox printers.

Updates

FortiGuard Update #1 - FortiGuard published an update for their SMTP password ciphertext advisory that was originally published on June 12^th, 2024.

FortiGuard Update #2 - FortiGuard published an update for their missing authentication in fgfmsd advisory that was originally published on October 23^rd, 2024.

HP Update #1 - HP published an update for their PC BIOS Security Updates advisory that was originally published on August 13^th, 2024.

HP Update #2 - HP published an update for their HP LaserJet Printers advisory that was originally published on October 2^nd, 2024.

HPE Update #1 - HPE published an update for their Aruba Networking Controller advisory that was originally published on April 30^th, 2024, and most recently updated on June 7^th, 2024.

HPE Update #2 - HPE published an update for their Aruba Networking Controller advisory that was originally published on February 28^th, 2024, and most recently updated on June 7^th,l 2024.

Moxa Update - Moxa published an update for their Cellular Routers, Secure Routers, and Network Security Appliances advisory that was originally published on October 14^th, 2024.

VMware Update - Broadcom published an update for their VMware vCenter Server advisory that was originally published on September 17^th, 2024, and most recently updated on September 20^th, 2024.

Researcher Reports

ABB Reports - Zero Science Labs published four reports describing individual vulnerabilities (with publicly available exploits) in the ABB Cylon Aspect building energy management product.

EmbedThis Reports - Nozomi Networks published three reports describing vulnerabilities in the EmbedThis GoAhead Web Server.

LAWO Report - SEC Consult published a report that describes a path traversal vulnerability in the LAWO LTC Time Sync device.

Exploits

Rittal Exploit - Johannes Kruchem published an exploit for improper signature verification and predictable session identifier vulnerabilities in the Rittal IoT Interface and CMC III Processing Unit.

 

For more information on these disclosures, including links to 3rd party advisories, researcher reports, and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-10-dae - subscription required.

Short Takes – 10-25-24

Boeing is still bleeding money on the Starliner commercial crew program. ArsTechnica.com article. Pull quote: “NASA is making moves while assuming Boeing will stay in the game. Astronauts are still assigned to train for the first operational Starliner mission, although it's not likely to happen until the end of next year or in 2026. Earlier this month, NASA announced SpaceX will launch a four-person crew to the International Space Station no earlier than July of next year, taking a slot that the agency once hoped Boeing would use.”

National Security Telecommunications Advisory Committee. Federal Register DHS meeting notice. Agenda: “The NSTAC will meet in an open session on Thursday, November 14, 2024, from 3 p.m. to 4:30 p.m. EST to discuss current NSTAC activities and the government's ongoing cybersecurity and NS/EP communications initiatives. This open session will include: (1) an update on the administration's cybersecurity initiatives; (2) a status update on the NSTAC Principles for Baseline Security Offerings from Cloud Service Providers Study; and (3) a status update on the National Preparedness for Post-Quantum Cryptography Study.”

International Space Station Advisory Committee. Federal Register NASA meeting notice. Meeting date: November 13^th, 2024. Summary: “In accordance with the Federal Advisory Committee Act, the National Aeronautics and Space Administration (NASA) announces a meeting of the NASA International Space Station Advisory Committee. The purpose of the meeting is to review aspects related to the safety and operational readiness of the International Space Station.”

Review – HR 9689 Introduced – DHS Cybersecurity Interns

Last month, Rep Clarke (D,NY) introduced HR 9689, the DHS Cybersecurity Internship Program Act. The bill would amend the Homeland Security Act of 2002 by adding a new §1334, Cybersecurity internship program. It would require DHS to establish a paid cybersecurity internship program. No new funding is authorized by this legislation.

Moving Forward

Clarke is a member of the House Homeland Security Committee to which this bill was assigned for consideration. This means that there may be sufficient influence to see the bill considered in Committee. There is nothing in this bill that would engender organized opposition. I suspect that there would be some level of bipartisan support for the legislation, but I am not sure that it would be enough to allow the bill to move to the floor of the House under the suspension of the rule process.

This bill is coming too late in the session to have a much of a chance to move forward. I would expect to see this bill reintroduced next session.

Commentary

One of the problems any intern program in DHS will have to deal with is that potential incidental exposure to classified information will limit the number of offices in which interns could be employed. The relatively brief period of internship would make obtaining a security clearance difficult, so DHS will have to carefully select the positions where these interns could serve. This should be addressed in the annual report to Congress.

 

For more information on the provisions of the program, including suggested changes to bill to deal with the security clearance issue, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/hr-9689-introduced - subscription required.

Transportation Chemical Incidents – Week of 9-21-24

Reporting Background

See this post for explanation, with the most recent update here (removed from paywall).

Data from PHMSA’s online database of transportation related chemical incidents that have been reported to the agency.

Incidents Summary

• Number of incidents – 598 (553 highway, 43 air, 2 rail, 0 water)

• Serious incidents – 5 (4 Bulk release, 1 evacuation, 1 injury, 0 death, 0 major artery closed, 2 fire/explosion, 55 no release)

• Largest container involved – 31,780-gal DOT 111S100W1 Railcar {Diesel Fuel} Loose manway bolts.

• Largest amount spilled – 900-gal DOT 407 tank truck {Corrosive Liquid, Acidic, Inorganic, N.O.S.} corroded valve leaked.

NOTE: Links above are to Form 5800.1 for the described incidents.

Most Interesting Chemical: Methylal - A clear colorless liquid with a chloroform-like odor. Flash point 0°F. Boiling point 42.3°C (108.1°F). Density 0.864 g / cm3 at 68°F (20°C). Vapors heavier than air. Water soluble. (Source: CameoChemicals.NOAA.gov). Remember: flammable liquids dissolved in water may make water ‘flammable’ depending on concentration.

 

CSB Adds 2 Investigations to Current List – 10-24-24

Yesterday, in conjunction with their first quarterly business meeting of FY 2025, the Chemical Safety Board added two investigations to their ‘Current Investigations’ list. This brings the total number of open investigations to seven.

The two new investigations are:

Bio-Lab Inc. Conyers Fire and Chemical Release (team sent September 30^th, 2024), and

PEMEX Deer Park Chemical Release (team sent October 11th, 2024)

No new information on either investigation has yet been made public.

Short Takes – 10-24-24

Tech companies want small nuclear reactors. Here’s how they’d work. ScienceNews.org article. Pull quote: “With smaller reactors, Huff says, it’s easier to build components offsite in a factory and ship them where they need to go, rather than custom building them from raw materials on site. “The more you can build these reactors like airplanes rather than airports, the cheaper it’s generally going to be.””

A Route Toward the Island of Stability. Physics.APS.org article. Okay, just a tad bit geeky review article. Pull quote: “As well as enabling the discovery of new elements, reactions with nonmagic projectiles offer the chance to discover many new isotopes of known elements with atomic numbers ranging from 104 to 118. About 110 different superheavy isotopes are known to date. About 50 further isotopes are expected to exist but are not reachable by conventional fusion reactions using 208Pb targets or 48Ca beams. Reactions with nonmagic systems would allow this gap to be filled. It is worth noting that the FLNR has also announced results on the production of element 116 through collisions involving a non-doubly-magic nucleus heavier than 48Ca [10]. Using fusion reactions of 54Cr and 238U, the FLNR claims the discovery of a new isotope of element 116 (288Lv), but the result has yet to appear in a peer-reviewed publication.” The real deal article.

Chinese company to sell tickets for space tourism flights in 2027. Phys.org article. Pull quote: “Deep Blue Aerospace is a leader in China's burgeoning commercial space sector, which Beijing is hoping will catch up to rivals such as Elon Musk's SpaceX.”

Bird flu hit a dead end in Missouri, but it’s running rampant in California. ArsTechnica.com article. Pull quote: “With the spread of bird flu in dairies and the fall bird migration underway, the virus will continue to have opportunities to jump to mammals and gain access to people. Officials have also expressed anxiety as seasonal flu ramps up, given influenza's penchant for swapping genetic fragments to generate new viral combinations. The reassortment and exposure to humans increases the risk of the virus adapting to spread from human to human and spark an outbreak.”

How Your Brain Processes Zero (It’s Not Exactly ‘Nothing’). ScientificAmerican.com article. Pull quote: “The notion that zero is somehow distinct comes from studies of brain injury as well. About 14 percent of people who have had a stroke may be unable to read or process numbers that include a zero digit, points out Barnett. In August he and Stephen Fleming, a fellow cognitive neuroscientist at University College London, published findings that showed the brain situates zero along a mental number line, regardless of whether a person is considering zero as a numeral or empty set. Nieder and Mormann’s team demonstrated the same—albeit with different methods and an emphasis on different brain areas.”

S&T Continues Counter-Unmanned Aerial System Technologies Testing. DHS.gov/Science-and-Technology/ article. Pull quote: “Over the course of the week, participants were given a common set of conditions and scenarios in which to test their technologies against drones that are representative of what is available on the market to purchase or build. This enabled the S&T team to not only gauge the effectiveness of each of these technologies in intercepting drones but also the collateral effects of downing them. Testing wrapped up before dusk to enable the team to inspect and map out the drone debris field.”

Review - Siemens Publishes Out-of-Zone Advisory – 10-23-24

Yesterday, Siemens published an out-of-zone advisory for vulnerabilities in their InterMesh Subscriber Devices. Siemens typically publishes a monthly set of advisories on Cyber Tuesday (2^nd Tuesday of each month). This month Siemens published 13 new advisories on October 8^th, 2024. Siemens does not generally explain why they publish these out-of-zone advisories, but in this case, it looks like the CVSS score of 10.0 is probably the reason.

InterMesh Advisory - Siemens published an advisory that discusses four vulnerabilities in their InterMesh Subscriber devices.

 

For more information on this advisory, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/siemens-publishes-out-of-zone-advisory - subscription required.

Review – 3 Advisories and 1 Update Published – 10-24-24

Today, CISA’s NCCIC-ICS published three control system security advisories for products from Deep Sea Electronics, iniNet Solutions and VIMESA. They also updated an advisory for products from OMNTEC.

Advisories

Deep Sea Advisory - This advisory describes a missing authentication for critical function vulnerability in the Deep Sea DSE855 ethernet communications device.

iniNet Advisory - This advisory describes a path traversal vulnerability in the iniNet SpiderControl SCADA PC HMI Editor software management platform.

VIMESA Advisory - This advisory describes an improper access control vulnerability in the VIMESA VHF/FM Transmitter Blue Plus.

Updates

OMNTEC Update - This update provides additional information on the Proteus Tank Monitoring advisory that was originally published on September 24^th, 2024.

 

For more details about these advisories, including a down-the-rabbit-hole look at additional Deep Sea vulnerabilities, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/3-advisories-and-1-update-published-81e - subscription required.

Review - CSB Updates Accidental Release Reporting Data – 10-24-24

Yesterday in preparation for their quarterly business meeting today, the CSB updated their published list of reported chemical release incidents. They added 28 new incidents that occurred since the previous version was published [removed from paywall] in July. They also removed one incident that occurred before July. These are not incidents that the CSB is investigating, these are incidents that were reported to the CSB under their Accidental Release Reporting rules (40 CFR 1604).

The table below shows the top five states based upon the number of reported incidents since the July update was published.

For more information on the information added to the CSB database, including a list of possibly missing incident reports, see my article at CFSN Detailed analysis - https://patrickcoyle.substack.com/p/csb-updates-accidental-release-reporting-4fb - subscription required.

OMB Approves FAR IFR on Covered UAS Prohibitions

Yesterday, the OMB’s Office of Information and Regulatory Affairs (OIRA) announced that it had approved an interim final rule (IFR) from Federal Acquisition Regulation (FAR) on “FAR Case 2024-002, Prohibition on Covered Unmanned Aircraft Systems by Covered Foreign Entities”. The IFR was sent to OIRA on June 6^th, 2024.

According to the Spring 2024 Unified Agenda entry for this rulemaking:

“This rule prohibits agencies from procuring covered unmanned aircraft systems (UAS), or products or services in connection with the operation thereof, for systems manufactured or assembled by a covered foreign entity, unless an exemption or waiver applies. This rule is issued pursuant to Subtitle B (American Security Drone Act of 2023), Title XVIII, of the National Defense Authorization Act for Fiscal Year 2024.”

I will probably not be covering this rulemaking in any detail, but I will certainly announce its publication in the appropriate ‘Short Takes’ blog post when it is published.

CISA Adds FortiManager Vulnerability to KEV Catalog – 10-23-24

Yesterday, CISA announced that it had added a missing authentication for critical vulnerability (CVE-2024-47575) in the Fortinet FortiManager product to their Known Exploited Vulnerabilities (KEV) catalog. CISA requires federal agencies employing this product to “apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable” by November 13^th, 2024. CISA describes the vulnerability:

“Fortinet FortiManager Missing Authentication Vulnerability: Fortinet FortiManager contains a missing authentication vulnerability in the fgfmd daemon that allows a remote, unauthenticated attacker to execute arbitrary code or commands via specially crafted requests.”

FortiGuard published their advisory for this vulnerability yesterday. The advisory provides a list of affected products and fixed versions of most of those products. It also notes that certain older versions of FortiAnalyzer with specific features enabled are also vulnerable to this vulnerability. The advisory also provides indicators of compromise. It also reports that:

“The identified actions of this attack in the wild have been to automate via a script the exfiltration of various files from the FortiManager which contained the IPs, credentials [emphasis added] and configurations of the managed devices.”

Short Takes – 10-23-24

Task force unveils cyber recommendations for the next president. CyberScoop.com article. Pull quote “The victor of the 2024 presidential election must resolve conflicting cybersecurity regulations, better deter cyberattacks, address the cyber workforce shortage, develop plans with the private sector on critical infrastructure protection and review how to keep the economy going in the event of major hacks, a task force of cyber experts said in a report released Tuesday.” Recommendations include: “Establishing security standards for operational technology and information technology systems in each sector.”

Bird flu infects four in Washington state; CDC deploys team. TheHill.com article. Pull quote: “In a press release Sunday, the Washington State Department of Health said the “workers tested presumptively positive for avian influenza after working with infected poultry at a commercial egg farm in Franklin County.” Franklin County is in the eastern half of the Evergreen State, which is known for its agriculture.”

Special Operations: Sabotaging Railroads. StrategyPage.com article. Pull quote: “Ukrainian sabotage teams in Russian territory disrupt railroad movement by damaging key elements of the railroad signals and communications systems. This makes the railroads less reliable and often leads to accidents that derail supply trains and block further use of that line until the wreckage is removed and the rails are repaired. Ukraine has even been able to get operatives deep inside Russia to damage the Trans-Siberian Railroad, which is currently used to move weapons and munitions and North Korean soldiers from North Korea to Ukraine.”

Agency Information Collection Activities; Notice and Request for Comment; Automated Driving Systems 2.0: A Vision for Safety. Federal Register NHTSA 60-day ICR extension notice. Summary: “This document describes a collection of information for which NHTSA intends to seek OMB extension approval titled “Automated Driving Systems 2.0: A Vision for Safety” and is identified by OMB Control Number 2127-0723, currently approved through February 28, 2025. The burden hour calculations have been adjusted to reflect a reduction in annual respondents resulting in a reduction in burden hours from 12,000 annually to 2,400 annually.” Includes detailed explanation of burden estimate. Comments due December 23^rd, 2024.

Surface Transportation Security Advisory Committee; Meeting. Federal Register TSA meeting notice. Summary: “The Transportation Security Administration (TSA) will hold a meeting of the Surface Transportation Security Advisory Committee (STSAC) on November 21, 2024. Members of the public will be able to participate virtually via Microsoft Teams. The meeting agenda and information on public participation [links added] is provided below under the SUPPLEMENTARY INFORMATION section.” 

Review - HR 9768 Introduced – Cyber Defense Collaborative

Last month, Rep Swalwell (D,CA) introduced HR 9768, the Joint Cyber Defense Collaborative Act. The bill would amend 6 USC 665b to replace the existing CISA Joint Cyber Planning Office with a new ‘Joint Cyber Defense Collaborative’ program designed to “support enhanced public-private partnerships across critical infrastructure sectors for collective cyber defense operations, information sharing, and operational collaboration”. No new funding would be authorized by this legislation.

Moving Forward

Swalwell and his sole cosponsor {Rep Thompson (D,MS)} are both members of the House Homeland Security Committee and Thompson is the ranking member. This means that there may be sufficient influence to see the bill considered in Committee. While I see no single-provision that would engender specific opposition to this bill, I suspect that many Republicans will be uncomfortable with this level on interaction between businesses and CISA. I think that this may be too late in the session for compromises to be worked out that would ease those concerns.

 

For more information on the provisions of this bill, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/hr-9768-introduced - subscription required.

Short Takes – 10-23-24 – Space Geek Edition

The moon, Mars, asteroids and Jupiter: China reveals ambitious space exploration plans. Space.com article. Pull quote: “China's next two lunar missions will follow in 2026 and 2028, Li said. These will be Chang'e 7 and Chang'e 8, respectively. Both will attempt to land near the lunar south pole. The first will hunt for water ice in permanently shadowed craters, while the second will carry in-situ resource utilization (ISRU) and terrestrial ecosystem experiments.”

NASA’s SpaceX 31st Resupply Mission to Launch Experiments to Station. NASA.gov article. Pull quote: “Mosses grow on every continent on Earth and have the highest radiation tolerance of any plant. Their small size, low maintenance, ability to absorb water from the air, and tolerance of harsh conditions make them suitable for spaceflight. NASA chose the Antarctic moss because that continent receives high levels of radiation from the Sun.”

Notice of Availability for a Written Re-Evaluation of the Final Programmatic Environmental Assessment for the SpaceX Starship/Super Heavy Launch Vehicle Program at the SpaceX Boca Chica Launch Site in Cameron County, Texas. Federal Register FAA notice. Summary: “In accordance with the National Environmental Policy Act of 1969, as amended, Council on Environmental Quality NEPA-implementing regulations, and FAA Order 1050.1F, Environmental Impacts: Policies and Procedures, the FAA is announcing the availability of the Written Re-Evaluation for the Final Programmatic Environmental Assessment for the SpaceX Starship/Super Heavy Launch Vehicle Program regarding updates to the forward heat shield interstage, sonic boom coverage, use of the deluge system during return to launch site landings, and use of US Coast Guard Safety Zones at the SpaceX Boca Chica Launch Site in Cameron County, Texas.”

Export Administration Regulations: Removal of License Requirements for Certain Spacecraft and Related Items for Australia, Canada, and the United Kingdom. Federal Register BIS final rule. Summary: “In this final rule, the Bureau of Industry and Security (BIS) amends the Export Administration Regulations (EAR) by removing controls for certain spacecraft and related items for exports and reexports to Australia, Canada, and the United Kingdom. These spacecraft and related items involve remote sensing or space-based logistics, assembly, or servicing. Taking into account the close relations with these three allied countries, including in space collaboration, as well as their inclusion in the National Technology and Industrial Base (NTIB), this final rule removes the license requirement for these countries for these spacecraft and related items.”

Export Administration Regulations: Revisions to Space-Related Export Controls. Federal Register BIS interim final rule. Summary: “In this interim final rule (IFR), the Bureau of Industry and Security (BIS) makes changes to controls for spacecraft and related items under the Export Administration Regulations (EAR). This IFR reduces license requirements on less sensitive items to reflect the close relations with certain countries to better facilitate space collaboration; and makes refinements and clarifications to existing controls. These changes will better enable a globally competitive U.S. space industrial base while continuing to protect U.S. national security and foreign policy interests.” Comments due November 22^nd, 2024.

Export Administration Regulations: Revisions to Space-Related Export Controls, Including Addition of License Exception Commercial Space Activities (CSA). Federal Register BIS notice of proposed rulemaking. Summary: “In this proposed rule, the Bureau of Industry and Security (BIS) proposes changes to controls for spacecraft and related items under the Export Administration Regulations (EAR) that would conform to proposed changes to the International Traffic in Arms Regulations (ITAR) related to U.S. Munitions List (USML) Categories IV and XV. This rule also proposes the addition of a new license exception for certain Commercial Space Activities (CSA). This proposed rule is published alongside the Department of State proposed rule, “International Traffic in Arms Regulations (ITAR): U.S. Munitions List Categories IV and XV” (1400-AE73), which includes proposed changes for certain space-related defense articles and related controls. These proposed rules are intended to better enable a globally competitive U.S. space industrial base while continuing to protect U.S. national security and foreign policy interests.” Comments due November 22^nd, 2024.

Argotec inaugurates new satellite factory. SpaceNews.com article. Pull quote: “The company has set aside 1,200 square meters of the building for SpacePark HUB, which Avino described as an accelerator for startups developing technologies that Argotec could use for its spacecraft.”

Libre Space Foundation Aims To Improve Satellite Tech. Hackaday.com article. Pull quote: “The LSF maintains a huge database of their open source space projects, including this one, on their GitLab page. Although it might seem like small potatoes now, the adoption of open source software and hardware by space-fairing entities can help further the democratization of low Earth orbit.”

Giant catapult defies gravity by launching satellites into orbit without the need of rocket fuel. TheBrighterSideNews.com article. Pull quote: “SpinLaunch has already conducted multiple successful tests with this technology. "This is not a rocket, and clearly our ability to perform in just 11 months this many tests and have them all function as planned, really is a testament to the nature of our technology," said Jonathan Yaney, founder and CEO of SpinLaunch, in a 2022 Space.com report after their 10th successful launch. The company plans to launch constellations of satellites into orbits below 600 miles by 2026.” For potential downsides about throwing rocks, see Heinlein’s Moon is a Harsh Mistress”.

Scientists Studying “Trickster” Asteroid Make a Surprise Discovery Pointing to Elusive Fifth Force in Physics. TheDebrief.com article. Pull quote: ““The tight constraints we’ve achieved translate readily to some of the tightest-ever limits on Yukawa-type fifth forces,” said Sunny Vagnozzi, assistant professor at the University of Trento in Italy and co-author on the paper. “These results highlight the potential for asteroid tracking as a valuable tool in the search for ultralight bosons, dark matter, and several well-motivated extensions of the Standard Model.”” Journal article here.

Short Takes – 10-22-24

Inside the Bungled Bird Flu Response, Where Profits Collide With Public Health. VanityFair.com article. Lots of links. Pull quote: “It is unclear whether the [bird flu] virus, as it continues to spread and evolve, will ultimately pose a serious threat to human health. But if it does, there could be a battle no less intense than the one still being fought over who should be held responsible for COVID-19. Looking back at the events of 2019, one thing almost everyone agrees on is that China should have been much more transparent about what it knew and when it knew it.”

‘More serious than we had hoped’: Bird flu deaths mount among California dairy cows. LATimes.com article. Pull quote: ““As I’ve said since we first learned of the outbreak in dairy cows, nothing we’ve learned about this virus is new or unexpected,” said Rick Bright, a virologist and former head of the U.S. Biomedical Advanced Research and Development Authority. “It’s behaving exactly as we’ve come to know of this virus over the past 25 years. It’s spreading very efficiently now among mammals, and it’s mutating and adapting to mammals as it does.””

Russian group’s hack of Texas water system underscores critical OT cyber threats. CSOOnline.com article. Interesting discussion about unprofessional threats. Pull quote: “The possible geopolitical connection to these hacks contradicts the notion that the Cyber Army of Russia and other Russian threat groups are merely amusing themselves. Erlin thinks the hackers may be showing off their skills to get jobs as official Russian state hackers. “If you want to get hired for a job, you might want to demonstrate that you’re capable of doing that job,” he says.”

INVESTING IN AMERICA: Biden-Harris Administration Announces Nearly $200 Million to Replace Aging Gas Pipes, Lower Household Energy Bills and Cut Methane Emissions. Transportation.gov press release. Pull quote: ““For the first time, thanks to the Bipartisan Infrastructure Law, we are empowering communities to expedite these critical safety improvements while helping families save money on their energy bills,” said PHMSA Deputy Administrator Tristan Brown. “On average, businesses, families, and everyday Americans can expect to save hundreds of dollars on their energy bills thanks to these necessary safety improvements funded through this new grant.””

Fatal hydrogen sulfide leak at US Pemex refinery under investigation. ChemistryWorld.com article. Pull quote: “The incident discharged almost 20 tonnes of hydrogen sulfide and nearly 14 tonnes of sulfur dioxide over several hours. Two neighbouring cities were subject to shelter-in-place orders, and a section of state highway was temporarily closed.”

Fire at US pool chemical plant releases huge chlorine plume. ChemistryWorld.com article. Includes quotes from me. Pull quote: “Georgia Institute of Technology’s Sally Ng, the leader of a new effort to characterise aerosol chemical composition and physical properties across the US in real time called the Atmospheric Science and Chemistry Measurement Network (Ascent), confirms to Chemistry World that the morning after the fire, the number of chlorine-containing particles detected in the air at Ascent’s Decatur, Georgia site, around 28km from the BioLab plant, had increased by about 1400 times. Bromine-containing particles in the air increases by about 170 times, she said.”