Substack Daily Updates – 4-29-25

Today I published the following on Chemical Facility Security News:

• CISA Adds Broadcom Vulnerability to KEV Catalog – 4-28-25 – Code injection vulnerability in Brocade Fabric OS – Not yet clear what OT/IoT assets may be affected – https://chemical-facility-security-news.blogspot.com/2025/04/cisa-adds-broadcom-vulnerability-to-kev.html

• New Presidential Rule Making – EO 14284 has the President initiate a direct final rule, bypassing all regulatory processes – https://chemical-facility-security-news.blogspot.com/2025/04/new-presidential-rule-making.html

• Review – HR 2344 Introduced - Water ISAC Threat Protection Act – Would encourage system participation in W-ISAC - $10 million authorization – Short version of article published here (premium content) – https://chemical-facility-security-news.blogspot.com/2025/04/review-hr-2344-introduced-water-isac.html

• Review – 2 Advisories and 1 Update Published – 4-29-25 – NCCIC-ICS control system security advisories for products from Delta and Rockwell – Update for advisory for products from Lantronix – Short version of article published here (premium content) – https://chemical-facility-security-news.blogspot.com/2025/04/review-2-advisories-and-1-update.html

• Short Takes – 4-29-25 – Spain cyber-attack? – Measles outbreaks expanding – Earth-return sickness – Hypersonic test vehicle – Arrested judge – EO 14284 through EO 14285 – https://chemical-facility-security-news.blogspot.com/2025/04/short-takes-4-29-25.html

I have removed the following articles from the CFSN Detailed Analysis paywall:

• TSA Publishes 60-day ICR Notice for TWIC Registration,

I posted the following to my social media feeds (X, Mastodon, Substack, and LinkedIn):

• I posted the following reply to a post on LinkedIn about a construction accident at a new LNG facility being constructed in Texas: “Not a chemical facility yet, but still a reminder that the safety issues at such plants are not all chemical related. Thoughts and prayers.”

NOTE: Last night’s Daily Update post was originally published behind the paywall by mistake, I have since corrected that; it is available to all.