NTSB Publishes Preliminary Report on Reeseville, WI Train Derailment

Today the National Transportation Safety Board (NTSB) published a preliminary report on the August 15^th, 2025, derailment of a key-train (94 hazmat cars). Twenty-four cars were derailed and two were punctured, leaking crude oil. No fires, injuries, or non-railroad damages were reported.

The PHMSA HAZMAT Incident Database report on this incident reports that five of the 23 railcars leaked; two from punctures and three from manways, due to bolts being less than tool tight:

GBRX 706564 - derailed upright with the B-end buried in mud. The tank shell was punctured close to the top and middle of the tank car, on the right side, B-end. Resulting release was estimated at 750 gallons. GBRX 706556 - derailed upright & underneath another tank car. The tank head was punctured close to the Brake handle on the B-end. Resulting release was estimated at 750 gallons.

GBRX 706217 - derailed on its right side, with the top of the tank car at roughly 3:00. The release occurred from the manway, where 3 of 8 manway bolts were less than tool tight. Resulting release was estimated at 5 gallons.

GBRX 706163 - derailed on its right side, with the top of the tank car at roughly 3:00. The release occurred from the manway, where 4 of 8 manway bolts were less than tool tight. Resulting release was estimated at 5 gallons.

GBRX 706067 derailed on its right side, with the top of the tank car at roughly 3:00. The release occurred from the manway, where 1 of 8 manway bolts were less than tool tight. Resulting release was estimated at 0.016 gallons.

Note: This incident had not been reported to PHMSA when I did my post “Transportation Chemical Incidents – Week of 8-9-25” on September 12^th, 2025.

Review – 7 Advisories and 3 Updates Published – 9-30-25

Today CISA’s NCCIC-ICS published seven control system security advisories for products from LG Innotek, National Instruments, OpenPLC, Festo (3) and MegaSys Enterprises. The also published updates for advisories for products from Rockwell Automation, HEIDENHHAIN, and Keysight.

Advisories

LG Advisory - This advisory describes an authentication bypass by alternate path or channel vulnerability in the LG Innotek LND7210 and LNV7210R cameras.

National Instruments Advisory - This advisory describes two vulnerabilities in the NI Circuit Design Suite.

OpenPLC Advisory - This advisory describe a reliance on undefined, unspecified, or implementation defined behavior vulnerability in the OpenPLC_V3 product.

Festo Advisory #1 - This advisory discusses 29 vulnerabilities in the Festo Controller CECC-S,-LK,-D Family Firmware.

Festo Advisory #2 - This advisory describes an improper privilege management vulnerability in the Festo CPX-CEC-C1 and CPX-CMXX hardware control blocks.

Festo Advisory #3 - This advisory discusses four vulnerabilities in the Festo SBRD-Q/SBOC-Q/SBOI-Q series products.

NOTE: I briefly discussed these vulnerabilities on October 2^nd, 2021.

MegaSys Advisory - This advisory describes an OS command injection vulnerability in the MegaSys Telenium Online Web Application.

Updates

Rockwell Update - This update provides additional information on the FLEX 5000 I/O advisory that was originally published on August 14^th, 2025.

NOTE: I described the problem with the incorrect CVE numbers on August 14^th, 2025.

HEIDENHAIN Update - This update provides additional information on the Controller TNC advisory that was originally published on October 25^th, 2022.

Keysight Update - This update provides additional information on the Ixia Vision advisory that was originally published on March 4^th, 2025.

 

For more information on these advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/7-advisories-and-3-updates-published-e07 - subscription required.

Review – Bills Introduced – 9-29-25

Yesterday, with just the Senate in session, there were 18 bills introduced. Two of those bills may receive additional coverage in this blog:

S 2937 A bill to establish legal standards for advanced artificial intelligence products. Durbin, Richard J. [Sen.-D-IL]

S 2938 A bill to require the Secretary of Energy to establish the Advanced Artificial Intelligence Evaluation Program, and for other purposes. Hawley, Josh [Sen.-R-MO]

 

For more information on these bills, including legislative history for similar bills in the 118^th Congress, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/bills-introduced-9-29-25 - subscription required.

CSB Publishes Update for Coke Works Explosion Investigation

Yesterday the Chemical Safety Board announced the publication of their first update about their investigation of the August 11^th, 2025 explosion at the U.S. Steel Clairton Coke Works in Clairton, PA. That explosion killed two employees and seriously injuring five others. CSB announced their initiation of this investigation last month.

The update provides a description and history of the facility, as well as an overview of the process. It also provides a brief timeline of the incident. The Update concludes by outlining the ongoing investigation activities:

• Determining the cause and source of the gas release that led to the explosion,

• Metallurgical analysis of the cast iron coke oven gas valves,

• U.S. Steel’s use of cast iron in coke oven gas piping, and,

• U.S. Steel’s policies, procedures, and safety management systems.

Short Takes – 9-30-25 – Space Geek Edition

NOTE: Kind of a backlog here.

A new report finds China’s space program will soon equal that of the US. ArsTechnica.com article. Pull quote: “Roll is the co-author of a new report, titled "Redshift," on the acceleration of China's commercial and civil space activities and the threat these pose to similar efforts in the United States. Published on Tuesday, the report was sponsored by the US-based Commercial Space Federation, which advocates for the country's commercial space industry. It is a sobering read and comes as China not only projects to land humans on the lunar surface before the US can return, but also is advancing across several spaceflight fronts to challenge America.”

Taiwanese aerospace firm partners with Maxar on GPS-alternative drone navigation. SpaceNews.com article. Pull quote: “The partnership, announced Sept. 18, comes as military and civilian aircraft operators worldwide grapple with the increasing sophistication of GPS jamming and spoofing capabilities that can render conventional satellite navigation unreliable or completely unavailable during combat operations.”

To Protect the Nation, the Golden Dome Must Be Capable of Protecting Itself. SpaceNews.com adverticle. Pull quote: “Our propulsion solutions protect key Golden Dome space assets to ensure that both sensor and shooter missile shield satellites are difficult to track, target and attack. With proven in-space propulsion systems for any scenario and robust research and development of promising new technologies, L3Harris stands ready to help the Golden Dome protect itself while it protects the nation.”

Space Force will own next-gen neighborhood watch sats, based on commercial tech. BreakingDefense.com article. Pull quote: “The Space Force spokesperson said the plan for RG-XX “is to maximize the use of commercially available commodity spacecraft and payloads, focusing on integrating what’s available now over developing new designs.”

NASA targeting early February for Artemis II mission to the Moon. ArsTechnica.com article. Pull quote: “"The administration has asked us to acknowledge that we are, indeed, in what is commonly called a second space race," said Lakiesha Hawkins, acting deputy associate administrator, Exploration Systems Development Mission Directorate. "There is a desire for us to be the first to return to the surface of the Moon. With that being said, NASA's objective is to do so safely."”

NASA modifies Dream Chaser ISS cargo contract as Sierra Space shifts to defense work. SpaceNews.com article. Pull quote: ““Development of new space transportation systems is difficult and can take longer than what’s originally planned,” Dana Weigel, NASA ISS program manager, said in a statement. “As NASA and its partners look toward space station deorbit in 2030, this mutually agreed to decision enables testing and verification to continue on Dream Chaser, as well as demonstrating the capabilities of the spaceplane for future resupply missions in low Earth orbit.””

Blue Origin to increase New Shepard flight rate and consider new spaceports. SpaceNews.com article. Pull quote: “The company is leaning toward a new site rather than expanding the existing one. “We think looking elsewhere makes sense from a number of perspectives,” Joyce said. While Blue Origin is not ruling out another U.S. location, the primary focus is international. “We think there’s possibilities elsewhere around the globe. We think it makes sense to provide this service elsewhere.””

Galactic Energy secures $336 million, nears debut of new reusable and solid rockets. SpaceNews.com article. Pull quote: “The company, full name Beijing Galactic Energy Aerospace Technology Co., Ltd., announced Series D financing of 2.4 billion yuan ($336 million) in a statement Sept. 28. The funding will be used for the Pallas series of reusable liquid propellant launchers and the Ceres-2 solid rocket, both of which appear close to test launches. The investment will also go towards related production, testing and launch facilities.”

Report claims NASA taking illegal steps to implement budget proposal. SpaceNews.com article. Pull quote: ““Based on whistleblower documents and interviews, this staff reports finds that the White House Office of Management and Budget (OMB) has been directing NASA — since early summer — to begin implementing the devastating cuts demanded in President Trump’s proposed budget for FY26, in clear violation of the Constitution and without regard for the impacts on NASA’s science missions and workforce,” the report states.”

Firefly Alpha booster destroyed in ground test. Space News.com article. Pull quote: “In a statement Sept. 29, Firefly said the first stage for the Flight 7 mission “experienced an event that resulted in a loss of the stage.” The company said all personnel involved in the incident, which took place at its Briggs, Texas, test site, were safe.”

CSB Publishes Updated Recommendations Data Spreadsheet – 9-23-25

Yesterday the Chemical Safety Board (CSB) updated their Recommendations Statistics page to include a link to the latest version of their spreadsheet,  All_rec_status_update_9-23-2025.xlsx. This spreadsheet tracks all 1025 recommendations made by the CSB in their closed accident investigations and is current through the publication of the Cuisine Solutions Ammonia Release investigation report. The previous version (that old link still works) of this spreadsheet on the CSB website was dated July 25^th, 2025.

Short Takes – 9-29-25 – Federal Register Edition –

Notice of Request for Information; Regulatory Reform on Artificial Intelligence. Federal Register, Office of Science and Technology Policy, Request for information. Summary: “The Office of Science and Technology Policy (OSTP) requests input from all interested parties in identifying existing Federal statutes, regulations, agency rules, guidance, forms, and administrative processes that unnecessarily hinder the development, deployment, and adoption of artificial intelligence (AI) technologies within the United States. Through this Request for Information (RFI), OSTP is seeking input from the public, including private sector organizations, industry groups, academia, state, local, and tribal governments, and any other interested parties, on priorities for such regulatory reform or other agency action necessary to promote AI innovation and adoption.” Comments due: October 17^th, 2025.

Notice of Request for Public Comments on Section 232 National Security Investigation of Imports of Robotics and Industrial Machinery. Federal Register, Bureau of Industry and Security, notice of request for public comments. Summary: “On September 2, 2025, the Secretary of Commerce initiated an investigation to determine the effects on the national security of imports of robotics and industrial machinery. This investigation has been initiated under section 232 of the Trade Expansion Act of 1962, as amended (Section 232). Interested parties are invited to submit written comments, data, analyses, or other information pertinent to the investigation to the Department of Commerce's (Department) Bureau of Industry and Security (BIS), Office of Strategic Industries and Economic Security. This notice identifies issues on which the Department is especially interested in obtaining the public's views.” Comments due October 17^th, 2025.

Normalizing Unmanned Aircraft Systems Beyond Visual Line of Sight Operations; Denial of Extension of Comment Period. Federal Register, FAA and TSA, denial of comment extension. Summary “This action denies requests for extension of the comment period for the notice of proposed rulemaking (NPRM) titled “Normalizing Unmanned Aircraft Systems Beyond Visual Line of Sight Operations” that was published in the Federal Register on August 7, 2025.”

Restoring Integrity to the Issuance of Non-Domiciled Commercial Drivers Licenses (CDL). Federal Register, FMCSA, interim final rule. Summary: “FMCSA amends the Federal regulations for State Driver's Licensing Agencies (SDLAs) issuing commercial driving credentials to foreign-domiciled individuals. Through this interim final rule (IFR), FMCSA restores the integrity of the commercial driver's license (CDL) issuance processes by significantly limiting the authority for SDLAs to issue and renew non-domiciled commercial learner's permits (CLPs) and CDLs to individuals domiciled in a foreign jurisdiction. This change strengthens the security of the CDL issuance process and enhances the safety of commercial motor vehicle (CMV) operations.” Comments due November 28^th, 2025.

Review – HR 3919 Introduced – Securing AI

Back in June, Rep LaHood (R,IL) introduced HR 3919, the Advanced AI Security Readiness Act. The bill would require the National Security Agency (NSA) to develop strategies to defend covered AI technologies from technology theft by threat actors. No new funding is authorized by this bill.

Moving Forward

LaHood and two of his three cosponsors {Rep Gottheimer (D, NJ) and Rep Krishnamoorthi (D, IL)} are members of the House Intelligence Committee to which this bill was assigned for consideration. This means that there may be sufficient influence to see the bill considered in Committee. I suspect that there will be some level of bipartisan support for the bill in Committee. The specific lack of regulatory authority and no spending authorization removes much of what could cause concern from Republicans. Still, I am not sure that there would be sufficient bipartisan support to allow the bill to be considered in the full House under the suspension of the rules process.

Commentary

With AI, or more accurately machine learning applications, starting to be used in process control systems, security of those systems will become increasingly important. In this session’s political environment, it is clear that any attempts to regulate that security, but the development of this Playbook should be a good starting point for developing AI cybersecurity requirements in a future, less regulatorily constrained, Congress.

 

For more details about the provisions of the bill, as well as my suggestion on information sharing, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/hr-3919-introduced-securing-ai - subscription required.

OMB Approves NRC Sunset Rule Final Rule

On Friday the OMB’s Office of Information and Regulatory Affairs (OIRA) announced that it had approved a direct final rule from the Nuclear Regulatory Commission (NRC) on “The Sunset Rule [NRC-2025-0479]”. The rule was submitted to OIRA on August 4^th, 2025.

According to the entry for this rulemaking in the Spring 2025 Unified Agenda:

“This rulemaking would amend covered NRC regulations to insert conditional sunset dates under Executive Order 14270 [link added], Zero-Based Regulatory Budgeting to Unleash American Energy. The EO directs the NRC to issue a sunset rule to the extent consistent with applicable law and provides an exemption from the EO for regulatory permitting regimes authorized by statute.”

The NRC rulemaking listing for this rule reports that this final rule will affect Parts “1, 2, 4, 5, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 19, 20, 21, 25, 26, 30, 31, 32, 33, 34, 35, 36, 37, 39, 40, 50, 51, 52, 53, 54, 55, 60, 61, 62, 63, 70, 71, 72, 73, 74, 75, 76, 81, 95, 100, 110, 140, 150, 160, 170, 171” of 10 CFR Chapter 1.

I do not normally cover NRC regulations, and I do not expect to cover this rulemaking in any depth, but I do think that the scope of what this direct final rule will potentially affect is worth looking at. For example, the above list of affected sections covers the following facility security regulations:

Part 11 - Criteria And Procedures for Determining Eligibility for Access to or Control Over Special Nuclear Material,

Part 37 - Physical Protection of Category 1 and Category 2 Quantities of Radioactive Material,

Part 73 - Physical Protection of Plants and Materials.

This rulemaking will probably be published this week. Again, I will probably not cover this direct final rule in any detail, but I will announce its publication in the appropriate “Short Takes” post.

Review – HR 5062 Introduced – Pipeline Security

Last month Rep Johnson (D,TX) introduced HR 5062, the Pipeline Security Act. The bill would amend the Implementing Recommendations of the 9/11 Commission Act of 2007 by adding a new §1559, Pipeline Security. It would require the Transportation Security Administration (TSA) to take actions to regulate the cybersecurity protection of hazardous material pipelines. No new funding is authorized.

The bill is similar in intent to HR 9469, the Pipeline Security Act, that was introduced by Rep Garcia (D,CA) in September 2024. The House Homeland Security Committee held a business meeting on September 25^th, 2024 where the bill was considered. The bill was amended and passed on a voice vote. No report was published nor was a revised version of the bill published. No further action was taken in the House. The earlier bill would have amended 49 USC 114 to specifically add pipeline cybersecurity to the list of responsibilities of the Transportation Security Administration.

Moving Forward

On September 3^rd, 2025 the House Homeland Security Committee held a business meeting that included the consideration of HR 5062. By a vote of 22 to 0 the Committee, the bill was ordered reported favorably without amendment. That bipartisan support would indicate that the bill could be considered in the House under the suspension of the rules process, where the bill should pass with significant bipartisan support.

Commentary

The reality is that this bill is going to codify responsibility for actions that TSA is already taking. Bills such as this, however, are important in that they provide a legal backstop for charges that the agency has exceeded its authority. The current authority under 49 USC 114 is broadly written and could be argued to support the agency’s security directives and current rulemaking process.

 

For more information on the provisions of this bill, including additional commentary, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/hr-5062-introduced-pipeline-security - subscription required.

OMB Approves FMCSA IFR on Non-Domiciled CDL’s

Yesterday the OMB’s Office of Information and Regulatory Affairs (OIRA) announced that it had approved an interim final rule (IFR) for the Federal Motor Carrier Safety Administration (FMCSA) on “Restoring Integrity to the Issuance of Non-Domiciled Commercial Drivers Licenses (CDL)”. The IFR was submitted to OIRA on Thursday.

This rulemaking is obviously high-profile for the Administration with the one-day turnaround at OIRA. The IFR is scheduled to be published in Monday’s Federal Register, and is available online today. Yesterday, Secretary Duffy announced the publication of the IFR and DOT has published a fact sheet on the rulemaking.

Review – Bills Introduced – 9-26-25

Yesterday, with the House meeting in pro forma session, there were 63 bills introduced. One of those bills may receive additional coverage in this blog:

HR 5566 To amend the Federal Water Pollution Control Act and the Safe Drinking Water Act to reauthorize certain programs for water infrastructure resilience and sustainability, and for other purposes. Carbajal, Salud O. [Rep.-D-CA-24]

Space Geek Legislation

I would like to mention one bill under my limited Space Geek coverage in this blog:

HR 5602 To streamline the application of regulations relating to commercial space launch and reentry requirements and licensing of private remote sensing space systems, and for other purposes. Pfluger, August [Rep.-R-TX-11]

 

For more information on these bills, including legislative history for similar bills in the 118^th Congress, including a mention in passing about an AI education bill, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/bills-introduced-9-26-25 - subscription required.

Chemical Incident Reporting – Week of 9-20-25

NOTE: See here for series background.

AVON LAKE, OH– 9-16-25

Local News Report: Here, here, and here.

There was a minor (20-lb) onsite chemical spill that resulted in 6,000-gallons of contaminated water reaching a local creek. No injuries or damages were reported.

Not CSB reportable.

Shively, KY– 9-21-25

Local News Report: Here, here, and here.

There was an explosion in a chemical process tank containing hydrogen gas. One worker was killed.

CSB reportable.

Boca Raton, FL  – 9-24-25

Local News Report: Here.

There was a two-vehicle collision that involved a pool truck. Ten gallons each of muriatic acid and pool chlorine (sodium hypochlorite?) spilled and mixed. The chemical reaction formed chlorine gas. One person was transported to hospital for chlorine inhalation  and another for injuries related to the collision.

Not CSB reportable – transportation related.

Review – Public ICS Disclosures – Week of 9-20-25

This week we have nine vendor disclosures from Delta Electronics, Honeywell, HP (3), HPE, Philips, Rockwell, and WAGO. There are also three vendor updates from HPE, WAGO, and Welotec.

Advisories

Delta Advisory - Delta published an advisory that describes two stack-based buffer overflow vulnerabilities in their CNCSoft-G2 product.

Honeywell Advisory - Honeywell published an end-of-life notice for the legacy integrations in their Pro-Watch product.

HP Advisory #1 - HP published an advisory that discusses seven vulnerabilities in multiple HP product lines.

HP Advisory #2 - HP published an advisory that discusses six vulnerabilities (with publicly available exploits) in multiple PC product lines.

HP Advisory #3 - HP published an advisory that discusses four vulnerabilities in multiple product lines.

HPE Advisory - HPE published an advisory that discusses an out-of-bounds read vulnerability in their HPE Superdome Flex and Compute Scale-up Server 3200.

Philips Advisory - Philips published an advisory that discusses the Shai-Hulud worm.

Rockwell Advisory - Rockwell published an advisory that discusses a stack-based buffer overflow vulnerability in their Stratix products.

WAGO Advisory - CERT-VDE published an advisory that describes two missing authentication for critical function vulnerabilities in the WAGO Software Device Sphere and Software Solution Builder.

Updates

HPE Update - HPE published an update for their Blast-RADIUS advisory that was originally published on July 9^th, 2024, and most recently updated on January 22nc, 2025.

WAGO Update - CERT-VDE published an update for the WAGO 750-8xx Controller advisory that was originally published on August 17^th, 2018, and most recently updated on May 22^nd, 2025.

Welotec Update - CERT-VDE published an update for the Welotec SmartEMS Upload advisory that was originally published on September 10^th, 2025.

 

For more information on these disclosures, including links to 3^rd party advisories, researcher reports, and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-9-0a8 - subscription required.

Transportation Chemical Incidents – Week of 8-23-25

Reporting Background

See this post for explanation, with the most recent update here (removed from paywall).

Data from PHMSA’s online database of transportation related chemical incidents that have been reported to the agency.

Incidents Summary

• Number of incidents – 531 (494 highway, 29 air, 8 rail, 0 water)

• Serious incidents – 2 (1 Bulk release, 2 evacuation, 1 injury, 0 death, 0 major artery closed, 1 fire/explosion, 24 no release)

• Largest container involved – 30,160-gal DOT 117R100W Railcar {Alcohols, N.O.S.} No gasket installed in manway.

• Largest amount spilled – 350-gal Pressure Receptacle {Trimethylchlorosilane} Containers not blocked/chocked, crushed in transit.

• Total amount reported spilled in all incidents – 1522.5-gal

NOTE: Links above are to Form 5800.1 for the described incidents.

Most Interesting Chemical: Trimethylchlorosilane: A colorless fuming liquid with a pungent odor. Boiling point 135°F, Flash point -18°F. Density 0.854 g / cm3. The vapor and liquid may cause burns. Vapors are heavier than air. Trimethylchlorosilane reacts vigorously with water to generate gaseous HCl. (Source: CameoChemicals.NOAA.gov).

 

CSB Publishes Final Report on Cuisine Solutions Ammonia Release

Yesterday the Chemical Safety Board announced the release of their final report on their investigation of the July 21^st, 2024, anhydrous ammonia release at Cuisine Solutions in Sterling, VA. According to the announcement: “The incident led to a toxic cloud of ammonia that injured dozens of workers and exposed critical deficiencies in the facility’s safety systems.” Along with providing a timeline for the incident and identifying the proximate causes of the release, the report identified three safety issues and produced six recommendations to prevent such releases in the future, four to Cuisine Solutions and two to International Institute of All-Natural Refrigeration (IIAR). This brings to total count of CSB recommendations to 1,025, and the number of open recommendations to 123.

The three safety issues that contributed to the accident were:

• Two-phase Atmospheric Relief

• Discharging to a Safe Location

• Emergency Preparedness

Anhydrous ammonia gas is lighter than air, and when discharged above ground, tends to safely dissipate. The discharge cloud in this case included entrained liquid droplets that fell to the ground; that resulted in an ammonia cloud at ground level near the point of evacuation from the building. This resulted in a number of employees evacuating through a cloud of toxic ammonia gas, thus the large number of injuries.

The four recommendations made by the Board to Cuisine Solutions are:

2024-03-I-VA-3 – Reduce the likelihood or mitigate the consequences of liquid or two-phase atmospheric discharges from the ammonia refrigeration emergency pressure relief system at the Sterling plant.

2024-03-I-VA-4 – Implement an electronic process data historian and management system to ensure that critical process parameters are collected, tracked, and stored.

2024-03-I-VA-5 – Update the Cuisine Solutions Sterling site’s Emergency Action Plan using guidance such as the IIAR’s Critical Task Guidance for Ammonia Refrigeration System Emergency Planning.

2024-03-I-VA-6 – Add an alarm or alarms specific to ammonia releases, so that workers can properly respond to a release.

The two recommendations made to IIAR are:

2024-03-I-VA-1 – Update ANSI/IIAR 2 to include guidance for preventing or mitigating liquid or two-phase atmospheric discharges from emergency pressure relief systems, such as the guidance in API Standard 521, Pressure-relieving and Depressuring Systems.

2024-03-I-VA-2 – Update ANSI/IIAR 2 to include a requirement to assess whether emergency pressure relief devices discharge to a safe location, such as with a dispersion analysis.

FMCSA Sends Non-Domiciled CDL IFR to OMB

Yesterday the OMB’s Office of Information and Regulatory Affairs (OIRA) announced that it had received an interim final rule (IFR) from the DOT’s Federal Motor Carrier Safety Administration (FMCSA) on “Restoring Integrity to the Issuance of Non-Domiciled Commercial Drivers Licenses (CDL)”.

This rulemaking was not listed in the Spring 2025 Unified Agenda. It does, however, appear that it would be the first regulatory step to implement the requirements of §4 of EO 14286, Enforcing Commonsense Rules of the Road for America's Truck Drivers. That would explain the use of an IFR instead of going through the normal notice and comment rulemaking process.

NOTE: It will be interesting to see if this rulemaking has any impact the current status of Mexican and Canadian drivers not needing a non-domiciled CDL to drive trucks in the United States

I do not expect that I will be covering this rulemaking in any detail, but since it does have potential implications for transportation of chemicals (due to the general shortage of qualified truck drivers for both hazmat and non-hazmat chemical loads) I will at least mention the publication of the rule in the appropriate ‘Short Takes’ post.

Looking Back – 7-8-09

Nearly every morning I start my computer time by looking at information from Google about what happened in my blog in the previous 24 hours. Google, and blogspot.com is a Google service, provides interesting pieces of analytical data about my blog readership. One item of particular interest is the top ten blog posts each day. As you would expect, most of those posts were from the last couple of days, but with 16 years of publishing this blog, every once-in-a-while, a blog post from ancient history rises into that list.

Today a blog post from July 2009, ‘Good Intentions – A Reply’, popped up on the top-ten-list. It looks at discussions about a chemical security bill, HR 2868, just one of many bills introduced in the early years of the CFATS program that would have moved the program out of the year-to-year spending approval process and into codification into the Homeland Security Act. This one passed in the House, but was never taken up by the full Senate, a common legislative history.

Looking back at these legislative attempts at codifying the then existing CFATS program points out how hard it would be to stand the program back up after it failed Congressional renewal two years ago. Too many different factions saw the program as a vehicle for chemical reform rather than a chemical security program. That problem would be exacerbated by the regulatory divide in Congress today.

NOTE: If you go back and search the blog history for HR 2868, you will find a large number of posts. Most of them will be difficult to read because of the lack of paragraph formatting. This was a byproduct of the switch of this blog from AOL.com to Blogspot, much of the formatting did not make the transition. When I go back and look at an individual post, I try to correct that problem, as I did with the post discussed here today.

Review – 1 Advisory Published – 9-25-25

Today CISA’s NCCIC-ICS published a control system security advisory for products from Dingtian.

Advisories

Dingtian Advisory This advisory describes two insufficiently protected credentials vulnerabilities in the Dingtian DT-R002 relay board.

 

For more information on these advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/1-advisory-published-9-25-25 - subscription required.

Review – EPA Publishes RMP 30-day ICR Renewal Notice – 9-25-25

Today the EPA published a 30-day information collection request (ICR) renewal notice in the Federal Register (90 FR 46196-46197) for “Risk Management Program Requirements and Petitions To Modify the List of Regulated Substances Under Section 112(r) of the Clean Air Act (Renewal)”. The 60-day ICR renewal notice was published on April 17^th, 2025. No programmatic changes are being reported to the ICR, but the burden estimate has changed.

 

Today’s notice explains the reason for the change in burden estimate:

“There is decrease of 36,336 hours in the total estimated respondent burden compared with the ICR currently approved by OMB. Two primary reasons account for this decrease in burden. First, the burden varies from one ICR renewal to the next due to different resubmission deadlines based on the sources' RMP re-submission deadlines [based upon a five-year cycle instead of the ICR’s three-year cycle] and other regulatory deadlines. Therefore, the burden changes each year depending on how many sources must submit their RMP and comply with certain prevention program requirements. Second, the number of sources subject to the regulations fluctuates regularly and is slightly lower than in the previous ICR (12,074 vs. 12,341 sources) due to the net change in new sources minus deregistered sources, as well as a lower number of new facilities anticipated to become subject to the RMP requirements during the three-year clearance period.”

Public Comments

The EPA is soliciting public comments on this ICR notice. Comments may be submitted via the Federal eRulemaking Portal (www.regulation.gov: Docket # EPA-HQ-OEM-2015-0725). Comments should be submitted by October 27^th, 2025.

 

For more information about today’s notice, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/epa-publishes-rmp-30-day-icr-renewal - subscription required.

CSB Investigation Report to Drop Today?

Overnight the CSB updated the graphic (see copy below) on their home page showing statistics for recommendations made in their accident investigations. The number of recommendations increased from 1019 to 1025 and the number of open recommendations increased from 117 to 123. This would seem to indicate that the Board has completed one of the nine open investigations, though there is no announcement of a report on their site.

Digging into the site a little more closely we see that there are still nine open investigations on the Current Investigations page, with the oldest being the Dow Louisiana Operations Explosions investigation. The Board’s Recent Recommendation Status Updates page shows at the top of the list: “Cuisine Solutions Ammonia Release (0 Recommendations)”. That investigation is the second oldest on the Current Investigations page, with the release occurring on July 31^st, 2024. I expect that the investigation report for that incident will drop today or tomorrow.

HHS Sends Healthcare IT Deregulatory NPRM to OMB

Yesterday the OMB’s Office of Information and Regulatory Affairs (OIRA) announced that it had received a notice of proposed rulemaking from the HHS National Coordinator for Health IT (ONC) on “Health Data, Technology, and Interoperability: ASTP/ONC Deregulatory Actions to Unleash Prosperity ”. This would appear to be part of the Trump Administration’s aggressive attempt at reducing the regulatory requirements of the Federal Government.

According to the abstract for this rulemaking in the Spring 2025 Unified Agenda:

“The rulemaking would focus on potential deregulatory actions identified in 45 CFR part 170 (Health Information Technology Standards, Implementation Specifications, and Certification Criteria and Certification Programs for Health IT). Inclusive of proposals would be those that propose to codify all or parts of recent enforcement discretion guidance (Enforcement Discretions | HealthIT.gov) and propose, to remove certain certification criteria, Condition and Maintenance of Certification requirements, and other ONC Health IT Certification Program requirements. Additionally, we are evaluating other potential deregulatory actions under 45 CFR parts 171 (Information Blocking) and 172 (Trusted Exchange Framework and Common Agreement).”

This is not an area that I have spent much time looking at, nor do I expect to cover this rulemaking in any depth in this blog, but I am concerned that this rulemaking could remove or reduce the minimal cybersecurity standards for healthcare IT operations. The history of major healthcare cybersecurity breaches over that last couple of years does little to engender confidence in the adequacy of current cybersecurity regulations in this field, and would seem to argue for additional, not less, regulatory efforts.

Short Takes – 9-24-25

Gut bacterium amplifies amphetamine’s addictive pull. ChemistryWorld.com article. Pull quote: “A common gut bacterium can make amphetamines more addictive by producing a chemical that boosts dopamine activity in the brain. By targeting this microbial pathway, it may be possible to dampen amphetamine’s effects, helping people overcome addiction.”

Ebola outbreak in the DRC: why is it so deadly? Nature.com article. Pull quote: ““It’s not identical to previous strains that have been identified, which strongly suggests that it’s a new spillover [from animal source] event,” says epidemiologist Peter Horby of the Pandemic Sciences Institute at the University of Oxford, UK.”

Congressional Budget Office says Trump’s immigration crackdown will shrink U.S. population faster than expected, a threat to inflation and GDP growth. NewsBreak.com article. Pull quote: “The nonpartisan budget agency released a revised population forecast on Wednesday. It predicts that deaths will outnumber births in the U.S. starting in 2031—two years earlier than previously expected—due to fewer immigrants and lower birth rates.”

What’s Behind Russian Incursions Into NATO? LawfareMedia.org pod cast. Pull quote: “So they [US forces in Poland] were not involved really in this response, although the US is the framework nation in this NATO-forward force deployment in Poland. So, I think that was the, a relevant data point that they were looking for, maybe even more so than the general NATO response.”

Boron replaces metal by forming complexes with olefins, reducing toxicity and cost. Phys.org article. Pull quote: “The article published in Nature Chemistry shows that boron can also form so-called π complexes with olefins, which are similar in their properties and behavior to the complexes of transition metals with olefins. The latter compounds are intermediates in many large-scale catalytic processes in industry.”

Review – HR 4971 Introduced – TSDB Quality Control

Last month Rep Thompson (D,MS) introduced HR 4971 the Terrorist Watchlist Data Accuracy and Transparency Act. The bill would amend the Homeland Security Act of 2002, adding a new §210H, Quality assurance reviews of departmental nominations to the terrorist watchlist and other terrorism databases. The new section would require DHS to conduct quality assurance checks of all new data prior to submission to the Terrorist Screening Database (TSDB). Periodic audits would also be required. No new funding is authorized by the bill.

Moving Forward

Thompson is the Ranking Member of the House Homeland Security Committee to which this bill was assigned for consideration. This means that there may be sufficient influence to see the bill considered in Committee. I suspect that there might be some level of bipartisan support for this bill in Committee, but I am not sure that it would be enough to move the bill to the floor of the House under the suspension of the rules process. This bill is not politically important enough to consider under regular order.

Commentary

Last month the GAO published their most recent report on “Terrorist Watchlist: Nomination and Redress Processes for U.S. Persons”. The GAO spent most of their effort reporting on the redress processes for people who feel that they have been improperly been added to the TSDB or it related databases. Many (no one is sure of how many) of those ‘in error’ listings could have been prevented from occurring if there had been data quality assurance processes in place to reduce those questionable listings.

 

For more details about the provisions of this bill, including additional commentary, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/hr-4971-introduced-tsdb-quality-control - subscription required.

Short Takes – 9-24-25 – Federal Register Edition -

Computer Software Assurance for Production and Quality System Software; Guidance for Industry and Food and Drug Administration Staff; Availability. Federal Register FDA notice of availability. Pull quote: “The Food and Drug Administration (FDA or Agency) is announcing the availability of a final guidance entitled “Computer Software Assurance for Production and Quality System Software.” FDA is issuing this guidance to provide recommendations on computer software assurance for computers and automated data processing systems used as part of medical device production or the quality system. FDA believes that these recommendations will help foster the adoption and use of innovative technologies that promote patient access to high-quality medical devices and help manufacturers to keep pace with the dynamic, rapidly changing technology landscape, while promoting compliance with laws and regulations implemented by FDA.”

Renewal of Rail Energy Transportation Advisory Committee. Federal Register STB notice of intent to renew charter. Summary: “RETAC was established by the Board on September 24, 2007, to provide advice and guidance to the Board, on a continuing basis, and to provide a forum for the discussion of emerging issues and concerns regarding the transportation by rail of energy resources, including, but not necessarily limited to, coal and biofuels (such as ethanol), and petroleum. RETAC functions solely as an advisory body and complies with the provisions of the Federal Advisory Committee Act (FACA), 5 U.S.C. Chapter 10, and its implementing regulations.”

Unmanned and Autonomous Flight Advisory Committee. Federal Register FAA solicitation of nominations for membership. Summary: “The Department solicits nominations for membership to serve on the Unmanned and Autonomous Flight Advisory Committee (UAFAC), which is intended to provide advice to the Secretary of Transportation through the FAA Administrator on policy and technical-level issues related to unmanned and autonomous aviation operations and activities.”

Notice of Extension of Public Comment Period on the Draft Environmental Impact Statement for the SpaceX Starship-Super Heavy Vehicle at Launch Complex 39A, at Kennedy Space Center in Merritt Island, Florida. Federal Register FAA comment period extension. Summary: “In accordance with the National Environmental Policy Act of 1969, as amended (NEPA) and FAA Order 1050.1F, Environmental Impacts: Policies and Procedures, the FAA is announcing the extension of the comment period on the Draft Environmental Impact Statement for SpaceX Starship-Super Heavy Vehicle operations at Launch Complex 39A at Kennedy Space Center in Merritt Island, Florida (Draft EIS).”

EO 14351 - The Gold Card. Federal Register.

BIS Sends Lab Equipment Final Rule to OMB

Yesterday the OMB’s Office of Information and Regulatory Affairs (OIRA) announced that it had received a final rule from the DOC’s Bureau of Industry and Security (BIS) on “Control of Laboratory Equipment and Related Technology and Software”. This rule would complete action on the interim final rule (IFR) that was published on January 16^th, 2025.

According to the abstract for this rulemaking in the Spring 2025 Unified agenda:

“The Bureau of Industry and Security (BIS) is finalizing revisions to an interim final rule published in January 2025 which amended the Export Administration Regulations (EAR) to address the accelerating development and deployment of advanced biotechnology tools contrary to U.S. national security and foreign policy interests.”

Review – HR 5109 Introduced – Felons and TWIC

Earlier this month, Rep Carter (D,LA) introduced HR 5109, a bill requiring TSA to “develop guidelines to improve returning [from incarceration] citizens’ access to the TWIC program.” No new funding is authorized by the bill. No new funding is authorized.

This bill is essentially identical to HR 7223 that was introduced by Carter in February 2024. No action was taken on that bill in the 118th Congress.

Moving Forward

Carter is a member of the House Homeland Security Committee to which this bill was assigned for consideration. This means that there may be sufficient influence to see this bill considered in Committee. I suspect that there will be some ‘soft on crime’ opposition to this bill from many Republicans. Whether it will be sufficient to derail this bill in committee is not clear. While I suspect that there would be some level of bipartisan support for the measure, I do not think that it would be enough to allow consideration under the suspension of the rules process which requires a super majority for passage.

For more information on the provisions of this bill, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/hr-5109-introduced-felons-and-twic - subscription required -

Short Takes – 9-23-25 – Federal Register Edition

Procedures for Chemical Risk Evaluation Under the Toxic Substances Control Act (TSCA). Federal Register EPA notice of proposed rulemaking. Summary: “The U.S. Environmental Protection Agency (EPA, “the Agency”) is proposing to amend the procedural framework rule for conducting existing chemical risk evaluations under the Toxic Substances Control Act (TSCA). When conducting an existing chemical risk evaluation under TSCA, EPA must determine whether a chemical substance presents an unreasonable risk of injury to health or the environment, without consideration of costs or non-risk factors, including unreasonable risk to a potentially exposed or susceptible subpopulation identified as relevant to the risk evaluation, under the conditions of use. In this action, EPA proposes to rescind or revise certain 2024 amendments to the procedural framework rule to effectuate the best reading of the statute and ensure that the procedural framework rule does not impede the timely completion of risk evaluations or impair the effective and efficient protection of health and the environment.” Comments due: October 23, 2025.

Notice of Availability, Notice of Public Comment Period, Notice of Virtual Public Meeting, and Request for Comment on the Draft Tiered Environmental Assessment for Updates to Airspace Closures for Additional Launch Trajectories and Starship Boca Chica Landings of the SpaceX Starship-Super Heavy Vehicle at the SpaceX Boca Chica Launch Site in Cameron County, Texas. Federal Register FAA notice of availability. Summary: “In accordance with the National Environmental Policy Act of 1969, as amended (NEPA) and FAA Order 1050.1G, FAA National Environmental Policy Act Implementing Procedures, the FAA is announcing the availability of and requesting comment on the draft Tiered Environmental Assessment for Updates to Airspace Closures for Additional Launch Trajectories and Starship Boca Chica Landings of the SpaceX Starship-Super Heavy Vehicle at the SpaceX Boca Chica Launch Site in Cameron County, Texas (Draft Tiered EA).”

Supply Chain Risk Management Reliability Standards Revisions; Equipment and Services Produced or Provided by Certain Entities Identified as Risks to National Security. Federal Register FERC final action. Summary: “The Federal Energy Regulatory Commission (Commission) directs the North American Electric Reliability Corporation (NERC), the Commission-certified Electric Reliability Organization, to develop new or modified Reliability Standards that address the sufficiency of responsible entities' supply chain risk management plans related to the identification of and response to supply chain risks. Further, the Commission directs NERC to develop modifications related to supply chain protections for protected cyber assets. This final action also terminates a related notice of inquiry.”

Critical Infrastructure Protection Reliability Standard CIP-003-11-Cyber Security-Security Management Controls. Federal Register FERC notice of proposed rulemaking. Summary: “The Federal Energy Regulatory Commission (Commission) proposes to approve Critical Infrastructure Protection (CIP) Reliability Standard: CIP-003-11 (Cyber Security—Security Management Controls). The North American Electric Reliability Corporation, the Commission-certified electric reliability organization, submitted the proposed Reliability Standard modifications to mitigate risks posed by a coordinated cyberattack on low impact facilities; the aggregate impact of which could be much greater.”

Virtualization Reliability Standards. Federal Register FERC notice of proposed rulemaking. Summary: “The Federal Energy Regulatory Commission (Commission) proposes to approve four new definitions and 18 modified definitions in the North American Electric Reliability Corporation (NERC) Glossary of Terms Used in Reliability Standards. The Commission also proposes to approve eleven modified Critical Infrastructure Protection (CIP) Reliability Standards. NERC, the Commission-certified electric reliability organization, submitted the proposed modifications to update the CIP Reliability Standards to enable the application of virtualization and other new technologies in a secure manner.”

Review – 4 Advisories and 2 Updates Published – 9-23-25

Today CISA’s NCCIC-ICS published four control system security advisories for products from Carrier (Viessmann), Schneider Electric, Mitsubishi Electric, and AutomationDirect. They also updated two advisories for products from Hitachi Energy.

Advisories

Carrier Advisory - This advisory describes two vulnerabilities in the Viessmann Vitogate 300.

Schneider Advisory - This advisory describes a link following vulnerability in the Schneider software update (SESU) service.

Mitsubishi Advisory - This advisory describes an improper handling of lengthy parameter inconsistency vulnerability in the Mitsubishi MELSEC-Q Series CPU modules.

NOTE: I briefly discussed this vulnerability on Sunday.

AutomationDirect Advisory - This advisory describes seven vulnerabilities in the AutomationDirect Click Plus programming software.

Updates

 Hitachi Energy Update #1 - This update provides additional information on the RTU500 Series advisory that was originally published on April 3^rd, 2025, and most recently updated on May 8^th, 2025.

Hitachi Energy Update #2 - This update provides additional information on the RTU500 Series advisory that was originally published on January 23, 2025.

 

For more information on these advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/4-advisories-and-2-updates-published-be3 - subscription required.

Review - HR 4754 Introduced – FY 2026 IER Spending

Back in July Rep Simpson (R,ID) introduced HR 4754, the Department of the Interior, Environment, and Related Agencies [IER] Appropriations Act, 2026. The House Appropriations Committee published their Report on the bill. There is no specific cybersecurity funding mentioned in the bill. The bill does contain reduced funding for the Chemical Safety and Hazard Investigation Board (CSB).

HR 4754 is similar to HR 8998, the Department of the Interior, Environment, and Related Agencies [IER] Appropriations Act, 2024, that was introduced by Simpson in July 2024. That bill was passed in the House on July 24th, 2024, in a party-line vote. No action was taken in the Senate.

Moving Forward

It is not clear at this point if this bill will make it to the floor of the House for consideration. It was hoped by the Republican leadership that a short CR would have allowed for consideration of each of the spending bills in an apparently outdated regular order. That process is wholly dependent on a CR being passed before midnight of September 30^th. A government shutdown will almost certainly ultimately lead to an agreement on another year end massive spending bill.

 

For more information on cybersecurity and CSB funding see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/hr-4754-introduced-fy-2026-ier-spending - subscription required.

Short Takes – 9-23-25 -Space Geek Edition

NASA safety panel warns Starship lunar lander could be delayed by years. SpaceNews.com article. Pull quote: “Hill did not detail the problems or their impact. But SpaceX President Gwynne Shotwell, speaking Sept. 16 at World Space Business Week, said propellant transfer worried her more than docking Starships in orbit. “Hopefully it’s not as hard as some of my engineers think it could be,” she said.”

NASA puts in an order with Blue Origin to work on sending VIPER rover to moon’s south pole. GeekWire.com article. Pull quote: “VIPER was originally due to go to the moon aboard Astrobotic’s Griffin lander, but last year, NASA put the mission on hold due to cost increases and schedule delays. This year, NASA said it was exploring “alternative approaches” for getting VIPER to the moon — a process that led up to today’s announcement.”

Space Force chief: Current satellite tracking ‘too slow’ for modern threats. SpaceNews.com article. Pull quote: “The general’s comments underscore growing Pentagon concerns about what military officials call “space domain awareness” — the comprehensive tracking and understanding of all objects and activities in Earth’s orbit. This capability, which encompasses monitoring satellites, debris, and potential threats, has become critical as space transforms from a largely benign environment into a contested warfighting domain.”

Astronaut Walter Villadei Tests AxEMU Suit Performance with Lunar Geology Tools. AxiomSpace.com press article. Pull quote: “This test provided valuable astronaut feedback on the ergonomics of the tools, lunar sample collection procedures, and the overall readiness of the suit to enable lunar geology tasks. The tools tested included a sample bag dispenser, sample bags, a scoop, a hammer, and an easel. Each item was installed and used to mimic geology tasks that will be performed on the lunar surface. Additionally, Villadei used the Don Doff Frame (DDF) in the Human Landing System Airlock to get in and out of the AxEMU before and after the test.”

Successful flight on Falcon 9 for EOS-8’’, MECANO ID’s Satellite Ejection System. SpaceNews.com press release. Pull quote: “By combining mechanical robustness, institutional validation, proven flight heritage, and market responsiveness, EOS-8’’ establishes itself as a reference solution for satellite deployment. Building on this flight experience and 30 years of expertise in the space industry, MECANO ID looks forward to continuing collaborations with agencies, manufacturers, and operators to support the growth of space missions in the decades ahead.”

ReOrbit raises 45 million euros to increase spacecraft production. SpaceNews.com article. Pull quote: ““Space and defense have merged, and in that geopolitical environment, what we are hearing is that every country wants to modernize their own space capabilities and thereby their defense capabilities,” he said. “In that sense, a lot of countries are looking at geopolitically neutral companies, and the Nordics have largely been seen as such.””

Impulse Space and Anduril to demonstrate autonomous spacecraft maneuvers in GEO. SpaceNews.com article. Pull quote: “The demonstration, targeted for 2026, will attempt to showcase a spacecraft’s ability to approach, image and maneuver around other objects in orbit without direct human control. Rendezvous and proximity operations (RPO) in the geostationary belt 36,000 kilometers above Earth — where the most valuable military and commercial satellites operate — is viewed as a capability of strategic importance.”

A new report finds China’s space program will soon equal that of the US. ArsTechnica.com article. Pull quote: “Roll is the co-author of a new report, titled "Redshift," on the acceleration of China's commercial and civil space activities and the threat these pose to similar efforts in the United States. Published on Tuesday, the report was sponsored by the US-based Commercial Space Federation, which advocates for the country's commercial space industry. It is a sobering read and comes as China not only projects to land humans on the lunar surface before the US can return, but also is advancing across several spaceflight fronts to challenge America.”

Review – Public ICS Disclosures – Week of 9-13-25 – Part 2

For Part 2 we have six additional vendor disclosures from Mitsubishi, Omron, Siemens, Supermicro, WAGO, and WatchGuard. Finally, we have nine vendor updates from ABB, HP (2), HPE (3), and Mitsubishi (3).

Advisories

Mitsubishi Advisory - Mitsubishi published an advisory that describes an improper handling of length parameter inconsistency vulnerability in their MELSEC-Q series CPU module.

Omron Advisory - Omron published an advisory that describes an unquoted search path element vulnerability in multiple Omron products.

Siemens Advisory - Siemens published an advisory that discusses a weak authentication vulnerability in their Trainguard products.

NOTE: I briefly discussed this vulnerability on July 10^th, 2025.

Supermicro Advisory - Supermicro published an advisory that describes two improper verification of cryptographic signature vulnerabilities in their BMC firmware.

WAGO Advisory - CERT-VDE published an advisory that describes an insecure default initialization of resource vulnerabilities in multiple WAGO products.

WatchGuard Advisory - WatchGuard published an advisory that describes an out-of-bounds write vulnerability in their Fireware OS iked process.

Updates

ABB Updates - ABB published an update for their FLXeon Controllers advisory that was originally published on September 9^th, 2025.

HP Update #1 - HP published an update for their Intel 2025.1 IPU – Chipset advisory that was originally published on March 10^th, 2025, and most recently update on August 1^st, 2025.

HP Update #2 - HP published an update for their Intel Graphics Driver advisory that was originally published on May 13^th, 2025.

HPE Update #1 - HPE published an update for their ProLiant DL/ML/XD advisory that was originally published on August 14^th, 2025.

HPE Update #2 - HPE published an update for their ProLiant DL/ML/XD advisory that was originally published on August 14^th, 2025.

HPE Update #3 - HPE published an update for their Intel 700 Series advisory that was originally published on August 12^th, 2025.

Mitsubishi Update #1 - Mitsubishi published an update for their GENESIS64 advisory that was originally published on August 5^th, 2025.

Mitsubishi Update #2 - Mitsubishi published an update for their EcoGuideTAB advisory that was originally published on July 10^th, 2025.

Mitsubishi Update #3 - Mitsubishi published an update for their GENESIS64 advisory that was originally published on May 15^th, 2025, and most recently updated on August 5^th, 2025.

 

For more information on these disclosures, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-9-ac4 - subscription required.

FCC Sends Space Utilization ANPRM to OMB

Yesterday the OMB’s Office of Information and Regulatory Affairs (OIRA) announced that it had received an advanced notice of proposed rulemaking (ANPRM) from the Federal Communications Commission (FCC) on “Exploring Efficient Use of Space Resources”. This rulemaking was not listed in the Spring 2025 Unified Agenda.

Review – CSB Updated the Status of 11 Incident Recommendations – 9-19-25

Yesterday the Chemical Safety Board (CSB) updated their Recent Recommendation Status Updates page, closing five recommendations with acceptable alternative actions. These actions left 117 of 1019 recommendations open. Additionally, the CSB updated the open status of six recommendations. The CSB took all of these actions on September 19th, 2025. The previous update was published on September 6th, 2025.

The five recently closed recommendations are:

Evergreen Packaging Paper Mill – Fire During Hot Work - 2020-07-I-NC-R6 - Universal Blastco,

Didion Milling Company Explosion and Fire - 2017-07-I-WI-R1 - Didion Milling, Inc.,

Didion Milling Company Explosion and Fire - 2017-07-I-WI-R5 - Didion Milling, Inc.,

Didion Milling Company Explosion and Fire - 2017-07-I-WI-R6 - Didion Milling, Inc., and

Didion Milling Company Explosion and Fire - 2017-07-I-WI-R9 - Didion Milling, Inc.

Five of the six ‘updated open investigations’ are associated with the Yenkin-Majestic Resin Plant Vapor Cloud Explosion and Fire that occurred on April 8^th, 2021. The five updates were all assigned to Yenkin-Majestic Paint Corporation. The CSB changed the status to ‘Open – Unacceptable Response/No Response Received’, noting that:

“To date, Yenkin-Majestic/OPC Polymers has not provided information responsive to the recommendations. CSB staff have made multiple attempts to elicit such information, all of which  have been unsuccessful. The CSB hopes that further dialogue will cause Yenkin-Majestic to act on these recommendations.”

The remaining open status update was from the Aghorn Operating Inc. Waterflood Station Hydrogen Sulfide Release that occurred on October 26, 2019. The update was to a recommendation for Aghorn Operating Inc. and was changed to ‘Open – Acceptable Response or Alternate Response’. Aghorn has provided CSB with an implementation plan for their corrective actions.

For more details about the actions taken that led to the changes in recommendations status, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/csb-updated-the-status-of-11-incident - subscription required.

HR 5371 Passed in House and Failed in Senate – FY 2025 CR

Early yesterday, the House took up HR 5371, the Continuing Appropriations and Extensions Act, 2026. After one-hour of debate, the House voted to pass HR 5371 by a near party-line vote of 217 to 212. Shortly thereafter, and before the Senate acted on the bill, the House adjourned, going to a ‘District Work Period’ next week and returning to Washington on September 29^th, 2025.

Yesterday afternoon, with House members heading to the airports and trains, the Senate first took up S 2882, the Continuing Appropriations and Extensions and Other Matters Act, 2026, introduced by Sen Murray, Ranking Member of the Senate Appropriations Committee. That bill would have provided continuing spending authorization based upon 2025 spending levels through October 31^st, 2025. The other (than date) major changes were the healthcare provisions that the Democrats have been insisting on over the last month or so. This alternate CR failed by a vote of 44 to 48.

Then the Senate took up HR 5371. That bill also failed, this time by a vote of 47 to 45. Both bills would have required 60 votes to pass by a unanimous consent agreement reached earlier in the week.

And the Senate also left Washington yesterday, again, not intending to return until September 29^th. Interestingly, before they left Senators Thune and Schumer set both bills up for a potential reconsideration when the Senate returns to Washington. There is a remote chance that some sort of change could be made to one of the two that could pass in both the Senate and subsequently in the House before midnight on Tuesday.

More likely, we are going to see the federal government shutdown for some length of time in October.