Review – 20 Advisories and 2 Updates Published – 5-15-25

Today CISA’s NCCIC-ICS published 20 control system security advisories for products from Schneider Electric, ECOVACS, and Siemens (18). They updated two advisories for products from Mitsubishi.

Advisories

Schneider Advisory - This advisory describes a stack-based buffer overflow vulnerability in the Schneider EcoStruxure Power Build Rapsody software.

ECOVACS Advisory - This advisory describes three vulnerabilities in the ECOVACS DEEBOT Vacuum and Base Station products.

SCALANCE Advisory - This advisory describes 12 vulnerabilities in the Siemens SCALANCE LPE9403.

RUGGEDCOM Advisory #1 - This advisory describes three client-side enforcement of servers-side security vulnerabilities in the Siemens RUGGEDCOM ROX II product.

RUGGEDCOM Advisory #2 - This advisory discusses two vulnerabilities in the Siemens RUGGEDCOM APE1808 products.

MS/TP Advisory - This advisory describes an improper input validation vulnerability in the Siemens MS/TP Point Pickup Module.

Mendix Advisory - This advisory describes an incorrect permissions assignment in the Siemens Mendix OIDC SSO modules.

APOGEE PXC Advisory - This advisory describes an expected behavior violation in the Siemens APOGEE PXC+TALON TC series products.

SIRIUS 3SK2 Advisory - This advisory describes three vulnerabilities in the Siemens SIRIUS 3RK3 Modular Safety System.

SIMATIC PCS Advisory - This advisory describes an insufficient session expiration vulnerability in the Siemens SIMATIC PCS neo products.

Polarian Advisory - This advisory describes four vulnerabilities in the Siemens Polarion products.

OZW Web Server Advisory - This advisory describes two vulnerabilities (with publicly available exploits) in the Siemens OZW Web Servers.

UMC Advisory - This advisory describes three vulnerabilities in the Siemens User Management Component of multiple products.

VersiCharge Advisory - This advisory describes two vulnerabilities in the Siemens VersiCharge AC Series EV Chargers.

IPC Advisory - This advisory describes an authentication bypass by spoofing vulnerability in the Siemens SIMATIC IPC RS-828A product.

Teamcenter Advisory - This advisory describes an out-of-bounds read vulnerability in the Siemens Teamcenter Visualization product.

SIPROTEC Advisory - This advisory discusses the Blast Radius vulnerability in the Siemens SIPROTEC and SICAM products.

Desigo Advisory - This advisory describes a missing authentication for critical function vulnerability in the Siemens Desigo CC product.

BACnet Advisory - This advisory describes an improper input validation vulnerability in the Siemens BACnet ATEC Devices.

INTRALOG Advisory - This advisory discusses eight vulnerabilities in the Siemens INTRALOG WMS product.

Updates

Mitsubishi Update #1 - This update provides additional information on the Multiple FA Engineering Software Products advisory that was originally published on March 14^th, 2024, and most recently updated on January 30^th, 2025.

Mitsubishi Update #2 - This update provides additional information on the MELSOFT MaiLab advisory that was originally published on July 18^th, 2024.

 

For more information on these advisories, including links to researcher reports and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/20-advisories-and-2-updates-published - subscription required.

Short Takes – 5-15-25 – Federal Register Edition

Safety Zones; Rocket Launches in the Gulf of America and South Bay, Boca Chica Beach, TX. Federal Register Coast Guard notice of proposed rulemaking. Summary: “The Coast Guard proposes to establish two permanent safety zones to protect personnel, vessels, and the marine environment from potential hazards created by commercial spaceflight activities. The proposed permanent safety zones are located in navigable waters of South Bay, TX and in navigable waters of the Gulf of America. This proposed rulemaking would prohibit persons and vessels from being in the safety zones during scheduled launches, unless authorized by the Captain of the Port, Sector Corpus Christi (COTP) or a designated representative. We invite your comments on this proposed rulemaking.” Comments due: June 16^th, 2025.

Hydrogen Fluoride; TSCA Section 21 Petition for Rulemaking Under TSCA Section 6; Reasons for Agency Response; Denial of Requested Rulemaking. Federal Register EPA petition agency response. Summary: “This action announces the availability of the EPA's response to a petition received on February 11, 2025, from the Clean Air Council, Communities for a Better Environment, and Natural Resources Defense Council (petitioners). The petition requests that EPA establish a TSCA rule prohibiting the use of hydrogen fluoride (HF) in domestic oil refining to eliminate unreasonable risks to public health and the environment. After careful consideration, EPA has denied the TSCA petition for the reasons set forth in this notice.”

CISA Industry Engagement Registration and Account in ServiceNow. Federal Register CISA 30-day ICR notice. Summary: The Office of the Chief Acquisition Executive (OCAE) within Cybersecurity and Infrastructure Security Agency (CISA) submits the following information for a new Information Collection Request (ICR) to the Office of Management and Budget (OMB) for review and clearance. CISA previously published this ICR in the Federal Register on June 24, 2024, for a 60-day public comment period. One comment was received by CISA. The purpose of this notice is to allow additional 30-days for public comments.”

EO 14294 - Fighting Overcriminalization in Federal Regulations, Federal Register.

EO 14295 - Increasing Efficiency at the Office of the Federal Register, Federal Register.

EO 14296 - Keeping Promises to Veterans and Establishing a National Center for Warrior Independence, Federal Register.

EO 14297 - Delivering Most-Favored-Nation Prescription Drug Pricing to American Patients, Federal Register.

Reader Comment – CFATS Inspectors vs Admins

This morning an anonymous reader left a comment on yesterday’s post, Industry Still Wants CFATS Back. Anonymous made a painful point that I failed to mention:

“Boots on the ground inspectors who truly hold the institutional knowledge is the significant loss.”

There is no doubt that facilities had Chemical Security Inspectors as their primary point of contact with the CFATS program. The experience and knowledge that these CSI accumulated and shared over the 15+ years of operation of the program were a major factor in smoothing the impact of the program on individual facilities. This is a major part of the industry’s acceptance and support of the program.

But it pains me to hear the negative comments that Anonymous had about the leadership. There will always be a disconnect between organizational leadership and the boots on the ground, but for organizations like the Alliance for Chemical Distribution, it was the leadership and headquarters staff that were the primary points of contact. The leaderships’ willingness to work with industry to craft how the program implemented the congressional requirements was also important for industry acceptance of the program. Both parts of the organization were important to the success of the program.

Still questions have been raised about the leadership’s role in ensuring the continuation of the program. In hindsight, the leadership at the Office of Chemical Security, CISA and DHS did a reasonable job ensuring that there was widespread, bipartisan support for a relatively minor chemical security program. What killed the program was the opposition of a single Senator {and perhaps one other Senator, Sen Johnson (R,WI) who might have taken the same action if Sen Paul had not stood in opposition to the consideration of HR 4470)}. People forget that HR 4470 passed in the House by a vote of 409 to 1. It is hard to fault the OCS or CISA leadership for achieving that ‘limited’ level of Congressional support.

PHMSA Sends 2 Deregulation ANPRMs to OMB

Yesterday the OMB’s Office of Information and Regulatory Affairs (OIRA) announced that it had received two advanced notices of proposed rulemaking (ANPRMs) from DOT’s Pipeline and Hazardous Materials Safety Administration (PHMSA):

Hazardous Materials: Mandatory Regulatory Review to Unleash American Energy and Improve Government Efficiency, and

Pipeline Safety: Mandatory Regulatory Reviews to Unleash American Energy and Improve Government Efficiency

Neither rulemaking was listed in the Fall 2024 Unified Agenda, so there is no formal explanation about the purpose and scope of either rulemaking. It does appear, however, that these two rules are in response to the requirements of §3(a) and §3(b) of EO 14154, Unleashing American Energy, requiring agencies to “identify those agency actions that impose an undue burden on the identification, development, or use of domestic energy resources” and then “develop and begin implementing action plans to suspend, revise, or rescind all agency actions identified as unduly burdensome”.

Under the Hazardous Materials rulemaking, I suspect that PHMSA will address the suspension of the authorization to ship liquified natural gas by railcars that was implemented by the Biden Administration.

Review - Bills Introduced – 5-14-25

Yesterday, with both the House and Senate in session, there were 78 bills introduced. One of those bills may receive additional attention in this blog:

S 1762 A bill to exempt the Secretary of Energy of certain prohibitions with respect to an unmanned aircraft system, and for other purposes. Peters, Gary C. [Sen.-D-MI]

Space Geek

I would like to mention on bill as part of my limited Space Geek coverage. There will be no further coverage of this bill in this blog:

S Res 228 A resolution supporting May 2, 2025, as "National Space Day" in recognition of the significant positive impact the aerospace community has and will continue to have on the United States of America. Moran, Jerry [Sen.-R-KS]

 

For more information on these bills, including legislative history for similar bills in the 118th, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/bills-introduced-5-14-25 - subscription required.

Short Takes – 5-15-25 – Space Geek Edition

Axiom Mission 4 delayed due to Dragon capsule readiness. SpaceFlightNow.com article. Pull quote: “The fourth private astronaut mission was most recently scheduled to launch no earlier than May 29 on a Falcon 9 rocket from Launch Complex 39A at NASA’s Kennedy Space Center in Florida. However, in an update from the space agency, those plans shifted to a launch targeting June 8 at the earliest.”

That's a hat trick! Varda successfully returns 3rd space capsule from orbit. Space.com article. Pull quote: “Varda's W-3 reentry capsule landed in South Australia on Tuesday night (May 13), delivering a payload and data from an advanced hypersonic navigation systems test for the U.S. Air Force and Innovative Scientific Solutions Incorporated. W-3 launched on a Falcon 9 rocket March 14, as part of SpaceX's Transporter 13 mission.”

SpaceX fires up Starship spacecraft again ahead of 9th test flight. Space.com article. Pull quote: “It was the third static fire for this particular vehicle, which "is undergoing final preparations for the ninth flight test," according to a Tuesday (May 13) SpaceX post on X that shared a video and photos of the trial.”

SpaceX Starship Flight 9 Gets A New Launch Date As Firm Ships Rocket To Launch Site! WCCFTech.com article. Pull quote: “Lending further credence to a potential upcoming Starship Flight 9 launch is the fact that SpaceX has also shipped the Super Heavy booster for the test to the launch pad. The 232-feet-tall rocket started its journey from the production facilities late at night yesterday and made it to the launch pad soon after midnight. This rocket first flew on Starship Flight 7, and the upcoming Flight 9 will mark the first time that SpaceX attempts to reuse a rocket booster in the Starship test program.”

After the Arecibo collapse in 2020, a lone NASA radar dish in the Mojave desert stepped up as a leading asteroid hunter. Space.com article. Pull quote: “The greater [approval] flexibility has led to an increase in asteroid observations from the Mojave. The 55 NEAs detected at Goldstone in 2024 represents a 1.5x increase relative to the average from 2012 to 2018, and a five-fold increase compared to 15 years ago.”

Short Takes – 5-14-25

CVE Foundation eyes year-end launch following 11th-hour rescue of MITRE program. CyberScoop.com article. Pull quote: “In a LinkedIn post, Easterly accused CVE Foundation board members of duplicity, saying that “while sitting on the governing board of one of the most critical cybersecurity programs in the world, some members were ostensibly working in secret to build a separate organization to assume control of that very program. And they didn’t resign while doing so, given the obvious conflict of interest.””

Mike Johnson Contends With Republican Mistrust in Dash to Pass Tax Bill. WSJ.com article (free). Pull quote: “The perceived assurances to moderates rankled conservatives, who have been trying to lock in deeper cuts. Rep. Mike Lawler, a New York moderate, told freshman Texas Rep. Brandon Gill that GOP leadership had told him that the $1.5 trillion in promised cuts would be less severe, according to two House Republicans familiar with the matter. Gill, who is part of the ultraconservative House Freedom Caucus pushing for that level of spending cuts at a minimum, raised the alarm with his fellow group members as well as with leadership. Johnson, confronted on the matter, said Lawler was taking his comments out of context, the two lawmakers familiar with the matter said.”

Rogue communication devices found in Chinese solar power inverters. Reuters.com article. Pull quote: “"If you remotely control a large enough number of home solar inverters, and do something nefarious at once, that could have catastrophic implications to the grid for a prolonged period of time," said Uri Sadot, cyber security program director at Israeli inverter manufacturer SolarEdge.”

CISA Adds FortiGuard Vulnerability to KEV Catalog – 5-14-25

Today CISA announced that it had added a stack-based buffer overflow vulnerability in multiple FortiGuard products to their Known Exploited Vulnerabilities (KEV) catalog. The vulnerability was reported yesterday by FortiGuard (not part of their Cyber Tuesday vulnerability reporting). FortiGuard notes that they discovered the vulnerability based upon it being exploited in the wild. FortiGuard has new versions that mitigate the vulnerability.

CISA has ordered federal agencies using any of the five affected FortiGuard products to apply “mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.” CISA has provided a deadline of June 4^th, 2025, for completing those actions.

Industry Still Wants CFATS Back

I received a press release today from the Alliance for Chemical Distribution (ACD) about their annual ‘fly-in’ to Washington DC to meet with legislators and regulators. ACD members will meet with congressional delegations and representatives from regulatory agencies to push their federal wish lists of statutory and regulatory changes the industry would like to see.

One of the four bullet points in the press release dealt with the Chemical Facility Anti-Terrorism Standards program that died almost two years ago:

“Reauthorize the Chemical Facilities Anti-Terrorism Standards (CFATS) program: The U.S. Department of Homeland Security’s successful, bipartisan CFATS program expired in July 2023. Without the vital support of this successful public-private partnership, high-risk chemical facilities are left to manage site security, mitigate vulnerabilities, and ensure comprehensive employee background checks on their own. This is particularly concerning as chemical facilities and surrounding communities face increased exposure to new threats and potential acts of terror. ACD urges Congress to reinstate this vital security program immediately”

It has long surprised many people how much the chemical industry has supported the CFATS program. There have been differences between DHS and industry on many of the details (there was a big fight about the need for the personnel surety program, that most have forgotten) but even then, industry acknowledged that the people that ran the program listened to their concerns and tried to work with them to make the program work. You cannot ask much more from regulators than that.

The problem is twofold. First and foremost, the one-man obstacle that effectively killed the program {Sen Paul (R,KY)} is in a stronger position now to continue blocking the program. In 2023 he was the Ranking Member of the Senate Homeland Security and Governmental Affairs Committee which gave him a certain amount of veto authority beyond his ability to object to unanimous consent consideration of the reauthorization bill. Now he is the Chair of that Committee and there is no chance that a chemical security bill will be considered in the Senate without his active buy in. Add to that a President that never met a regulatory program that he liked, and you have a mostly insurmountable political problem

The second problem is time; it has been too long since the program died for it to be re-established with a simple date change. Facilities have moved on, keeping the easy, low cost parts of the security programs that took so long to put into place; management could not justify the costlier parts of security without the enforcement threat from CISA. Time has also inevitably led to changes in management at the previously covered facilities, a significant number of the key players have moved on and CISA’s list of points of contact for those facilities is no longer accurate. And I will not even mention what DOGE and the new Administration has done to the leadership of the Chemical Security Office in CISA.

Still, kudos to ACD (and other chemical industry lobbying organizations) for still trying to get the program going. But in the immortal words of WC Fields: “If at first you don’t succeed, try, try again. Then stop. There is no use being a damn fool about it.”

Review - Bills Introduced – 5-13-25

Yesterday, with both the House and Senate in session, there were 96 bills introduced. Of those there are three that may receive additional coverage in this blog:

HR 3334 To authorize the United States Capitol Police to take action with respect to threats from unmanned aircraft systems, and for other purposes. Crane, Elijah [Rep.-R-AZ-2]

HR 3376 To establish a trust fund to provide for adequate funding for water and sewer infrastructure, and for other purposes. Watson Coleman, Bonnie [Rep.-D-NJ-12] 

S 1730 A bill to provide adequate funding for water and sewer infrastructure, and for other purposes. Sanders, Bernard [Sen.-I-VT]

Space Geek

I would like to mention this space related bill as part of my limited Space Geek coverage. I do not expect to cover this bill in any detail.

S 1722 A bill to fund human spaceflight infrastructure and commercialization of space support at Johnson Space Center. Cornyn, John [Sen.-R-TX]

For more information on these bills, including legislative history for similar bills in the 118^th, as well as a mention in passing about a bill to oppose the presidential 747 from Qatar, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/bills-introduced-5-13-25 - subscription required.

FAA Sends UAS Beyond Visual Line of Sight NPRM to OMB

Yesterday the OMB’s Office of Information and Regulatory Affairs (OIRA) announced that it had received a notice of proposed rulemaking (NPRM) from the DOT’s Federal Aviation Administration (FAA) on “Normalizing Unmanned Aircraft Systems Beyond Visual Line of Sight Operations”. This rulemaking would create new operational and design requirements for unmanned aircraft (up to 1,320 lbs) issued a special airworthiness certificate, enabling routine beyond visual line of sight (BVLOS) operations without waivers or exemptions.

According to the Fall 2024 Unified Agenda entry for this rulemaking:

“This action would normalize certain low altitude unmanned aircraft systems (UAS) operations, while ensuring the safety and efficiency of the United States airspace. It is the next step in integrating UAS into the national airspace system (NAS), providing for significant safety, societal, and economic advantages and benefits. This action is expected to dramatically expedite the introduction of beyond visual line of sight (BVLOS) UAS operations in the NAS. Using consensus-based standards, this action would establish a regulatory process for issuing a special airworthiness certificate (SAC) for unmanned aircraft (up to 1,320 pounds), as well as the acceptance of their associated elements. It would create new operational and design requirements for unmanned aircraft issued a SAC, enabling routine beyond visual line of sight (BVLOS) operations without waivers or exemptions. The rulemaking would prescribe a new BVLOS rating for the remote pilot certificate. It would also build new operating rules for UAS cargo delivery for compensation or hire under the new part. Finally, this action would create a defined regulatory approval pathway for third-party services, to include UAS Traffic Management (UTM) service suppliers.”

I do not expect that I will be covering this rulemaking in any depth, but I will at least mention its publication in the respective “Short Takes” post.

DOT Sends UAS Flight Restriction Application NPRM to OMB

Yesterday the OMB’s Office of Information and Regulatory Affairs (OIRA) announced that it had received a notice of proposed rulemaking (NPRM) from the DOT’s Federal Aviation Administration (FAA) on “Designation - Restrict the Operation of an Unmanned Aircraft in Close Proximity to a Fixed Site Facility”. This rulemaking was required by §2209 of the FAA Extension, Safety and Security Act (PL 114-190, 130 STAT. 634), and was supposed to have been completed by January 11^th, 2017.

According to the Fall 2024 Unified Agenda entry for this rulemaking:

“This action would implement section 2209, Applications for designation, of Public Law 114-190, the FAA Extension, Safety and Security Act of 2016 (130 Stat. 634). Specifically, this rule would establish the criteria and procedures for the operator or proprietor of eligible fixed site facilities to apply to the FAA for an unmanned aircraft-specific flight restriction. In addition, this rule would establish the substantive criteria based on the enumerated statutory considerations (i.e. national security and aviation safety) that the FAA will use in determining to grant or deny a petition, as well as the procedures for notifying the petitioner of the determination made and the process for resubmission of any denial. Lastly, this rule would establish the process to be used by the FAA to implement the unmanned aircraft-specific flight restriction and notify the public.”

This rulemaking will almost certainly not provide any authority to facilities to take actions to enforce the flight restrictions. That would require additional legislative action.

Short Takes – 5-13-25

CISA “cyber hygiene” guidance for OT? SCADAMag.Infracritical.com article. Pull quote: “This is a disappointing list of mitigations which call out for the issuing of a version 2. Some words of advice to the authors at CISA. Instead of relying on “in house” government expertise, CISA should augment their efforts by collaborating with those who work closer to the actual physical processes going on in OT and ICS. For example, standards organisations like ISA, IEC, IEEE and other organisations that represent operators of “critical infrastructure entities.”   Some defenders assert that CISA does have access to such expertise. My reply is to show me an example of where this expertise appears. Not very evident in these CISA recommendations.”

Perfluoroalkyl and Polyfluoroalkyl Substances (PFAS) Data Reporting and Recordkeeping Under the Toxic Substances Control Act (TSCA); Change to Submission Period. Federal Register EPA interim final rule. Summary: “The Environmental Protection Agency (EPA or Agency) is amending the data submission period for the Toxic Substances Control Act (TSCA) PFAS reporting rule by changing the start date for submissions and making corresponding changes to the end dates for the submission period, i.e., the data submission period begins on April 13, 2026, and ends on October 13, 2026, with an alternate end date for small manufacturers reporting exclusively as article importers of April 13, 2027. As promulgated in October 2023, the regulation requires manufacturers (including importers) of perfluoroalkyl and polyfluoroalkyl substances (PFAS) in any year between 2011-2022 to report certain data to EPA related to exposure and environmental and health effects. This change is necessary because EPA requires more time to prepare the reporting application to collect this data. The Agency is separately considering reopening certain aspects of the rule to public comment. The delayed reporting date ensures that EPA has adequate time to consider the public comments and propose and finalize any modifications to the rule before the submission period begins.”  Comments due: 6-12-25.

Federal Emergency Management Agency Review Council Meeting. Federal Register FEMA meeting notice. Pull quote: “OPE is publishing this emergency notice to announce that the President's Federal Emergency Management Agency (FEMA) Review Council (“Council”) will meet in person on Tuesday, May 20, 2025. This meeting will be open virtually to members of the public. This meeting will be led by the Secretary of Homeland Security and the Secretary of Defense to discuss the work ahead for the Council and the potential future of FEMA.”

Notice of Request for Public Comments on Section 232 National Security Investigation of Imports of Commercial Aircraft and Jet Engines and Parts for Commercial Aircraft and Jet Engines. Federal Register BIS §232 investigation notice. Summary: “On May 1, 2025, the Secretary of Commerce initiated an investigation to determine the effects on the national security of imports of commercial aircraft and jet engines, and parts for commercial aircraft and jet engines. This investigation has been initiated under section 232 of the Trade Expansion Act of 1962, as amended (Section 232) [19 USC 1862]. Interested parties are invited to submit written comments, data, analyses, or other information pertinent to the investigation to the Department of Commerce's (Department) Bureau of Industry and Security (BIS), Office of Strategic Industries and Economic Security. This notice identifies issues on which the Department is especially interested in obtaining the public's views”. Comments due: June 3^rd, 2025.

Two Trump appointees escorted out of Library of Congress amid White House takeover, report says. The-Indepenent.com article. Pull quote: ““Donald Trump’s termination of Register of Copyrights, Shira Perlmutter, is a brazen, unprecedented power grab with no legal basis. It is surely no coincidence he acted less than a day after she refused to rubber-stamp Elon Musk’s efforts to mine troves of copyrighted works to train AI models,” Joe Morelle, a New York House Democrat, said in a statement Saturday.”

ENISA launches EU Vulnerability Database to strengthen cybersecurity under NIS2 Directive, boost cyber resilience. IndustrialCyber.co article. Pull quote: “The agency also highlighted that notifying of actively exploited vulnerabilities will become mandatory for manufacturers by September 2026. The notification process will apply to vulnerabilities impacting hardware and software products with digital elements. The Single Reporting Platform (SRP) provided for by the Cyber Resilience Act (CRA) will be the tool to use for such purpose. It is important to highlight that the SRP is therefore different from the EUVD established by the NIS2 Directive.”

Supreme Court Chief Justice Gives Biggest Sign Yet of Trump Disapproval. NewsBreak.com article. Pull quote: “Last week, the chief justice seemed to once again reference the judicial turmoil at a speaking event in New York. The courts are a “coequal branch of government,” he said, and said their job is to “check the excesses of Congress or of the executive.””

Review – 4 Advisories Published – 5-13-25

Today CISA’s NCCIC-ICS published four control system security advisories for products from ABB Automation, and Hitachi Energy (3).

Advisories

ABB Advisory - This advisory describes two incorrect permission assignment for critical function vulnerabilities in the ABB Automation Builder product.

Hitachi Energy Advisory #1 - This advisory describes four vulnerabilities in Hitachi Energy MACH gateway station product.

Hitachi Energy Advisory #2 - This advisory describes a classic buffer overflow vulnerability in the Hitachi Energy Relion 670/650/SAM600-IO series products.

Hitachi Energy Advisory #3 - This advisory discusses 16 vulnerabilities (one with publicly available exploit) in the Hitachi Energy Service Suite.

 

For more information on these advisories, including links to exploits, as well as a discussion about a recent CISA information sharing policy change, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/4-advisories-published-5-13-25 - subscription required.

Review – Bills Introduced – 5-12-25

Yesterday, with just the Senate in Washington (the House arrives today), there were 17 bills introduced. Of those there was one bill that may receive additional attention in this blog:

S 1708 A bill to improve agency rulemaking, and for other purposes. Lankford, James [Sen.-R-OK] 

 

For more information on these bills, including legislative history for similar bills in the 118th, including a Chinese automotive technology bill mentioned in passing, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/bills-introduced-5-12-25 - subscription required.

Short Takes – 5-12-25

Small businesses dread tariff fallout. WashingtonPost.com briefing. Pull quote: “As Trump pushes through punishing tariffs on some of the country’s biggest trading partners, small-business owners fear they could be caught in the crosshairs. Without the large margins to weather abrupt changes in their supply chains or the lobbying power to ask for special exemptions, many small businesses are bracing for devastating losses. Even if Trump were to go back on his tariffs, multiple small-business owners said the breakneck changes in policy make planning difficult and can have a chilling effect on growth.”

Budget cuts and the fraying of international partnerships. TheSpaceReview.com article. Pull quote: ““You take something like Gateway, for instance. Europe may not stop their development just because the US changes their strategy,” said Peter Cannito, CEO of Redwire Space, in an earnings call Monday. “They may just repurpose or redirect or look for new partners internationally to continue that development.””

The hidden ways Trump, DOGE are shutting down parts of the U.S. government. WashingtonPost.com article. Pull quote: “At the National Oceanic and Atmospheric Administration, key work on weather forecasting has slowed to a crawl because Commerce Secretary Howard Lutnick must sign off personally on many contracts and grants. And at the Social Security Administration, some employees are running out of paper, pens and printer toner because the U.S. DOGE Service has placed a $1 spending limit on government-issued credit cards. (DOGE stands for Department of Government Efficiency, though it is not a Cabinet-level agency.)”

Flights Could Be Disrupted Across U.S., Transportation Secretary Warns. NYTimes.com article. Pull quote: “Still, Mr. Duffy said that the country and Congress had not paid enough attention to improving the “antiquated systems” across major airports, and described the recent issues at Newark as a consequence of “stress on an old network.” ⁋ “What you see in Newark is going to happen in other places across the country,” Mr. Duffy said in the interview, on NBC’s “Meet the Press With Kristen Welker.” “It has to be fixed.”

Review - S 1249 Introduced – UAS Zoning Authority

Last month, Sen Lee (R,UT) introduced S 1249, the Drone Integration and Zoning Act. The bill would provide for State and local government authority over ‘civil unmanned aircraft systems’ within 200-ft above the ground. Currently, sole jurisdiction over US airspace rest with the Federal Aviation Administration. This bill is very similar to S 600 introduced last session, and S 2607 which Lee introduced in the 116th Congress. No action was taken on either bill.

This bill is very similar to S 905 that was introduced by Lee in March 2023. No action was taken on that bill in the 118^th Congress. There were two changes made in S 1249. First the definition of the term ‘Indian tribe’ was changed to being made by reference to 25 USC 5304; not a material change. The second change was a deletion of a change to 49 USC 44805(j) that would have required DOT to “exempt from the requirements of this section small unmanned aircraft systems that are not capable of navigating beyond the visual line of sight of the operator through advanced flight systems and technology”, instead of simply authorizing such a change to be made.

Moving Forward

Lee is not a member of the Commerce, Science, and Transportation Committee to which this bill was referred for consideration. This means that there will not be sufficient influence to see the bill considered in Committee. There is still considerable resistance in Congress to modifying the rules considering the legal oversight of drone operations. Legislators are still trying to figure out how to separate UAS regulation from air space regulation. Bills like this help to drive that discussion.

 

For more details about the provisions of this lengthy bill, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/s-1249-introduced-uas-zoning-authority - subscription required.

Review – Committee Hearings – Week of 5-11-25

This week with the House and Senate in session, we have a fairly busy hearing schedule with reconciliation markups and budget hearings dominating in the House. There will also be a hearing on DOD space operations and another on reauthorizing CISA information sharing programs. In the Senate we have two hearings on program reauthorization for pipeline safety and the FAA.

Budget Hearings

Budget Hearings	House	Senate
DHS	Homeland Security
DOT	Appropriations	Appropriations
EPA	Appropriations	Appropriations
DOL	Appropriations

Space Geek

On Wednesday the Subcommittee on Strategic Forces of the House Armed Services Committee will hold a hearing on “National Security Space Programs”.

FAA Reauthorization

On Wednesday the Senate Commerce, Science, and Transportation Committee will hold a hearing on “FAA Reauthorization One Year Later: Aviation Safety, Air Traffic, and Next Generation Technology”.

Information Sharing

On Thursday the Subcommittee on Cybersecurity and Infrastructure Protection of the House Homeland Security Committee will hold a hearing on “In Defense of Defensive Measures: Reauthorizing Cybersecurity Information Sharing Activities that Underpin U.S. National Cyber Defense”.

Pipeline Safety

On Thursday the Senate Commerce, Science, and Transportation Committee will hold a hearing on “Pipeline Safety Reauthorization: Ensuring the Safe and Efficient Movement of American Energy”.

 

For more information on these hearings, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/committee-hearings-week-of-5-11-25 - subscription required.

Short Takes – 5-10-25

Notice of Availability of the Final Tiered Environmental Assessment and Mitigated Finding of No Significant Impact and Record of Decision for SpaceX Starship/Super Heavy Vehicle Increased Cadence at the SpaceX Boca Chica Launch Site in Cameron County, Texas. Federal Register FAA notice of availability. Summary: “The FAA is announcing the availability of the Final Tiered Environmental Assessment and Mitigated Finding of No Significant Impact and Record of Decision for SpaceX Starship/Super Heavy Vehicle Increased Cadence at the SpaceX Boca Chica Launch Site in Cameron County, Texas (Final Tiered EA and Mitigated FONSI/ROD).”

Severe Cases of Virus Tied to Polio-like Paralysis Often Occurs in Healthy Kids. MedPageToday.com article. Pull quote: “This non-polio enterovirus causes acute respiratory illness in children, with common symptoms in hospitalized patients including cough, shortness of breath, and wheezing, along with fever in about half of known cases. EV-D68 also has been associated with acute flaccid myelitis, a rare neurologic disorder that can result in muscle pain and limb weakness.”

Measles Cases Top 1,000: A Crisis of Complacency. MedPageToday.com article. Pull quote: “In recent years, the likelihood of major regional outbreaks has been inevitable as herd immunity faded due to pockets of under-vaccination across the country. Exacerbating those risks are soaring cases around the globe and increased travel-related transmission. Worldwide, almost 22 million children missed one or both measles vaccines in 2023, and there was a 20% increase in global measles cases between 2022 to 2024, driven by inadequate vaccination coverage.”

Trump freezes ‘gain of function’ pathogen research ― threatening all US virology, critics say. Nature.com article. Pull quote: “The executive order also bans federal funding for dangerous gain-of-function research in China, Iran and other “countries of concern”. And it halts funding for life-sciences research that could pose a threat to public health in countries that do not have adequate oversight of this work. All recipients of federal grants in the life sciences will need to comply with the order, including confirming that they do not collaborate with foreign countries on relevant research.”

CEQ Sends 2 Rulemakings to OMB – 5-8-25

Thursday the OMB’s Office of Information and Regulatory Affairs (OIRA) announced that it had received two rulemakings from the Council on Environmental Quality (CEQ). The two rulemakings are:

0331-ZA09, Guidance on Emergencies and the National Environmental Policy Act, and

0331-ZA10, Withdrawal of Interim Guidance (0331-AA06)

Neither rulemaking was listed in the Fall 2024 Unified Agenda and are clearly part of the new Administration’s attempt to dramatically reshape the government’s environmental agenda. With no listing in the UA there is no official listing of the purpose and scope of either rulemaking, but it is relatively easy to find the Biden Administration documents to which these are in response.

The first rulemaking would appear to address a memorandum from Brenda Mallory, the previous CEQ Chair, that was published on December 18^th, 2024: “Emergencies and the National Environmental Policy Act Guidance”. That memo provided guidance on how agencies should include environmental stewardship activities in their responses to emergencies “involving immediate threats to human health or safety, or immediate threats to valuable natural resources” that do not allow time to complete the steps outlined in the National Environmental Protection Act regulations. This actual guidance should be interesting since the new Administration has rescinded those regulations.

The ‘interim guidance’ mentioned in the second rulemaking was published on January 9^th, 2023. According to the preamble to that publication the purpose of the guidance was to “to assist Federal agencies in their consideration of the effects of greenhouse gas (GHG) emissions and climate change when evaluating proposed major Federal actions in accordance with the National Environmental Policy Act (NEPA)”. There is little surprise that the new Administration has little interest in such guidance.

As with the earlier CEQ rulemakings briefly mentioned in this blog, I do not expect to cover either of these rulemakings in any detail, as they are out of the scope of what I typically cover. I do expect to announce their publication (if and when) in the appropriate ‘Short Takes’ post.

Chemical Incident Reporting – Week of 5-3-25

NOTE: See here for series background.

Hobe Sound, Fla– 5-1-25

Local News Report: Here, here, and here.

There was a chlorine gas leak from a 150-lb cylinder at a local water treatment facility. One person was transported to the hospital with non-life-threatening injuries.

Possible CSB reportable, depending on if the individual was admitted to the hospital.

Tuscaloosa, AL – 5-7-25

Local News Report: Here, here, here and here.

There was an explosion and fire at an oil refinery. No word on damages. Four people reported being evaluated off-site for injuries.

Potential CSB reportable.

Tampa, FL – 5-8-25

Local News Report: Here and here.

There was vehicle accident involving a pool chemical truck. Chlorinating chemicals and muriatic acid were spilled. One person was transported to hospital in critical condition..

Not CSB reportable, this is a transportation incident, reportable to PHMSA.

Review – Public ICS Disclosures – Week of 5-3-25

This week we have a relatively light disclosure week with 11 vendor disclosures from Dell (5), Delta Electronics, Honeywell, HP (2), RT Labs, and Wiesemann & Theis. We also have 10vendor updates from FortiGurad (6), HPE, Moxa, and Omron (2). Finally we have three researcher reports for vulnerabilities in products from Kunbus, and libplctags (2).

Advisories

Dell Advisory #1 - Dell published an advisory that discusses 41 vulnerabilities in their Dell Networking OS10 product.

Dell Advisory #2 - Dell published an advisory that describes a use of hard-coded credentials vulnerability in their Dell Networking OS10 product.

Dell Advisory #3 - Dell published an advisory that discusses three vulnerabilities in their EMC Networking OS10 product.

Dell Advisory #4 - Dell published an advisory that discusses eleven vulnerabilities (three with publicly available exploits) in their Dell Wyse Management Suite product.

Dell Advisory #5 - Dell published an advisory that describes an OS command injection vulnerability in their Dell Networking OS10 product.

Delta Advisory - Delta published an advisory that describes four out-of-bounds write vulnerabilities in their CNCSoft product.

Honeywell Advisory - Honeywell published an advisory that describes an OS command injection vulnerability in the MB-Secure and MB-Secure PRO building security manager.

HP Advisory #1 - HP published an advisory that discusses an integer overflow or wrap around vulnerability (with a publicly available exploit) in their HP Universal Scan.

HP Advisory #2 - HP published an advisory that discusses three vulnerabilities in multiple HP product lines.

RT Labs Advisory - RT Labs published an advisory that describes 10 vulnerabilities in their P-Net Profinet stack.

Wiesemann Advisory - CERT-VDE published an advisory that describes a cross-site scripting vulnerability in multiple Wiesemann & Theis products.

Updates

FortiGuard Update #1 - FortiGuard published an update for their ipsec ike advisory that was originally published on January 14^th, 2025, and most recently updated on April 11^th, 2025.

FortiGuard Update #2 - FortiGuard published an update for their cross-site scripting advisory that was originally published on February 11^th, 2025.

FortiGuard Update #3 - FortiGuard published an update for their OS command injection advisory that was originally published on January 14^th, 2025.

FortiGuard Update #4 - FortiGuard published an update for their vm download feature advisory that was originally published on March 11^th, 2025.

FortiGuard Update #5 - FortiGuard published an update for their execute sensitive operations advisory that was originally published on May 14^th, 2024.

FortiGuard Update #6 - FortiGuard published an update for their device del feature advisory that was originally published on March 11^th, 2025.

HPE Update - HPE published an update for their ProLiant DL/XL Servers advisory that was originally published on March 10^th, 2025.

Moxa Update - Moxa published an update for their command injection advisory that was originally published on April 2^nd, 2025.

Omron Update #1 - Omron published an update for their NJ/NX-series Machine advisory that was originally published on January 14^th, 2025.

Omron Update #2 - Omron published an update for their CX-Programmer advisory that was originally published on April 22^nd, 2025.

Researcher Reports

Kunbus Report - Pen Test Partners published a report that describes four vulnerabilities in the Kunbus Revolution Pi industrial PLCs.

libplctags Report - Nozomi Networks published two reports that described individual vulnerabilities in the libplctags library.

 

For more information on these disclosures, including links to 3^rd party advisories, researcher reports, and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-5-ebb - subscription required.

Short Takes – 5-9-25

Trump executive order aims to reshore US drug production. CEN.ACS.org article. Pull quote: “In recent months, several big pharma companies, including Eli Lilly and Company and Novartis, have announced significant investments to expand their production capabilities in the US. But the drugs these companies make are mostly branded or patented medicines, which account for a small fraction of prescription drugs. Around 90% of the prescription drugs needed in the US are generics, and there is domestic manufacturing capacity sitting idle that could be used to make them, says Kevin Webb, chief operating officer of the API Innovation Center, a nonprofit dedicated to increasing US drug manufacturing.”

Rocket Lab’s Neutron tapped for U.S. military cargo test. SpaceNews.com article. Pull quote: “The cargo test would be a “survivability experiment.” Neutron is expected to carry a payload that will re-enter Earth’s atmosphere, demonstrating the rocket’s ability to safely transport and deploy cargo. Beck noted that the launch will be a “multi-manifest” mission, carrying multiple payloads.”

Genetically engineered bacteria break down industrial contaminants. ArsTechnica.com article. Pull quote: “The inspiration for this work was the fact that a lot of this industrial contamination contains a mixture of toxic organic molecules that are commonly found in brackish or salty water. So, the research team, based in Shenzhen, China, started by simply testing a number of lab bacteria strains to develop one that could survive these conditions. The one that seemed to survive the best was Vibrio natriegens. These bacteria were discovered in a salt marsh, and their primary claim to fame is an impressive growth rate, with a population being able to double about every 10 minutes.”

Federal Site Providing Ground Safety Services and Oversight for Launch or Reentry Activities Conducted From a Commercial Site Located on Land Owned by a Federal Site. Federal Register FAA clarification notice. Summary: “This document clarifies that, in instances where launch or reentry activities are conducted from an FAA-licensed commercial site located on land that is owned by a Federal site that the commercial site uses pursuant to an agreement with the Federal site, and the Federal site provides ground safety services and oversight, the vehicle operator may be able to demonstrate an equivalent level of safety to the FAA's ground safety requirements.”

National Industrial Security Program Policy Advisory Committee (NISPPAC) Meeting. Federal Register NARA meeting notice. Summary: “We are announcing an upcoming National Industrial Security Program Policy Advisory Committee (NISPPAC) meeting in accordance with the Federal Advisory Committee Act and implementing regulations.” Meeting date: May 28^th, 2025.

EO 14292 – Improving the Safety and Security of Biological Research, Federal Register.

EO 14293 – Regulatory Relief To Promote Domestic Production of Critical Medicines, Federal Register.

Review - Bills Introduced – 5-8-25

With the House and Senate preparing to leave Washington for the weekend, there were 100 bills introduced. Two of those bills may receive additional coverage in this blog:

HR 3278 To amend title 18, United States Code, to increase penalties for certain computer fraud and related offenses that involve critical infrastructure, and for other purposes. Fallon, Pat [Rep.-R-TX-4]

S 1705 A bill to require the Secretary of Commerce to issue standards with respect to chip security mechanisms for integrated circuit products, and for other purposes. Cotton, Tom [Sen.-R-AR]

 

For more information on these bills, including legislative history for similar bills in the 118th, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/bills-introduced-5-8-25 - subscription required. 

Transportation Chemical Incidents – Week of 4-5-25

Reporting Background

See this post for explanation, with the most recent update here (removed from paywall).

Data from PHMSA’s online database of transportation related chemical incidents that have been reported to the agency.

Incidents Summary

• Number of incidents – 371 (359 highway, 9 air, 3 rail, 0 water)

• Serious incidents – 2 (2 Bulk release, 0 evacuation, 0 injury, 0 death, 0 major artery closed, 1 fire/explosion, 10 no release)

• Largest container involved – 29,150-gal DOT 117J100W Railcar {Diesel Fuel} Two of eight manway swing bolts less than tool tight.

• Largest amount spilled – 330-gal Plastic IBC {Flammable Liquids, N.O.S.} IBC damaged load shift during transit.

NOTE: Links above are to Form 5800.1 for the described incidents; links in DB not working for these two incidents.

Most Interesting Chemical: Thioglycol: A water-white liquid. May be toxic by ingestion, inhalation, or skin absorption. May liberate hydrogen sulfide upon decomposition or reaction with an acid. (Source: CameoChemicals.NOAA.gov).

 

Short Takes – 5-8-25

House GOP infighting turns ugly over Trump’s ‘big beautiful bill’. CNN.com article. Pull quote: “Rep. Eric Burlison, another GOP hardliner, told CNN that he will refuse to support any bill that adds to the deficit in any way — and that must include the cost of Trump’s tax cuts. That means the spending cuts would have to equal roughly $5 trillion – far beyond the scope of what is under discussion”

Navy weighing impact of 1900+ resignations at public shipyards. InsideDefense.com article. Pull quote: ““We’ve had roughly 1,900-plus folks [out of 38,000 civilian positions] that have chosen to leave that service under the [deferred resignation program] and we’re in the process now of analyzing whether direct or indirect labor or what trades were affected by that so we can rebalance and make sure the work continues,” Kilby said during a House Armed Services Committee hearing on readiness.”

NIST loses key cyber experts in standards and research. CybersecurityDive.com article. Pull quote: “CSD leads NIST’s research, standards-setting, and industry collaboration on a wide range of cybersecurity topics, including cryptography, access control, cloud security, and risk management. The division manages the National Vulnerability Database, oversees the Risk Management Framework, and is standardizing a set of post-quantum cryptographic algorithms.”

India delays 1st Gaganyaan astronaut launch to 2027. Space.com article. Pull quote: “The first of those three long-delayed uncrewed Gaganyaan missions, known as G1, is slated to launch in the fourth quarter of this year, and will carry a half-humanoid robot named Vyomitra (Sanskrit for "space friend") to collect data in flight. [¶] The second and third Gaganyaan missions, G2 and G3, will also carry Vyomitra, and will launch in 2026. The first crewed mission, dubbed H1, will fly in the first quarter of 2027.”

Astronomers Have Found a Prime Candidate for the Elusive Planet 9. PopularMechanics.com article. Pull quote: “And long range is, honestly, underselling it—top theories for the positioning of Planet 9 place it around 400 astronomical units (AU). The furthest known planet, Neptune, is only about 31 AU. That’s already 31 times further than Earth is from the Sun, creating an orbit that lasts about 165 years. Planet 9 would also have an irregular orbit, scientists believe, so it would spent part of its cycle even further away.”

Review – 4 Advisories and 1 Update Published – 5-8-25

Today CISA’s NCCIC-ICS published three control system security advisories for products from Mitsubishi Electric, Hitachi Energy, and Horner Automation. They also published a medical device security advisory for products from Pixmeo. Finally, the updated an advisory for products from Hitachi Energy.

Advisories

Mitsubishi Advisory - This advisory describes an improper validation of quantity in input vulnerability in the Mitsubishi CC-Link IE TSN modules.

Hitachi Energy Advisory - This advisory discusses three vulnerabilities in the Hitachi Energy RTU500 series products.

Horner Advisory - This advisory describes an out-of-bounds read vulnerability in the Horner Cscape control system application programming software.

Pixmeo Advisory - This advisory describes three vulnerabilities in the Pixmeo OsiriX MD medical images viewer.

UPDATES

Hitachi Energy Update - This update provides additional information on the RTU500 Series advisory that was originally published on April 3^rd, 2025.

 

For more information on these advisories, including links to researcher reports as well as references to earlier discussions about the reported vulnerabilities, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/4-advisories-and-1-update-published-6e1 - subscription required.

BIS Sends AI Diffusion Rule Recision to OMB

Yesterday, the OMB’s Office of Information and Regulatory Affairs (OIRA) announced that it had received a recision notice from the DOC’s Bureau of Industry and Security (BIS) for their final rule on “Framework for Artificial Intelligence Diffusion”. That rule an interim final rule (IFR) for that rulemaking was published on January 15^th, 2025, with an effective date of January 13^th, and comment closing date of May 15^th, 2025.

There was an interesting, April 29^th article on Ruesters.com about potential Administration actions on this rulemaking.

NOTE: As with the original IFR, I do not expect that I will be covering this ‘recision’ process in any great detail here.

Review - Bills Introduced – 5-7-25

Yesterday, with both the House and Senate in session, there were 82 bills introduced. Of those, one bill may receive additional attention in this blog:

HR 3259 To amend the National Quantum Initiative Act and the Cyber Security Research and Development Act to advance the rapid deployment of post quantum cybersecurity standards across the United States economy, support United States cryptography research, and for other purposes. Stevens, Haley M. [Rep.-D-MI-11] 

 

For more information on these bills, including legislative history for similar bills in the 118th, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/bills-introduced-5-7-25 - subscription required.

CISA Adds 2 GeoVision Vulnerabilities to KEV Catalog – 5-7-25

Today CISA announced that it had added two OS command injection vulnerabilities in multiple GeoFence products  to their Known Exploited Vulnerabilities (KEV) catalog. The two added vulnerabilities are CVE-2024-6047 and CVE-2024-11120. The vulnerabilities were originally reported by TW-CERT in June and November of 2024 respectively as affecting end-of-life GeoVision products. The initial report for CVE-2024-11120 reported that “this vulnerability has already been exploited by attackers, and we have received related reports.” A public report by Akamai yesterday reported that the two vulnerabilities were being exploited by the Mirai botnet starting in April 2025. The Akamai report includes a number of important IOC diagnostic measures including SNORT rules, YARA rules, C2 domain names, and SHA256 hashes.

CISA is requiring federal agencies employing the affected GeoVision devices to apply “mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are not available.” Since the affected products are all EOL, there are no available mitigation measures. The deadline for applying those mitigation measures is May 28^th, 2025.

Short Takes – 5-7-25 AM

Pipeline Safety: Information Collection Activities. Federal Register PHMSA 60-day ICR renewal notice – No change in burden estimates - 2137-0637, Rupture Mitigation Valve Recordkeeping Requirements, and 2137-0638, Rupture Mitigation Valve Notification Requirements. Comments due: July 7^th, 2025.

H5N1 Bird Flu Cases Have Slowed in Animals and People. MedPageToday.com article. Pull quote: “"It's quite different from seasonality for human influenza viruses, in that the distribution of the virus among wild birds tends to follow migratory patterns, so we expect to see more circulation of H5N1 in wild birds in the fall and early winter as birds are migrating south," Davis said.” There has been unconfirmed, back channel reporting that CDC has been directed to under-report H5N1 cases.

Banning PFAS Would Jeopardize Millions of Medical Devices. MedPageToday.com article. Pull quote: “But these chemicals play an essential role in healthcare: they are crucial to the proper functioning of a broad range of medical devices such as stents, catheters, surgical mesh, pacemakers, heart patches, CPAP machines, prosthetics, surgical instruments, and asthma inhalers. Because there are not yet any clear alternatives to PFAS in the manufacturing and safe operation of many medical devices, regulators should carve out an exemption for the continued use of the chemical for healthcare.” Carving out exemption for these blood and organ contact devices would be appropriate if there is no threat, but no threat in those cases should mean that there is no threat in general environmental exposures.

SpaceX’s Starship Flight 9 Lift Off Date Potentially Revealed In New Notice. WCCFTech.com article. Pull quote: “According to a notice to mariners that surfaced earlier today, SpaceX could fly Starship Flight 9 later this month. The previous Starship test flight flew in March, and since then, SpaceX has remained quiet about the next test except for a couple of updates. The firm tested the Super Heavy booster due to fly Flight 9 at the start of April and followed up with multiple tests of the second-stage rocket later in the month. Between the two, the second stage is the troublesome vehicle as it has failed on both its test flights.”

EO 14290 - Ending Taxpayer Subsidization of Biased Media. Federal Register.

EO 14291 - Establishment of the Religious Liberty Commission. Federal Register.