Friday, January 31, 2025

Short Takes – 1-31-25

Six Actions Published by the Environmental Protection Agency With Comment Periods That Closed January 27, 2025, and January 29, 2025; Reopening of Comment Periods. Federal Register EPA comment extension. Summary: “This document reopens the comment period for 30 days for six notices [list here]published by the Environmental Protection Agency in the Federal Register between October 31, 2024, and January 14, 2025. This document reopens the comment period for those six notices with comment periods that closed January 27, 2025, and January 29, 2025.” Comments now due March 3rd, 2025.

Retro Spaceplane aces test for space station cargo missions. NewAtlas.com article. Pull quote: “Along with communications links between the payloads and Sierra Space’s mission control room and NASA’s Marshall Spaceflight Center (MSFC) in Huntsville, Alabama, the tests included three payloads: the Polar cryogenic preservation system for transporting scientific samples, the Powered Ascent Utility Locker (PAUL) for charging CubeSats during ascent, and NASA’s Single Stowage Locker, which is a standard stowage system for experiments and other payloads.”

SpaceX and Vast want ideas for science experiments on Dragon spacecraft and Haven-1 space station. Space.com article. Pull quote: “Vast Space is scheduled to launch the Haven-1 space station to orbit this August. The single-module station will launch on a SpaceX Falcon 9 rocket, to be followed in short order by the launch of a SpaceX Crew Dragon that will ferry a small number of astronauts to temporarily inhabit that station. Now, SpaceX and Vast have issued a joint request for proposals on just what to do onboard once Haven-1 is in low-Earth orbit (LEO).”

EO 14171 Restoring Accountability to Policy-Influencing Positions Within the Federal Workforce. Federal Register.

EO 14172 Restoring Names That Honor American Greatness. Federal Register.

EO 14173 Ending Illegal Discrimination and Restoring Merit-Based Opportunity. Federal Register.

EO 17174 Revocation of Certain Executive Orders. Federal Register.

EO 14175 Designation of Ansar Allah as a Foreign Terrorist Organization. Federal Register.

EO 14178 Strengthening American Leadership in Digital Financial Technology. Federal Register.

EO 14179 Removing Barriers to American Leadership in Artificial Intelligence. Federal Register.

EO 14180 Council To Assess the Federal Emergency Management Agency. Federal Register.

EO 14181 Emergency Measures To Provide Water Resources in California and Improve Disaster Response in Certain Areas. Federal Register.

EO 14182 Enforcing the Hyde Amendment. Federal Register.

Review - HR 108 Introduced – Space Research Innovation Act

Earlier this month Rep Biggs (R,AZ) introduced HR 108, the Space Research Innovation Act. The bill would require NASA to establish a university-affiliated research center to fund analyses and engineering support related to cis-lunar and deep-space missions and interplanetary research. No new funding would be authorized by this legislation.

The text of this bill is identical to that of HR 120 that was introduced by Biggs in January of 2023. No action was taken on that bill in the 118th Congress.

Moving Forward

Biggs is not a member of the House Science, Space, and Technology Committee to which this bill was assigned for consideration. This means that there is little chance that he would have the influence necessary to see the bill considered in Committee. Biggs has additional problems getting legislation passed. While he is a prolific crafter of bills (138 bills so far this session and 1,102 bills in the 118th), his reputation as a ‘bomb thrower’ and inability to compromise makes it difficult for him to form the necessary coalitions to see bills through the legislative process.

 

For more details about the proposed legislation, including a commentary about doing more with less funding, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/hr-108-introduced - subscription required.

Transportation Chemical Incidents – Week of 12-28-24

Reporting Background

See this post for explanation, with the most recent update here (removed from paywall).

Data from PHMSA’s online database of transportation related chemical incidents that have been reported to the agency.

Incidents Summary

• Number of incidents – 255 (225 highway, 29 air, 1 rail, 0 water)

• Serious incidents – 3 (3 Bulk release, 0 evacuation, 0 injury, 0 death, 0 major artery closed, 0 fire/explosion, 23 no release)

• Largest container involved – 23,325-gal DOT 111A100W3 Railcar {Combustible Liquid, N.O.S.} Manway cover gasket torn and misaligned.

• Largest amount spilled – 372-gal 4 metal drums {Adhesives, Containing A Flammable Liquid} Load not blocked and chocked, load shifted crushing drums.

NOTE: Links above are to Form 5800.1 for the described incidents.

Most Interesting Chemical: Octanes – Colorless liquid with an odor of gasoline. Less dense than water and insoluble in water. Hence floats on water. Produces irritating vapor. Flash Point 56°F. (Source: CameoChemicals.NOAA.gov).

 



First Trump Administration Rule Submitted to OMB

Yesterday, the OMB’s Office of Information and Regulatory Affairs (OIRA) announced that it had received a notice of proposed rulemaking from the DOT’s Federal Highway Administration (FHWA) on “National Performance Management Measures; Assessing Performance of the National Highway System, Greenhouse Gas Emissions Measure”. This is the first rulemaking submitted to OIRA since President Trump took office on January 20th and announced a temporary freeze on federal rulemaking.

There is no entry for this rulemaking in the Fall 2024 Unified Agenda, but I suspect that this rule will be a start to the process of overturning the Biden Administration’s 2024 “National Performance Management Measures; Assessing Performance of the National Highway System, Greenhouse Gas Emissions Measure” final rule. That rule essentially overturned a Trump 45 rule from 2018 that overturned an Obama January 2017 rule.

While I have no intention of covering this rulemaking in this blog, it will be interesting to see how quickly OIRA processes this rulemaking. This is obviously a high-profile rulemaking for the incoming administration and there are only four other rulemakings currently in OIRA pending review. This rule will provide the first measure of how effective the new administration is on bureaucratic process of rulemaking.

Thursday, January 30, 2025

Short Takes – 1-30-25

NASA, Partners to Welcome Fourth Axiom Space Mission to Space Station. NASA.gov news release. Pull quote: “The Axiom Mission 4, or Ax-4, crew will launch aboard a SpaceX Dragon spacecraft and travel to the space station. Once docked, the private astronauts plan to spend up to 14 days aboard the orbiting laboratory, conducting a mission comprised of science, outreach, and commercial activities. The mission will send the first ISRO astronaut to the station as part of a joint effort between NASA and the Indian space agency. The private mission also carries the first astronauts from Poland and Hungary to stay aboard the space station.”

Renew Support for Renewable Energy. ScientificAmerican.com commentary. Pull quote: “That would be a mistake. A rise in renewable energy does not mean a fall in oil or natural gas. U.S. production is growing there, too, and overall power demand is increasing. We’re not proposing a future free of fossil fuels. Major energy transitions take time. But as numerous studies have shown, more fossil-fuel consumption makes climate change, air and water pollution, and public health worse. Ultimately renewable energy costs less, and the cheaper technology always wins. Some U.S. states have gotten this message: Texas, the oil center of the country, now produces more wind power than any other state. The market for clean technologies is “increasingly catching up with the markets for fossil fuels,” Fatih Birol, executive director of the International Energy Agency, noted in an October 2024 release of the agency’s latest study.”

Can Trump Just Order New Names for Denali and the Gulf of Mexico? ScientificAmerican.com article. Describes how the official name change process normally works, typically it starts locally. Pull quote: “It’s a lot of paperwork for something so seemingly minor, but people get passionate about place names. It took 40 years to rename Denali from the name established in the late 19th century, Mount McKinley.”

Life’s ingredients discovered in samples Nasa probe returned from an asteroid. ChemistryWorld.com article. Pull quote: “‘The range of evaporites means that you had to have a large body of salt water, such as a lake or ocean, to build up that high salinity,’ says Lauretta. ‘So we’re looking at a very wet world with water that ultimately evaporated away, leaving behind the salts.’”

EO 14161 Protecting the United States From Foreign Terrorists and Other National Security and Public Safety Threats. Federal Register.

EO 14162 Putting America First in International Environmental Agreements. Federal Register.

EO 14163 Realigning the United States Refugee Admissions Program. Federal Register.

EO 14164 Restoring the Death Penalty and Protecting Public Safety. Federal Register.

EO 14165 Securing Our Borders. Federal Register.

EO 14166 Application of Protecting Americans From Foreign Adversary Controlled Applications Act to TikTok. Federal Register.

EO 14167 Clarifying the Military's Role in Protecting the Territorial Integrity of the United States. Federal Register.

EO 14168 Defending Women From Gender Ideology Extremism and Restoring Biological Truth to the Federal Government. Federal Register.

EO 14169 Reevaluating and Realigning United States Foreign Aid. Federal Register.

EO 14170 Reforming the Federal Hiring Process and Restoring Merit to Government Service. Federal Register.

Review – 6 Advisories and 2 Updates Published – 1-30-25

Today CISA’s NCCIC-ICS published five control system security advisories for products from Rockwell Automation (2), Schneider Electric, New Rock Technologies, and Hitachi Energy. They also published a medical device security advisory and an update for products from Contec Health. They also published a control system update for products from Mitsubishi.

Advisories

Rockwell Advisory #1 - This advisory describes three vulnerabilities in the Rockwell FactoryTalk AssetCentre.

Rockwell Advisory #2 - This advisory discusses an uncontrolled resource consumption vulnerability in the Rockwell KEPServerEX.

Schneider Advisory - This advisory describes an exposure of sensitive information to an unauthorized actor vulnerability in the Schneider Harmony Industrial PC and Pro-face Industrial PC.

New Rock Advisory - This advisory describes two vulnerabilities in the New Rock Cloud Connected Devices.

Hitachi Energy Advisory - This advisory describes eight vulnerabilities in the Hitachi Energy UNEM product.

Contec Advisory - This advisory describes three vulnerabilities in the Contec CMS8000 Patient Monitor.

NOTE: CISA published a stand-alone fact sheet on the backdoor vulnerability described in this advisory. The FDA published a Safety Communication about the reported vulnerabilities.

Updates

Contec Update - This update provides additional information on the CMS8000 Patient Monitor advisory that was originally published on September 1st, 2022.

Mitsubishi Update - This update provides additional information on the FA Engineering Software Products advisory that was originally published on May 14th, 2024, and most recently updated on October 31st, 2024.

 

For more information on these advisories, including a down-the-rabbit-hole look at the KEPServerEX vulnerability, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/6-advisories-and-2-updates-published-56f - subscription required.

Review - Bills Introduced – 1-29-25

Yesterday, with just the Senate in session, there were 42 bills introduced. One of those bills will receive additional coverage in this blog:

S 318 A bill to require a plan to improve the cybersecurity and telecommunications of the U.S. Academic Research Fleet, and for other purposes. Padilla, Alex [Sen.-D-CA]


For more information on this bill, including a possible history from the 118th Congress, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/bills-introduced-1-29-25 - subscription required.

Wednesday, January 29, 2025

Short Takes – 1-29-25

Trump’s reported plans to save TikTok may violate SCOTUS-backed law. ArsTechnica.com article. Nothing in law is simple. Pull quote: “There's no telling yet if Trump's plan can set up a better version of Project Texas or convince China to sign off on a TikTok sale. Analysts have suggested that China may agree to a TikTok sale if Trump backs down on tariff threats.”

New study reveals 92% of industrial sites at risk from unsecured remote access. SecurityInfoWatch.com article. Pull quote: “The study's timing is particularly relevant as recent research from Claroty in 2024 indicates that organizations are deploying too many remote access solutions within OT environments. This over-deployment creates excessive risk and operational challenges. Additionally, separate research by Takepoint Research found that remote services were the primary attack vector in 17 out of 24 major cyberattacks on OT environments.”

ExxonMobil demonstrates new hydrogen burner at Baytown plant. HazardExOnTheNet.net article. Pull quote: “ExxonMobil now plans to install these 100% hydrogen-capable burners in additional steam cracking furnaces at the Baytown Olefins Plant over the next few years. The company is planning to build a plant at Baytown that would produce up to 1 billion cubic feet per day of hydrogen. Furthermore, the plan is to also capture and store more than 98% of the CO2 emissions associated with its production.”

Bird flu has made eggs more expensive — does it also make them unsafe to eat? TheHill.com article. Pull quote: “Further, eggs, like poultry, that are prepared correctly and cooked properly are safe to consume, the USDA notes. That applies regardless of whether there’s a bird flu outbreak or not.”

EO 14151, Ending Radical and Wasteful Government DEI Programs and Preferencing. Federal Register.

EO 14152, Holding Former Government Officials Accountable for Election Interference and Improper Disclosure of Sensitive Governmental Information. Federal Register.

EO 14153, Unleashing Alaska's Extraordinary Resource Potential. Federal Register.

EO 14154, Unleashing American Energy. Federal Register.

EO 14156, Declaring a National Energy Emergency. Federal Register.

EO 14157, Designating Cartels and Other Organizations as Foreign Terrorist Organizations and Specially Designated Global Terrorists. Federal Register.

EO 14159, Protecting the American People Against Invasion. Federal Register.

EO 14160, Protecting the Meaning and Value of American Citizenship. Federal Register.

Trump Regulatory Freeze – Steady State

It looks like the OMB’s Office of Information and Regulatory Affairs (OIRA) has finally reached a steady state of no new rulemakings introduced and no new withdrawals of previously submitted rulemakings. The last withdrawal was done on January 24th, 2025. No new rulemakings have been submitted since Trump took office on January 20th, 2025. The five remaining rulemakings (EO Review Search Criteria: Agencies=All;   Review Status=Pending Review) still under OIRA review are:


INSERT Current Rulemakings graphic

The most interesting one from a Republican perspective is the last; “Energy Conservation Standards for Portable Electric Spas”, RIN 1904-AF36. Given the knee jerk reaction against these energy conservation standards amongst many Republicans in the Congress, it seems odd that this rulemaking (pending since 2023) has survived the Trump mandated regulatory review.

Now we just get to wait and see how long it takes the new Administration to start initiating (or reinstating) rulemakings.

Tuesday, January 28, 2025

Short Takes – 1-28-25

A tumultuous start to a new administration at NASA. SpaceReview.com article. Pull quote: “Any major changes to Artemis would likely face opposition by some members of Congress. Notably, the vice chair of the commerce, justice and science subcommittee of the House Appropriations Committee, which funds NASA, in the new Congress is Rep. Dale Strong (R-AL), whose district includes the Marshall Space Flight Center.” There is a legitimate reason that Musk called the Artemis program “a jobs-maximizing program, not a results-maximizing program”.

Why did Elon Musk just say Trump wants to bring two stranded astronauts home? ArsTechnica.com article. Pull quote: “NASA would very much prefer the four astronauts on Crew-10 arrive before Crew-9 departs. Why? Because if Crew-9 were to depart sooner, it would leave just a single astronaut, Don Pettit, on board the station. Now, Pettit is a very experienced and capable astronaut, but having just a single NASA astronaut on board to operate the US segment of the station is far from optimal. In addition to leaving Pettit in a difficult position, it would cancel a planned spacewalk in March and leave just a single person to prepare a Northrop Grumman cargo spacecraft for departure. This is apparently a big deal.”

EO 14149 Restoring Freedom of Speech and Ending Federal Censorship. Federal Register.

EO 14148 Initial Rescissions of Harmful Executive Orders and Actions. Federal Register,

EO 14147 Ending the Weaponization of the Federal Government. Federal Register.

Low concentration chemicals spur toxicological debate. ChemistryWorld.com article. Pull quote: “Martin says that while material scientists view BPA and phthalates as problematic, ‘some have no comprehension of the diverse universe of chemicals we’re talking about, and that we know so little about their toxicity’, adding there is little if any toxicology taught in chemistry degrees. ‘There’s chemistry and there’s biology,’ she says. ‘There’s a problem of disciplines being siloed.’ Instead of yet more varieties of PFAS, she believes there is room for truly innovative chemistry. Others complain that there is little incentive for companies to develop safer chemicals to replace suspect ones.”

NASA and Rocket Lab Enter a New Era With the Neutron Rocket. 3DNatives.com article. Pull quote: “This is not the first time the company has experimented with short-range launches. Before Neutron, Rocket Lab USA launched another spacecraft, Electron, into orbit as part of NASA missions and the VADR program. With Electron, the VADR PREFIRE missions were completed in just two weeks, and a double quick launch was initiated in May 2023 for the VADR TROPICS missions. Thanks to Neutron’s versatility and efficiency, Rocket Lab can now expand its field of research to space missions and enter previously unexplored orbits.”

Trump executive order calls for a next-generation missile defense shield. ArsTechnica.com article. Pull quote: “What's different with Trump's directive this week is a call for the US military to place weapons in space. Putting military weapons into orbit has been a controversial subject for decades and was a point of criticism made by opponents of the Strategic Defense Initiative (SDI) announced by former President Ronald Reagan in 1983.”

Short Takes – 1-28-25 – Bird Flu Edition

Egg prices may increase up to 20% as top farm tests positive for bird flu: USDA. ABCNews.go.com article. Pull quote: “Rose Acres Farms, which claims to be the second-largest egg producer in the United States, released a statement on Tuesday saying that it had detected cases of highly pathogenic avian influenza (HPAI) at Cort Acre Egg Farm in Seymour, Indiana.”

Egg prices near $9 a dozen in California, and that won’t change anytime soon. OCRegister.com article. Pull quote: “Anytime the virus is found on a poultry farm, the entire flock is slaughtered to help limit the virus’ spread. And with massive egg farms routinely housing more than 1 million chickens, just a few infections can cause a supply crunch.”

Tests identify H5N9 avian flu at California duck farm. CIDRAP.UNM.edu article. Pull quote: “Angela Rasmussen, PhD, a virologist at the Vaccine and Infectious Disease Organization at the University of Saskatchewan in Canada, said on X today that the H5N9 detection suggests reassortment of circulating H5N1 viruses with avian flu virus that contains the N9 neuraminidase (NA). She added that replication in coinfected hosts can produce unpredictable new reassortant viruses.”

Will bird flu spark a human pandemic? Scientists say the risk is rising. Nature.com article. Pull quote: “There are two main variants of H5N1 that researchers are monitoring: one, called B3.13, is spreading mainly in cows; the other, called D1.1, is found mostly in wild and domesticated birds, including chickens raised for poultry.”

Review – 6 Advisories and 1 Update Published – 1-28-25

Today CISA’s NCCIC-ICS published six control system security advisories for products from Schneider Electric (2), Rockwell Automation (3), and B&R. They also updated a medical device advisory for products from BD.

Three additional Rockwell advisories were published today. If they are not covered in CISA advisories on Thursday, I will discuss them this weekend in my Public ICS Disclosures post.

Advisories

Schneider Advisory #1 - This advisory describes a deserialization of untrusted data vulnerability in the Schneider Electric RemoteConnect and SCADAPack x70 Utilities.

Schneider Advisory #2 - This advisory describes two vulnerabilities in the Schneider PowerLogic HDPM6000 High-Density Metering System.

Rockwell Advisory #1 - This advisory describes two vulnerabilities in the Rockwell DataMosaix Private Cloud.

Rockwell Advisory #2 - This advisory describes two vulnerabilities in the Rockwell FactoryTalk product.

Rockwell Advisory #3 - This advisory describes two vulnerabilities in the Rockwell FactoryTalk View ME product.

B&R Advisory - This advisory describes the use of a broken or risky cryptographic algorithm vulnerability in the B&R Automation Runtime and mapp View products.

Updates

BD Update - This update provides additional information on the BD Diagnostic Solutions Products advisory that was originally published on December 17th, 2024.

 

For more information about these advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/6-advisories-and-1-update-published-286 - subscription required.

Review - Bills Introduced – 1-27-25

Yesterday, with just the Senate in session, there were eleven bills introduced. One of those bills will receive additional attention in this blog:

S 257 A bill to improve the resilience of critical supply chains, and for other purposes. Cantwell, Maria [Sen.-D-WA] 

For more information on this bill, including discussion about S 4275,  HR 774, and HR 6571 from the 118th Congress, as well as a bill mentioned in passing, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/bills-introduced-1-27-25 - subscription required.

Monday, January 27, 2025

Short Takes – 1-27-25

Zones, Conduits, and What They Mean. SCADAMag.Infracritical.com article. Another great article from Jake Brodsky. Pull quote: “I can hear the screams of protest coming from Project Managers and Network Engineers right now. Yes, this is more expensive, not to mention difficult to monitor and manage. BUT: Physical network design should follow and support the physical plant design, including failure modes. We should design for the possibility of failure and for the ability to maintain and test the conduit communications path.”

New Mailing Standards for Hazardous Materials Outer Packaging and Nonregulated Toxic Materials. Federal Register US Postal Service final rule. Summary: “The Postal Service is amending Publication 52, Hazardous, Restricted, and Perishable Mail (Pub 52 or Publication 52) by adding new section 131 to require specific outer packaging when mailing most hazardous materials (HAZMAT) or dangerous goods (DG), to remove quantity restrictions for nonregulated toxic materials, and to remove the telephone number requirement from the lithium battery mark.” Effective date January 27th, 2025.

With successful New Glenn flight, Blue Origin may finally be turning the corner. ArsTechnica.com article. Pull quote: “"If you can drive your manufacturing costs low enough in rate manufacturing—if you ever get to a really well-oiled machine that makes the machine—it's possible that, because of the performance increase that you get with an expendable upper stage, that could be the right solution for a long time," Bezos said. "So we're going to try to make the expendable upper stage so cheap to manufacture that a reusable stage can never compete with it. And we're going to try to make the reusable stage so operable that an expendable stage can never compete with it."”

Space venture firm predicts industry shakeup. SpaceNews.com article. Pull quote: “The report highlights increasing defense spending as a crucial factor shaping the industry’s future. Mounting concerns over China’s space capabilities, particularly its BeiDou navigation system’s growing influence, are driving U.S. initiatives like the adoption of alternative positioning, navigation and timing systems offered by commercial firms, and the Resilient Global Positioning Systems (R-GPS) program, which aims to strengthen GPS infrastructure through commercial partnerships.”

Electric spacecraft propulsion may soon take a leap, thanks to new supercomputer. Space.com article. Pull quote: “Now that scientists better understand the behavior of the electrons in the ion plume, they can incorporate this into designs for future electric propulsion engines, looking for ways to limit the back-scatter, or perhaps confine the electrons more to the core of the beam. Ultimately, this could help missions powered by electric propulsion to fly farther and for longer, pushed by the gentle blue breeze of its ion plume.”

Blue Ghost moon lander sees Earth as a 'blue marble' from orbit (photo). Space.com article. Pull quote: “Blue Ghost launched on the "Ghost Riders in the Sky" mission on Jan. 15 atop a SpaceX Falcon 9 rocket. The lander is currently orbiting Earth, and will continue to do so for about two more weeks before it performs an engine burn that will take it on a four-day journey to the moon. Firefly Aerospace's lander will then perform another burn to insert itself into orbit around the moon, where it will spend 16 days before descending to the lunar surface.”

Review - Committee Hearings – Week of 1-27-25

With just the Senate in Washington this week, there is a relatively lite hearing schedule. Most of the hearings focus on providing the ‘advice and consent’ of the Senate on presidential nominees. None of the nominees this week are of particular interest here. The House is in a District Work Period this week.


For more information on the nomination hearings scheduled for this week, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/committee-hearings-week-of-1-27-25 - subscription required.

 

Sunday, January 26, 2025

Review – ChemLock and Risk Based Performance Standards

This is part of a series of blog posts looking at the potential for the authorization of CISA’s existing ChemLock program and using it as a voluntary replacement for the now defunct Chemical Facility Anti-Terrorism Standards (CFATS) program. Other posts in this series include:

CFATS is Dead,

Making ChemLock Safety Act Compliant – ChemLock Program Background,

ChemLock and Tiering,

Reader Comment – TSDB Screening for ChemLock,

ChemLock and TSDB Screening.

NOTE: Earlier articles in this series have been removed from the CFSN Detailed Analysis paywall and are available to the public.

One of the key concepts upon which the CFATS program was founded is that the diversity of chemical facilities makes it nearly impossible to establish a security program which would fit each and every facility. So, when the CFATS regulations were written, DHS attempted to describe the outcome that they wanted to see from facility security programs rather than mandate what security measures facilities would be required to use. These risk based performance standards (RBPS) were codified at 6 CFR 27.230. Any authorization of the ChemLock program should direct CISA to take the same tack in making the program Safety Act (6 USC 441 et seq) compliant.

The current ChemLock security goals, properly fleshed out, could easily become the basis for a quasi-regulatory scheme by which facilities could be judged to be eligible for SAFETY Act protections. A version of the CFATS RBPS Guidance document would have to be created, tailored to the six security goals included in the updated ChemLock program and the proposed 5 risk tiers proposed in my earlier posts.

Legislative Housekeeping – 118th Congress – 1-26-25

This last week the GPO published the text of five bills introduced in the 118th Congress. These bills would have been covered in this blog. This leaves just four bills that I would have covered to have their text published. The bills published this week include:

HR 10408, the Securing Every Vector, Enhancing Networks (SEVEN) Act,

HR 10455, the Healthcare Cybersecurity Improvement Act, 

HR 10464, the Spaceport Project Opportunities for Resilient Transportation (SPACEPORT) Act,

HR 10483, the Water Cybersecurity Enhancement Act, and

S 5556, To require a solid rocket motor industrial base strategy

Saturday, January 25, 2025

Short Takes – 1-25-25

Where Cars and Cybersecurity Collide (Pun Intended). FedScoop.com article. Not really about cars….  Pull quote: “This inability to monitor for potential points of attack can be devastating to an organization’s  security. If a gap exists, bad actors will exploit it. Over 23% of data exposures involve critical IT and  security infrastructure, suggesting threat actors are adapting their methods to identify and take  advantage of common holes left in piecemeal security architecture. They understand disconnected  architecture is hard to defend, and therefore easy to infiltrate.”

Trump Appointee Tracker. WashingtonPost.com article (free). Pull quote: “Donald Trump has picked 116 nominees to fill key roles in his administration so far. We are tracking 817 government positions among about 1,300 that require Senate confirmation.” Interesting idea and a good use of internet vs print media. Would be helpful if there were links to brief bios on each of the appointees.

Cybersecurity guidance for small fleet operators. PenTestPartners.com article. A series of short, clearly written suggestions for handing cybersecurity related issues. Could serve as a start of an outline of a cybersecurity policy.

CISA Adds SonicWall Vulnerability to KEV Catalog – 1-24-25

Yesterday, CISA announced that it had added a deserialization of untrusted data vulnerability in the SonicWall SMA1000 Appliance Management Console to their Known Exploited Vulnerability (KEV) catalog. SonicWall reported the vulnerability earlier this week. SonicWall has a new version that mitigates the vulnerability. CISA has directed all federal agencies using the SMA1000 AMC to apply “mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.” The deadline for successfully taking this action is February 14th, 2024.

Review – CSB Updates Accidental Release Reporting Database – 1-16-25

Yesterday the CSB updated their published list of reported chemical release incidents. They added 15 new incidents that occurred since the previous version was published in October. These are not incidents that the CSB is investigating, these are incidents that were reported to the CSB under their Accidental Release Reporting rules (40 CFR 1604).

The table below shows the top five states based upon the number of reported incidents since the July update was published.



For a deeper dive into the latest reporting data, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/csb-updates-accidental-release-reporting-68d - subscription required.

Review – Bills Introduced – 1-24-25

Yesterday, with the Senate in Washington, and the House meeting in pro forma session, there were 49 bills introduced. Three of those bills will receive additional coverage in this blog:

HJ Res 30 Providing for congressional disapproval under chapter 8 of title 5, United States Code, of the rule submitted by the Environmental Protection Agency relating to "Phasedown of Hydrofluorocarbons: Management of Certain Hydrofluorocarbons and Substitutes Under the American Innovation and Manufacturing Act of 2020". Dunn, Neal P. [Rep.-R-FL-2]

S 244 A bill to direct the Secretary of Commerce, acting through the Assistant Secretary of Commerce for Communications and Information, to conduct a study of the national security risks posed by consumer routers, modems, and devices that combine a modem and router, and for other purposes. Blackburn, Marsha [Sen.-R-TN]

S 245 A bill to require the Assistant Secretary of Commerce for Communications and Information to establish a working group on cyber insurance, to require dissemination of informative resources for issuers and customers of cyber insurance, and for other purposes. Hickenlooper, John W. [Sen.-D-CO]

 

For more information on these bills, including discussions about similar bills introduced in the 118th, Congress, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/bills-introduced-1-24-25 - subscription required.

Chemical Incident Reporting – Week of 1-18-25

NOTE: See here for series background.

San Antonio, TX – 1-11-25

Local News Report: Here, here, and here.

There was a small anhydrous ammonia leak at a food distribution warehouse. As many as five people were transported to the hospital. All were reportedly released after examination. There is no report of damages.

Not a CSB reportable.

BERRYVILLE, AR– 1-16-25

Local News Report: Here, here, here, and here.

Firefighters responding to fire at food processing facility were exposed to caustic soda in the residual fire fighting water. There were caustic soda beads stored in the area where the fire was being fought. There were 25 firefighters and 1 employee transported to a local hospital for minor chemical burns. All were released from the hospital. No damage reports were included.

Probably not CSB reportable.

NOTE: Caustic soda beads (typically called prills) are readily soluble in water, making a highly corrosive, high pH solution. Heat is produced by the act of dissolving (or diluting), so depending on how close individuals were to the stored bags, they also could have had hot water burns. They may see some of those released personnel going back for further treatment after their blisters break. That could lead to hospitalizations, making this a reportable incident.

Port Orange, FL – 1-22-25

Local News Report: Here, here, and here.

There was a chlorine gas release at a wastewater treatment plant after a bulk chemical unloading incident. No information was provided about the two chemicals involved, but their mixture was expected to create chlorine gas. A local neighborhood evacuation was ordered as a precaution. No injuries or damages were reported.

Not CSB reportable.

Review – Public ICS Disclosures – Week of 1-18-25

This week we have seven vendor disclosures from Bosch, CODESYS, Delta Electronics, HPE, Palo Alto Networks, QNAP, and SonicWall. We also have five updates from ABB, FortiGuard (3) and HPE. Finally, we have an exploit for a vulnerability in a product from Forescout.

Advisories

Bosch Advisory - Bosch published an advisory that describes an unquoted service path enumeration vulnerability in their DIVAR IP all-in-one 7000 product.

CODESYS Advisory - CODESYS published an advisory that discusses an observable discrepancy vulnerability with publicly available exploit in the CODESYS Key USB dongle.

Delta Advisory - Delta published an advisory that describes a heap-based buffer overflow vulnerability in their CNCSoft-G2.

HPE Advisory - HPE published an advisory that discusses an inefficient regular expression complexity vulnerability in their Telco Service Orchestrator.

Palo Alto Networks Advisory - Palo Alto Networks published an advisory that discusses 20 vulnerabilities (11 with publicly available exploits) in their PAN-OS product.

QNAP Advisory - QNAP published an advisory that discusses six vulnerabilities in their HBS 3 Hybrid Backup Sync product.

SonicWall Advisory - SonicWall published an advisory that describes a deserialization of untrusted data vulnerability that is listed in the CISA Known Exploited Vulnerabilities catalog.

Updates

FortiGuard Advisory #1 - FortiGuard published an update for their Node.js websocket module advisory that was originally published on January 14th, 2025.

FortiGuard Advisory #2 - FortiGuard published an update for their captive portal advisory that was originally published on February 27th, 2024.

FortiGuard Advisory #3 - FortiGuard published an update for their multiple logic flaws advisor that was originally published on January 14th, 2025.

HPE Update - HPE published an update for their RADIUS protocol advisory that was originally published on July 9th, 2024, and most recently updated on October 9th, 2024.

Exploits

Forescout Exploit - Nightsedge published an exploit for a creation of a temporary in directory with insecure permissions vulnerability in the Forescout SecureConnector.

 

For more information on these disclosures, including links to 3rd party advisories, researcher reports, and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-1-423 - subscription required.

Friday, January 24, 2025

Review – OIRA and the Regulatory Freeze

Since Trump’s regulatory freeze took effect on January 20th, the OMB’s Office of Information and regulatory affairs (OIRA) has not done much work on its normal job of processing rulemakings and information collection requests. They have almost certainly stayed busy, working with agencies in assessing their actions under that freeze, but their normal business has dropped off considerably.

The table below shows those normal actions that have been processed since January 20th:


OIRA Actions

We can see from that table that the only thing that has been proceeding with any normality is the receiving of information collection request (ICR) submissions from federal agencies. This is one area that was not addressed in Trump’s regulatory freeze order. Technically, these ICR’s are not supposed to be initiating new policy, but new ICRs and revisions certainly reflect recent changes in the operation of those programs.

 

For more information on the DHS ICR’s currently being reviewed by OIRA, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/oira-and-the-regulatory-freeze - subscription required.

Transportation Chemical Incidents – Week of 12-21-24

Reporting Background

See this post for explanation, with the most recent update here (removed from paywall).

Data from PHMSA’s online database of transportation related chemical incidents that have been reported to the agency.

Incidents Summary

• Number of incidents – 193 (169 highway, 23 air, 1 rail, 0 water) This was Christmas week; that accounts for the low number of incidents (everyone was trying to be especially nice - grin).

• Serious incidents – 1 (1 Bulk release, 0 evacuation, 0 injury, 0 death, 0 major artery closed, 1 fire/explosion, 13 no release)

• Largest container involved – 30,093-gal DOT 117R100W Railcar {Alcohols, N.O.S.} BOV nipple sheared off in train derailment.

• Largest amount spilled – 300-gal DOT 117R100W Railcar {Alcohols, N.O.S.} BOV nipple sheared off in train derailment.

NOTE: Links above are to Form 5800.1 for the described incidents.

Most Interesting Chemical: HYDROCHLORIC ACID – Colorless watery liquid with a sharp, irritating odor. Consists of hydrogen chloride, a gas, dissolved in water. Sinks and mixes with water. Produces irritating chlorine vapor. Dilution may generate heat. (Source: CameoChemicals.NOAA.gov). NOTE: Hydrochloric acid was involved in 10 incidents this week (5.2%).



Thursday, January 23, 2025

Short Takes – 1-23-25

Trump’s Pentagon to begin task of crafting NORTHCOM plan to ‘seal’ US borders. BreakingDefense.com article. Pull quote: “The issue is that NORTHCOM does not have standing forces per se; rather troops are allocated to the command for exercises and any deployments deemed necessary. So shifting personnel from another military service or another combatant command “is a zero sum game,”  meaning that “someone will have to pay in readiness or future response,” said the former official, speaking candidly on the condition of anonymity.”

Turning Audit Results into Actionable Security Improvements. LinkedIn.com/Pulse article. Pull quote: “For OT Security leaders, audits are not just checkpoints—they are opportunities to drive operational resilience, enhance compliance, and secure the organization against emerging threats. By fostering a culture of continuous improvement and aligning efforts with site criticality, security leaders can ensure that audit results translate into long-term value and competitive advantage.”

Tanzania declares Marburg virus disease outbreak. CEN.ACS.org article. Pull quote: “This is the second Marburg virus disease outbreak in Tanzania. In March 2023, the country recorded nine cases, including six deaths, from the disease. “We have demonstrated in the past our ability to contain a similar outbreak and are determined to do the same this time around,” said Tanzania’s president, Samia Suluhu Hassan, at a press briefing. These measures include quick isolation of people with suspected infections for testing and treatment, contact tracing, and community engagement, she added.”

This is what might happen if the US withdraws from the WHO. TechnologyReview.com article. Pull quote: “At the same time, the US is up against another growing threat to public health: the circulation of bird flu on poultry and dairy farms. The US has seen outbreaks of the H5N1 virus on poultry farms in all states, and the virus has been detected in 928 dairy herds across 16 states, according to the US Centers for Disease Control and Prevention. There have been 67 reported human cases in the US, and one person has died. While we don’t yet have evidence that the virus can spread between people, the US and other countries are already preparing for potential outbreaks.”

Trump’s Immigration Threats Are Already Wrecking the Food Industry. NewRepublic.com article. Pull quote: ““We’re in the middle of our citrus harvesting,” Casey Creamer, president of the industry group California Citrus Mutual, told CalMatters. “This sent shockwaves through the entire community. People aren’t going to work and kids aren’t going to school. Yesterday about 25 percent of the workforce, today 75 percent didn’t show up.”” And no one in the incoming administration saw this coming? Not too smart after all.

Trump's Gag Order Halts CDC Publication. MedPageToday.com article. Pull quote: “The former CDC employee who did not want to be named told MedPage Today they suspect the administration may not have realized the full implications of this gag order on the valuable resources, and that conversations are likely happening behind the scenes to try to convince the new administration to let MMWR go out. They pointed out that MMWR staff are still working and that if this pause continues through next week as currently planned, the articles would likely be put in the Feb. 6 issue.

Cancer cells ‘poison’ the immune system with tainted mitochondria. Nature.com article. Pull quote: “The team engineered cancer cells to carry mitochondria that are speckled with a fluorescent protein. When these cells were grown alongside TILs, the immune cells started harbouring glowing mitochondria after 24 hours. By 15 days, cancer-derived mitochondria had supplanted some immune cells’ native mitochondria almost entirely.”

Scientists Invented Molecular ‘Chainmail’ That’s Way Stronger Than Kevlar, PopularMechanics.com article. Pull quote: “Unlike the metal adornments that accompanied warriors on the battlefield, this piece of “chainmail” is actually mechanically interlocked polymers linked together at an unprecedented density—100 trillion mechanical bonds per square centimeter. Incredibly, even though this is the highest density ever achieved, the material seems to be scalable and could drastically increase the effectiveness of ballistic material. The details of this new polymer chainmail were published in the journal Science earlier this week.”

Review – 6 Advisories Published – 1-23-25

Today CISA’s NCCIC-ICS published six control system security advisories for products from HMS, Schneider (3), Hitachi Energy, and mySCADA.

Advisories

HMS Advisory - This advisory describes a cleartext transmission of sensitive information vulnerability in the HMS EWON Flexy 202 IIoT data gateway.

Schneider Advisory #1 - This advisory describes an improper restriction of operations within the bounds of a memory buffer vulnerability in the Schneider EcoStruxure Power Build Rapsody.

Schneider Advisory #2 - This advisory describes an improper privilege-management vulnerability in the Schneider Easergy Studio products.

Schneider Advisory #3 - This advisory describes a cleartext storage of sensitive information vulnerability in the Schneider EVlink Home Smart and Schneider Charge charging stations.

Hitachi Energy Advisory - This advisory describes an improperly implemented security check for standard vulnerability in the Hitachi Energy RTU500 series products.

MySCADA Advisory - This advisory describes two OS command injection vulnerabilities in the mySCADA myPRO products.

 

For more information on these vulnerabilities (four of which have been previously reported here), including a down-the-rabbit-hole look at the coordination process, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/6-advisories-published-1-23-25 - subscription required.

Review - Bills Introduced – 1-22-25

Yesterday, with both the House and Senate in session, there were 72 bills introduced. Two of those bills will receive additional coverage in this blog:

HR 612 To amend the Public Health Service Act to authorize grants to health care providers to enhance the physical and cyber security of their facilities, personnel, and patients. Escobar, Veronica [Rep.-D-TX-16]

HJ Res 27 Providing for congressional disapproval under chapter 8 of title 5, United States Code, of the rule submitted by the Environmental Protection Agency relating to "Trichloroethylene (TCE); Regulation Under the Toxic Substances Control Act (TSCA)". Harshbarger, Diana [Rep.-R-TN-1]

For more information on these bills, including commentary on the possibility of consideration and passage of the bills, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/bills-introduced-1-22-25  [Link added 23:07 EST, 1-23-25]- subscription required.

 

NOTE: These introduction blog posts are being moved to my subscription site in a crass effort to expand my subscription base there. I am expanding some of the commentary that I provide on these introductions.

Wednesday, January 22, 2025

Short Takes – 1-22-25

Costa Rica refinery cyberattack was first deployment for new US response program, ambassador says. TheRecord.media article. Pull quote: “The small team was a mix of State Department personnel and federal contractors from two private firms. Fick declined to name the companies involved out of concern their involvement would make them targets for ransomware operators as well.”

CIA nominee tells Senate he, too, wants to go on cyber offense. CyberScoop.com article. Pull quote: ““The deployment of those capabilities would of course be a policy decision for others to make,” he said. “But I would like to make sure we have all the tools necessary to go on offense against our adversaries in the cyber means.””

National Emission Standards for Hazardous Air Pollutants: Chemical Manufacturing Area Sources Technology Review. Federal Register EPA notice of proposed rulemaking. Summary: “The Environmental Protection Agency (EPA) is proposing to establish a new area source category to address chemical manufacturing process units (CMPUs) using ethylene oxide (EtO). The EPA is proposing to list EtO in table 1 to the National Emission Standards for Hazardous Air Pollutants (NESHAP) for Chemical Manufacturing Area Sources (referred to as the CMAS NESHAP in this document) and to add EtO-specific requirements to the CMAS NESHAP. The EPA is also proposing to add a fenceline monitoring program for EtO. In addition, the EPA is proposing new requirements for pressure vessels and pressure relief devices (PRDs). This proposal also presents the results of the EPA's technology review of the CMAS NESHAP as required under the Clean Air Act (CAA). As part of this technology review, the EPA is proposing to add new leak detection and repair (LDAR) requirements to the CMAS NESHAP for equipment leaks in organic HAP service and heat exchange systems. The EPA is also proposing performance testing once every 5 years and to add provisions for electronic reporting. We estimate that the proposed amendments to the CMAS NESHAP, excluding the proposed EtO emission standards, would reduce hazardous air pollutant (HAP) emissions from emission sources by approximately 158 tons per year (tpy). Additionally, the proposed EtO emission standards are expected to reduce EtO emissions by approximately 4.6 tpy.” Comments due March 24th, 2025.

Half a million hotel guests at risk after hackers accessed sensitive data. BitDefender.com blog post. Pull quote: “Security breaches like this underline the growing risk posed by the supply chain. It isn't enough to know that your own business is doing a good job at protecting the data entrusted to it by its customers. You also need to consider how well the data is being secured by the third-parties and services you partner with to process sensitive information.”

Trump administration dismantles CSRB, leaves future of cybersecurity oversight in question. IndustrialCyber.co article. Pull quote: ““Given the CSRB is tasked with investigating significant cyber intrusions — such as the Microsoft Exchange incident my committee examined last year — President Trump’s new DHS leadership should have the opportunity to decide the future of the Board,”  he [Rep Mark Green (R,TN)] added. “This could include appointing new members, reviewing its structure, or deciding if the Board is the best way to examine cyber intrusions.””

A tether covered in solar panels could boost the ISS's orbit. Phys.org article. Pull quote: “So, while there are still a few good years left in the station, it likely won't benefit as much from the BPT system as it would have a few decades ago. That being said, there will likely be a replacement in orbit someday, and it could benefit from such a system from the outset, which could save hundreds of tons of fuel in orbit over its lifetime.”

Trump Administration Freezes Many Health Agency Reports and Posts. MedPageToday.com article. Pull quote: “In a memo obtained by the Associated Press, acting HHS Secretary Dorothy Fink, MD, told agency staff leaders Tuesday that an "immediate pause" had been ordered on -- among other things -- regulations, guidance, announcements, press releases, social media posts, and website posts until such communications had been approved by a political appointee.” 

Review – Public ICS Disclosures – Week of 1-11-24 – Part 3

For Part 3 we have one additional advisory for products from Siemens. We also have 17 vendor updates from Siemens. There are two researcher reports for vulnerabilities in products from Offis. Finally we have three exploits for products from ABB and Palo Alto Networks (2)

Advisories

Siemens Advisory - Siemens published an advisory that discusses an insertion of sensitive information into a log file vulnerability in their Siveillance Video Device Pack.

Updates

Siemens Update #1 - Siemens published an update for their User Management Component advisory that was originally published on December 12th, 2023, and most recently updated on October 8th, 2024.

Siemens Update #2 - Siemens published an update for their SIMATIC S7-1500 advisory that was originally published on October 8th, 2024, and most recently updated on December 10th, 2024.

Siemens Update #3 - Siemens published an update for their Siemens Engineering Platform advisory that was originally published on November 12th, 2024.

Siemens Update #4 - Siemens published an update for their Socket.IO advisory that was originally published on September 10th, 2024, and most recently updated on December 10th, 2024.

Siemens Update #5 - Siemens published an update for their SIMATIC WinCC advisory that was originally published on April 9th, 2024, and most recently updated on July 9th, 2024.

Siemens Update #6 - Siemens published an update for their BlastRadius.Fail advisory that was originally published on July 9th, 2024, and most recently updated on December 10th, 2024.

Siemens Update #7 - Siemens published an update for their e OPC UA Implementations advisory that was originally published on September 12th, 2023, and most recently updated on December 10th, 2025.

Siemens Update #8 - Siemens published an update for their SCALANCE W-700 advisory that was originally published on June 11th, 2024, and most recently updated on September 10th, 2024.

Siemens Update #9 - Siemens published an update for their SIMATIC SCADA and PCS 7 systems advisory that was originally published on September 10th, 2024, and most recently updated on November 12th, 2024.

Siemens Update #10 - Siemens published an update for their SegmentSmack advisory that was originally published on April 14th, 2020, and most recently updated on July 9th, 2024.

Siemens Update #11 - Siemens published an update for their S7-1500 CPU devices advisory that was originally published on January 10th, 2023, and most recently updated on June 11th, 2024.

Siemens Update #12 - Siemens published an update for their PROFINET Stack advisory that was originally published on April 12th, 2022, and most recently updated on July 9th, 2024.

Siemens Update #13 - Siemens published an update for their SCALANCE products advisory that was originally published on December 13th, 2022, and most recently updated on October 10th, 2023.

Siemens Update #14 - Siemens published an update for their Mendix Runtime advisory that was originally published on September 10th, 2024, and most recently updated on December 12th, 2024.

Siemens Update #15 - Siemens published an update for their GNU/Linux subsystem advisory that was originally published on December 12th, 2023, and most recently updated on December 10th, 2024.

Siemens Update #16 - Siemens published an update for their Web Server of SIMATIC S7-1500 CPUs advisory that was originally published on October 8th, 2024, and most recently updated on November 12th, 2024.

Siemens Update #17 - Siemens published an update for their User Management Component advisory that was originally published on September 10th, 2024, and most recently updated on November 12th, 2024.

Researcher Reports

Offis Report #1 - Cisco Talos published a report that describes an improper restriction of operations within the bounds of a memory buffer in the Offis DCMTK DICOM library.

Offis Report #2 - Cisco Talos published a report that describes an improper restriction of operations within the bounds of a memory buffer in the Offis DCMTK DICOM library.

Exploits

ABB Exploit - Cyber Danube published an exploit for two vulnerabilities in the ABB AC500v3.

Palo Alto Networks Exploit #1 - An unidentified researcher published an exploit for an improper check for unusual or exceptional conditions vulnerability (reported in the CISA Known Exploited Vulnerabilities catalog) in the Palo Alto Networks PanOS product.

Palo Alto Networks Exploit #2 - SSD published an advisory for an OS command injection vulnerability in the Palo Alto Networks Expedition Migration Tool.

 

For more information on these disclosures, including links to 3rd party advisories and researcher reports, in addition to brief summaries of changes made in the updates, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-1-e6f - subscription required.

More Withdrawn Rulemakings – 1-22-25

Yesterday, in accordance with the President’s order on regulatory reviews (still no EO number), 25 rulemakings were reported (EO Review Search Criteria: Agencies=All;   Review Status=Concluded;   Concluded from 01/20/2025)‘Withdrawn’ by the OMB on their Reginfo.gov website. This includes three rulemakings of potential interest here:


There are still 24 ‘active’ rulemakings listed on the RegInfo.gov site. One of those, a DOE notice of proposed rulemaking on “Advanced Technology Vehicles Manufacturing Incentive Program” may be of interest here. It is not clear at this point whether or not any of the remaining rules will be withdrawn today.

Technically, Trumps order did not require any action on rulemakings sent to the OMB for review, only on rulemakings sent to the Office of the Federal Register. Still, it is clear that agency review by Trump Administration appointees of these rules would be expected. It is not clear from the information on this web site if these rulemakings were withdrawn at the submitting agency’s request or whether they were directed to be withdrawn by the OMB.

The most concerning withdrawal, in my opinion, is the FAA rule that would have established the criteria and procedures for the operator or proprietor of eligible fixed site facilities to apply to the FAA for an unmanned aircraft-specific flight restriction. This rule was congressionally mandated {§2209 of the the FAA Extension, Safety and Security Act of 2016 (PL 114-190, 130 Stat. 634)} to be in place almost eight years ago. The chemical industry (and many others, to be sure) has been begging the FAA to issue this rule so that they could get some protection of their airspace from UAS intrusions. While I have not seen the language submitted to OMB, I would think that allowing this rulemaking to continue would have been under the discretionary authority provided to the OMB Director or Acting Director under Trump’s order.

 
/* Use this with templates/template-twocol.html */