Thursday, April 3, 2025

Short Takes – 4-3-25 – Space Geek Edition

Remember that asteroid everyone was worried about 2 months ago? The JWST just got a clear view of it. Space.com article. Pull quote: “The JWST also helped scientists study how quickly the space rock heats up and cools down. According to Rivkin, these thermal properties in 2024 YR4 are "not like what we see in larger asteroids," likely due to the fact that it spins very quickly and that its surface is "dominated by rocks that are maybe fist-sized or larger," rather than fine grains of sand.”

Secretive Russian military satellites release mystery object into orbit. Space.com article. Pull quote: “The released object could be used for a number of objectives, including military experiments, such as satellite inspection or target practice, testing technology for docking or formation flying. It may also be a scientific payload or even the result of an unintentional fragmentation, though this would usually result in numerous pieces of debris.”

Floating blue-eyed robot keeps watch on the ISS: Space photo of the day. Space.com article. Pull quote: “The Int-Ball2 is remotely operated by controllers with the Japan Aerospace Exploration Agency (JAXA) on Earth, but is also equipped with an Epson-designed inertial measurement unit (IMU) that when used in collaboration with a visual location and mapping system, enables the ball to maintain its orientation and navigate through the space station.”

Watch chilling 1st views of Earth's poles seen by SpaceX Fram2 astronauts (video). Space.com article. Pull quote: “The Fram2 is hoping their mission will live up to its predecessor and namesake through nearly two dozen science experiments planned for their time on orbit. One of these includes the first attempt to grow mushrooms in space. The crew also plans to take the first on-orbit X-rays of the human body.” Includes videos from Fram2.

SpaceX Hits New Milestone with Fram2, the First-Ever Crewed Polar Mission. ScientificAmerican.com article. Pull quote: “None of this means that sending humans into that orbit isn’t a legitimately impressive feat. It is—all the more so because SpaceX’s Falcon 9 rocket not only safely delivered the Crew Dragon to polar orbit; it also had enough leftover fuel to still perform a pinpoint soft landing on an awaiting barge in the Atlantic Ocean. But Fram2’s “polarity” overshadows the more mundane but no less astonishing “new normal,” in which private human spaceflight has rapidly shifted from the stuff of science fiction to a decidedly unexceptional reality.”

Starliner’s flight to the space station was far wilder than most of us thought. ArsTechnica.com article. Pull quote: “"That was not easy to do. I have lived rendezvous orbital dynamics going back decades. [Wilmore is one of only two active NASA astronauts who has experience piloting the space shuttle.] Ray Bigonesse is our rendezvous officer. What a motivated individual. Primarily him, but me as well, we worked to develop this manual rendezvous capability over the years. He's a volunteer fireman, and he said, 'Hey, I'm coming off shift at 5:30 Saturday morning; will you meet me in the sim?' So we'd meet on Saturdays. We never got to the point of saying lose four thrusters. Who would've thought that, in the same direction? But we're in there training, doing things, playing around. That was the preparation."”

Corps of Engineers Sends NWP NPRM to OMB

Yesterday the OMB’s Office of Information and Regulatory Affairs (OIRA) announced that it had received a notice of proposed rulemaking (NPRM) from the DOD’s Corps of Engineers on “Reissuance and Modification of Nationwide Permits”.

According to the Fall 2024 Unified Agenda entry for this rulemaking:

“The U.S. Army Corps of Engineers (Corps) issues nationwide permits (NWPs) under section 404 of the Clean Water Act and section 10 of the Rivers and Harbors Act of 1899.  The NWPs authorize specific categories of activities in jurisdictional waters and wetlands that have no more than minimal individual and cumulative adverse environmental effects. The NWPs may be issued for a period of no more than five years per statute, and the Corps has the authority to modify or revoke the NWPs before they expire. In January 2021, the Corps reissued or modified 12 existing NWPs and issued four new NWPs along with NWP general conditions and definitions (RIN 0710-AA84) which are set to expire in March 2026.  In December 2021, the Corps reissued or modified 40 existing NWPs and issued one new NWP (RIN 0710-AB29) which are also set to expire in March 2026.  The Corps is proposing to reissue or modify the 2021 NWPs [link added to COE NWP summary chart]. This proposal to reissue or modify the NWPs will incorporate comments obtained during the formal review of NWP 12 (RIN 0710-AB51).”

This periodic (every five years) rulemaking will be the Trump Administration’s first environmental rulemaking. While the rulemaking was initiated under the Biden Administration, there has been enough time (especially considering Project 2025 and its preparatory work on regulations) for the new Administration to place their stamp on the rulemaking.

I do not currently plan to cover this rulemaking in any depth (mostly depending on the effect on off-shore oil and gas activities), but I will certainly mention the publication of the NPRM in the appropriate ‘Short Takes’ post.

Wednesday, April 2, 2025

Short Takes – 4-2-25

Lesley, What Happened to the “Cybersecurity Skills Shortage”? Tisiphone.net blog post. This is a take on cybersecurity jobs that I have not seen elsewhere. Pull quote: “So now we have a big, BigBIG problem. The universities, colleges, and boot camps sold the hell out of an entry level skills shortage that does not practically exist, and everybody in those programs just graduated, all at once. I cannot express how numerically and logistically dire things are. In the US, my peers are reporting upwards of 100 qualified candidates (after HR screening) for SOC roles. Red team has always been far worse. These numbers mean HR and recruiters can (and sometimes must) keep raising the minimum bar to entry to the most basic, entry level cybersecurity roles. “

Who's in Charge of OT Security? IHSOnline.org article. Long form discussion by Joe Weiss on the  ssues associated with OT Security. Pull quote: “CSO’s need to work with engineering and operations to develop, implement, and maintain control system cyber programs as well as identify control system cyber incidents. Without understanding control system issues, cyber protections may not be sufficient to prevent cyberattacks that can damage hardware and cause injuries. On the other hand, inappropriate technologies or testing can, and have caused, the same impacts as hackers.”

JAXA institute studying Mars lander concept. SpaceNews.com article. Pull quote: ““Instead of having a complicated operational supersonic parachute and a hard aeroshell, you can do all the job just with this single technology,” he said of the inflatable aeroshell. “If we’re focusing on small missions, this is the key technology for enabling our way of Mars landing missions.””

Fermenting miso in orbit reveals how space can affect a food’s taste. ScienceNews.org article. Pull quote: “The researchers could not isolate the ISS miso’s fermentation variables, including radiation, temperature and microgravity, to attribute specific properties to them, Coblentz says. But all those environmental features — or the “space terroir” — contributed to the miso, imparting a unique taste of space.”

Postponement of Effectiveness for Certain Provisions of Trichloroethylene (TCE); Regulation Under the Toxic Substances Control Act (TSCA). Federal Register EPA delayed enforcement notice. Summary: “The Environmental Protection Agency (EPA or Agency) is postponing the effectiveness of certain regulatory provisions of the final rule entitled “Trichloroethylene (TCE); Regulation Under the Toxic Substances Control Act (TSCA)” for 90 days pending judicial review. Specifically, this postponement applies to the conditions imposed on the uses with TSCA exemptions.” New enforcement date: June 20th, 2025.

Comments in Aid of Analyses of the Terrorism Risk Insurance Program. Federal Register Treasury Department Request for comment. Summary: “The Terrorism Risk Insurance Act of 2002 (TRIA) created the Terrorism Risk Insurance Program (Program) to address disruptions in the market for terrorism risk insurance, to help ensure the continued availability and affordability of commercial property and casualty insurance for terrorism risk, and to allow for the private markets to stabilize and build insurance capacity to absorb any future losses for terrorism events. The Secretary of the Treasury (Secretary) administers the Program, with the assistance of the Federal Insurance Office (FIO). Treasury requests comments from interested parties regarding the issues that FIO will be analyzing in connection with its upcoming study related to the participation of small insurers in the Program, including any competitive challenges such insurers face in the terrorism risk insurance marketplace.” Comments due May 19th, 2025.

Review - HR 1223 Introduced – ANCHOR Act

Back in February Rep Fong (R,CA) introduced HR 1223, the Accelerating Networking, Cyberinfrastructure, and Hardware for Oceanic Research (ANCHOR) Act. The bill would require the National Science Foundation (NSF) to submit a plan to improve the cybersecurity and telecommunications of the Academic Research Fleet. No new funding is authorized by the legislation.

The bill is similar to HR 7630, the Accelerating Networking, Cyberinfrastructure, and Hardware for Oceanic Research (ANCHOR) Act, that was introduced by Rep Garcia (R,CA) in March, 2024. The House Science, Space, and Technology Committee held a markup hearing on March 20th, 2024 and ordered the bill reported favorably by a vote of 38 to 0. The Committee Report was published on May 23rd, 2024. The bill was taken up by the full House on September 23rd, 2024 under the suspension of the rules process and passed by a voice vote. No action was taken in the Senate on this bill, nor on a similar bill (S 3943, the ANCHOR Act) introduced by Sen Padilla (D,CA) in March of 2024. Padilla has introduced a similar bill (S 318) this session.

Moving Forward

Fong and all three of his cosponsors {Rep Stevens (D,MI), Rep Obernolte (D,CA), and Rep McBride (D,DE)} are members of the House Science, Space, and Technology Committee to which this bill was assigned for consideration. This means that there may be sufficient influence to see this bill considered in Committee. While last session, the earlier bill moved through the Committee and the floor of the House with no significant opposition, the focus of the 119th Congress is somewhat different than that of the 118th. I suspect that if HR 1223 were considered it would still receive strong bipartisan support, the question remains whether the leadership would remain as supportive in the new legislative environment.

 

For more information about the provisions of this bill, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/hr-1223-introduced - subscription required.

Review - Bills Introduced – 4-1-25

Yesterday, with both the House and Senate in session, there were 76 bills introduced. One of those bills may receive additional coverage in this blog:

HR 2546 To establish the position of Secretary of the Coast Guard, and for other purposes. Ezell, Mike [Rep.-R-MS-4]

 

For more information on these bills, including legislative history for similar bills in the 118th, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/bills-introduced-4-1-25 - subscription required.

Tuesday, April 1, 2025

Short Takes – 4-1-25

What’s My Daily Life Like (in OT DFIR)? Tisiphone.net blog post. Pull quote: “What that means for the digital forensics side of things is that my cases involve sometimes very strange and very old computing equipment. Legacy is prevalent in OT. I must be able to figure out forensics on computers from the 80s or 90s. I also must be able to work with low level systems like PLCs and embedded computers. I still must create timelines of modern attacks, with corroborated and court-admissible evidence. There’s little EDR, and a lot of our forensics work is quite manual. I have a soldering iron in my bag to deal with non-standard connectors.”

SpaceX launches private Fram2 astronauts on historic spaceflight over Earth's poles. Space.com article. Pull quote: “Fram2 carries on the exploration spirit of its ocean-going predecessor. It carries a total of 22 experiments the crew will conduct during the mission, including the first attempt to grow mushrooms in space and a machine that will capture the first on-orbit X-rays of the human body. Other experiments will investigate the effects of microgravity on the human musculoskeletal system during spaceflight.”

FAA closes investigation into SpaceX Starship Flight 7 explosion. Space.com article. Pull quote: “Both the Starship Flight 7 and New Glenn mishap reports were closed on Friday (March 28), FAA officials said. Neither incident caused any public injuries, and New Glenn's failed return to Earth didn't damage any public property. Starship Flight 7 debris caused one confirmed report of "minor vehicle damage" in the Turks and Caicos, according to the FAA.” Still waiting on Flight 8 investigation results.

Cyber-Physical Analysis of Weapons of Mass Destruction Detection Systems: Part 1 - DARPA's SIGMA. Reversemode.com article. Pull quote: “It is important to recognize that this analysis is limited by the scope of available data and the specific context in which it was conducted. While the research might offer valuable insights for improvement, external factors and considerations (some of which may not be immediately apparent) could influence the assessment of the issues discussed. That’s why I’ve taken a cautious approach in classifying something as a ‘vulnerability’” Lots of detail (more than a little over my head due to my background) but some interesting suggestions about potential vulnerabilities.

SpaceX's Fram2 astronaut flight over Earth's poles will be the 1st to grow mushrooms in space. Space.com article. Pull quote: “"In space, food often tastes bland due to altered taste perception and the need for a low-sodium diet to help counteract the negative effects of microgravity on bone health," Flávia said in the statement. "Mushrooms are rich in umami flavor, being one of the only tastes that remains strong in space. Oyster mushrooms are also highly resilient, scalable and capable of growing using 100% of the inedible plant waste, and even cotton t-shirts in their growth medium."” 

Rule Rejected in House – Luna’s Proxy Bill Saved

Today the House took up H Res 282, the rule for the consideration of this week’s legislation under ‘regular’ order. The measure was defeated by a vote of 206 to 222, with nine Republicans voting with the Democrats against the resolution. Unlike similar no votes last session, the Republicans voting no were not members of the Freedom Caucus, rather today these votes came from moderates.

The main purpose of the resolution was to provide the ‘rule’ for the consideration of three bills:

SJ Res 28 – A joint resolution disapproving the rule submitted by the Bureau of Consumer Financial Protection relating to "Defining Larger Participants of a Market for General-Use Digital Consumer Payment Applications",

HR 1526 – No Rogue Rulings Act of 2025, and

HR 22 - Safeguard American Voter Eligibility Act

All three bills are part of the Trump agenda and have been expected to pass with mainly party line votes, with no objections known from any Republicans. Democrats were expected to vote against the HJ Res 282 as a matter of course.

What happened is that the Rules Committee, this morning, added a §5 to the resolution before it was approved in Committee. Section 5 was added to stop the House from considering H Res 23, the Proxy Voting for New Parents Resolution. This resolution was introduced by Rep Luna (R,FL) to modify the House Rules to allow for new parents to vote by proxy, with certain limitations. This bill has been opposed by the Republican leadership, mainly as a keeping-the-faith opposition to the proxy voting allowed by the Democrats during the Covid epidemic. Luna was able to get a majority of the House members to sign a discharge petition to force a vote on the floor.

With eleven Republicans willing to sign the discharge petition it was almost a foregone conclusion that H Res 23 is going to pass if it were to come to the floor. To prevent such ‘objectionable’ legislation from getting to the floor, §5 was added to the rule that would have made a special exception to the rules pertaining to discharge petitions specifically for H Res 23 or substantially similar language for the remainder of the session. The leadership was betting that the desire to support the Trump agenda items included in the rule would override the interest in voting for proxy voting rule.

With the votes on the covered bills at least temporarily stopped, there will be no more votes scheduled on the floor of the House this week. This still leaves the matter of the discharge petition unresolved.

Politico is reporting that Luna resigned from the Freedom Caucus over this issue.

Review – 1 Advisory and 1 Update Published – 4-1-25

Today CISA’s NCCIC-ICS published a control system security advisory for products from Rockwell Automation. They also updated an advisory for products from Hitachi Energy.

Advisories

Rockwell Advisory - This advisory discusses a deserialization of untrusted data vulnerability (with publicly available exploit code) in the Rockwell Lifecycle Services with Veeam Backup and Replication.

Updates

Hitachi Energy Update - This update provides additional information on the Hitachi Energy MicroSCADA advisory that was originally published on November 26th, 2024.

 

For more information on these advisories, including a down-the-rabbit-hole look at the Veeam vulnerability, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/1-advisory-and-1-update-published-1a0 - subscription required.

Review - Bills Introduced – 3-31-25 (House)

Yesterday, with both the House and Senate in session (and the Senate still in session as of the writing of this post with the Democrats holding the floor in an old-style filibuster protesting recent actions by the Trump Administration), there were 67 bills introduced (Senate bills will be discussed in a separate post when they are posted). Three of those bills may receive additional coverage in this blog:

HR 2482 NTIA Reauthorization Act of 2025  Latta, Robert E. [Rep.-R-OH-5] 

HR 2508 To preempt State data security vulnerability mandates and decryption requirements. Lieu, Ted [Rep.-D-CA-36]

HR 2515 To provide for a grant program for adoption of certain telematics systems onboard freight railcars, and for other purposes. Nehls, Troy E. [Rep.-R-TX-22]

 

For more information on these bills, including legislative history for similar bills in the 118th, as well as a mention in passing of a marine liability bill, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/bills-introduced-3-31-25-house - subscription required.
 
/* Use this with templates/template-twocol.html */