Short Takes – 3-31-25

Isar Aerospace’s first Spectrum launch fails. SpaceNews.com article. Pull quote: ““WHAT A FLIGHT!” posted Daniel Metzler, chief executive of Isar Aerospace, about an hour after the launch. “On our first flight today we got to a clean liftoff, 30sec of flight, and didn’t blow up the pad in the meantime.”” Success in rocket science is defined differently than in most endeavors.

How Each Pillar of the 1st Amendment is Under Attack. KrebsOnSecurity.com commentary. Pull quote: “This story explores a slew of recent actions by the Trump administration that threaten to undermine all five pillars of the First Amendment to the U.S. Constitution, which guarantees freedoms concerning speech, religion, the media, the right to assembly, and the right to petition the government and seek redress for wrongs.”

Immigration agents arrested a U.S. citizen and created warrants after an arrest, lawyers say in court. Chicago.SunTimes.com article. Pull quote: “The 22 cases include Chicago resident Julio Noriega, 54, a U.S. citizen who, according to court documents, was arrested, handcuffed and spent most of the night at an ICE processing center in suburban Broadview. He was never questioned about his citizenship and was only released after agents looked at his ID.”

Chinese Bluetooth satellite startup raises early funding. SpaceNews.com article. Pull quote: “Utilizing these low-power signals greatly reduces energy and infrastructure requirements for connectivity and monitoring, which could help expand IoT coverage. Satellites can cover areas without networks, power, or communication infrastructure, enabling effective data collection and monitoring in more remote regions. The system could be most useful for Bluetooth-only devices such as sensors and tags.” A new surveillance tool? Nah… Who would want to do that?

Signal Gate. WHMurray.blogspot.com blog post. Pull quote: “Most of those with any knowledge about a military mission will have been indoctrinated in operational security, both in training and experience.  Here we had a case of novices, those who did not have experience, who had not grown up in the tradition of SECOPS.”

House panel recesses as GOP leaders weigh blocking proxy voting for new parents. TheHill.com article. Pull quote: “In her letter announcing her departure from the hardline group, Luna wrote: “I cannot remain part of a caucus where a select few operate outside its guidelines, misuse its name, broker backroom deals that undermine its core values and where the lines of compromise and transaction are blurred, disparage me to the press, and encourage misrepresentation of me to the American people.””

Top vaccine official sends warning. TheHill.com article. Pull quote: ““However, it has become clear that truth and transparency are not desired by the Secretary [Kennedy], but rather he wishes subservient confirmation of his misinformation and lies,” Marks wrote.”

Review – Committee Hearings – Week of 3-30-25

With both the House and Senate in session, there is a moderately busy and more diverse hearing schedule for this week. In the House we have three cybersecurity hearings, one space hearing, and a hearing on the military view of small UAS and cUAS technologies. There are no Senate hearings of particular interest here.

Cybersecurity

On Tuesday, the Subcommittee on Cybersecurity and Infrastructure Protection of the House Homeland Security Committee will hold a hearing on “Cybersecurity is Local, Too: Assessing the State and Local Cybersecurity Grant Program”.

On Tuesday, the Subcommittee on Oversight and Investigations of the House Energy and Commerce Committee will hold a hearing on “Aging Technology, Emerging Threats: Examining Cybersecurity Vulnerabilities in Legacy Medical Devices”.

On Wednesday, the Subcommittee on Military and Foreign Affairs of the House Committee on Oversight and Government Reform Committee will hold a hearing on “Salt Typhoon: Securing America’s Telecommunications from State-Sponsored Cyber Attacks”.

Space Geek

On Tuesday, the Subcommittee on Space and Aeronautics of the House Science, Space, and Technology Committee will hold a hearing on “Hearing: Leveraging Commercial Innovation for Lunar Exploration: A Review of NASA’s CLPS Initiative”.

cUAS Issues

On Wednesday, the Subcommittee on Tactical Air and Land Forces of the House Armed Services Committee will hold a hearing on “Small UAS and Counter-Small UAS: Gaps, Requirements, and Projected Capabilities”.

 

For more information on these hearings, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/committee-hearings-week-of-3-30-25- subscription required.

Review – HR 1126 Introduced – E Palestine Health Study

Last month Rep Joyce (R,OH) introduced HR 1126, the East Palestine Health Impact Monitoring Act of 2025. The bill would require HHS to conduct a study on the health effects of the 2023 East Palestine, OH train derailment. The bill would authorize “such sums as may be necessary for fiscal year 2026, to remain available until September 30, 2030, to carry out this Act”.

This bill is essentially the same as HR 8537 that was introduced by Joyce in May of 2024. No action was taken on that bill in the 118^th Congress.

Moving Forward

While Joyce is not a member of the House Energy and Commerce Committee to which this bill was assigned for consideration, one of his five cosponsors, Rep Rulli (R, OH) is a member. This means that there may be sufficient influence to see the bill considered in Committee. I suspect that the Republican leadership will continue to ignore this bill, because of its potential to increase the liability of the railroads and shippers involved in the East Palestine derailment. While some level of bipartisan support is indicated by the sponsorship of the bill, if the bill were considered, it is unlikely that it would receive sufficient support in Committee to move to the floor of the House for consideration.

Commentary

The further removed we are from the incident, the more problems with the efficacy of a health study due to lack of baseline information on the affected population. This is one of the problems with trying to rely on a legislative response to each incident. What should be considered is making a blanket requirement for DOT and HHS to conduct long-term (five to ten years) health assessments for every chemical release involved in a major transportation incident. Such legislation is not something that I would expect a Republican congress to support, but it is something that should be considered.

 

For more information on the provisions of this bill, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/hr-1126-introduced - subscription required.

Review - HR 866 Introduced – ROUTERS Act

Last month Rep Latta (R,OH) introduced HR 866, the Removing Our Unsecure Technologies to Ensure Reliability and Security (ROUTERS) Act. The bill would require the Department of Commerce to conduct a study on the national security risks of consumer routers and modems manufactured in China. No new funding is authorized by the legislation.

The bill is essentially identical to HR 7589, that was introduced by Latta in March of 2024. On March 20^th, 2024, the House Energy and Commerce Committee held a business meeting that included consideration of HR 7589. The Committee adopted the bill, without amendments, by a vote of 43 to 0. The Committee Report was published on May 19^th, 2024. HR 7589 was considered by the Full House on September 9^th, 2024, under the suspension of the rules process and was passed by a voice vote. No action was taken on the bill in the Senate.

Moving Forward

Both Latta, and his sole cosponsor {Rep Kelly, (D,IL)} are members of the House Energy and Commerce Committee to which this bill was referred for consideration. This means that there may be sufficient influence to see the bill considered in Committee. As with HR 7589 last session, I would expect the bill to receive strong bipartisan support, both in Committee and on the floor of the House.

Commentary

Since the requirements of this bill are specifically focused on “consumer” routers and similar devices, this bill would be unlikely to provide anyone with actionable information. Congress is unlikely to make the sale of Chinese routers illegal in this country. Even if it were to do so, there would be no practical way for them to eliminate those already here. This is another case of Congress trying to look like it is doing something about a problem over which it has no control.

 

For more information on the provisions of this bill, including an expanded commentary, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/hr-866-introduced - subscription required.

 

Short Takes – 3-29-25

Upcoming Launch - Fram2 Mission. SpaceX.com article. Pull quote: “SpaceX is targeting Monday, March 31 at 9:46 p.m. ET for Falcon 9’s launch of Fram2 to a polar orbit from Launch Complex 39A at NASA’s Kennedy Space Center in Florida. There are three additional launch opportunities within the approximate 4.5-hour window: 11:20 p.m. ET followed by 12:53 a.m. and 2:26 a.m. on Tuesday, April 1. If needed, backup opportunities are available on Tuesday, April 1 starting at the same time.”

Breakthrough in Battery Technology Promises Safer, Longer-Lasting EVs. I-HLS.com article. Pull quote: “Not only does this method make the battery safer, but it also allows for higher charging voltages, boosting the overall energy density of the battery. This breakthrough could be a game-changer for electric vehicles, providing longer-lasting, safer batteries that can withstand higher voltages. Published in Science Advances, the research paves the way for the development of batteries that are both more efficient and safer for everyday use.”

Trump pushes aides to go bigger on tariffs as key deadline nears. WashingtonPost.com article. Pull quote: “In public and private, the president has said tariffs represent a win-win that will bring manufacturing jobs back to the United States and fill federal coffers with trillions of dollars in new revenue. He has also said he thinks he made a mistake in allowing advisers to talk him out of bigger tariffs during his first term, the people said, and that he thinks a single, simple duty on most imports could help prevent exemptions from weakening their impact. It’s unclear how seriously that proposal is being considered.”

Trump Turns Homelessness Response Away From Housing, Toward Forced Treatment. MedPageToday.com article. Pull quote: “But Trump wants to gut taxpayer-subsidized housing initiatives. He is pushing for a punitive approach that would impose fines and potentially jail time on homeless people. And he wants to mandate sobriety and mental health treatment as the primary homelessness intervention -- a stark reversal from Housing First.”

Months after first incursion, Ukrainian troops fighting in second Russian region. Reuters.com article. Pull quote: “The Ukrainian operation may be an attempt to distract Russian forces as they try to drive out the last Ukrainian forces from neighbouring Kursk. One of the Russian blogs, Rybar, said Russia had moved reinforcements to Belgorod from Goptarovka in the Kursk region.”

Chemical Incident Reporting – Week of 3-22-25

NOTE: See here for series background.

NARROWS, Va.– 3-20-25

Local News Report: Here, here, and here.

There was an acetic acid release at a chemical manufacturing facility. Six employees were injured, two are being treated with critical injuries at a local hospital. No off-site impacts have been reported.

CSB reportable.

American Fork, UT – 03-19-25

Local News Report: Here, here, and here.

There was a chemical explosion in a storage unit. Reportedly: “Hundreds of gallons of chemicals were being used to break down and extract precious metals.” Two people were injured, one transported to hospital for ‘severe burns’.

Probable CSB reportable. Okay, this was apparently an illegal operation and the ‘owners’ would not reasonably be expected to report the release.

Review – Public ICS Disclosures – Week of Week of 3-22-25

This week we have 31 vendor disclosures from ABB (2), Arteche, B&R Automation, Hitachi, Hitachi Energy (2), HPE (4), Philips, Splunk (12), VMware, WatchGuard (2), and Westermo (3). There are also two vendor updates from Hitachi Energy and HP.

Advisories

ABB Advisory #1 - ABB published an advisory that discusses 18 vulnerabilities in their Low Voltage DC Drives and Power Controllers.

ABB Advisory #2 - ABB published an advisory that discusses 15 vulnerabilities in their ACS880 +N8010 Drives. These are third-party (CODESYS) vulnerabilities.

Arteche Advisory - Incibe-CERT published an advisory that describes eight vulnerabilities in the Arteche saTECH BCU controller.

B&R Advisory - B&R published an advisory that describes 13 vulnerabilities in their APROL control system

Hitachi Advisory - Hitachi published an advisory that discusses 121 vulnerabilities in their Disk Array Systems. These are third-party (mostly Microsoft) vulnerabilities.

Hitachi Energy Advisory #1 - Hitachi Energy published an advisory that describes four vulnerabilities in their RTU500 series products.

Hitachi Energy Advisory #2 - Hitachi Energy published an advisory that describes three vulnerabilities in their TRMTracker product.

HPE Advisory #1 - HPE published an advisory that describes an exposure of sensitive information to an unauthorized actor vulnerability in multiple HPE products.

HPE Advisory #2 - HPE published an advisory that discusses nine vulnerabilities (one with publicly available exploit) in B-Series SANnav Management Portal.

HPE Advisory #3 - HPE published an advisory that discusses four vulnerabilities (three with publicly available exploits) in their Telco Service Orchestrator product.

HPE Advisory #4 - HPE published an advisory that discusses four vulnerabilities (one with publicly available exploit) in their Unified OSS Console (UOC) and HPE Unified OSS Assurance Monitoring (UOCAM) Software.

Philips Advisory - Philips published an advisory that discusses the IngressNightmare vulnerabilities.

Splunk Advisory #1 - Splunk published an advisory that discusses a server-side request forgery vulnerability (with publicly available exploit) in their Infrastructure Monitoring Add-on.

Splunk Advisory #2 - Splunk published an advisory that discusses two vulnerabilities in their Add-on for Microsoft Cloud Services.

Splunk Advisory #3 - Splunk published an advisory that describes an incorrect permission assignment for critical function vulnerability in their App for Lookup File Editing application.

Splunk Advisor #4 - Splunk published an advisory that discusses ‘multiple’ (not individually listed in the advisory) vulnerabilities in their App for Data Science and Deep Learning.

Splunk Advisory #5 - Splunk published an advisory that discusses ‘multiple’ (not individually listed in the advisory) vulnerabilities in their Enterprise product.

Splunk Advisory #6 - Splunk published an advisory that describes an improper access control vulnerability in their Secure Gateway App.

Splunk Advisory #7 - Splunk published an advisory that describes an improper input validation vulnerability in their Enterprise Dashboard Studio.

Splunk Advisory #8 - Splunk published an advisory that describes an exposure of sensitive information to an unauthorized actor vulnerability in their Enterprise product.

Splunk Advisory #9 - Splunk published an advisory that describes an exposure of sensitive information to an unauthorized actor vulnerability in their Enterprise product.

Splunk Advisory #10 - Splunk published an advisory that describes a cross-site request forgery in their Enterprise product.

Splunk Advisory #11 - Splunk published an advisory that describes an insertion of sensitive information into a log file vulnerability in their Secure Gateway App.

Splunk Advisor #12 - Splunk published an advisory that describes an improper access control vulnerability in their Enterprise product.

VMware Advisory - Broadcom published an advisory that describes an authentication bypass using an alternate path or channel vulnerability in the VMware Tools for Windows product.

WatchGuard Advisory #1 - WatchGuard published an advisory that describes an incorrect default permissions vulnerability in their Terminal Services Agent product.

WatchGuard Advisory #2 - WatchGuard published an advisory that describes an incorrect default permissions vulnerability in their Mobile VPN product.

Westermo Advisory #1 - Westermo published an advisory that discusses an improper argument handling vulnerability in their WeOS product.

Westermo Advisory #2 - Westermo published an advisory that describes a denial of service vulnerability in their WeOS product.

Westermo Advisory #3 - Westermo published an advisory that describes an insufficiently protected HTTP session token vulnerability in their WeOS product.

UPDATES

Hitachi Energy Update - Hitachi Energy published an update for their MicroSCADA Pro/X SYS600 advisory that was originally published on August 27^th, 2024, and most recently updated on October 29^th, 2024.

HP Update - HP published an update for their Poly Devices advisory that was originally published on February 4^th, 2025.

 

For more information on these disclosures, including links to 3^rd party advisories, researcher reports, and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-week-b06 - subscription required.

Short Takes – 3-28-25

Artemis 2.0: A model for really winning the new moon race. SpaceNews.com commentary. Pull quote: “This was the fundamental failure of Apollo. The U.S., facing off against the Soviet Union’s state-controlled space program, responded with a state-controlled space program of its own. We out-mobilized the Russians — but we couldn’t hold the ground we gained. Why? Because state-run programs in democracies only last as long as the political will to sustain them. When voter passion fades, so does the funding.”

U.S. sees large rise in border seizures of eggs, while fentanyl rate falls. NPR.org article. Pull quote: “Shortages and high prices are seen as motivating people's attempts to sneak eggs into the U.S. The CBP says its agents have carried out 5,572 egg product seizures so far this fiscal year, reflecting data as of March 1. The agency reported 15,955 seizures in fiscal year 2024 and 16,541 in fiscal year 2023 — sharp increases after 10,604 interceptions in 2022, the first year of the avian flu outbreak in the U.S.” No indication of the numbers of eggs involved.

Secure by Design: The Illusion That Ignores How OT Really Works. LinkedIn.com article. Pull quote: “The automation system is where OT security, process safety, and operational integrity converge. Addressing this intersection correctly necessitates more than a catchy phrase: it calls for carefully aligned engineering decisions, joint risk assessments, and ongoing lifecycle management. While “secure by design” can guide product improvements, it does not automatically secure an entire OT environment—especially in the brownfield reality most facilities face. Only a disciplined, inside-out approach that unifies security and safety objectives can deliver sustainable resilience in OT.”

Bird flu reinfections at US poultry farms highlight need for vaccines, experts say. TheGuardian.com article. Pull quote: “Egg prices are up because of shortages “and because companies are noticing a higher consumer willingness to pay when they see occasional interruptions”, Hayek said. “In order for prices to come down, we don’t just need to increase the supply, but the supply needs to get more reliable.””

Science silenced? Leaked EPA plan would dissolve its scientific research arm. ChemistryWorld.com article. Pull quote: “They [7 House Democrats] maintained that the executive branch demolishing ORD in this manner is illegal because it would necessitate a change to the statute that established the EPA, which requires congressional approval, and Anastas agrees. ‘I expect that there will be lawsuits challenging this,’ he states, pointing out that the scientific data supplied by ORD is used as the basis of state regulations.”

‘Star Wars’ holds clues to making speedier spacecraft in the real world. ScienceNews.org article. Pull quote: “For now, spacefarers aren’t looking to travel to another star system. But even travel within the solar system, say, to Mars, could use a boost. To safely bring people to and from the Red Planet, some researchers are looking to ion engines. These thrusters create force by shooting charged atoms from the back of a spacecraft. Star Wars’ TIE Fighters, like the one flown by Darth Vader, navigate through space battles with them.”

3D Printing: Saving Weight and Space at Launch. NASA.gov article. Pull quote: “Another approach is recycling plastic – for example, turning a used 3D-printed wrench into a spoon and creating items from the plastic bags and packing foam needed to send supplies to space. This technology could help reduce the amount of raw material at launch and cut down on the volume of waste that must be disposed of on long journeys. The Refabricator, a machine created by Tethers Unlimited Inc, tested this approach and successfully manufactured its first object. Some issues occurred in the bonding process, likely caused by microgravity, but assessment of the material could help determine whether there are limits to how many times plastic can be re-used. Ultimately, researchers plan to create a database of parts that can be manufactured using the space station’s capabilities.”

The CDC Buried a Measles Forecast That Stressed the Need for Vaccinations. ProPublica.org article. Pull quote: “Responding to questions about criticism of the decision among some CDC staff, Nixon wrote, “Some individuals at the CDC seem more interested in protecting their own status or agenda rather than aligning with this Administration and the true mission of public health.””

‘Disappointed but not surprised’: Measles cases explode in 19 states, new outbreak confirmed. TheHill.com article. Pull quote: ““Given the measles activity in Texas, New Mexico, and other states around the country, we’re disappointed but not surprised we now have several cases in Ohio and known exposure in some counties,” said Ohio Department of Health Director Dr. Bruce Vanderhoff. “This disease can be very serious, even deadly, but it is almost entirely avoidable by being properly vaccinated.””

Texas measles outbreak surges to at least 400 cases. TheHill.com article. Pull quote: “The outbreak has also been spreading beyond Texas. The New Mexico Department of Health reported 44 cases Friday, while Oklahoma reported seven confirmed and two suspected cases.”

EO 14246 - Addressing Risks From Jenner & Block. Federal Register.

EO 14247 - Modernizing Payments To and From America's Bank Account. Federal Register.

EO 14248 - Preserving and Protecting the Integrity of American Elections. Federal Register.

EO 14249 - Protecting America's Bank Account Against Fraud, Waste, and Abuse. Federal Register.

Review - HR 971 Introduced – RAIL Act

Last month Rep Sykes introduced HR 971, the Reducing Accidents In Locomotives (RAIL) Act. This is another in a series of legislative attempts to address the railroad hazardous material safety concerns that arose after the East Palestine derailment. Addresses a number of different issues and includes additional funding authorization for first responder hazmat training.

The bill is very similar to HR 1633 that was introduced by Rep Johnson (R,OH) in March of 2023, and cosponsored by Sykes. No action was taken on that bill in the 118^th Congress. Section 4 of this bill is an almost complete rewrite of the same section of the earlier bill and a new §9, Freight train crew size safety standards, has been added. The language in this added section is the same as proposed by Sykes in HR 9074, introduced in July 2024. No action was taken on that bill in the 118^th Congress.

The bill addresses the following topics:

• Regulatory response,

• Rail car inspections,

• Defect detectors,

• Increasing civil penalties,

• Safer tank cars,

• First responder hazmat training, and

• Freight train crew size.

Moving Forward

Sykes is a member of the House Transportation and Infrastructure Committee to which this bill was assigned for consideration. This means that there may be sufficient influence to see the bill considered in Committee. Unfortunately the Republican leadership is not going to be too interested in increasing regulatory controls in this session. I do not expect that the bill will be considered in Committee and likely would not be approved if it were.

 

For more details about the provisions of this bill, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/hr-971-introduced - subscription required.

Review – Bills Introduced – 3-27-25

Yesterday, with both the House and Senate preparing to leave Washington for a long weekend, there were 144 bills introduced. Three of those bills may receive additional coverage in this blog:

HR 2447 To increase cybersecurity education and job growth, and for other purposes. Lieu, Ted [Rep.-D-CA-36]

S 1180 A bill to abolish the Transportation Security Administration, and for other purposes. Lee, Mike [Sen.-R-UT]

S 1190 A bill to establish a Secretary of the Coast Guard, and for other purposes. Scott, Rick [Sen.-R-FL]

Space Geek Legislation

Under my space geek coverage, I would like to call attention to:

HR 2474 To require the Comptroller General of the United States to conduct a study on the capability of the Appalachian Regional Commission to include low-orbit satellites in broadband projects, and for other purposes. Taylor, David [Rep.-R-OH-2]

I will not be analyzing this bill in any depth (I am too far behind on my other legislative reviews), but I will be covering these Space Geek bills as they move along through their legislative journeys.

 

For more information on these bills, including legislative history for similar bills in the 118th, as well as a mention in passing of a software inventory bill, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/bills-introduced-3-27-25 - subscription required.

Transportation Chemical Incidents – Week of 2-22-25

Reporting Background

See this post for explanation, with the most recent update here (removed from paywall).

Data from PHMSA’s online database of transportation related chemical incidents that have been reported to the agency.

Incidents Summary

• Number of incidents – 491 (458 highway, 19 air, 14 rail, 0 water)

• Serious incidents – 7 (6 Bulk release, 0 evacuation, 1 injury, 0 death, 1 major artery closed, 0 fire/explosion, 25 no release)

• Largest container involved – 33,780-gal DOT 112J400W Railcar {Petroleum Gases, Liquefied or Liquefied Petroleum Gas} Loose sample line valve and loose sample line plug. No link to the incident report provided.

• Largest amount spilled – 5,400-gal Trailer {Sodium Hydroxide, Solution} Undeclared hazardous material. Sodium hydroxide added to wastewater in an aluminum tanker.

NOTE: Links above are to Form 5800.1 for the described incidents.

Most Interesting Chemical: Ammonium Nitrate, Liquid (Hot Concentrated Solution) - Ammonium nitrate liquid is the white crystals dissolved in water. Though the material itself is noncombustible it will accelerate the burning of combustible materials. Toxic oxides of nitrogen are produced in fires involving this material. It is used to make fertilizers and explosives. Capable of detonation or explosive decomposition or explosive reaction but requires a strong initiating source or must be heated under confinement before initiation. (Source: CameoChemicals.NOAA.gov).

 

Review - HR 2390 Introduced – Chinese Crane Replacement

Earlier this week, Rep Rouzer (R,NC) introduced HR 2390, the Maritime Supply Chain Security Act. The bill would allow the use of grant funds under Port infrastructure development program (46 USC 54301) to be used to replace upgrade or replace Chinese port cranes. No new funding is provided in this legislation.

Moving Forward

Rouzer is a member of the House Transportation and Infrastructure Committee to which this bill was assigned for consideration. This means that there may be sufficient influence to see the bill considered in Committee. I see nothing in the bill that would engender any significant opposition. In fact, keeping with the anti-Chinese sentiment of the current leadership, I would not be surprised to see this bill considered early in Committee or even possibly moved directly to the floor of the House under the suspension of the rules process.

Commentary

The cost of replacing Chinese made cranes in US ports would be very high and would be a long lead time proposition, probably relying on South Korean or Japanese technology. While replacing the software would seem to take fewer resources and would seem to remove the threat of Chinese lockouts or information theft (though that seems like a relatively minor issue to me), that process would be fraught with problems. If Chinese programmers have followed the lead of their western counterparts, trying to replace the software would likely brick large portions of the control equipment, making the cranes essentially industrial sculptures, testimony to the post-industrial decline of the United States.

 

For more information on the provisions of this bill, including an expanded commentary, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/hr-2390-introduced - subscription required.

Short Takes – 3-27-25

Some measles patients in West Texas show signs of vitamin A toxicity, doctors say, raising concerns about misinformation. CNN.com article. Pull quote: “The Council for Responsible Nutrition, a trade association for dietary supplement and functional food manufacturers, issued a statement Wednesday warning parents against using high doses of vitamin A to try to keep their children from getting measles.” When a manufacturer’s group warns against overusing one of their supported products, people should listen.

A tardigrade protein helped reduce radiation damage in mice. ScienceNews.org article. Pull quote: “The duo and their colleagues used lipid nanoparticles — tiny particles composed of fat molecules that can carry chemicals — to deliver messenger RNA, or mRNA, with instructions for creating the Dsup protein directly into mouse cheek and rectum cells. Byrne and his colleagues discovered that when exposed to radiation, the DNA of mice producing Dsup proteins showed fewer signs of radiation-induced damage compared to the DNA of mice that couldn’t make Dsup.”

Cygnus mission to ISS scrapped after finding spacecraft damage. SpaceNews.com article. Pull quote: “NASA warned three weeks earlier of the potential for damage to the spacecraft after Northrop reported its module’s shipping contained was damaged in what the company called a “commercial shipping accident” during transit to the launch site. The agency said then it would adjust the cargo manifest for the next Dragon mission to the station, SpX-32, replacing some science investigations with crew supplies and station hardware in the event NG-22 was delayed.”

Bad mistake: Tulsi Gabbard just threw Iran a nuclear lifeline. TheHill.com commentary. Pull quote: Team Trump must reverse course. As we have warned before, we are past midnight in the Gardens of Armageddon and Israel will not wait forever before it acts to mitigate or destroy Khamenei’s nuclear weapons program.

NASA Planning Another Test Flight by Boeing's Starliner. Futurism.com article. Pull quote: “"What we’d like to do is that one flight and then get into a crew rotation flight," he [Steve Stich] said. "So, the next flight up would really test all the changes we’re making to the vehicle, and then the next fight beyond that, we really need to get Boeing into a crew rotation. So, that’s the strategy."”

The EPA wants to roll back a rule that’s essential for protecting you from chemical disasters. Grist.org article. Pull quote: “Refineries that use HF are regulated under the EPA’s Risk Management Program, or RMP, a regulation designed to improve chemical accident prevention at large petrochemical facilities — but for reasons that have little to do with knowhow and capacity, RMP regulations have been glaringly ineffective. Indeed, few regulations have been subject to the yo-yo of successive presidential administrations, and their political whims, like the RMP.”

Give me a break: TSA Minnesota stops passenger from bringing brake fluid on plane. TSA.gov blog post. Pull quote: “After Nidzgorski determined the substance was brake fluid, Supervisory Officer Nicole Wolfe, Manager Susanna Kleifgen and Supervisory Manager Shannon Takao made the appropriate notifications, putting the brakes on the passenger’s ill-advised plans to bring the potentially dangerous fluid past the checkpoint.”  NOTE: Brake fluid is a precursor chemical for an incendiary reaction.

The Leaked Signal Chat, Annotated. NYTimes.com article (free). Annotation by NYT correspondents providing background information. Pull quote: “President Trump has downplayed the inadvertent inclusion in the group of Jeffrey Goldberg, the editor in chief of The Atlantic, claiming that officials did not share classified information. The new revelations Wednesday, however, led to mounting calls by Democrats for Mr. Hegseth to step down, saying he behaved recklessly and could have endangered American troops.”

Curiosity Mars rover discovers largest organic molecules ever seen on Red Planet. Space.com article. Pull quote: “So Freissinet and Glavin modified the SAM procedure to search for larger organic molecules. In particular they and their team were looking for amino acids. They didn't find any, but they did find alkanes larger than any found on Mars thus far. These include decane (10 carbon atoms and 22 hydrogen atoms), undecane (11 carbon atoms and 24 hydrogen atoms) and dodecane (12 carbon atoms and 26 hydrogen atoms). Although dodecane is the largest alkane ever found on Mars, it is still dwarfed in comparison to the largest alkanes on Earth, which can feature over 150 carbon atoms.”

As many as 6 hurricanes forecast to strike US this season. TheHill.com article. Pull quote: ““Everyone needs to start planning and preparing for hurricane season. Climatology, weather patterns, water temperatures, and many other factors all point to yet another active Atlantic hurricane season with more tropical storms and hurricanes forming, compared to the historical average,” AccuWeather chief meteorologist Jonathan Porter said in a statement.”

EO 14245 - Imposing Tariffs on Countries Importing Venezuelan Oil. Federal Register.

Review – 1 Update Published – 3-27-25

Today CISA Published an update for a control system security advisory for products from Schneider Electric.

Updates  

Schneider Update - This update provides additional information on the EcoStruxure Power Monitoring Expert advisory that was originally published on February 6^th, 2025.

 

For more information on this update, including a DTRH look at mitigation measures, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/1-update-published-3-27-25 - subscription required.

Review - Bills Introduced – 3-26-25

Yesterday, with both the House and Senate in session, there were 86 bills introduced. One of those bills may receive additional attention here:

HR 2390 Maritime Supply Chain Security Act Rouzer, David [Rep.-R-NC-7]

 

For more information on these bills, including legislative history for similar bills in the 118^th and a mention in passing on a resolution of inquiry about the recent Signal chat controversy, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/bills-introduced-3-26-25 - subscription required.

Short Takes – 3-26-25

Should we be concerned about the loss of weather balloons? ArsTechnica.com article. Consequences of NWS cuts. Pull quote: “I don’t want to overstate things. Weather forecasts aren’t going to dramatically degrade day to day because we’ve reduced some balloon launches across the country. They will degrade, but the general public probably won’t notice much difference 90 percent of the time. But that 10 percent of the time? It’s not that the differences will be gigantic. But the impact of those differences could very well be gigantic, put more people in harm’s way, and increase the risk profile for an awful lot of people. That’s what this does: It increases the risk profile, it will lead to reduced weather forecast skill scores, and it may lead to an event that surprises a portion of the population that isn’t used to be surprised in the 2020s. To me, that makes the value of weather balloons very, very significant, and I find these cuts to be extremely troubling.”

If "masks work", why don't they work? New research suggests the reason. EmilyBurns.Substack.com article. A readable discussion about mask efficiency studies. Pull quote: “However, protection depends on compliance. When considering the impact of "breaks,” a randomized controlled trial from 2013, found that N95’s did reduce the risk of disease, but only if worn continuously, without breaks— the protection effects disappear once breaks are introduced. This squares well with the data above, which would suggest that “mask breaks” of any kind are akin to punching a giant hole in the bottom of your boat.” In short: I am protected if I wear a mask, but not nearly so much if you wear a mask.

Gravitics wins SpaceWERX award for tactically responsive space system. SpaceNews.com article. Pull quote: ““The Orbital Carrier is a game-changer, acting as a pre-positioned launch pad in space,” said Colin Doughan, chief executive of Gravitics, in a statement. “It bypasses traditional launch constraints, enabling space vehicle operators to rapidly select a deployment orbit on-demand.””

Top Republicans Rebuff Trump’s Demand to Impeach Judges. WSJ.com article. Pull quote: “Issa said he believes his bill has enough support to pass. But nationwide injunctions can stymie administrations of either party, and some Republicans don’t want to give up a tool that might help restrain a future Democratic president.”

The Atlantic releases the entire Signal chat showing Hegseth’s detailed attack plans against Houthis. APNews.com article. Pull quote: “Hegseth has refused to say whether he posted classified information onto Signal. He is traveling in the Indo-Pacific and to date has only scoffed at questions, saying he did not reveal “war plans.” Director of National Intelligence Tulsi Gabbard and CIA Director John Ratcliffe told members of the Senate Intelligence Committee on Tuesday that it was up to Hegseth to determine whether the information he was posting was classified or not.” Article about Atlantic Article which is paywalled.

Moog Ships Meteor Satellite Buses for National Security Space Mission. SpaceNews.com published press release. Pull quote: ““The shipment of our Meteor satellite buses is a culmination of decades of experience in advanced systems and component heritage, investment in innovative solutions, and our unwavering commitment to protecting the warfighter,” said Mark Covelli, Senior Vice President of Space. “We are continuing internal research and development programs to enhance the capabilities of our buses, including software development, radiation shielding, edge computing, and longer life in all orbits.””

Trump administration revokes state and local health funding. TheHill.com article. Pull quote: ““While [these grants] can support keeping people from getting sick or dying with COVID-19, they also prevent them from getting sick or dying from other diseases as well. So it has a ripple effect across public health practice,” said Adriane Casalotti, Chief of Government and Public Affairs at the National Association of County & City Health Officials.”

‘Like a forest fire’: Where large measles outbreaks will occur, according to an epidemiologist. TheHill.com article. Pull quote: “Three areas of the U.S. (so far) are experiencing what the CDC characterizes as a measles outbreak, which are three or more cases related to each other. The largest is in West Texas, followed by New Mexico and Kansas.”

EO 14244 - Addressing Remedial Action by Paul Weiss. Federal Register.

DOT Sends Administrative Rulemaking Update to OMB

Yesterday the OMB’s Office of Information and Regulatory Affairs (OIRA) announced that it had received a notice of proposed rulemaking from DOT on “Administrative Rulemaking, Guidance, and Enforcement Procedures”. This rulemaking was not published in the Fall 2024 Unified Agenda, but it would presumably be an update to a final rule of the same title published on April 2^nd, 2021.

Earlier this month, Secretary Duffy issued DOT Order 2100.6B on “Rulemaking and Guidance Procedures.” That order superseded DOT Order 2100.6A that was published in June 2021.

Review - Bills Introduced – 3-25-25

Yesterday, with both the House and Senate in session, there were 83 bills introduced. Two of those bills may receive additional coverage in this blog:

HR 2344 A bill to establish a program to increase drinking water and wastewater system threat preparedness and resilience, and for other purposes. Schakowsky, Janice D. [Rep.-D-IL-9]

S 1118 A bill to establish a program to increase drinking water and wastewater system threat preparedness and resilience, and for other purposes. Markey, Edward J. [Sen.-D-MA] 

Space Geek Bills

I said when the 119^th Congress started that I was going to try to provide coverage of space related legislation. Because of the prolific bill writing in this session I have fallen behind even the GPO in coverage of any legislation, so I will only be listing space related bills as they are being introduced and perhaps noting when action has been taken on such bills. One such bill was introduced yesterday:

HR 2313 To require the Administrator of the National Aeronautics and Space Administration to develop celestial time standardization to support future operations and infrastructure on and around the Moon and other celestial bodies other than Earth, and for other purposes. McClellan, Jennifer L. [Rep.-D-VA-4]

For more information on these bills, including legislative history for similar bills in the 118th, as well as an AI utilization bill mentioned in passing, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/bills-introduced-3-25-25 - subscription required.

Short Takes – 3-25-25

Pentagon ‘still mystified’ as drone drama deepens. TheHill.com article. Pull quote: “Such conspicuous tactics [flashing lights over secure facility] are the opposite of basic intelligence collection tradecraft, which calls for stealth. Once exposed, any foreign surveillance operation is not only at risk of compromise, but of sparking a major geopolitical crisis.” No little green aliens, but these reports sound interesting.

As top Trump aides sent texts on Signal, flight data show a member of the group chat was in Russia. CBSNews.com article. Pull quote: “The Signal app offers end-to-end encryption, meaning messages sent on the platform cannot be read by anyone but the senders and receivers. That encryption is not impenetrable, however, and the Google Threat Intelligence Group warned just last month of "increasing efforts from several Russia state-aligned threat actors to compromise Signal Messenger accounts used by individuals of interest to Russia's intelligence services."”

Concept study of solar sail orbital mission to Mercury: Mercury Scout. HOU.USRA.edu journal article. Pull quote: “A concept study was conducted at the Advanced Concepts Office (ACO) of Marshall Space Flight Center (MSFC) of a Discovery-level orbital mission to Mercury using only a solar sail as propulsion.”

Pollutant-eating sewage bacteria offer hope for environmental cleanup. CEN.ACS.org article. Pull quote: ““Remarkably, 63 of 84 sludge microbiota samples from WWTPs [wastewater treatment plants] completely detoxified tetrachloroethene (PCE) to ethene,” stated the authors in the paper. “These findings have significant environmental implications, particularly for the bioremediation of groundwater contaminated with chlorinated solvents.”” May be more useful at chemical facility treatment plants where contaminant streams are more consistent.

Agency Information Collection Activities: Requests for Comments; Clearance of a Renewed Approval of Information Collection: Financial Responsibility for Licensed Launch Activities. Federal Register FAA 60-day ICR notice. Summary: “In accordance with the Paperwork Reduction Act of 1995, FAA invites public comments about our intention to request the Office of Management and Budget (OMB) approval to renew an information collection. The information to be collected will be used to determine if licensees have complied with financial responsibility requirements for maximum probable loss determination (MPL) analysis as set forth in FAA regulations. The FAA is responsible for determining MPL required to cover claims by a third party for bodily injury or property damage, and the United States, its agencies, and its contractors and subcontractors for covered property damage or loss, resulting from a Commercial space transportation permitted or licensed activity. The MPL determination forms the basis for financial responsibility requirements issued in a license or permit order.” No change in burden estimate. Comments due: May 27^th, 2025.

EO 14240 - Eliminating Waste and Saving Taxpayer Dollars by Consolidating Procurement. Federal Register.

PHMSA Publishes PSMS Advisory Bulletin

Today the DOT’s Pipeline and Hazardous Materials Safety Administration (PHMSA) published a notice of issuance of an advisory bulletin on “Pipeline Safety: Pipeline Safety Management System” in the Federal Register (90 FR 13658-13661). That advisory bulletin (ADB-2025-01). The bulletin is intended to promote and to encourage regulated pipeline owners and operators to develop and implement a pipeline safety management system (PSMS) based on a framework such as the one detailed in the American Petroleum Institute's (API) Recommended Practice (RP) 1173: “Pipeline Safety Management Systems (API RP 1173).” NOTE: API sells copies of RP 1173 for $107.00, either as a secure .pdf file or as a printed edition.

The bulletin notes that:

“PHMSA encourages the voluntary adoption of PSMS based on a framework such as the one detailed in API RP 1173, as PHMSA believes developing and implementing PSMS would be an effective way to enhance pipeline safety systematically. PHMSA shares NTSB's view that a voluntarily adopted PSMS program can ensure pipelines are designed, constructed, operated, and maintained in a way that complies with more than just the minimum safety standards found in regulations.”

Review – 4 Advisories Published – 3-25-25

Today CISA’s NCCIC-ICS published four control system security advisories for products from Inaba Denki Sangyo, Rockwell Automation, and ABB.

Advisories

IDS Advisory - This advisory describes four vulnerabilities in the Inaba Denki Sangyo Co CHOCO TEI WATCHER mini camera.

Rockwell Advisory #1 - This advisory discusses an injection vulnerability in the Rockwell 440G TLS-Z safety guard locking switches.

Rockwell Advisory #2 - This advisory describes an improper validation of specified type of input vulnerability in the Rockwell Verve Asset Manager.

ABB Advisory - This advisory discusses a prototype pollution vulnerability (with publicly available exploit) in the Rockwell RMC-100 with REST interface.

 

For more information on these advisories, including links to 3^rd party vulnerabilities, researcher reports, and exploits see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/4-advisories-published-3-25-25 - subscription required.

CSB Issues 20th Anniversary Report on BP Texas City Refinery Disaster

Yesterday the Chemical Safety Board (CSB) announced the publication of an ‘investigation digest’ for the 20^th anniversary of the explosions and fires at the BP Texas City Refinery on March 23^rd, 2005. The incident resulted in 15 deaths and 180 personnel injured. The new document (and CSB has listed extensive documentation on it’s website for this incident) summarizes the recommendations made by the CSB as a result of its investigation of the BP Texas City disaster and discusses some of the steps that have been taken by BP and the industry. It specifically takes OSHA to task for its failure to adequately respond to the one remaining open recommendation (of 26 recommendations issued) on revising its Process Safety Management (PSM) regulation to require that a management of change (MOC) review be conducted for organizational changes that may impact process safety.

This report would have been more effective, and certainly more complete, if it had included a response from OSHA on why that agency has not adequately addressed the issues listed in 2005-04-I-TX-R9. In the July 25^th, 2013 (latest) status update for that recommendation, the Board reported that:

“OSHA stated that the PSM standard already requires employers to develop and implement MOC reviews to determine the adequacy of all contemplated changes with respect to their safety and health impacts as they relate to process chemicals, technology, equipment, procedures, and facilities, including the types of changes described in the CSB recommendation. OSHA committed to providing compliance officers with guidance on the application of 29 CFR 1910.119 (I) to organizational changes in the form of a memorandum to Regional Administrators.”

Perhaps it is time that the CSB acknowledged that it and OSHA have two different outlooks on this issue and change the status of this recommendation to “Closed – Unacceptable action”.

Short Takes – 3-24-25

Fram2 Selects 22 Science and Research Experiments to Further LongDuration Space Exploration. F2.com press release. Pull quote: “Fram2 is the first polar-orbit human spaceflight mission designed to fly over the Earth’s polar regions. It is named after the Fram ship, which was built in the 1800s and helped explorers first reach the Earth’s polar regions. Fram is Norwegian for “Forward” and was the name of the legendary ship designed to function in the icy polar waters used by some of the first crews to explore the Arctic in the late 1800s. The Fram2 crew consists of Mission Commander Chun Wang, Vehicle Commander Jannicke Mikkelsen, Mission Pilot Rabea Rogge, and Mission Specialist and Medical Officer Eric Philips. Each crewmember has significant experience exploring and capturing the polar regions and brings a unique expertise and perspective to support Fram2.”

Xofluza better for treating bird flu than Tamiflu, in mice. CEN.ACS.org article. Pull quote: “Mehle also notes that the US government funded the initial research behind Xofluza’s target in the 1970s and ’80s. “The ability of Xofluza to inhibit a brand-new virus strain that threatens the human population is the perfect example of how fundamental research programs have boosted our pandemic preparedness,” he says.”

Concerns about espionage rise as Trump and Musk fire thousands of federal workers. APNews.com article. Pull quote: “One particularly novel concern involves the fear that a foreign agent could set up a fake job interview and hire former federal officials as “consultants” to a fake company. The former federal workers would be paid for their expertise without even knowing they were supplying information to an enemy. Russia has paid unwitting Americans to do its business before.”

Europe’s War in Ukraine. ForeignAffairs.com article. Pull quote: “The fundamental question underpinning Europe’s ability to shoulder the burden of its security—beyond the extent to which this effort is actively obstructed by U.S. policy—is will. As already mentioned, funding existing European commitments to NATO would have brought spending above three percent of GDP for most members. Achieving a rapid expansion of defense industrial capability to sustain Ukraine in addition to regenerating military forces would see the cost grow even higher. So far, European states have been reluctant to commit resources.”

Shenzhou-19 astronauts complete third spacewalk, install final debris shielding on Tiangong. Spacenews.com article. Pull quote: “Cai and Song installed space debris protective shielding to the outside of the Wentian module, completing the deployment of shielding carried out across a series of missions and EVAs. The pair also installed extravehicular auxiliary facilities and conducted inspection of extravehicular equipment and systems. The latter task included Cai riding Tiangong’s robotic arm to the specific points on the space station’s exterior, conducting photographic inspections.”

Meeting of the Advisory Committee on Immunization Practices. Federal Register FDA meeting notice. Summary: “In accordance with the Federal Advisory Committee Act, the Centers for Disease Control and Prevention (CDC) announces the following meeting of the Advisory Committee on Immunization Practices (ACIP). This meeting is open to the public. Time will be available for public comment.” Meeting date: April 15^th, 2025.

Firefly Aerospace Selects Blue Origin’s Honeybee Robotics to Provide Rover for Lunar Mission to Gruithuisen Domes. FireFlySpace.com press release. Pull quote: “As part of Firefly’s third mission to the Moon, Honeybee’s rover will help investigate the subsurface composition of the Gruithuisen Gamma Dome carrying elements of NASA’s Lunar Vulkan Imaging and Spectroscopy Explorer (Lunar-VISE) suite. Lunar-VISE has multiple instruments, including two cameras attached to Firefly’s Blue Ghost lander that will characterize the landing site and rover traverse as well as an infrared multi-spectral camera system and a spectrometer attached to Honeybee’s rover that will measure gamma ray and neutron emissions.”

Review – Committee Hearings – Week of 3-23-25

With both the House and Senate back in Washington after working from home for a week, there is a moderately busy hearing schedule in both bodies, only a couple are of interest here. A grid reliability hearing and an NTSB oversight hearing will occur in the House this week.

Grid Reliability

On Tuesday, the Subcommittee on Energy of the House Committee on Energy and Commerce will hold a hearing on “Keeping the Lights On: Examining the State of Regional Grid Reliability”.

Oversight Hearings

On Wednesday, the Subcommittee on Transportation, and Housing and Urban Development, and Related Agencies of the House Appropriations Committee will hold an oversight hearing on the National Transportation Safety Board.

 

For more information on these hearings, including a brief mention of two closed hearings, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/committee-hearings-week-of-3-23-25 - subscription required.

OPM Sends Suitability and Fitness NPRM to OMB

On Friday the OMB’s Office of Information and Regulatory Affairs (OIRA) announced that it had received a notice of proposed rulemaking (NPRM) from the Office of Personnel Management (OPM) on “Suitability and Fitness “. There was no listing for this rulemaking in the Fall 2024 Unified Agenda, but it appears that this rulemaking is in support of a March 20, 2025 presidential memorandum on “Strengthening the Suitability and Fitness of the Federal Workforce”.

That memorandum provides that:

“The Director of the Office of Personnel Management (OPM) is delegated the authority to make final suitability determinations and take suitability actions regarding employees in the executive branch based on post-appointment conduct, consistent with applicable law.  In this context, a suitability action can include a directive by OPM to the head of an executive department or agency (agency) to remove an employee who does not meet the suitability criteria defined in OPM’s regulations.”

The speed with which OPM was able to submit this rulemaking to OIRA suggests that the action was well coordinated in advance of the memorandum’s publication. I suspect that we will see similar speed with OIRA’s approval and subsequent publication in the Federal Register of this rulemaking.

Review - HR 912 Introduced – 988-Line Cybersecurity

Last month, Rep Obernolte (R,CA) introduced HR 912, the 9–8–8 Lifeline Cybersecurity Responsibility Act. This bill would establish broadly written cybersecurity requirements for the National Suicide Prevention Lifeline Program. No new funding is provided in the legislation.

This bill is very similar to HR 498 that was introduced by Obernolte in January of 2023. The bill was considered by the full House under the suspension of the rules process on March 5^th, 2024 and passed by a voice vote. No action was taken on the measure in the Senate. A similar bill, S 1493, was introduced in the Senate by Sen Senima (I,AZ), but no action was taken.

Moving Forward

Obernolte and his sole cosponsor, Rep Dingle (D,MI), are members of the House Energy and Commerce Committee to  which this bill is assigned for consideration. This means that there should be sufficient influence to see the bill considered in Committee. There has been increased concern in Congress about the increasing number of cybersecurity reporting requirements to which organizations are becoming subject. It is not clear at this point whether that concern would have an impact on this bill. That is because the bill makes clear that these requirements are being imposed because the program’s network administrator are receiving Federal funding, so it becomes an accountability issue rather than just a cybersecurity reporting issue.

Commentary

When HR 498 was introduced in 2023, I commented that:

“This is not a bill that I will be following here, it is a government system IT security bill with no specific impact on control system security. Having said that, if Congress has to go through the process of introducing legislation for each relatively minor federal program to ensure that each program has adequate cybersecurity provisions in place, we are going to see an exhaustive number of this type of legislation.”

In many ways that comment still holds true, but the point that the crafters of this bill makes about federal funding being a legitimate basis for federal oversight is too important to overlook. This is especially true when federal spending on independent programs is being so thoroughly being called into question by the Trump Administration. Not only does the federal government have a right to conduct oversight when they are paying substantial portions of the bills, but they also have an obligation to ensure that those monies are spent wisely.

 

For more information about the provisions of this bill, including an expanded commentary, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/hr-912-introduced - subscription required.

Short Takes – 3-22-25

Can NASA remain nonpartisan when basic spaceflight truths are shredded? ArsTechnica.com commentary. Pull quote: “Let's also be clear that Musk and SpaceX are currently flying the only spacecraft in the Western world that is capable of reliably flying humans into orbit. Without Dragon, NASA would have been beholden to Russia for the last five years for human spaceflight. And when Boeing's Starliner had issues nine months ago en route to the International Space Station, NASA was fortunate to have the reliable Dragon program to turn to.”

Nuclear fusion fuel without toxic mercury. CEN.ACS.org article. Pull quote: “Amy Prieto, a chemist at Colorado State University, calls the work “incredibly creative and elegant. This could enable a lower-cost, scalable method to achieve efficient [Li-6] separation without the use of mercury.” Electrochemical processes are known to be scalable, so provided that ζ-V2O5 can be made on a large scale, this approach would be very practical for separating Li-6, she says.”

The Bird Flu Virus Is Mutating Fast – And Scientists Say Our Vaccines May Not Be Enough. SciTechDaily.com article.  Pull quote: “Crucially, Ford explains, this rapid adaptation means that “if one makes an H5N1 vaccine with a previous vaccine candidate virus, the vaccine will have less efficacy, based on our measurements of how much the virus has evolved in recent years” As such, the team’s research approach provides guidance for keeping pace with a rapidly adapting viral threat.

Two astronauts stuck in space for 9 months have returned to Earth.  Pull quote: “Williams and Wilmore will now undergo a series of intense medical tests from NASA called Spaceflight Standard Measures. The agency will extensively examine the astronauts’ cognitive abilities, blood, urine, microbiomes, cardiovascular systems and more, many of which were also assessed preflight and in-flight.”

Review - HR 1034 Introduced - DHS Cybersecurity OJT

Earlier this month the late Rep Sylvester (D,TX) introduced HR 1034, the DHS Cybersecurity On-the-Job Training Program Act. The bill would establish in CISA “the ‘DHS Cybersecurity On-the-Job Training Program’ to voluntarily train Department employees who are not currently in a cybersecurity position for work in matters relating to cybersecurity at the Department.” No funding would be authorized by this legislation.

This bill is very similar to HR 3208 that was introduced by the late Rep Jackson-Lee (D,TX) in May of 2023. HR 3208 was passed in the House by a somewhat bipartisan vote of 377 to 43 on September 23rd, 2024. The Senate Homeland Security and Governmental Affairs Committee held a hearing on the bill on November 20th, 2024, and ordered the bill reported favorably. None of the numerous changes made from the version of the bill passed in the House last session would have a substantive effect on the proposed program.

Moving Forward

The single cosponsor of this bill, Rep Luttrell (R,TX), is a member of the House Homeland Security Committee to which this bill was assigned for consideration. This means that there may be sufficient influence to see the bill considered in Committee. While the composition of the House has not changed significantly from the 118^th Congress, the political dynamic has shifted, so passage of this bill in the House this term is not necessarily assured.

 

For more information on the provisions of this bill, including an expanded discussion about the influences that may make its passage more difficult, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/hr-1034-introduced - subscription required.

Chemical Incident Reporting – Week of 3-15-25

NOTE: See here for series background.

Yonkers, NY – 3-14-25

Local News Report: Here, here, and here.

There was chemical reaction in a NY City Department of Environmental Protection truck which caused a small spill. No injuries were reported nor was any damage.

Not CSB reportable.

McAllen, TX  – 3-17-25

Local News Report: Here, here, and here.

There was an anhydrous ammonia leak from a cold storage facility. An adjacent facility was evacuated. One person was transported to a local hospital for treatment. No damages were reported.

 

Probable CSB reportable, the description sound like the person was admitted to the hospital.

Review – Public ICS Disclosures – Week of 3-15-25

This week we have 24 vendor disclosures from CODESYS (3), Dassault Systèmes (13), Fuji Soft, Helmholtz, HPE (2), MB Connect, Phillips (2), and QNAP. There are also six vendor updates from Dell, FortiGuard (3), HP, and HPE. Finally, there are three researcher reports for vulnerabilities in products from Luxion and National Instruments (2).

Advisories

CODESYS Advisory #1 - CODESYS published an advisory that describes an observable discrepancy vulnerability in their  CODESYS Runtime Toolkit.

CODESYS Advisory #2 - CODESYS published an advisory that describes a path traversal vulnerability in multiple CODESYS products.

CODESYS Advisory #3 - CODESYS published an advisory that describes an insecure initialization of resource vulnerability in Edge Gateway for Windows and Gateway for Windows products.

Dassault Advisories - Dassault Systèmes published 13 advisories stored cross-site scripting vulnerabilities in multiple products. These advisories are only available to registered customers.

Fuji Soft Advisory - JP-CERT published an advisory that describes two command OS injection vulnerabilities in the Fuji F FS010M router.

Helmholtz Advisory - CERT-VDE published an advisory that describes two vulnerabilities in the Helmholtz  myREX24 and myREX24.virtual products.

HPE Advisory #1 - HPE published an advisory that describes three vulnerabilities in the HPE Aruba Networking AOS-CX product.

HPE Advisory #2 - HPE published an advisory that discusses six vulnerabilities (two with publicly available exploits) in their Telco Service Activator.

MB Connect Advisory - CERT-VDE published an advisory that describes two vulnerabilities in multiple MB Connect products.

Philips Advisory #1 - Philips published an advisory that discusses an Apache Tomcat vulnerability.

Philips Advisory #2 - Philips published an advisory that discusses three VMware vulnerabilities.

QNAP Advisory - QNAP published an advisory that discusses an absolute path traversal vulnerability (listed in CISA’s KEV catalog) in the NAKIVO Backup & Replication application.

Updates

Dell Update - Dell published an update for their ThinOS advisory that was originally published on March 4^th, 2025.

FortiGuard Update #1 - FortiGuard published an update for their csfd daemon advisory that was originally published on January 14^th, 2025, and most recently updated on January 16^th, 2025.

FortiGuard Update #2 - FortiGuard published an update for their RADIUS Protocol advisory that was originally published on August 13^th, 2024, and most recently updated on March 6^th, 2025.

FortiGuard Update #3 - FortiGuard published an update for their permission escalation advisory that was originally published on February 11^th, 2025.

HP Update - HP published an update for their LaserJet Pro advisory that was originally published on February 14^th, 2025, and most recently updated on March 14^th, 2025.

HPE Update - HPE published an update for their Cray XD670 Server advisory that was originally published on March 11^th, 2025.

Researcher Reports

Luxion Reports - ZDI published three reports about vulnerabilities in the Luxion KeyShot product.

National Instruments Report #1 - ZDI published a report that describes a path traversal vulnerability in the NI FlexLogger.

National Instruments Report #2 - ZDI published a report that describes a product UI does not warn user of unsafe actions vulnerability in the NI Vision Builder AI.

 

For more information on these disclosures, including links to 3^rd party advisories, researcher reports, and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-3-daf - subscription required.