Review – Public ICS Disclosures – Week of 8-23-25 – Part 2

For Part 2 we have six additional vendor disclosures from Philips (2), SMA, Trumpf, Welotec, and Wireshark. There are also eight vendor updates from ABB, CODESYS (2), Dell, Hitachi Energy (2), HPE, and Siemens. Finally, we have 11 researcher reports for vulnerabilities in products from Biosig Project (10) and Ilevia.

Advisories

Philips Advisory #1 - Philips published an advisory that discusses an exposure of resources to a wrong sphere vulnerability from Dockers Desktop.

Philips Advisory #2 - Philips published an advisory that discusses an out-of-bounds write vulnerability in Google Chrome.

SMA Advisory - CERT-VDE published an advisory that describes a path traversal vulnerability in the SMA Sunny Boy 3 product.

Trumpf Advisory - CERT-VDE published an advisory that discusses an exposure of sensitive information to an unauthorized actor vulnerability (with publicly available exploits) in the Trumpf Telepresence Box.

Welotec Advisory – CERT-VDE published an advisory that describes the use of a hard-coded cryptographic key vulnerability in the Welotec egOS WebGUI.

Wireshark Advisory - Wireshark published an advisory that describes an SSH dissector crash vulnerability.

Updates

ABB Update - ABB published an update for their ELSB/BLBA ASPECT advisory that was originally published on August 11^th, 2025.

CODESYS Update #1 - CODESYS published an update for their Control V3 advisory that was originally published on August 4^th, 2025.

CODESYS Update #2 - CODESYS published an update for their Control V3 NULL pointer dereference advisory that was originally published on August 4^th, 2025.

Hitachi Energy Update #1 - Hitachi published an update for their Relion 670/650 advisory that was originally published on June 24^th, 2025.

Hitachi Energy Update #2 - Hitachi published an update for their Relion 670/650 reboot vulnerability advisory that was originally published on June 24^th, 2025.

HPE Update #1 - HPE published an update for their SAN Switches advisory that was originally published on June 10^th, 2025.

HPE Update #2 - HPE published an update for their Compute Scale-up Server 3200 platformsadvisory that was originally published on April 22^nd, 2025.

Siemens Update - Siemens published an update for their SIMATIC RTLS advisory that was originally published on August 12^th, 2025.

Research Reports

Biosig Reports - Cisco Talos published ten reports describing 16 vulnerabilities (with publicly available exploits) in the Biosig libbiosig library.

Ilevia Report - Zero Science published a report that describes an authentication bypass vulnerability (with a publicly available exploit) in the Ilevia EVE X1/X5 Server.

 

For more information on these disclosures, including links to exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-8-b4c - subscription required.

Short Takes – 8-30-25 – Space Geek Edition

 Rocket Lab inaugurates Neutron launch pad. SpaceNews.com article. Pull quote: “The pad is designed to be turned around in 24 hours, although the company does not have any plans for the foreseeable future for daily Neutron launches. “That 24-hour turn really is most important so that we don’t make engineering decisions that put us in the corner, that we have really exquisite things to refurbish,” he said.”

How microgravity could transform pharmaceuticals. SpaceNews.com podcast. Pull quote: “Varda is pushing the boundaries of drug development by leveraging microgravity to create new formulations not possible on Earth, bringing them back through its own reentry vehicles.”

Watch a burnt and battered Starship splash down in Indian Ocean to wrap up historic Flight 10. Space.com article. Pull quote: “The vehicle's belly appears to have been toasted golden-brown by the heat of reentry. Ship sports other battle scars as well; several chunks are missing near its base, which looks a bit like the ear of a dog that lost a fight.” ‘Aggressive flight testing’ is how it has been described.

Making babies beyond Earth? Mouse study suggests we can make it happen. Space.com article. Pull quote: “In terms of humans actually reproducing in space, however, scientists may just be scratching the surface as studies of pregnancy in space are limited to animals — and also potentially more limited to men, as fewer women have traveled to space.”

This month, I am offering a reduced-price subscription to my CFSN Detailed Analysis newsletter, 40% off the annual subscription rate. Sale ends on August 31^st, 2025.

Reader Comment – CFATS Should Return

A long time reader and former CISA CFATS team member, Cheryl Louck, left a comment on an almost random post of mine on LinkedIn. It was a very short comment: “CFATS should return.” This is a very common comment that I have heard formally and otherwise from many Chemical Facility Anti-Terrorism Standards program alumni. And even more surprising, it is a sentiment that is also frequently heard from the regulated community. And it is certainly an idea that I support.

Having said that, it is, unfortunately, not an idea that is going anyplace soon. Now over two years since congressional inaction (effectively set in motion by one Senator’s objection in the Senate) there are several factors that ensure that the program will remain dead. First and foremost is the fact that Sen Paul (R,KY; the infamously objecting senator) is in a position of even more power to ensure that any program restoring legislation would not receive any consideration in the Senate.

But even if Paul was struck with overwhelming CFATS remorse, there would still be enormous obstacles to restarting the program. At this point most CFATS alumni are no longer working for the federal government, and I suspect that most would be reluctant to return because of the way government employees have been treated this year.

Perhaps a bigger problem than that is that since the enforcement of the CFATS program’s Site Security Plan program stopped on July 28^th, 2023, facilities have not been treating the program requirements as a federally enforceable part of their security program, with the more onerous requirements falling quickly by the wayside. What security measures (almost certainly most of them at most facilities) remain active have been modified to meet changing facility operations and funding limitations. I would be surprised to hear that any of the 3,000 plus covered facilities as of July 27^th, 2023, could pass an inspection of their approved site security plan today.

Any legislation to restart the CFATS program would have to take all of this into consideration. First off, it would have to provide for a period of time to train a corps of chemical security inspectors, backend regulatory, and technical support folks to replace those that were runoff by DOGE and the current administration. Then the bill would have to outline a timeframe for refiling Top Screens to reflect current chemical inventories, resubmitting vulnerability assessments and proposed site security plans to reflect current security issues. And, of course, a whole new inspection process would have to be initiated to support the renewing site security plans.

Finally, the start of the legislative process would inevitably restart the political debates that have long surrounded the CFATS process. Environmental folks are going to want to see inherently safer technology language added to the bill. Labor folks are going to want to see stronger whistleblower language and requirements for employee participation in the development of security processes. Cyber folks are going to want to see stronger cybersecurity requirements written into the program. Farm folks are going to want stronger exceptions for the agriculture industry. Chemical safety folks are going to want to see water treatment facilities added to the program. The chemical industry is going to want to see counter drone authority added. And, of course, there is going to be strong opposition to each and every one of these wants.

Last year, I did a series of blog posts about using the ChemLock program as a voluntary replacement for the CFATS program. Unfortunately, due to the emasculation of the infrastructure security division of CISA, that is no longer a realistic alternative.

So those of us that want to see CFATS restored to its earlier glory are just going to have to live with the memory. And remember to bite our tongues when everyone asks why nothing was done to prevent the inevitable attack on a chemical facility.

Review - Bills Introduced – 8-29-25

Yesterday, with the House and Senate meeting in the last pro forma session of the summer recess, there were 23 bills introduced. Two of those bills will receive additional coverage in this blog:

HR 5061 Counter-UAS Authority Security, Safety, and Reauthorization Act Garbarino, Andrew R. [Rep.-R-NY-2] 

HR 5062 Pipeline Security Act Johnson, Julie [Rep.-D-TX-32]

 

For more information on these bills, including legislative history for similar bills in the 118th, as well as a mention in passing of a bill providing for UAP whistleblower protections, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/bills-introduced-8-29-25 - subscription required.

Review – Public ICS Disclosures – Week of 8-23-25 – Part 1

This week is a moderately busy disclosure week. We have bulk vendor disclosures from QNAP (11). We have 8 additional vendor disclosures from Cisco, Delta Electronics, Hitachi, Hitachi Energy (2), HPE (2), and Moxa.

Bulk Vendor Disclosures

QNAP (11)

Advisories

Cisco Advisory - Cisco published an advisory that describes an open redirect vulnerability in their Virtual Keyboard Video Monitor.

Delta Advisory - Delta published an advisory that describes an improper restriction of XML external entity reference vulnerability in their EIP Builder.

Hitachi Advisory – Hitachi published an advisory that discusses five vulnerabilities in multiple Hitachi products.

Hitachi Energy Advisory #1 - Hitachi published an advisory that discusses a JAVA deserialization vulnerability (with publicly available exploit and is listed in CISA’s KEV catalog) in their Service Suite Product.

Hitachi Energy Advisory #2 - Hitachi published an advisory that discusses six vulnerabilities (two with publicly available exploits) in their Asset Suite product.

HPE Advisory #1 - HPE published an advisory that discusses two vulnerabilities (one with publicly available exploit) in their HP-UX PAM RADIUS product.

HPE Advisory #2 - HPE published an advisory that discusses three vulnerabilities in their Compute Scale-up Server 3200 Platform Servers.

Moxa Advisory - Moxa published an advisory that describes an unquoted search path vulnerability in the Moxa Industrial Computers.

For more information on these disclosures, including links to 3^rd party advisories, researcher reports, and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-8-57d - subscription required.

Short Takes – 8-29-25

Officials Discover Radioactive Wasp Nests at Facility That Once Produced Parts of Nuclear Weapons in South Carolina. SmithsonianMag.com article. Pull quote: “The report doesn’t specify the type of wasps that were involved in the incident, the watchdog group tells the AP. Given their different nesting behaviors—some wasps make nests from chewed-up wood and others might use dirt—knowing the species could help identify the potential origin of the contamination in the environment.” DOE report link.

Democrats face critical choice in government funding battle as shutdown deadline looms. TheHill.com article. Pull quote: “But the Trump administration’s monthslong government reshaping operation, along with a recent GOP-passed measure last month to approve some spending cuts, have weighed down the fragile bipartisan talks as tensions rise in Washington.”

DOGE Operatives Are Joining Donald Trump’s New National Design Studio. Wired.com article.

Pull quote: “Originally, Gebbia was going to join the USDS [US Digital Service], three sources familiar with the situation tell WIRED, but he opted to start his own office focused on design. NDS will be, at least in part, populated by DOGE operatives affiliated with the General Services Administration, the sources said.”

GregoryAI aims to improve the lives of researchers and patients alike. Werd.io article. Pull quote: “Feeds are processed and automatically classified. Don’t be fooled by the AI in the name: there are no chatbots or automatic summaries here. Instead, incoming articles are classified for relevance and tagged for easier retrieval. You can also see trends across articles, for example to see how the volume of published research into cell therapy for MS has changed over time. You can also receive email alerts, for example, digests of new clinical trials. And at its heart, the system provides browsable structured feeds tuned to help researchers and patients get to information faster.”

Safety-critical industries wary about using AI for cybersecurity. CybersecurityDive.com article. Pull quote: “But that deployment [of cybersecurity AI tools] will not be fast everywhere. Organizations are concerned about data privacy, cost issues and a lack of proven use cases, according to the Arctic Wolf survey. Respondents also said they lacked the technical staff to oversee AI models and didn’t yet have clear policies for managing the tools.”

This Is the Group That's Been Swatting US Universities. Wired.com article. Pull quote: “Argentino, who has been tracking the Purgatory group for more than a year, describes it as “a swatting and doxxing group that formed on Telegram and Discord, using shared scripts and VOIP tools to mask identities and make coordinated false emergency calls to provoke armed police responses.””

This deep-sea worm creates a toxic yellow pigment found in Rembrandt and Cézanne paintings. Nature.com article. Pull quote: “Researchers found that the worm accumulates microscopic particles of arsenic on its outer skin cells as well as along its internal organs. This reacts with sulfide from the hydrothermal vent to form small clumps of orpiment, fashioning a microscopic armour around the worm that protects it from the toxic environment.”

Medieval disease spreads to fourstates after as health fears grow. The-Express.com article. Pull quote: “Erin Phipps, a state public health veterinarian, said in a statement: "This case reminds us of the severe threat that can be posed by this ancient disease [the plague]. It also emphasizes the need for heightened community awareness and for taking measures to prevent further spread."”

This month, I am offering a reduced-price subscription to my CFSN Detailed Analysis newsletter, 40% off the annual subscription rate. Sale ends on August 31^st, 2025. Two Days Left.

Transportation Chemical Incidents – Week of 7-26-25

Reporting Background

See this post for explanation, with the most recent update here (removed from paywall).

Data from PHMSA’s online database of transportation related chemical incidents that have been reported to the agency.

Incidents Summary

• Number of incidents – 599 (565 highway, 32 air, 2 rail, 0 water)

• Serious incidents – 0 (0 Bulk release, 2 evacuation, 0 injury, 0 death, 0 major artery closed, 2 fire/explosion, 32 no release)

• Largest container involved – 24,750-gal DOT 111A100W3 Railcar {Sodium Hydroxide, Solution} Open bottom valve and loose closure cap.

• Largest amount spilled – 54.5-gal Plastic Drum {Toluene} Product spill while loading.

• Total amount reported spilled in all incidents – 1152.4 gal

NOTE: Links above are to Form 5800.1 for the described incidents.

Most Interesting Chemical: Phosphoric Acid: A clear colorless liquid or transparent crystalline solid. The pure solid melts at 42.35°C and has a density of 1.834 g / cm3. Liquid is usually an 85% aqueous solution. Shipped as both a solid and liquid. Corrosive to metals and tissue. Used in making fertilizers and detergents and in food processing.  (Source: CameoChemicals.NOAA.gov).

 

Review – HR 4046 Introduced – Ag Cybersecurity Centers

In June Rep Nunn (R,IA) introduced HR 4046, the Cybersecurity in Agriculture Act of 2025. The bill would require the National Institute of Food and Agriculture (NIFA) to establish five Regional Agriculture Cybersecurity Centers (RACC) to carry out research, development, and education on agriculture cybersecurity. The bill would authorize $25 million in annual spending to support the Centers through 2028.

Moving Forward

Both Dunn and his sole cosponsor {Rep Davis (D,NC)} are members of the House Agriculture Committee to which this bill was assigned for consideration. This means that their may be sufficient influence to see the bill considered in Committee. I suspect that there would be some level of bipartisan support for the bill in Committee, but the new spending will run afoul of efforts of the many Republicans to radically reduce spending. The bill might be able to clear the Committee, but I doubt that there would be enough influence to see the bill overcome that objection and move to the floor of the House. I suspect that the bill could pass with bipartisan support if it were considered by the full House, but not under the suspension of the rules process; a super majority vote would be difficult to achieve.

Commentary

There is one major deficiency in this bill, it lacks any mention of cybersecurity vulnerabilities in agricultural systems. The RACCs should be conducting vulnerability research, act as vulnerability disclosure coordinators for agricultural systems, and coordinate with CISA’s NCCIC in publishing advisories about reported vulnerabilities.

To support those vulnerability related efforts, I would add a new §2(b)(9):

“(9) conduct vulnerability research on agricultural control system, act as a coordinator between researchers and vendors, and, in coordination with CISA’s National Cybersecurity and Communications Integration Center, publish advisories describing discovered cybersecurity vulnerabilities in agricultural control systems.

 

For more details about the provisions of this bill, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/hr-4046-introduced-ag-cybersecurity - Subscription required.

Short Takes – 8-28-25 – Federal Register Edition

Agency Information Collection Activities: Infrastructure Visualization Platform (IVP) Pre-Collection Questionnaire. Federal Register DHS 30-day ICR notice. Summary: “One type of assessment PSAs can perform is an Infrastructure Visualization Platform (IVP). IVPs integrate high-resolution, interactive visual data as well as additional assessment information. For a PSA to conduct an assessment, each stakeholder must complete an IVP Pre-Collection Questionnaire. The questionnaire requests information such as the purpose of the IVP assessment being requested, the security point of contact the team will be meeting with when they arrive at the facility, who will be escorting the team as they tour the facility, special considerations the collection team need to plan for prior to arriving at the facility, and priority areas know as Areas of Emphasis that the team should be focused on while conducting the IVP assessment collection. When the form is completed and submitted, the IVP team can better plan for the assessment by reviewing locations designated as Areas of Emphasis (AOEs) to ensure those areas receive an assessment, to know who appropriate points of contact are (stakeholder requesting and escort who will be with the team during the collect), and to address special considerations prior to showing up for the collect.” Comments due September 29^th, 2025. I discussed the 60-day ICR notice on May 22^nd, 2024.

Agency Information Collection Activities; Submission to the Office of Management and Budget for Review and Approval; Comment Request; SAFECOM Membership Questionnaire. Federal Register DHS 30-day ICR notice. Summary: “Through collaboration with emergency responders and elected officials across all levels of government, SAFECOM works to improve emergency response providers' inter-jurisdictional and interdisciplinary emergency communications interoperability across local, regional, tribal, State, territorial, international borders, and with Federal government entities. SAFECOM works with existing Federal communications programs and key emergency response stakeholders to address the need to develop better technologies and processes for the coordination of existing communications systems and future networks.” Comments due: September 29^th, 2025.

International Space Station Advisory Committee; Meeting. Federal Register NASA meeting notice. Summary: “In accordance with the Federal Advisory Committee Act, as amended, the National Aeronautics and Space Administration announces a meeting of the International Space Station Advisory Committee. The purpose of the meeting is to review aspects related to the safety and operational readiness of the International Space Station.” Meeting September 17^th, 2025.

Aerospace Safety Advisory Panel; Meeting. Federal Register NASA meeting notice. Summary: “In accordance with the Federal Advisory Committee Act, as amended, the National Aeronautics and Space Administration announces a forthcoming meeting of the Aerospace Safety Advisory Panel (ASAP). The ASAP will hold its Third Quarterly Meeting for 2025. This discussion is pursuant to carrying out its statutory duties for which the Panel reviews, identifies, evaluates, and advises on those program activities, systems, procedures, and management activities that can contribute to program risk. Priority is given to those programs that involve the safety of human flight.” Meeting September 19^th, 2025.

EO 14338 - Improving Our Nation Through Better Design. Federal Register.

EO 14339 - Additional Measures To Address the Crime Emergency in the District of Columbia. Federal Register.

EO 14340 - Measures To End Cashless Bail and Enforce the Law in the District of Columbia. Federal Register.

EO 14341 - Prosecuting Burning of the American Flag. Federal Register.

EO 14342 - Taking Steps To End Cashless Bail To Protect Americans. Federal Register.

This month, I am offering a reduced-price subscription to my CFSN Detailed Analysis newsletter, 40% off the annual subscription rate. Sale ends on August 31^st, 2025.

S 2508 Introduced – Pipeline Leak Detection

Last month Sen Luján introduced S 2508, the Gas Pipeline Leak Detection and Repair Act of 2025. The bill would provide an effective date for the “the final rule of the Pipeline and Hazardous Materials Safety Administration issued under section 60102(q) of title 49, United States Code, on January 17, 2025, relating to “Pipeline Safety: Gas Pipeline Leak Detection and Repair” (Docket No. PHMSA–2021–0039; RIN 2137–AF51) [link added]”. No new funding is authorized.

This bill is a companion bill (identical language) to HR 4818 that was introduced on the same day in the House.

Moving Forward

Luján, along with three of his six cosponsors {Sen Markey (D,M), Sen Hickenlooper (D,CO), and Sen Fetterman (D,PA)}, are members of the Senate Commerce, Science, and Technology Committee to which this bill was assigned for consideration. While this provides a technical possibility of there being sufficient influence to see the bill considered in Committee, the referenced rulemaking would run afoul of the Republican energy agenda (the reason it was pulled by the new Administration). This means that there is practically no possibility of this bill being taken up by the Committee, much less the full Senate.

Review – 6 Advisories and 3 Updates Published – 8-28-25

Today CISA’s NCCIC-ICS published six control system security advisories for products from GE Vernova, Delta Electronics (2), Schneider Electric, and Mitsubishi Electric (2). The updated three advisories for products from Hitachi Energy and Mitsubishi Electric.

Advisories

GE Advisory - This advisory describes an uncontrolled search path element vulnerability in the GE CIMPLICITY HMI/SCADA software.

Delta Advisory #1 - This advisory describes two vulnerabilities in the Delta COMMGR software management     program.

Delta Advisory #2 - This advisory describes an out-of-bounds write vulnerability in the Delta CNCSoft-G2 CNC solution.

Schneider Advisory - This advisory describes an improper privilege management vulnerability in the Schneider Saitel DR RTU and Saitel DP RTU.

NOTE: I briefly discussed this vulnerability on August 17^th, 2025.

Mitsubishi Advisory #1 - This advisory describes a cleartext transmission of sensitive information vulnerability in their MELSEC iQ-F Series CPU modules.

Mitsubishi Advisory #2 - This advisory describes a missing authentication for critical function vulnerability in their MELSEC iQ-F Series CPU modules.

Updates

Hitachi Energy Update - This update provides additional information on the Relion 670/650 advisory that was originally published on July 3^rd, 2025.

Mitsubishi Update #1 - This update provides additional information on the Iconics Digital Solutions advisory that was originally published on May 20^th, 2025, and most recently updated on August 7^th, 2025.

NOTE: I briefly discussed the revised Mitsubishi advisory that underlies this update on August 9th.

Mitsubishi Update #2 - This update provides additional information on the Multiple FA Engineering Software Products advisory that was originally published on May 14^th, 2024, and most recently updated on May 15^th, 2025.

 

For more information on these advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/6-advisories-and-3-updates-published-4b9 - subscription required.

Review – HR 4818 Introduced – Pipeline Leak Detection

Last month Rep Peters (D,CA) introduced HR 4818, the Gas Pipeline Leak Detection and Repair Act of 2025. The bill would provide an effective date for the “the final rule of the Pipeline and Hazardous Materials Safety Administration issued under section 60102(q) of title 49, United States Code, on January 17, 2025, relating to “Pipeline Safety: Gas Pipeline Leak Detection and Repair” (Docket No. PHMSA–2021–0039; RIN 2137–AF51) [link added]”. No new funding is authorized.

The Rulemaking

On October 18^th, 2024, PHMSA sent a final rule to the OMB’s Office of Information and Regulatory Affairs (OIRA) for review. On January 17^th, 2025 (effectively the last day of the Biden Administration) OIRA announced that it had ‘concluded action’ on that final rule. Typically, this means that the rule should be sent to the Office of the Federal Register (OFR) for printing. In this case, however, OIRA’s announced final action was characterized as “Statutory or Judicial Deadline”.

No Final Rule was published in the Federal Register. Of course, on January 20^th, 2025 (the next business day in Washington) the new President was inaugurated and almost immediately signed the expected executive memorandum freezing all ongoing rulemaking activities. Section 1 of that order would have prohibited DOT from sending this rulemaking to the OFR. Section 2 would have required any rule that had been sent to the OFR, but not published in the FR, to be withdrawn for review.

Moving Forward

While Peters is not a member of the House Transportation and Infrastructure Committee to which this bill was assigned for primary consideration, one of his five co-sponsors {Rep Huffman (D,CA)} is a member of the Committee. That means that there could be (theoretically) enough influence to see this bill considered in Committee. Unfortunately, the expected provisions of the regulation conflict with the Republican energy agenda which is a high priority in the 119^th Congress. That means that there is almost no chance of this bill seeing the light of day in a hearing room, much less on the floor of the House.

 

For more information on the background about the underlying rulemaking, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/hr-4818-introduced-pipeline-leak   - subscription required.

Short Takes – 8-27-25 – Space Geek Edition

SpaceX’s Starship goes the distance in 10th test flight. CosmicLog.com article. Pull quote: ““There are thousands of engineering challenges that remain for both the Ship and the booster, but maybe the single biggest one is the reusable orbital heat shield,” Musk said during a pre-launch chat on SpaceX’s webcast. “We are confident in making a fully reusable orbital heat shield, but it will require many flights, many iterations, to figure out where the weak points are.””

Starship completes tenth test flight, breaking string of failures. SpaceNews.com article. Pull quote: “The vehicle then fired several Raptor engines for a final landing burn, performing a “soft” splashdown within sight of a buoy placed by SpaceX to observe the landing. The vehicle, upon splashdown, tipped over and exploded, as expected, more than 66 minutes after liftoff.”

Alpha FLT006 Message in a Booster. FireflySpace.com press release. Return to flight notice. Pull quote: “Fortunately, the corrective actions are straight forward: increase thermal protection system thickness on Stage 1 and reduce angle of attack during key phases of the flight. Corrective actions have already been implemented.”

Expediting Initial Processing of Satellite and Earth Station Applications; Space Innovation. Federal Register, FCC final rule. Summary: “In this document, the Federal Communications Commission (Commission or we) adopts a Second Report and Order with variety measures to expedite space and earth station approvals, including by eliminating the requirement to file certain license modification applications and eliminating outdated rules. In particular, the Second Report and Order provides regulatory certainty for, and eliminates burdens on, the nascent Ground-Station-as-a-Service industry, where a neutral host establishes connectivity to multiple satellite systems in space. As licensing activity before the Commission increases in complexity and number, concrete measures to expedite earth and space station applications will support U.S. leadership in the growing space economy. Accordingly, adoption of these concrete measures to expedite the processing of applications for authority to operate space and earth stations under part 25 of the Commission's rules would be vital to supporting U.S. leadership in the growing space economy.” Effective date: September 26^th, 2025.

This month, I am offering a reduced-price subscription to my CFSN Detailed Analysis newsletter, 40% off the annual subscription rate. Sale ends on August 31^st, 2025.

Review – 2 Advisories and 1 Update Published

Today CISA’s NCCIC-ICS published two control system security advisories for products from Schneider Electric and INVT. They also updated an advisory for products from Danfoss.

Advisories

Schneider Advisory - This advisory describes an improper input validation vulnerability in the Schneider Modicon M340 and Communication Modules.

INVT Advisory - This advisory describes nine vulnerabilities in the INVT VT-Designer and HMITool products.

Updates

Danfoss Update - This update provides additional information on the AK-SM 8xxA Series advisory that was originally published on May 20^th, 2025.

For more information on these advisories, including links to researcher reports, and a DTRH look at a ‘missing advisory’, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/2-advisories-and-1-update-published-edb - subscription required.

Short Takes – 8-25-25

Investigation finds hazmat train derailments strike every 2 months. EMS1.com article. Pull quote: “That data, provided by a private company called RailState LLC, showed that over the last six months at least 130,000 rail cars displaying placards for hazardous materials moved along sections of rail lines stretching from Blaine, Washington, to Amarillo, Texas. Those cars passed the homes of at least 2.5 million people living within a mile of the tracks, along with more than 1,000 schools and 80 hospitals, the analysis found.”

Your household gadgets could soon be battery-free — scientists create tiny solar cells that can be powered by indoor light. LiveScience.com article. Pull quote: “In the study, published April 30 in the journal Advanced Functional Materials, researchers used the perovskite to gather light in solar cells. This material is already in use in other solar cells and offers distinct advantages to traditional silicon-based solar panels. In particular, perovskite absorbs lower-power, ambient light more efficiently than traditional methods, according to the study, making it ideal for indoor use.”

In Abrupt Reversal, FDA Yanks Ixchiq Vaccine Over Safety Concern. MedPageToday.com article. Pull quote: “Infections with the virus can lead to severe disease and prolonged health problems, particularly for older adults. Typically emerging within a week of infection, common chikungunya symptoms include fever, severe joint pain, and rash, and may include headache and muscle pain. In as many as half of all cases, persistent disease can cause disabling polyarthritis. Treatment typically consists of fluids and over-the-counter pain medications.”

The FTC Says Products Must Back Up Health Claims. A MAHA Lawsuit Would Upend That. MedPageToday.com article. Pull quote: “The FTC has traditionally had more teeth, successfully suing companies that make unsubstantiated claims. For example, the agency won a judgmentopens in a new tab or window last year against a company that advertised a supplement as "clinically shown" to improve memory.”

This month, I am offering a reduced-price subscription to my CFSN Detailed Analysis newsletter, 40% off the annual subscription rate. Sale ends on August 31^st, 2025.

Review - S 2320 Introduced – Foreign Cylinders

Last month Sen Moreno (R,OH) introduced S 2320, the Compressed Gas Cylinder Safety and Oversight Improvements Act of 2025. The bill would require DOT to establish additional regulations relating to the approval of foreign manufacturers of cylinders used in the transport of hazardous chemicals. There is no new spending authorized by this legislation.

This bill is identical to S 1632, the Compressed Gas Cylinder Safety and Oversight Improvements Act of 2023, that was introduced by then Senator Vance (R,OH) in May of 2023. More importantly, it is nearly identical to HR 1182 that was passed in the House on June 9^th, 2025. The only difference between this bill and the House bill is the web site location where DOT would be required to maintain a list of approved foreign cylinders; DOT website for this bill and PHMSA website for the House bill. Since the PHMSA web site is part of the DOT website, this is a less than significant difference. There was one other minor difference, this bill corrected a typographical error in the opening sentence of §2(g), correcting the 49 USC reference to read §107.807(c) instead of the subsection (d) found in both the House bill and earlier Senate versions {BTW: there is no subsection (d) in that USC Section}.

Moving Forward

Moreno and his sole cosponsor {Sen Baldwin (D,WI)} are members of the Senate Commerce, Science, and Transportation Committee to which this bill was assigned for consideration. This means that there could be sufficient influence to see the bill considered in Committee. I suspect that the bipartisan support this bill received in the House would also be seen in the Senate. The Committee, however, will not have to act for this bill to be considered by the full Senate, or more appropriately the House version of the bill. Having said that, this bill would have to be considered under the unanimous consent process or as part of a larger bill, since this bill is just not politically important enough to take up the Senate’s time if it were considered under the regular order.

 

For more details about the provisions of this bill, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/s-2320-introduced-foreign-cylinders - subscription required.

Short Takes – 8-25-25 – Space Geek Edition

SpaceX calls off critical Starship Flight 10 test launch due to 'issue with ground systems'. Space.com article. Pull quote: “"Standing down from today's tenth flight of Starship to allow time to troubleshoot an issue with ground systems," SpaceX announced at 7:13 p.m. EDT (2313 GMT) on Sunday in a post on X, the social media site owned by SpaceX founder and CEO Elon Musk. The company did not immediately announce a new target date for Flight 10, but does have backup days available through at least Aug. 26.”

Rocket Lab’s Electron’s 70th mission sends “Live, Laugh, Launch,” soaring. SatNews.com article. Pull quote: “‘Live, Laugh, Launch’ was Electron’s 12th mission of 2025 as Rocket Lab continues to execute an accelerated schedule of Electron launches, including a record-setting prior quarter of two launches flown just two days apart from Launch Complex 1 in late June. The majority of Electron missions launched this year, including today’s mission, have been the continuation of multi-launch contracts with satellite operators to deploy their constellation in low Earth orbit — demonstrating the industry’s reliance on Electron for reliable, dedicated access to space for small satellites, all while the Company continues preparing to debut its new medium-lift reusable rocket, Neutron.”

A gigantic jet caught on camera. SatNew.com article. Pull quote: “The world of Transient Luminous Events is a hidden zoo of atmospheric activity playing out above the storms and if any readers have captured an image of a jet, sprite, or other type of TLE, please submit those photos to Spritacular.org to assist scientists in studying these fascinating, night sky phenomena.”

Impulse Space has upgraded their Mira space vehicle. SatNews.com article. Pull quote: “In addition to being optimized for higher energy orbits, the next-generation Mira vehicle provides increased delta-v, greater power for payloads, more payload capacity, and expanded autonomy to support diverse mission profiles. Its first flight, LEO Express 3, is fully manifested and scheduled to launch later this year.” This reads like a press release; interesting suite of capabilities though.

IBM and NASA Develop a Digital Twin of the Sun to Predict Future Solar Storms. Wired.com article. Pull quote: “According to IBM, traditional prediction models can only predict a flare one hour in advance based on signals detected in specific regions of the sun. In contrast, “Surya provided a two-hour lead by using visual information. The model is thought to be the first to provide a warning of this kind. In early testing of the model, the team said they achieved a 16 percent improvement in solar flare classification accuracy, a marked improvement over existing methods,” the company said in a statement.”

Automaker Geely Launched Its Own Satellites Into Space, Highlighting China’s Ambitions. Wired.com article. Pull quote: “This makes Geely the only global automaker with its own dedicated satellite internet constellation and a public plan to integrate that connectivity into its advanced driving tech. At a time when most global automakers are struggling through concurrent crises—a rocky transition to electric vehicles; confused and confusing approaches to software; questions around the future of autonomy; global economic upheaval and trade reorientations; and the rise of Chinese auto manufacturers—the Chinese automaker’s space play demonstrates a veritable long-term, international strategy.” And a surveillance capability?

This month, I am offering a reduced-price subscription to my CFSN Detailed Analysis newsletter, 40% off the annual subscription rate. Sale ends on August 31^st, 2025.

Review – CISA Publishes 2025 Minimum SBOM Requirements Guidance

On Friday, CISA published a request for information (RFI) in the Federal Register (90 FR 41094-41095) on their draft update of the “2025 Minimum Elements for a Software Bill of Materials (SBOM)”. The original draft was published in July 2021, by DOC’s The National Telecommunications and Information Administration (NTIA) in response to requirements of President Biden’s EO 14028. CISA requests input on the clarifications and enhancements in the proposed voluntary guidance.

The 2025 version of the Minimum Elements expands on the three minimum elements as required by EO 14028, that were set out in the 2021 document:

Data Fields: Documenting baseline information about each component that should be tracked,

Automation Support: Allowing for scaling across the software ecosystem through automatic generation and machine-readability, and

Practices and Processes: Defining the operations of SBOM requests, generation and use.

Appendix A provides an expanded list of SBOM data elements with Appendix B adding an explanation of the changes made to the data elements list.

Public Comments

CISA is soliciting public comments on this draft SBOM guidance documents. Comments may be submitted via the Federal eRulemaking Portal (www.Regulations.gov: Docket # CISA-2025-0007) Comments should be submitted by October 3^rd, 2025.

A reminder, this is a proposed guidance document, not a regulatory document. This means that there is a lack of specificity in what CISA is expecting to see in the SBOM data elements.

 

For more information about what is included in the draft document, including a commentary on the use of SBOMs, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/cisa-publishes-2025-minimum-sbom - subscription required.

Short Takes – 8-23-25

If This Asteroid Hits the Moon, Watch for Shooting Stars and Stricken Satellites. ScientificAmerican.com article. Pull quote: “So if the asteroid does strike the moon—and that’s still a big if—we’ll get quite the light show, but our satellites could be at risk. This shows us that while we rightly are concerned about mitigating Earth impacts from larger asteroids, even smaller ones hitting the moon are a cause for concern and may be worth trying to prevent as well. The good news is that such 2024 YR4–size lunar impacts are extremely rare, and the chance of one in 2032 is still slim. It would make for a spectacular event, but we’d be far better off if the asteroid missed.”

New Mathematical Model Aims to Prevent 5G Disruptions to Aircraft Systems. I-HLS.com article. Pull quote: “Importantly, the research goes beyond proposing a policy fix—it introduces a framework for predicting how interference might occur and how it can be managed through network design. With global aviation authorities and telecom regulators still navigating how to safely roll out 5G near airports, this work offers a data-driven basis for future infrastructure planning.”

Agency Information Collection Activities: 1670-0048: SAFECOM Nationwide Surveys Generic Clearance. Federal Register CISA 60-day ICR notice. Summary: “To perform these statutory obligations, CISA seeks renewal of its PRA Generic Clearance to maintain flexibility in implementing surveys that are relevant to the current emergency communications environment. To meet the statutory requirements of 6 U.S.C. 573, ECD conducts the SAFECOM Nationwide Survey (SNS) to assess evolving capability needs and gaps and track progress against policy initiatives, status of strategic plans, and major industry or market shifts affecting the emergency communications capability.” Comments due: October 24^th, 2025.

This month, I am offering a reduced-price subscription to my CFSN Detailed Analysis newsletter, 40% off the annual subscription rate. Sale ends on August 31^st, 2025.

Chemical Incident Reporting – Week of 8-16-25

NOTE: See here for series background.

Noblesville, IN – 8-7-25

Local News Report: Here, here, and here.

There was a chemical explosion at a municipal water treatment works associated with a chemical delivery, possibly sodium hypochlorite (bleach). There was one minor injury. A shelter-in-place advisory was ordered for the surrounding neighborhood. The facility was reportedly shutdown temporarily for repairs, other treatment works on the system are able to maintain water service to the community.

Probably not CSB reportable.

Note: A Google search for this incident turned up an adverticle from a law firm about the incident. This is the second such adverticle I have seen in a week. In both cases (different law firms), the incident and chemical information provided was correct yet limited (as I would expect from a law firm). I am surprised that I have not seen this before, it would seem to be a very good way for a personal injury law firm to get their names before the public.

Lincoln, NE – 8-13-25

Local News Report: Here and here.

There was a chlorine leak at a metal plating manufacturer. A broken valve released too much chlorine into the system resulting in chlorine fumes in the facility. The facility was evacuated and the leak stopped. No injuries were reported.

Not CSB reportable.

Belle, WV – 8-16-25

Local News Report: Here, here, and here.

There was a minor ammonia leak at a manufacturing plant that resulted in a local ‘shelter-in-place’ order. The order was lifted after the extent of the leak was determined. No injuries or damages were reported.

Note: This article has some interesting chemical safety tips.

Not CSB reportable.

Holstein, NE – 8-20-25

Local News Report: Here, here, and here.

There was an anhydrous ammonia spill at a manufacturing facility. The local neighborhood was evacuated as a precautionary measure. One employee was injured and transported to the hospital. A fire department team entered the facility and closed the tank valve to stop the leak. There is no information on any damages.

Possible CSB reportable.

Roseland, La – 8-22-25

Local News Report: Here, here, and here.

There was large fire and multiple explosions at an oil and lubricant storage facility. Local evacuations were ordered. No injuries were reported but there was extensive damage at the facility.

Probable CSB reportable.

Lengthy drone video of firefighting effort here. You can see the flames spreading from the initially involved tank farm on the surface of water outflow from firefighting efforts. It looks like firefighters were trying to keep a specific set of tanks cool, rather than trying to suppress the fire.

Review – Public ICS Disclosures – Week of 8-16-25

This is a moderately busy disclosure week. We have bulk disclosures from HPE (7). This week we have five additional vendor disclosures from Delta Electronics, Honeywell, HP, SMA, and Weissmann & Theis. We have bulk updates from Dell (5). We have three vendor updates from HPE and Siemens (2). There is also a researcher report for a vulnerability in a product from Ilevia. Finally, we have an exploit for products from Lantronix.

Bulk Disclosures

HPE published 7 disclosures.

Advisories

Delta Advisory - Delta published an advisory that describes four cross-site scripting vulnerabilities in their DIAEnergie products.

Honeywell Advisory - Honeywell published an end-of-life notice for their Select 60 Series cameras.

HP Advisory - HP published an advisory that discusses two vulnerabilities in their Security Manager product.

SMA Advisory - CERT-VDE published an advisory that describes an exposure of private personal data to an unauthorized actor vulnerability in the SMA ennexos.sunnyportal.com.

Wiesemann Advisory - CERT-VDE published an advisory that describes a missing authentication for critical function vulnerability in the Wiesemann Motherbox 3 product.

Bulk Updates

Dell published five updates for their Wyse product line.

Updates

HPE Updates - HPE published an update for their ProLiant DL/ML/XL advisory that was originally published on August 12^th, 2025.

Siemens Update #1 - Siemens published an update for their Desigo CC Product Family advisory that was originally published on August 14^th, 2025.

Siemens Update #2 - Siemens published an update for their e OPC UA Implementations advisory that was originally published on September 12^th, 2023, and most recently updated on January 14^th, 2025.

Researcher Reports

Ilevia Report - Zero Science published a report describing a server-side logging vulnerability (with publicly available exploit) in the Ilevia EVE X1 Server.

Exploits

Lantronix Exploit - Byte Reaper published an exploit for an improper restriction of XML external entity reference vulnerability in the Lantronix Provisioning Manager.

For more information on these disclosures, including links to 3^rd party advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-8-86f - subscription required.

Short Takes – 8-22-25

Chip Roy headlines Freedom Caucus departures that could transform House GOP. TheHill.com article. Pull quote: “Michael E. Bednarczuk, a professor of Political Science at Austin Peay State University who is writing a book about the House Freedom Caucus, the group’s members are about five times as likely as non-Freedom Caucus Republicans to run for higher office — with about 17% of Freedom Caucus members running for higher office since their founding, compared to 3% in of the rest of the GOP caucus.”

Rocket Lab Announces Expanded U.S. Investments for National Security Programs and Semiconductor Manufacturing. RocketLabCorp.com press release. Pull quote: “In a strategic response to the increasing demand for a robust domestic supply chain of space-grade solar cells and electro-optical sensors for spacecrafts and satellites, Rocket Lab’s capital investments over the next five years are expected to strengthen the Company’s market position as a leading satellite manufacturer, components supplier, and end-to-end mission provider for commercial and national security space missions. Rocket Lab is one of only two companies in the United States that specialize in the production of high efficiency, radiation hardened, space-grade compound semiconductors.”

Trump White House takes a $10B stake in Intel. Politico.com article. Pull quote: “Intel posted details of the plan soon afterward, saying the administration would make an $8.9 billion investment in Intel common stock, paid for with the CHIPS grant money. The company said the stake would be funded with $5.7 billion in grants previously awarded but not yet paid, and $3.2 billion from a separate Defense Department program.”

This month, I am offering a reduced-price subscription to my CFSN Detailed Analysis newsletter, 40% off the annual subscription rate. Sale ends on August 31^st, 2025.

Review – S 2660 Introduced – Pipeline Risk-Based Safety

Earlier this month, Sen Curtis (R,UT) introduced S 2660, the Modern Risk Detection Act of 2025. This bill would amend 49 USC 60102, which establishes the purpose and general authority for the DOT’s pipeline safety regulations. The legislation would require the adoption of risk based standards in the PSR to the maximum extent practicable. No new funding is authorized.

Moving Forward

Curtis is a Sub-Committee Chair in the Senate Commerce, Science, and Transportation Committee to which this bill was assigned for consideration. This means that there should be sufficient influence to see this bill considered in Committee. I suspect that the Democrats will generally oppose this bill as ‘risk-based approaches’ are frequently seen by them as a means for the regulated community to avoid strict enforcement of regulations. Still there should be sufficient influence to see this bill reported favorably by the Committee. This bill is not, however, politically important enough to be considered under regular order in the Senate and it would not survive an attempt at passage under the unanimous consent process. The best way for this bill to move forward would be for it to be added to a larger piece of legislation that would be considered under regular order.

 

For more information on the provisions of this bill, including an alternate method of achieving a risk-based approach to the Pipeline Safety Regulations, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/s-2660-introduced-pipeline-risk-based - subscription required.

Transportation Chemical Incidents – Week of 7-19-25

Reporting Background

See this post for explanation, with the most recent update here (removed from paywall).

Data from PHMSA’s online database of transportation related chemical incidents that have been reported to the agency.

Incidents Summary

• Number of incidents – 622 (593 highway, 28 air, 1 rail, 0 water)

• Serious incidents – 4 (3 Bulk release, 1 evacuation, 1 injury, 0 death, 0 major artery closed, 3 fire/explosion, 29 no release)

• Largest container involved – 30,160-gal Type not listed Railcar {Gasoline Includes Gasoline Mixed With Ethyl Alcohol, With Not More Than 10% Alcohol} Leaking manway gasket.

• Largest amount spilled – 300-gal u/i tank truck {Flammable Liquids, N.O.S.} overfilled during truck loading.

• Total amount reported spilled in all incidents – 2450.1 gal

NOTE: Links above are to Form 5800.1 for the described incidents.

Most Interesting Chemical: Potassium Chlorate: A white crystalline solid. Forms a very flammable mixture with combustible materials. Mixture may be explosive if combustible material is very finely divided. Mixture may be ignited by friction. Contact with strong sulfuric acid may cause fires or explosions. May spontaneously decompose and ignite when mixed with ammonium salts. May explode under prolonged exposure to heat or fire. Used to make matches, paper, explosives, and many other uses. (Source: CameoChemicals.NOAA.gov).

 

INSERT UN 1485 Placard

Short Takes – 8-22-25 – Space Geek Edition

Steam thruster entrusted to raise orbit of Artemis 2 cubesat. SpaceNews.com article. Pull quote: “The ground tests are not a perfect simulation of the thruster’s performance in space, he acknowledged, with issues such as sloshing and formation of gas bubbles that the thruster, operating in microgravity, will face. However, he said that the gas bubbles should remain in the center of the fuel tank and not interfere with the flow of propellant, and the tank will be at a high enough pressure to mitigate sloshing.”

New rocket plans continue to emerge to support China’s growing space ambitions. SpaceNews.com article. Pull quote: “New entrants are still emerging in China, despite big leads for more established players. This is due to strong policy support from the central government and provincial and local governments offering backing, looking to foster space clusters and high-tech growth, and demand for launch from megaconstellation projects. The newer companies also appear to be reacting to new trends and breakthroughs in the launch sector, such as those made by SpaceX, reflected in plans for chopstick-style recoveries and FFSC engines.”

SpaceX launches eighth mission of the X-37B military spaceplane. SpaceNews.com article. Pull quote: “The X-37B is an autonomous reusable vehicle that resembles a miniature space shuttle. It was designed for autonomous flight and repeated use for extended experiments and technology demonstrations. The spacecraft has flown since 2010 for long missions that last years. Although it’s launched like a satellite, at the end of each mission it returns to Earth and lands on runways.”

Russia launches mice, microbes and more on monthlong mission to Earth orbit. Space.com article. Pull quote: “Like its predecessor, Bion-M No. 2 is expected to circle Earth for a month. It will do so in a different orbit, however — one that takes it over the poles, increasing the exposure to cosmic radiation substantially compared to Bion-M No. 1.”

Watch 2 fiery blasts erupt from the sun — is Earth in the danger zone? Space.com article. Pull quote: “Solar physicist Ryan French added, "A stunning eruption of filament plasma from the sun this morning! This size of event can cause strong aurora activity if directed towards Earth, but alas — this one was not."”

This month, I am offering a reduced-price subscription to my CFSN Detailed Analysis newsletter, 40% off the annual subscription rate. Sale ends on August 31^st, 2025.

Short Takes – 8-21-25

Smallsat missions proposed to study asteroid Apophis. SpaceNews.com article. Pull quote: “The concept for TERP RAPTOR involves a 12U cubesat launched into a geostationary transfer orbit, from which it would maneuver onto a head-on trajectory, passing within 10 kilometers of Apophis around the time of its closest approach to Earth while going at a relative velocity of 9.5 kilometers per second. Some alternative trajectory options exist that feature flybys before closest approach but at lower relative velocities.”

Tick-borne disease spreads, causing meat, dairy allergies. TheHill.com article. “Patients report reactions so severe that smelling burgers on a grill can cause unconsciousness. The syndrome also affects everyday items containing animal byproducts, including lip balms, lotions and some bottled water, causing hives, coughing and wheezing.”

Extension of Postponement of Effectiveness for Certain Provisions of Trichloroethylene (TCE); Regulation Under the Toxic Substances Control Act (TSCA). Federal Register EPA notification. Summary: “The Environmental Protection Agency (EPA or Agency) is extending the postponement of the effectiveness of certain regulatory provisions of the final rule entitled “Trichloroethylene (TCE); Regulation Under the Toxic Substances Control Act (TSCA)” for an additional 90 days. Specifically, this postponement applies to the conditions imposed on the uses with TSCA exemptions.” New compliance date: November 17^th, 2025.

mRNA vaccines hold promise for many diseases. Now the tech is under fire. ScienceNews.org article. Pull quote: ““The mRNA-based drugs that are coming out are lifesaving,” Coller says. He thinks termination of these projects will have a chilling effect on anyone looking to develop mRNA-based therapeutics. HHS’ announcement “was literally a shot across the bow,” he says. “It’s a clear message to the entire industry that the United States is no longer going to support mRNA-based research and development.””

America’s fragile drug supply chain is extremely vulnerable to climate change. ArsTechnica.com article. Pull quote: “During the six-year span [2019 through 2024], 6,819 facilities (63 percent) faced at least one weather-related emergency. Per year, an average of 2,146 facilities (33 percent) experienced such an emergency.” Study did not specifically look for supply chain disruptions at those ‘affected’ facilities.

ULA making new efforts on Vulcan reusability. SpaceNews.com article. Pull quote: “ULA plans to recover the aft thrust structure of the Vulcan booster, which includes the engines as well as fluid management systems, avionics and other components. “As time goes forward, we’re going to move more things into the back side of the booster that can be recovered,” he said. “By the time we get done through that evolutionary path, really almost the only thing that is being discarded from the booster core will be the fuel tank itself.”” Lack of details about plan.

How to reconcile space mining with the Outer Space Treaty. SpaceNews.com commentary. Pull quote: “To facilitate public–private investment in off-world mining, we propose that the FAA first address and clarify the issue of exclusive rights on celestial bodies, citing operational safety concerns. As demonstrated during Apollo 12’s mission next to Surveyor 3, landing in close proximity to existing infrastructure can pose significant risks from exhaust plumes and high-velocity debris. Once commercial lunar access becomes international, the U.S. government should adopt the ITU’s existing approach for managing orbital slots as a model for regulating future operations on celestial bodies. This strategy minimizes the need for new regulatory frameworks and increases the likelihood of international acceptance.”

Pipeline Safety: Periodic Standards Update II. Federal Register PHMSA final rule. Summary: “This final rule incorporates by reference 19 updated voluntary, consensus industry technical standards within the pipeline safety regulations (PSR, 49 Code of Federal Regulation (CFR) parts 190-199). The incorporation of these updated standards will maintain or improve public safety, prevent regulatory confusion, and reduce compliance burdens consistent with the requirements in the National Technology Transfer and Advancement Act (NTTAA) of 1995 (15 United States Code (U.S.C.) 272 (note)).” Effective date: January 10^th, 2026

Could babies get bird flu through breast milk? Maybe, a study hints. ScienceNews.org article. Pull quote: ““That’s a very pressing question that we should be asking in this time before we’re seeing widespread transmission, or before a pandemic,” Byington says. Since September 2024, 79 people in the United States have tested positive for H5 influenza, mostly farm workers who had mild symptoms. One person died. The virus has not yet evolved the ability to spread easily from person-to-person.”

This month, I am offering a reduced-price subscription to my CFSN Detailed Analysis newsletter, 40% off the annual subscription rate. Sale ends on August 31^st, 2025.