Saturday, March 26, 2016
Source: Water treatment plant hacked, chemical mix changed for tap supplies • The Register
Water treatment plant hacked, chemical mix changed for tap supplies • The Register
Source: Hackers Modify Water Treatment Parameters by Accident
Hackers Modify Water Treatment Parameters by Accident
Bad network design exposes water treatment plant to hacking
A group of hackers, previously involved in various hacktivism campaigns, have accidentally made their way into an ICS/SCADA system installed at a water treatment facility and have altered crucial settings that controlled the amount of chemicals used to treat tap water.
This strange hacking incident is described in Verizon's 2016 Data Breach Digest (page 38, Scenario 8), a collection of case studies that the company's RISK team was brought in to investigate.
Source: The future of our city services? Cyberattackers target core water systems | ZDNet
Source: The future of our city services? Cyberattackers target core water systems | ZDNet
In a recent case, cyberattackers have demonstrated that breaches are not limited to corporate targets. By Charlie Osborne for Zero Day | March 23, 2016 -- 11:25 GMT (04:25 PDT) | Topic: Security.
A group of cyberattackers have shown how weak security has the potential to cripple urban areas worldwide.
The services we rely on every day but often don't think about until a bill is popped through the post -- electricity, water and gas -- keep Western cities running. Without them, businesses would collapse and our daily lives would be very, very different.
But are utilities taking enough care to protect these core services from abuse? Perhaps not, considering a recent case recounted by Verizon's cybersecurity RISK team.
In a recent case, cyberattackers have demonstrated that breaches are not limited to corporate targets. By Charlie Osborne for Zero Day | March 23, 2016 -- 11:25 GMT (04:25 PDT) | Topic: Security.
A group of cyberattackers have shown how weak security has the potential to cripple urban areas worldwide.
The services we rely on every day but often don't think about until a bill is popped through the post -- electricity, water and gas -- keep Western cities running. Without them, businesses would collapse and our daily lives would be very, very different.
But are utilities taking enough care to protect these core services from abuse? Perhaps not, considering a recent case recounted by Verizon's cybersecurity RISK team.
Source: Enterprise Security Solutions: Safeguarding Your Company Data
Enterprise Security Solutions: Safeguarding Your Company Data
Security Solutions
With cyber attacks growing in strength and number, it’s harder to avoid becoming a victim. Prepare by learning all you can from the latest data on threat patterns and the anatomy of attacks. Recognize where your organization is most vulnerable, where opportunity for data loss is greatest, and how it can be controlled and prevented. And respond strategically, with intelligence-based security protocols and controls that help secure your business around the globe.
Broaden your defenses with intelligence-driven security.
With growth, comes risk. At the enterprise level, the dangers to your organization increase exponentially across countries and geographies. It’s hard to predict the motives of attackers, which can vary from financial to political to personal gain. And their means of disruption and information theft are becoming more sophisticated and faster than ever.
Change the game and get ahead of potential threats by adopting advanced security protocols and controls that can improve your ability to protect your enterprise. With an arsenal of powerful intelligence, we can help you customize your security approach so you can see threats before they happen—and limit the damages with smarter, faster responses.
Security Solutions
With cyber attacks growing in strength and number, it’s harder to avoid becoming a victim. Prepare by learning all you can from the latest data on threat patterns and the anatomy of attacks. Recognize where your organization is most vulnerable, where opportunity for data loss is greatest, and how it can be controlled and prevented. And respond strategically, with intelligence-based security protocols and controls that help secure your business around the globe.
Broaden your defenses with intelligence-driven security.
With growth, comes risk. At the enterprise level, the dangers to your organization increase exponentially across countries and geographies. It’s hard to predict the motives of attackers, which can vary from financial to political to personal gain. And their means of disruption and information theft are becoming more sophisticated and faster than ever.
Change the game and get ahead of potential threats by adopting advanced security protocols and controls that can improve your ability to protect your enterprise. With an arsenal of powerful intelligence, we can help you customize your security approach so you can see threats before they happen—and limit the damages with smarter, faster responses.
Source: Security Report & Data Breach Report Resources | Verizon Enterprise Solutions
Security Report & Data Breach Report Resources | Verizon Enterprise Solutions
Industry Reports
Understand the top security threats facing selected industries, and learn how to better manage risk.
DBIR Industry Insights
Industry Reports
Understand the top security threats facing selected industries, and learn how to better manage risk.
DBIR Industry Insights
- Energy and Utilities
- Financial Services
- Healthcare
- Hospitality
- Insurance
- Manufacturing
- Professional Services
- Public Sector
- Retail
- Technology
- Transportation and Distribution
Source: Verizon 2015 Data Breach Investigations Report Intellectual Property Theft
Verizon 2015 Data Breach Investigations Report Intellectual Property Theft
Intellectual property (IP) theft is a major issue for many organizations. We recorded over 450 breaches in which
Intellectual property (IP) theft is a major issue for many organizations. We recorded over 450 breaches in which
organizations’ trade secrets were stolen (or suspected stolen) in 2014. And while attackers compromised IP in just minutes, it took organizations months to discover a breach.
This year’s DBIR is again based around the nine incident classification patterns we identified in
2014. Just three patterns — cyber-espionage, insider and privilege misuse, and crimeware —
accounted for virtually all (98%) of the breaches involving the disclosure (or suspected disclosure)
of trade secrets. And, unsurprisingly, cyber-espionage accounted for 82% of these breaches. In
comparison, cyber-espionage accounted for 14% of all data breaches across all industries. We’ll
take a closer look at how attackers compromise and exfiltrate IP and at how you can improve
your defenses.
2014. Just three patterns — cyber-espionage, insider and privilege misuse, and crimeware —
accounted for virtually all (98%) of the breaches involving the disclosure (or suspected disclosure)
of trade secrets. And, unsurprisingly, cyber-espionage accounted for 82% of these breaches. In
comparison, cyber-espionage accounted for 14% of all data breaches across all industries. We’ll
take a closer look at how attackers compromise and exfiltrate IP and at how you can improve
your defenses.
Source: Verizon Infographic: Understanding The Real Risk Of A Data Breach. The Estimated Cost. The Top Learnings.
Verizon Infographic: Understanding The Real Risk Of A Data Breach. The Estimated Cost. The Top Learnings.
Learn about the estimated cost of a data breach and the actions that can leave information vulnerable.
Learn about the estimated cost of a data breach and the actions that can leave information vulnerable.
Source: 2015 Data Breach Investigations Report (DBIR) | Verizon Enterprise Solutions
2015 Data Breach Investigations Report (DBIR) | Verizon Enterprise Solutions
2015 Data Breach Investigations Report
2015 Data Breach Investigations Report
Quantify the impact of a data breach with new data from the 2015 DBIR.
Prepare your enterprise to conduct individualized self-assessments of risk, so you can make realistic decisions on how to avoid cyber threats. The 2015 DBIR expands its investigation into nine common threat patterns and sizes up the effects of all types of data breaches, from small data disclosures to events that hit the headlines.
Prepare your enterprise to conduct individualized self-assessments of risk, so you can make realistic decisions on how to avoid cyber threats. The 2015 DBIR expands its investigation into nine common threat patterns and sizes up the effects of all types of data breaches, from small data disclosures to events that hit the headlines.
Download the complete report.
Source: Crooks Steal, Sell Verizon Enterprise Customer Data — Krebs on Security
Crooks Steal, Sell Verizon Enterprise Customer Data — Krebs on Security
Verizon Enterprise Solutions, a B2B unit of the telecommunications giant that gets called in to help Fortune 500’s respond to some of the world’s largest data breaches, is reeling from its own data breach involving the theft and resale of customer data, KrebsOnSecurity has learned.
Earlier this week, a prominent member of a closely guarded underground cybercrime forum posted a new thread advertising the sale of a database containing the contact information on some 1.5 million customers of Verizon Enterprise.
Friday, March 25, 2016
Wednesday, March 23, 2016
Source: Hospital Declares ‘Internal State of Emergency’ After Ransomware Infection — Krebs on Security
Hospital Declares ‘Internal State of Emergency’ After Ransomware Infection — Krebs on Security
A Kentucky hospital says it is operating in an “internal state of emergency” after a ransomware attack rattled around inside its networks, encrypting files on computer systems and holding the data on them hostage unless and until the hospital pays up.
Henderson, Ky.-based Methodist Hospital placed a scrolling red alert on its homepage this week, stating that “Methodist Hospital is currently working in an Internal State of Emergency due to a Computer Virus that has limited our use of electronic web based services. We are currently working to resolve this issue, until then we will have limited access to web based services and electronic communications.”
Tuesday, March 22, 2016
Source: Lessons From The Ukraine Electric Grid Hack - DarkReading.com
Lessons From The Ukraine Electric Grid Hack
New SANS analysis on how the attackers broke in and took control of the industrial control systems at three regional power firms in the Ukraine and shut off the lights.
New SANS analysis on how the attackers broke in and took control of the industrial control systems at three regional power firms in the Ukraine and shut off the lights.
New analysis and details about the devastating and unprecedented cyberattack that resulted in a power blackout in a region of the Ukraine last December illuminate glaring holes in security and operations that could have thwarted the attackers from shutting off the lights.
Security experts from SANS today in conjunction with the North American Reliability Corporation (NERC)'s E-ISAC published an in-depth postmortem analysis by SANS ICS experts of the attack, based on details revealed by ICS-CERT late last month as well as other public information. Aside from the glaring question of whether the attack indeed was sponsored by the Russian government, most of the nagging questions of how the attackers were able to black out a portion of Ukraine’s power grid have now been answered. The smoking gun has been confirmed: the attackers used stolen user credentials to remotely access and manipulate the industrial control systems and shut down power for some 225,000 Ukrainian power customers on Dec. 23 of last year.
“I think that the puzzle pieces are together now,” says Robert M. Lee, a SANS instructor and ICS/SCADA expert, as well as co-author of the report. “We’re missing the definitive attribution ... but the technical details” are mostly fleshed out, he says.
Ukraine officials have accused Russia, an obvious suspect given the military and geopolitical conflict between the two nations over Crimea. But the US reports steered clear of confirming that the attacks were the handiwork of a Russian state-sponsored initiative.
One thing US officials have confirmed is that the attackers staged a well-coordinated attack that relied on deep reconnaissance over a six-month period after they first embedded themselves into the network of three regional energy distribution companies. The attacks went live within 30 minutes of one another, and there also were three other organizations hit by the attacks that didn’t suffer any disruption to operations.
Like most targeted attacks, the Ukraine power grid attack began with a phishing email containing a malware-rigged attachment. In this case, Word Documents and Excel spreadsheets that when opened by users in the companies’ business network, dropped BlackEnergy3 malware that lurked around and stole legitimate user credentials. The attackers then used stolen VPN credentials to reach the industrial control systems network, and remote access tools to control the HMIs and pull the breakers.
The attackers covered their tracks and bought themselves time, too, by installing their own custom firmware on serial-to-Ethernet devices at substations in order to knock them offline, and using KillDisk to wipe master boot records of the systems they hacked as well as to delete some logs. They waged a denial-of-service attack on the power companies’ telephone systems as well, thwarting their ability to communicate. In one case, KillDesk overwrote Windows-based HMIs in remote terminal units. The attackers also remotely disconnected Uninterruptable Power Supplies (UPS) systems to cripple power-restoration operations.
“It was extremely well-done -- how you would expect a well-funded team to operate,” Lee says.
In an interview with Dark Reading last month, Phyllis Schneck, the deputy under secretary for cybersecurity and communications with the Department of Homeland Security, said members of ICS-CERT’s team had been invited to Kiev to study and learn more about the attacks. “They spent four days working with our Ukraine counterparts to understand what happened,” she said. They learned that BlackEnergy malware was widespread in the victim networks, and the attackers “had their way with the systems” using stolen credentials, she said.
ICS-CERT’s findings showed how such an attack could “happen to anyone,” she said, and the agency wanted to provide recommendations for preventing such an attack on US critical infrastructure.
DHS undersecretary for the National Protection and Programs Directorate (NPPD) Suzanne Spaulding says she hopes the report will be a reality-check for US critical infrastructure owners. “I want ... [executives to say], ‘what are we doing about this?’” to prevent similar attacks, she said during an interview last month with Dark Reading.
There are plenty of lessons to be gleaned for power grid and other critical infrastructure operators in the US and around the globe.
For one thing, a cyberattack that results in a power outage takes some heavy lifting, and a bit of time, to pull off. “It took them six months or more to figure out these environments ... And it was only a partial outage,” says Lee, who notes that their methods weren’t necessarily sophisticated but were definitely coordinated. “We consistently see [the] theme for attackers who do the things we care about most in ICS networks ... it’s much more difficult” for them to do damage and it takes time, he says.
And that’s lesson number one: if attackers need a sufficient period of time for reconnaissance and learning the environment in order to control industrial equipment, the good news is that there’s actually a window for detecting their activity -- and stopping them from doing damage.
Network security monitoring could have helped spot the attackersbefore they shut off the power.
The Ukraine power grid attackers hid in plain sight for six months, gradually gathering enough intelligence and and knowledge to figure out how to access and manipulate the HMI and turn out the lights. Had the power companies been running network security monitoring tools, they could have spotted that activity.
There are many free and open-source network security monitoring (NSM) tools out there that can spot all kinds of bad activity in an ICS/SCADA environment, including unusual file traffic, a PLC code update, or command and control communications. Rob Caldwell and Chris Sistrunk ICS/SCADA experts from FireEye Mandiant recommend NSM for plants, and say NSM would have caught Stuxnet, for instance, and could be set to catch BlackEnergy. Some of the more popular tools come via the Security Onion Linux suite including Wireshark, NetworkMiner, Bro, and Snorby.
“If they had used network security monitoring practices, they could identify any reconnaissance ... and multiple VPN connections at times that were not normal,” SANS’ Lee notes.
Monitoring tools would have detected unusual data flows, something that’s relatively easy to spot in ICS networks because data flows are mostly static and predictable, he says. “When attackers are trying to learn [the environment], they disrupt those pathways.”
The attack punctuates the danger of remote access to ICS/SCADA networks.
VPN connections between the Ukraine power companies’ ICS and enterprise networks did not appear to use two-factor authentication, according to the report. “Additionally, the firewall allowed the adversary to remote admin out of the environment utilizing a remote access capability native to the systems,” the NERC SANS report says.
Ralph Langner, founder of the Langner Group, says critical infrastructure operators shouldn’t allow remote access to these systems.
“Limit remote access only to the people who need it,” SANS’ Lee says.
The report recommends using multi-factor authentication for any remote access communications.
Uninterruptible power supplies need protection, too.
The attackers commandeered a remote management interface to the UPS systems to schedule an outage for power at the energy company’s own buildings or datacenters.
“The online command interface to UPSes is another stupid flaw. These UPSes are located within the same building, so by controlling them via the network you just save five minutes for a maintenance job,” says Langner, who notes the CLI most likely would have been an embedded Web browser. He recommends disabling remote command interfaces to UPS systems.
The attackers also generated a DoS of thousands of phone calls to the energy company’s call center to derail restoration and communications.
“The reconfiguration of the UPS and the telephone DDoS: those two things added to the confusion, and to make the Ukrainians look incompetent. Those are two things I wouldn’t have predicted would have happened” in at attack like this, he says.
While the disabled UPS system and the telephone system DDoS were separate from the blackout portion of the attack, the goal appeared to be to embarrass the Ukrainians as well as to thwart restoration, he says. “During this attack, there seemed to be elements that highlight incompetence ... I think that’s interesting.”
Lee points out that the Russian media for the past year and a half has been reporting on the “incompetence” of the Ukraine infrastructure, and how they need Russia’s help. “The consistent theme [in the cyberattack] was not only being highly sophisticated in logistics and planning, but also in this showing” perceived weaknesses in Ukraine’s management of the power grid, he says.
Attackers can install malicious firmware on industrial equipment.
DHS in 2008 issued an alert to ICS/SCADA operators about a vulnerability in ICS/SCADA firmware update processes dubbed “Boreas.” It basically leaves an industrial systems’ firmware updates open to abuse, where an attacker installs his own malicious firmware to sabotage the system.
That’s basically what happened to the serial-to-Ethernet gateways in the Ukraine attacks, according to Langner, rendering them inoperable such that the operators were unable to communicate with the substations.
SANS’ Lee says the the custom firmware installed on the Ukraine networks’ serial-to-Ethernet gateways to “brick” them and disrupt the restoration of power was most surprising element of the attack. “That was extremely clever and it hurt the restoration effort of the Ukrainians,” he says. “I didn’t think we’d see an adversary clicking the breakers open and with what happened with the firmware.”
The gateways, or converters, basically translate communications between the serial protocols at physical substations and the overall Ethernet network that connects them. “By opening the breakers and modifying the firmware on those devices, it makes them unusable. In essence, they blew the bridges” up, Lee explains.
“They were cut off from the remote sites and had to physically drive out to them.”
Without a ‘cyber’ element to incident response and disaster recovery, a cyberattack is a disaster.
The Ukrainian power companies had no way to maintain control of their ICS/SCADA environment after the attack. That was an “eye-opener,” Lee says, and shows the crucial need for a “cyber” element in incident response and disaster recovery plans.
“You know they are opening breakers, so how do you quickly disable those features ... No one has that capability,” he says of ICS/SCADA operators.
That type of contingency planning is a big piece of the security picture, and until now, there’s been no experience in fighting back and regaining control when the bad guys have taken over, he says.
“There has never been a public case where the power grid was [affected] due to a cyberattack. This is the first time it’s happened, and it’s our only case study of what it looks like.”
Meanwhile, the lights may be back on in the Ukraine, but the nation remains vulnerable to another attack, Lee says. “It takes a long time to change processes, systems, and [get] trained personnel,” he says.
Wednesday, March 16, 2016
Sunday, March 13, 2016
Source: Federal Register Vol. 81, No. 49 Monday, March 14, 2016
| Contents | Federal Register Vol. 81, No. 49 Monday, March 14, 2016 |
|
|
|
| Agriculture Department | |||
| See Animal and Plant Health Inspection Service | |||
| See Food and Nutrition Service | |||
| See Rural Housing Service | |||
| See Rural Utilities Service | |||
| Animal and Plant Health Inspection Service | |||
| NOTICES | |||
| Pest Risk Analysis for the Importation of Fresh Figs from Peru into the Continental United States , | |||
| 13310–13311 [2016–05669] | [TEXT] [PDF] | ||
| Pest Risk Analysis for the Importation of Fresh Pomegranates from Peru into the Continental United States , | |||
| 13310 [2016–05670] | [TEXT] [PDF] | ||
| Arctic Research Commission | |||
| NOTICES | |||
| Meetings: | |||
| U.S. Arctic Research Commission , | |||
| 13318 [2016–04559] | [TEXT] [PDF] | ||
| Army Department | |||
| NOTICES | |||
| Meetings: | |||
| Board of Visitors, United States Military Academy , | |||
| 13343–13344 [2016–05512] | [TEXT] [PDF] | ||
| Children and Families Administration | |||
| NOTICES | |||
| Agency Information Collection Activities; Proposals, Submissions, and Approvals , | |||
| 13370–13371 [2016–05605] | [TEXT] [PDF] | ||
| 13369–13370 [2016–05641] | [TEXT] [PDF] | ||
| Civil Rights Commission | |||
| NOTICES | |||
| Meetings: | |||
| Nebraska Advisory Committee , | |||
| 13319 [2016–05617] | [TEXT] [PDF] | ||
| Coast Guard | |||
| RULES | |||
| Commercial Fishing Vessels Dispensing Petroleum Products , | |||
| 13279–13287 [2016–05262] | [TEXT] [PDF] | ||
| Drawbridge Operations: | |||
| Willamette River, Portland, OR , | |||
| 13274–13275 [2016–05620] | [TEXT] [PDF] | ||
| PROPOSED RULES | |||
| Port Access Route Study: | |||
| Atlantic Coast from Maine to Florida , | |||
| 13307–13308 [2016–05706] | [TEXT] [PDF] | ||
| Commerce Department | |||
| See International Trade Administration | |||
| See National Oceanic and Atmospheric Administration | |||
| Comptroller of the Currency | |||
| PROPOSED RULES | |||
| Economic Growth and Regulatory Paperwork Reduction Act Amendments , | |||
| 13608–13635 [2016–05089] | [TEXT] [PDF] | ||
| Defense Department | |||
| See Army Department | |||
| NOTICES | |||
| Agency Information Collection Activities; Proposals, Submissions, and Approvals: | |||
| Economic Purchase QuantitySupplies , | |||
| 13368 [2016–05629] | [TEXT] [PDF] | ||
| Travel Costs , | |||
| 13368–13369 [2016–05630] | [TEXT] [PDF] | ||
| Education Department | |||
| NOTICES | |||
| Agency Information Collection Activities; Proposals, Submissions, and Approvals: | |||
| Loan Cancellation in the Federal Perkins Loan Program , | |||
| 13353–13354 [2016–05625] | [TEXT] [PDF] | ||
| Applications for New Awards: | |||
| Technical Assistance and Dissemination to Improve Services and Results for Children with Disabilities, National Center for Students with Disabilities Who Require Intensive Intervention , | |||
| 13344–13353 [2016–05759] | [TEXT] [PDF] | ||
| Energy Department | |||
| See Federal Energy Regulatory Commission | |||
| Environmental Protection Agency | |||
| RULES | |||
| Rulemaking to Affirm Interim Amendments to Dates in Federal Implementation Plans Addressing Interstate Transport of Ozone and Fine Particulate Matter , | |||
| 13275–13279 [2016–04889] | [TEXT] [PDF] | ||
| PROPOSED RULES | |||
| Accidental Release Prevention Requirements: | |||
| Risk Management Programs under the Clean Air Act , | |||
| 13638–13712 [2016–05191] | [TEXT] [PDF] | ||
| NOTICES | |||
| Agency Information Collection Activities; Proposals, Submissions, and Approvals: | |||
| Federal Implementation Plan for Oil and Natural Gas Well Production Facilities; Fort Berthold Indian Reservation (Mandan, Hidatsa, and Arikara Nation), North Dakota (Renewal) , | |||
| 13364–13365 [2016–05647] | [TEXT] [PDF] | ||
| Generator Standards Applicable to Laboratories Owned by Eligible Academic Entities (Renewal) , | |||
| 13363 [2016–05645] | [TEXT] [PDF] | ||
| Identification of Non-Hazardous Secondary Materials That Are Solid Waste (Renewal) , | |||
| 13363–13364 [2016–05646] | [TEXT] [PDF] | ||
| NSPS for Coal Preparation and Processing Plants (Renewal) , | |||
| 13365–13366 [2016–05644] | [TEXT] [PDF] | ||
| NSPS for Fossil Fuel Fired Steam Generating Units (Renewal) , | |||
| 13366 [2016–05643] | [TEXT] [PDF] | ||
| Meetings: | |||
| Clean Air Scientific Advisory Committee Particulate Matter Panel; Public Teleconference , | |||
| 13362–13363 [2016–05758] | [TEXT] [PDF] | ||
| Export-Import Bank | |||
| NOTICES | |||
| Agency Information Collection Activities; Proposals, Submissions, and Approvals , | |||
| 13366–13367 [2016–05628] | [TEXT] [PDF] | ||
| 13367 [2016–05631] | [TEXT] [PDF] | ||
| Federal Aviation Administration | |||
| RULES | |||
| Airworthiness Directives: | |||
| The Boeing Company Airplanes , | |||
| 13271–13274 [2016–05515] | [TEXT] [PDF] | ||
| PROPOSED RULES | |||
| Airworthiness Directives: | |||
| Bombardier, Inc. Airplanes , | |||
| 13298–13300 [2016–05607] | [TEXT] [PDF] | ||
| Gulfstream Aerospace Corporation Airplanes , | |||
| 13301–13303 [2016–05606] | [TEXT] [PDF] | ||
| Sikorsky Aircraft Corporation (Sikorsky) Helicopters , | |||
| 13303 [2016–05517] | [TEXT] [PDF] | ||
| Airworthiness Standards for Normal, Utility, Acrobatic, and Commuter Category Airplanes , | |||
| 13452–13528 [2016–05493] | [TEXT] [PDF] | ||
| NOTICES | |||
| Policy Statements: | |||
| Improving Flightcrew Awareness During Autopilot Operation; Cancellation , | |||
| 13444 [2016–05530] | [TEXT] [PDF] | ||
| Federal Election Commission | |||
| NOTICES | |||
| Meetings; Sunshine Act , | |||
| 13367 [2016–05743] | [TEXT] [PDF] | ||
| Federal Energy Regulatory Commission | |||
| NOTICES | |||
| Agency Information Collection Activities; Proposals, Submissions, and Approvals , | |||
| 13356–13357 [2016–05654] | [TEXT] [PDF] | ||
| Applications: | |||
| ANR Pipeline Co. , | |||
| 13357 [2016–05658] | [TEXT] [PDF] | ||
| TC Offshore, LLC , | |||
| 13354–13355 [2016–05648] | [TEXT] [PDF] | ||
| Combined Filings , | |||
| 13358–13359 [2016–05656] | [TEXT] [PDF] | ||
| 13359–13360 [2016–05657] | [TEXT] [PDF] | ||
| Environmental Assessments; Availability, etc.: | |||
| FFP Missouri 16, LLC, et al. , | |||
| 13357–13358 [2016–05653] | [TEXT] [PDF] | ||
| Filings: | |||
| Western Area Power Administration , | |||
| 13355 [2016–05649] | [TEXT] [PDF] | ||
| Initial Market-Based Rate Filings Including Requests for Blanket Section 204 Authorizations: | |||
| Guzman Renewable Energy Partners, LLC , | |||
| 13354 [2016–05651] | [TEXT] [PDF] | ||
| Windrose Power and Gas, LLC , | |||
| 13361–13362 [2016–05652] | [TEXT] [PDF] | ||
| Petitons for Declaratory Orders: | |||
| The Connecticut Light and Power Co. , | |||
| 13360 [2016–05650] | [TEXT] [PDF] | ||
| Records Governing Off-the-Record Communications , | |||
| 13360–13361 [2016–05655] | [TEXT] [PDF] | ||
| Federal Transit Administration | |||
| NOTICES | |||
| Funding Opportunities: | |||
| FY 2016 Competitive Funding Opportunity; Public Transportation on Indian Reservations Program; Tribal Transit Program , | |||
| 13444–13449 [2016–05579] | [TEXT] [PDF] | ||
| Fish and Wildlife Service | |||
| NOTICES | |||
| Charter Renewals: | |||
| Wildlife and Hunting Heritage Conservation Council , | |||
| 13406–13407 [2016–05693] | [TEXT] [PDF] | ||
| John H. Chafee Coastal Barrier Resources System: | |||
| Final Revised Maps for Alabama, Florida, Georgia, Louisiana, Michigan, Minnesota, Mississippi, New York, Ohio, and Wisconsin , | |||
| 13407–13416 [2016–05708] | [TEXT] [PDF] | ||
| Food and Drug Administration | |||
| NOTICES | |||
| Environmental Assessments; Availability, etc.: | |||
| Investigational Use of Oxitec OX513A Mosquitoes; Preliminary Finding of No Significant Impact , | |||
| 13371–13372 [2016–05622] | [TEXT] [PDF] | ||
| Guidance: | |||
| Implementation of the Deemed to be a License Provision of the Biologics Price Competition and Innovation Act , | |||
| 13373–13375 [2016–05626] | [TEXT] [PDF] | ||
| Meetings: | |||
| Advancing the Development of Pediatric TherapeuticsSuccesses and Challenges of Performing Long-Term Pediatric Safety Studies; Workshop , | |||
| 13375–13376 [2016–05621] | [TEXT] [PDF] | ||
| Drug Safety and Risk Management Advisory Committee and the Anesthetic and Analgesic Drug Products Advisory Committee , | |||
| 13372–13373 [2016–05573] | [TEXT] [PDF] | ||
| Fifth Annual Food and Drug Administration–International Society for Pharmaceutical Engineering Quality Conference , | |||
| 13376 [2016–05627] | [TEXT] [PDF] | ||
| Peripheral and Central Nervous System Drugs Advisory Committee , | |||
| 13376–13377 [2016–05683] | [TEXT] [PDF] | ||
| Food and Nutrition Service | |||
| PROPOSED RULES | |||
| Supplemental Nutrition Assistance Program Promotion , | |||
| 13290–13295 [2016–05583] | [TEXT] [PDF] | ||
| Foreign Assets Control Office | |||
| NOTICES | |||
| Blocking or Unblocking of Persons and Properties , | |||
| 13449 [2016–05633] | [TEXT] [PDF] | ||
| 13449–13450 [2016–05659] | [TEXT] [PDF] | ||
| Changes to Sanctions Lists Administered by the Office of Foreign Assets Control on Implementation Day under the Joint Comprehensive Plan of Action , | |||
| 13562–13606 [2016–05315] | [TEXT] [PDF] | ||
| General Services Administration | |||
| NOTICES | |||
| Agency Information Collection Activities; Proposals, Submissions, and Approvals: | |||
| Economic Purchase QuantitySupplies , | |||
| 13368 [2016–05629] | [TEXT] [PDF] | ||
| Travel Costs , | |||
| 13368–13369 [2016–05630] | [TEXT] [PDF] | ||
| Geological Survey | |||
| NOTICES | |||
| Meetings: | |||
| Announcement of National Geospatial Advisory Committee , | |||
| 13416 [2016–05578] | [TEXT] [PDF] | ||
| Health and Human Services Department | |||
| See Children and Families Administration | |||
| See Food and Drug Administration | |||
| See Health Resources and Services Administration | |||
| See Indian Health Service | |||
| See National Institutes of Health | |||
| NOTICES | |||
| Agency Information Collection Activities; Proposals, Submissions, and Approvals , | |||
| 13380 [2016–05603] | [TEXT] [PDF] | ||
| Health Resources and Services Administration | |||
| NOTICES | |||
| Agency Information Collection Activities; Proposals, Submissions, and Approvals , | |||
| 13377–13378 [2016–05602] | [TEXT] [PDF] | ||
| 13378–13380 [2016–05684] | [TEXT] [PDF] | ||
| Homeland Security Department | |||
| See Coast Guard | |||
| See U.S. Customs and Border Protection | |||
| Housing and Urban Development Department | |||
| NOTICES | |||
| Agency Information Collection Activities; Proposals, Submissions, and Approvals: | |||
| Multifamily Contractor's/Mortgagor's Cost Breakdowns and Certifications , | |||
| 13406 [2016–05697] | [TEXT] [PDF] | ||
| Privacy Act; Systems of Records , | |||
| 13403–13406 [2016–05695] | [TEXT] [PDF] | ||
| Indian Health Service | |||
| NOTICES | |||
| Funding Opportunities: | |||
| Office of Urban Indian Health Programs, 4-in-1 Grant Programs , | |||
| 13380–13395 [2016–05761] | [TEXT] [PDF] | ||
| Interior Department | |||
| See Fish and Wildlife Service | |||
| See Geological Survey | |||
| See Land Management Bureau | |||
| See National Indian Gaming Commission | |||
| Internal Revenue Service | |||
| PROPOSED RULES | |||
| Definition of Political Subdivision; Correction , | |||
| 13305–13306 [2016–05624] | [TEXT] [PDF] | ||
| International Trade Administration | |||
| NOTICES | |||
| Antidumping or Countervailing Duty Investigations, Orders, or Reviews: | |||
| Certain Cut-to-Length Carbon-Quality Steel Plate from the Republic of Korea , | |||
| 13330–13331 [2016–05569] | [TEXT] [PDF] | ||
| Polyethylene Terephthalate Resin from India , | |||
| 13334–13336 [2016–05712] | [TEXT] [PDF] | ||
| Polyethylene Terephthalate Resin from the People's Republic of China , | |||
| 13337–13340 [2016–05715] | [TEXT] [PDF] | ||
| Polyethylene Terephthalate Resin from the Sultanate of Oman , | |||
| 13321–13322 [2016–05713] | [TEXT] [PDF] | ||
| Silicon Metal from the People's Republic of China , | |||
| 13326–13327 [2016–05688] | [TEXT] [PDF] | ||
| Stainless Steel Sheet and Strip from the People's Republic of China , | |||
| 13322–13326 [2016–05469] | [TEXT] [PDF] | ||
| Final Determinations of Sales at Less than Fair Value: | |||
| Certain Polyethylene Terephthalate Resin from India , | |||
| 13327–13330 [2016–05710] | [TEXT] [PDF] | ||
| Polyethylene Terephthalate Resin from Canada , | |||
| 13319–13320 [2016–05703] | [TEXT] [PDF] | ||
| Polyethylene Terephthalate Resin from the People's Republic of China , | |||
| 13331–13334 [2016–05707] | [TEXT] [PDF] | ||
| Polyethylene Terephthalate Resin from the Sultanate of Oman , | |||
| 13336–13337 [2016–05705] | [TEXT] [PDF] | ||
| International Trade Commission | |||
| NOTICES | |||
| Investigations; Determinations, Modifications, and Rulings, etc.: | |||
| Certain Automated Teller Machines, ATM Modules, Components Thereof, and Products Containing the Same , | |||
| 13419 [2016–05681] | [TEXT] [PDF] | ||
| Certain Lithium Metal Oxide Cathode Materials, Lithium–Ion Batteries for Power Tool Products Containing Same, and Power Tool Products with Lithium–Ion Batteries Containing Same , | |||
| 13420–13421 [2016–05611] | [TEXT] [PDF] | ||
| Certain Pumping Bras , | |||
| 13419–13420 [2016–05666] | [TEXT] [PDF] | ||
| Judicial Conference of the United States | |||
| NOTICES | |||
| Revision of Certain Dollar Amounts in the Bankruptcy Code; Correction , | |||
| 13421 [2016–05638] | [TEXT] [PDF] | ||
| Justice Department | |||
| NOTICES | |||
| Agency Information Collection Activities; Proposals, Submissions, and Approvals: | |||
| Office of Justice Programs Standard Assurances , | |||
| 13421–13422 [2016–05668] | [TEXT] [PDF] | ||
| Labor Department | |||
| See Wage and Hour Division | |||
| PROPOSED RULES | |||
| Establishing Paid Sick Leave for Federal Contractors , | |||
| 13306–13307 [2016–05410] | [TEXT] [PDF] | ||
| Land Management Bureau | |||
| NOTICES | |||
| Competitive Coal Lease Sales: | |||
| Alabama , | |||
| 13417–13418 [2016–05642] | [TEXT] [PDF] | ||
| Meetings: | |||
| San Juan Islands National Monument Advisory Committee , | |||
| 13416–13417 [2016–05691] | [TEXT] [PDF] | ||
| National Aeronautics and Space Administration | |||
| PROPOSED RULES | |||
| Removal of Grant Handbook References , | |||
| 13308–13309 [2016–05230] | [TEXT] [PDF] | ||
| NOTICES | |||
| Agency Information Collection Activities; Proposals, Submissions, and Approvals: | |||
| Economic Purchase QuantitySupplies , | |||
| 13368 [2016–05629] | [TEXT] [PDF] | ||
| Travel Costs , | |||
| 13368–13369 [2016–05630] | [TEXT] [PDF] | ||
| Meetings: | |||
| NASA Advisory Council. , | |||
| 13423–13424 [2016–05615] | [TEXT] [PDF] | ||
| National Credit Union Administration | |||
| RULES | |||
| Member Business Loans: | |||
| Commercial Lending , | |||
| 13530–13559 [2016–03955] | [TEXT] [PDF] | ||
| NOTICES | |||
| Agency Information Collection Activities; Proposals, Submissions, and Approvals: | |||
| Vendor Registration Form , | |||
| 13424 [2016–05667] | [TEXT] [PDF] | ||
| National Indian Gaming Commission | |||
| NOTICES | |||
| Environmental Impact Statements; Availability, etc.: | |||
| Jamul Indian Village Proposed Gaming Management Agreement, San Diego County, CA , | |||
| 13418 [2016–05604] | [TEXT] [PDF] | ||
| National Institutes of Health | |||
| NOTICES | |||
| Meetings: | |||
| Center for Scientific Review , | |||
| 13395–13396 [2016–05591] | [TEXT] [PDF] | ||
| 13395 [2016–05592] | [TEXT] [PDF] | ||
| National Heart, Lung, and Blood Institute , | |||
| 13399 [2016–05593] | [TEXT] [PDF] | ||
| National Institute of Environmental Health Sciences , | |||
| 13397–13398 [2016–05594] | [TEXT] [PDF] | ||
| National Institute of Mental Health , | |||
| 13398 [2016–05595] | [TEXT] [PDF] | ||
| National Institute of Neurological Disorders and Stroke , | |||
| 13397 [2016–05596] | [TEXT] [PDF] | ||
| 13398–13399 [2016–05597] | [TEXT] [PDF] | ||
| National Toxicology Program Board of Scientific Counselors , | |||
| 13396–13397 [2016–05590] | [TEXT] [PDF] | ||
| National Oceanic and Atmospheric Administration | |||
| RULES | |||
| Fisheries of the Exclusive Economic Zone Off Alaska: | |||
| Other Hook-and-Line Fishery by Catcher Vessels in the Gulf of Alaska , | |||
| 13289 [2016–05632] | [TEXT] [PDF] | ||
| Pacific Cod in the Central Regulatory Area of the Gulf of Alaska , | |||
| 13288–13289 [2016–05679] | [TEXT] [PDF] | ||
| PROPOSED RULES | |||
| Hawaiian Islands Humpback Whale National Marine Sanctuary; Withdrawal of Proposed Regulations , | |||
| 13303–13305 [2016–05452] | [TEXT] [PDF] | ||
| NOTICES | |||
| Agency Information Collection Activities; Proposals, Submissions, and Approvals: | |||
| Basic Requirements for Special Exemption Permits and Authorizations to Take, Import, and Export Marine Mammals, Threatened and Endangered Species, and for Maintaining a Captive Marine Mammal Inventory Under the Marine Mammal Protection, the Fur Seal, and the Endangered Species Acts , | |||
| 13341–13342 [2016–05612] | [TEXT] [PDF] | ||
| Meetings: | |||
| New England Fishery Management Council , | |||
| 13342 [2016–05636] | [TEXT] [PDF] | ||
| Western Pacific Fishery Management Council , | |||
| 13340–13341 [2016–05637] | [TEXT] [PDF] | ||
| Permits: | |||
| Marine Mammals; File No. 18636 , | |||
| 13342–13343 [2016–05614] | [TEXT] [PDF] | ||
| Nuclear Regulatory Commission | |||
| RULES | |||
| List of Approved Spent Fuel Storage Casks: | |||
| Holtec International HI–STORM 100 Cask System; Certificate of Compliance No. 1014, Amendment No. 10 , | |||
| 13265–13271 [2016–05711] | [TEXT] [PDF] | ||
| Physical Protection of Category 1 and Category 2 Quantities of Radioactive Material , | |||
| 13263–13265 [2016–05260] | [TEXT] [PDF] | ||
| PROPOSED RULES | |||
| List of Approved Spent Fuel Storage Casks: | |||
| Holtec International HI–STORM 100 Cask System; Certificate of Compliance No. 1014, Amendment No. 10 , | |||
| 13295–13298 [2016–05709] | [TEXT] [PDF] | ||
| Rural Housing Service | |||
| NOTICES | |||
| Applications for Loan Guarantees under the Guaranteed Rural Rental Housing Program for Fiscal Year 2016 , | |||
| 13311–13317 [2016–05610] | [TEXT] [PDF] | ||
| Rural Utilities Service | |||
| NOTICES | |||
| Agency Information Collection Activities; Proposals, Submissions, and Approvals , | |||
| 13318 [2016–05585] | [TEXT] [PDF] | ||
| Environmental Assessments; Availability, etc.: | |||
| Telecommunications Program , | |||
| 13317–13318 [2016–05584] | [TEXT] [PDF] | ||
| Science and Technology Policy Office | |||
| NOTICES | |||
| Meetings: | |||
| National Nanotechnology Initiative , | |||
| 13424–13425 [2016–05608] | [TEXT] [PDF] | ||
| Securities and Exchange Commission | |||
| NOTICES | |||
| Joint Industry Plans: | |||
| Developing and Implementing Procedures Designed to Facilitate the Listing and Trading of Standardized Options to Add ISE Mercury, LLC as a Plan Sponsor , | |||
| 13433–13434 [2016–05598] | [TEXT] [PDF] | ||
| Options Order Protection and Locked/Crossed Market Plan to Add ISE Mercury LLC, as a Participant , | |||
| 13425–13426 [2016–05599] | [TEXT] [PDF] | ||
| Meetings; Sunshine Act , | |||
| 13426 [2016–05802] | [TEXT] [PDF] | ||
| Self-Regulatory Organizations; Proposed Rule Changes: | |||
| Chicago Board Options Exchange, Inc. , | |||
| 13429–13433 [2016–05587] | [TEXT] [PDF] | ||
| Financial Industry Regulatory Authority, Inc. and ISE Mercury, LLC , | |||
| 13434–13435 [2016–05589] | [TEXT] [PDF] | ||
| Municipal Securities Rulemaking Board , | |||
| 13426–13429 [2016–05586] | [TEXT] [PDF] | ||
| NASDAQ Stock Market, LLC , | |||
| 13429 [2016–05588] | [TEXT] [PDF] | ||
| Social Security Administration | |||
| NOTICES | |||
| Acquiescence Rulings: | |||
| Boley v. Colvin , | |||
| 13438–13439 [2016–05663] | [TEXT] [PDF] | ||
| Rulings: | |||
| Evaluation of Claims Involving Similar Fault in the Providing of Evidence , | |||
| 13439–13441 [2016–05660] | [TEXT] [PDF] | ||
| Fraud and Similar Fault Redeterminations under the Social Security Act , | |||
| 13436–13438 [2016–05661] | [TEXT] [PDF] | ||
| State Department | |||
| NOTICES | |||
| Designations as Global Terrorists: | |||
| Abdul Saboor, a.k.a. Engineer Saboor, a.k.a. Abdul Saboor Nasratyar , | |||
| 13441 [2016–05673] | [TEXT] [PDF] | ||
| Abdullah Nowbahar , | |||
| 13443 [2016–05672] | [TEXT] [PDF] | ||
| Meetings: | |||
| Cultural Property Advisory Committee , | |||
| 13441–13442 [2016–05671] | [TEXT] [PDF] | ||
| Foreign Affairs Policy Board , | |||
| 13441 [2016–05676] | [TEXT] [PDF] | ||
| Shipping Coordinating Committee , | |||
| 13443 [2016–05677] | [TEXT] [PDF] | ||
| Memorandums of Understanding: | |||
| Imposition of Import Restrictions on Archaeological Material from the Pre-Columbian Cultures and Certain Ethnological Material from the Colonial and Republican Periods of Bolivia , | |||
| 13443–13444 [2016–05675] | [TEXT] [PDF] | ||
| Imposition of Import Restrictions on Categories of Archaeological and Byzantine Ecclesiastical Ethnological Material through the 15th Century A.D. of the Hellenic Republic , | |||
| 13442–13443 [2016–05674] | [TEXT] [PDF] | ||
| Surface Transportation Board | |||
| RULES | |||
| Revised Procedural Schedule In Stand-Alone Cost Cases , | |||
| 13287–13288 [2016–05664] | [TEXT] [PDF] | ||
| Transportation Department | |||
| See Federal Aviation Administration | |||
| See Federal Transit Administration | |||
| Treasury Department | |||
| See Comptroller of the Currency | |||
| See Foreign Assets Control Office | |||
| See Internal Revenue Service | |||
| U.S. Customs and Border Protection | |||
| NOTICES | |||
| Modification of National Customs Automation Program Tests Concerning the Partner Government Agency Message Set for Certain Data Required by the Environmental Protection Agency , | |||
| 13399–13403 [2016–05678] | [TEXT] [PDF] | ||
| Wage and Hour Division | |||
| NOTICES | |||
| Agency Information Collection Activities; Proposals, Submissions, and Approvals: | |||
| Records to be Kept by EmployersFair Labor Standards Act , | |||
| 13422–13423 [2016–05662] | [TEXT] [PDF] | ||
Separate Parts In This Issue |
|||
| Part II | |||
| Transportation Department, Federal Aviation Administration , | |||
| 13452–13528 [2016–05493] | [TEXT] [PDF] | ||
| Part III | |||
| National Credit Union Administration , | |||
| 13530–13559 [2016–03955] | [TEXT] [PDF] | ||
| Part IV | |||
| Treasury Department, Foreign Assets Control Office , | |||
| 13562–13606 [2016–05315] | [TEXT] [PDF] | ||
| Part V | |||
| Treasury Department, Comptroller of the Currency , | |||
| 13608–13635 [2016–05089] | [TEXT] [PDF] | ||
| Part VI | |||
| Environmental Protection Agency , | |||
| 13638–13712 [2016–05191] | [TEXT] [PDF] | ||
| Front Matter and CFR Parts Affected in this issue | [TEXT] [PDF] | ||
| Reader Aids and CFR Parts Affected this month | [TEXT] [PDF] | ||
| Consult the Reader Aids section at the end of
this issue for phone numbers, online resources, finding aids, and notice
of recently enacted public laws. To subscribe to the Federal Register Table of Contents LISTSERV electronic mailing list, go to http://listserv.access.gpo.gov and select Online mailing list archives, FEDREGTOC-L, Join or leave the list (or change settings); then follow the instructions. |
|||
The FEDREGTOC-L list is hosted by the U.S. Government Printing Office. To view an online archive of previous Federal Register Tables of Contents, please visit the GPO Access website.
To view or change your subscription options, or to leave the FEDREGTOC-L list, please go to the GPO LISTSERV homepage and select Online mailing list archives, FEDREGTOC-L, Join or leave the list (or change settings); then follow the instructions.
All questions regarding the FEDREGTOC-L list may be directed to:
Subscribe to:
Posts (Atom)
BookMark
