Bills Introduced 4-20-23 | Mark As Read |
Yesterday, with both the House and Senate preparing to leave Washington for a long weekend, there were 108 bills introduced. Three of those bills will receive additional coverage in this blog: HR 2741 Coast Guard Authorization Act of 2023 Graves, Sam [Rep.-R-MO-6] HR 2745 To amend title 28, United States Code, to allow claims against foreign stat...
Short Takes 4-20-23 | Mark As Read |
New data show that an old model of the brain's motor cortex is incomplete. NPR.org article. Pull quote: In other words, these areas integrate information from all over the body and brain in order to carry out a movement. Dosenbach says the finding, which appears in the journal Nature, contradicts a central belief about motor cortex. Russia Seeks t...
HR 1127 Introduced Cybersecurity Partnership | Mark As Read |
Back in February (finally published by GPO today), Rep Gonzales (R,TX) introduced HR 1127, the United States-Taiwan Advanced Research Partnership Act of 2023. The bill would specifically authorize DHS Science and Technology Directorate to enter into cooperative research activities with Taiwan to strengthen preparedness against cyber threats and enh...
Short Takes 4-20-23 SpaceX Geek Edition | Mark As Read |
Starship Flight Test. SpaceX.com article. Pull quote: At 8:33 a.m. CT, Starship successfully lifted off from the orbital launch pad for the first time. The vehicle cleared the pad and beach as Starship climbed to an apogee of ~39 km over the Gulf of Mexico the highest of any Starship to-date. The vehicle experienced multiple engines out during the...
Review - BIS Publishes Peptide Synthesis Export Controls NPRM | Mark As Read |
Today, the DOCs Bureau of Industry and Security (BIS) published a notice of proposed rulemaking (NPRM) in the Federal Register (88 FR 24341-24346) for Section 1758 Technology Export Controls on Instruments for the Automated Chemical Synthesis of Peptides. The advanced notice of proposed rulemaking was published (this post is now open to the public ...
Review - 1 Advisory Published 4-20-23 | Mark As Read |
Today, CISAs NCCIC-ICS published a control system security advisory for products from INEA. Advisories INEA Advisory - This advisory describes an OS command injection vulnerability in the INEA ME RTU. For more details about this advisory, including a down-the-rabbit-hole look at a possible connection to the Mitsubishi smartRTU, see my article...
CISA Publishes CFATS CSAT 30-day ICR Revision/Renewal Notice | Mark As Read |
Today, CISA published a 30-day information collection request (ICR) revision and renewal notice in the Federal Register (88 FR 24435-24437) for the Request To Revise and Extend the Chemical Security Assessment Tool (CSAT) Information Collection Under the Paperwork Reduction Act. The 60-day ICR notice was published (post is now public instead of sub...
Short Takes 4-19-23 | Mark As Read |
Enforcement of Cybersecurity Regulations: Part 3. LawFareBlog.com post. Pull quote: As cybersecurity assumes the role in economic stability that integrity of the banking system or the reliability of the stock exchanges have long had, regulators will need to expand their inspections or examinations capability. The TSA and other sector-specific regul...
Review S 905 Introduced Drone Zoning | Mark As Read |
Last month, Sen Lee (R,UT) introduced S 905, the Drone Integration and Zoning Act. The bill would provide for State and local government authority over civil unmanned aircraft systems within 200-ft above the ground. Currently, sole jurisdiction over US airspace rest with the Federal Aviation Administration. This bill is very similar to S 600 introd...
CISA Announces CSTAC Meeting May 16th, 2023 | Mark As Read |
Today, CISA published a meeting notice in the Federal Register (88 FR 24205-24206) for Notice of President's National Security Telecommunications Advisory Committee Meeting to be held in Washington, DC on May 16th, 2023. Portions of the meeting will be open to the public via teleconference. The agenda for the public portion of the meeting includes...
Bills Introduced 4-18-23 | Mark As Read |
Yesterday, with both the House and Senate in session, there were 66 bills introduced. One of those bills will receive additional attention in this blog: HR 2670 National Defense Authorization Act (NDAA) for Fiscal Year 2024 Rogers, Mike D. [Rep.-R-AL-3] While the text of this bill is currently available, it is just the vaguest outline of the fina...
Review - S 914 Introduced DOE Threat Analysis Center | Mark As Read |
Last month, Sen Risch (R,ID) introduced S 914, the Energy Threat Analysis Center (ETAC) Establishment Act of 2023. The bill would formally authorize the ETAC which DOE started last year as a pilot project (see here, here, and here). No separate funding is provided in the bill. Moving Forward Both Risch and his sole cosponsor (Sen Manchin {D,WV)} ...
Short Takes 4-18-23 | Mark As Read |
Pacific garbage patch providing a deep ocean home for coastal species. Arstechnica.com article. Pull quote: Finally, the researchers caution against a natural tendency to think of these plastic-borne coastal species as "misplaced species in an unsuitable habitat." Instead, it appears that they are well suited to life in the open ocean as long as th...
Review 2 Advisories and 2 Updates Published 4-18-23 | Mark As Read |
Today, CISAs NCCIC-ICS published two control system security advisories for products from Schneider and Omron. They also updated two advisories for products from Mitsubishi and Omron. Advisories Schneider Advisory - This advisory describes three vulnerabilities in the Schneider Easy UPS Online Monitoring Software. Omron Advisory - This advisory ...
Securely Hosting User Data in Modern Web Applications | Mark As Read |
Posted by David Dworken, Information Security Engineer, Google Security Team Many web applications need to display user-controlled content. This can be as simple as serving user-uploaded images (e.g. profile photos), or as complex as rendering user-controlled HTML (e.g. a web development tutorial). This has always been difficult to do securely, s...
TSA Publishes 30-Day ICR Extension for Surface Trans Security Training | Mark As Read |
Today, TSA published a 30-day information collection request (ICR) extension notice in the Federal Register (87 FR 23681-23682). The 60-day ICR notice for this ICR was published on January 10th, 2013. Todays notice repeats the revised burden estimate (218 respondents, 4,623 hours) from the earlier ICR notice, but again provides no explanation for t...
PHMSA Sends Gas Distribution Pipeline NPRM to OMB | Mark As Read |
Yesterday, OMBs Office of Information and Regulatory Affairs announced that it had received a notice of proposed rulemaking from DOTs Pipeline and Hazardous Materials Safety Administration (PHMSA) on Pipeline Safety: Safety of Gas Distribution Pipelines and Other Pipeline Safety Initiatives. According to the listing for this rulemaking in the Fall ...
Committee Hearings Week of 4-16-23 | Mark As Read |
With both the House and Senate back in Washington from their Easter Recess, there is a relatively heavy schedule of hearings being held this week, mostly dealing with the budget. There is one cybersecurity hearing. Budget Hearings Budget Hearings House Senate Coast Guard Trans and Infra Subcommittee ...
Soliciting Prostitutes Is a No-No for Clearance Holders | Mark As Read |
Even though it is practiced across the entire country, prostitution is illegal in the United States. There are countries where it is legal and regulated. Regardless of where it occurs, soliciting a prostitute is never a good idea for someone who has a security clearance. What is the big deal,
Review Public ICS Disclosures Week of 4-8-23 Part 3 | Mark As Read |
For Part 3, we have 35 vendor updates from Schneider (4) and Siemens (31). We also have a researcher report for products from Triangle Microworks. Finally, we have five exploits for products from Paradox Security, Palo Alto Networks, FortiGuard, Schneider Electric, and Franklin Fueling Systems. Updates Schneider Update #1 - Schneider published an...
Review Public ICS Disclosures Week of 4-8-23 Part 2 | Mark As Read |
For Part 2 we have 30 additional vendor disclosures from FortiGuard (22), Luxion, Schneider (6), and Siemens. Advisories FortiGuard Advisory #1 - FortiGuard published an advisory that discusses the DirtyPipe vulnerability in thier FortiProxy & FortiSIEM products. FortiGuard Advisory #2 - FortiGuard published an advisory that describes an OS ...
CRS Reports Week of 4-8-23 Cybersecurity | Mark As Read |
This week the Congressional Research Service published a report to accompany the Homeland Security At 20 podcasts episode on cybersecurity. The report outlines a brief history of the federal governments cybersecurity efforts starting before the Homeland Security Act of 2002 was enacted, until today. It includes an overview of the major cybersecurit...
Chemical Incident Reporting Week of 4-1-23 | Mark As Read |
NOTE: See here for series background. Newfane, NY, March 30th, 2023 News reports here, here and here Explosions and fire reportedly caused by self-reacting organic peroxide in 5-gal containers. No reports of injury, no damage estimates, no photos of damage to facilities. May be a CSB reportable depending on the damage to the facility. Richmond...
Review Public ICS Disclosures Week of 4-8-23 Part 1 | Mark As Read |
And once again it is the Saturday after Cyber Tuesday. For Part 1, we have 34 vendor disclosures from B&R, Flexera, Hikvision, HMS, HP, HPE (3), Insyde (8), Meinberg, Palo Alto Networks (3), Phoenix Contact, Sick, Tanzu (9), and Wireshark (3). NOTE: It has become obvious that FortiGuard has joined the ranks of organizations that report vulnera...
Short Takes 4-14-23 | Mark As Read |
Is the US in a Space Race Against China? DefenseOne.com article. Pull quote: In the past, the space race was about who could reach the stars first and return home. Today, the goal has shifted to surviving and even thriving in the harsh environment of space. I believe it is not surprising that, despite its decisive lead, the U.S. has partnered with ...
Review - S 903 Introduced Civil Cyber Reserve Pilot | Mark As Read |
Last month, Sen Rosen (D,NV) introduced S 903, the Department of Defense Civilian Cybersecurity Reserve Act. The bill would require the Army to carry out a pilot project to establish a Civilian Cybersecurity Reserve. No additional funding is authorized by the bill. The provisions of the bill are very similar to S 885, which was also introduced by R...
Short Takes 4-13-23 | Mark As Read |
U.S. intel agencies may change how they monitor social media, chatrooms after missing leaked U.S. documents for weeks. NBCNews.com article. Pull quote: Ronald Marks, a former CIA officer and a visiting professor at George Mason University, said the pendulum has swung back and forth over the past two decades over how much intelligence should be shar...
Review - HR 1633 Introduced RAIL Act | Mark As Read |
Last month, Rep Johnson (R,OH) introduced HR 1633, the Reducing Accidents in Locomotives (RAIL) Act. Another in a series of legislative attempts to address the railroad hazardous material safety concerns that arose after the East Palestine derailment. Addresses a number of different issues and includes additional funding authorization for first res...
Review 16 Advisories Published 4-13-23 | Mark As Read |
Today, CISAs NCCIC-ICS published 15 control system security advisories for products from Mitsubishi Electric India, Datakit, and Siemens (13). They also published a medical device security advisory for products from Braun. Advisories Mitsubishi Advisory - This advisory describes a signal handler race condition vulnerability in the Mitsubishi Elec...
Supply chain security for Go, Part 1: Vulnerability management | Mark As Read |
Posted by Julie Qiu, Go Security & Reliability and Oliver Chang, Google Open Source Security Team High profile open source vulnerabilities have made it clear that securing the supply chains underpinning modern software is an urgent, yet enormous, undertaking. As supply chains get more complicated, enterprise developers need to manage the tidal wa...
OMB Approves BIS Peptide Synthesis NPRM | Mark As Read |
Yesterday, the OMBs Office of Information and Regulatory Affairs (OIRA) announced that it had approved a notice of proposed rulemaking from the Bureau of Industry and Security on Section 1758 Technology Export Controls on Instruments for the Automated Chemical Synthesis of Peptides. The NPRM was sent to OIRA for review on March 29th, 2023. With the...
Short Takes 4-12-23 | Mark As Read |
NASA envisions international fleet of Apophis reconnaissance spacecraft. SpacePolicyOnline.com article. April 13, 2029, close (20,000 miles) approach. Pull quote: NASA already has a spacecraft that will observe Apophis after it passes by. The OSIRIS-REx mission is on its way back to Earth right now to deliver samples it collected from the asteroid ...
Review - HR 1674 Introduced Hazmat Train Safety | Mark As Read |
Last month Rep Deluzio (D,PA) introduced HR 1674, the Railway Safety Act of 2023. The bill provides a variety of potential improvements for the shipment of hazardous materials by rail. Various funds are authorized to support some of the program proposed. The bill is very similar to S 576 that was introduced the same day as this bill. This is not t...
CSB Updates Status of Four Investigation Recommendations 4-10-23 | Mark As Read |
Yesterday, without fanfare or notice, the Chemical Safety Board updated the status of four accident investigation recommendations. The change of status documents were all dated April 10th, 2023, but the status was not updated on the CSB website until yesterday. The status updates include: Aghorn Operating Inc. Waterflood Station H2S Release, 2020...
FBI Sends Private Security Officer Vetting Final Rule to OMB | Mark As Read |
Yesterday the OMBs Office of Information and Regulatory Affair announced that it had received a final rule from the Federal Bureau of Investigation on Implementation of the Private Security Officer Employment Authorization Act of 2004. An interim final rule on the topic was published on January 11th, 2006. According to the Fall 2022 Unified Agenda...
CISA Sends CFATS NPRM to OMB | Mark As Read |
Yesterday, the OMBs Office of Information and Regulatory Affairs (OIRA) announced that it had received a notice of proposed rulemaking (NPRM) from CISA on Chemical Facility Anti-Terrorism Standards (CFATS). This update of the CFATS regulations has been in the works since 2014 when an advanced notice of proposed rulemaking (ANPRM) was first publishe...
Short Takes 4-11-23 | Mark As Read |
Murphy's Law: When Better Is Not Worth It. StrategyPage.com article. Interesting look at recruiting problems. Pull quote: The problem is that Americans have, since the 1990s, become fat and physically unfit. A decade ago, there were 32 million male Americans of prime military age (17-24), but because of bad lifestyle choices only 13 percent of them...
Review 1 Advisory and 1 Update Published 4-11-23 | Mark As Read |
Today CISAs NCCIC-ICS published a new control system security advisory for products from FANUC. They also updated an update for an advisory for products from Mitsubishi Electric. Advisories FANUC Advisory - This advisory describes a path traversal vulnerability in the FANUC ROBOGUIDE-HandlingPRO robot simulation software. Updates Mitsubishi Upd...
Review - HR 1648 Introduced Smart Airports | Mark As Read |
Last month, Rep Nehls (R,TX) introduced HR 1648, the Airport Technology and Efficiency Improvement Act of 2023. The bill would require the DOTs Federal Aviation Administration (FAA) to establish a new pilot grant program to support the acquisition and installation of internet of things technologies by airports to create a more consumer-friendly and...
Announcing the deps.dev API: critical dependency data for secure supply chains | Mark As Read |
Posted by Jesper Sarnesjo and Nicky Ringland, Google Open Source Security Team Today, we are excited to announce the deps.dev API, which provides free access to the deps.dev dataset of security metadata, including dependencies, licenses, advisories, and other critical health and security signals for more than 50 million open source package versio...
Lynyrd Skynyrd Answers Who Should Create an Orgs BYOD Policy? | Mark As Read |
The worst of LastPasss year-long battle with an attacker occurred through a personal device, on a home network, putting BYOD back in the spotlight. And for the past three months, most boards, CIOs, and CISOs I know are taking the opportunity to reevaluate their Bring Your Own Device (BYOD) policies. Here, I answer, Who should create an organizatio...
HR 1484 Introduced Pipeline Sabotage | Mark As Read |
Last month Rep Bost, (R,IL) introduced HR 1484, the Pipeline Sabotage and Accident Prevention Act. The bill would make it a criminal offence to cause or threaten to cause a defect in a pipe, pump, or valve intended to be used or used in any pipeline facility. There is no funding authorized in this bill. The bill is fairly short and straightforward...
Behind the Scenes Teaching Secure Wi-Fi Design Special Edition at WLPC Phoenix | Mark As Read |
Converting my Secure Wi-Fi Design course to a hands-on lab experience was no small feat. I'm grateful for the opportunity and invite you behind the scenes at my WLPC Deep Dive.
Multi-Millionaire Denied Clearance Eligibility | Mark As Read |
I dont see more than a handful of Defense Office of Hearing and Appeal cases where the applicant is denied security clearance eligibility due to having monies, property and business dealing outside of the United States. This one caught my eye because it involved a multi-millionaire who had assets in
Short Takes 4-8-23 | Mark As Read |
Covid origins: Chinese scientists publish long-awaited data. BBC.com article. Not definitive but some real data. Pull quote: This new analysis, which has been validated by other scientists before being published in the journal Nature, includes more important detail about the content of those samples, which were collected from stalls, surfaces, cage...
Public Trust Applicant Denied Eligibility Due to Continued Intent to Smoke Weed | Mark As Read |
Not to sound like a broken record here, but it amazes me when people want to work for the federal government as a civilian employee or contractor, but havent figured out that marijuana use is illegal at the federal level regardless of whether it is legal in their state. This
Clearance Reciprocity Still Lagging Among Intelligence Community Agencies | Mark As Read |
Among all the security clearance reform initiatives over the last five years was an effort by Senator Mark Warner (D-Va) to modernize the way the government vetted applicants for security clearances andpositions of public trust. One specific area he wanted to focus on was expediting the reciprocity process for those
How and Why to Upgrade to the Latest Wi-Fi Security [Video] | Mark As Read |
At the WLPC Conference in Phoenix a few weeks ago, I gave a short 30-minute talk on how and why to upgrade to WPA3 Security for business networks. Click the image in the blog header to watch the video. In this (accidentally) slide-free session, I cover: WPA3 security and when/why it's required moving forward Security […]
Embellished Excuses for Self-Inflicted Wounds Land Clearance Holder in Hot Water | Mark As Read |
Every once in a while, I run across a security clearance appeals casewhere I ask myself did this really happen? There are some people outthere with mental disorders that impact their ability to thinkstraight when under stress, causing bizarre or abnormal behavior. Ifound a recent Department of Energy security clearance
Michigan Foundry Explosion Injures One | Mark As Read |
An interesting and detailed article about an explosion and fire at an aluminum foundry reports that one employee was taken to the hospital and was being treated for burns. The cause of the explosion is still under investigation, but it appears to have involved one of the facilitys furnaces. As I have noted previously, the Chemical Safety Board tak...
- Welcome!
- SecurityCentric aggregates blogs for the Security industry.
- Custom Feeds
- Add any RSS feed to the information you read daily.
- Blocked Feeds
- Block feeds to remove blogs you’re not interested in.
- Account Settings
- Customize the site by adding or removing feeds.
Don’t have an account yet?
- Customize your settings
- Edit how your blog displays
- Add or remove blogs you read. Sign Up.
About Us
SecurityCentric is your source for all your Security news.
Know of a Security blog that we're missing? Let us know! |