Short Takes – 6-6-26 - Federal Register Edition

Alternative Electronic Submission of PCB Annual Reports. Federal Register EPA notice. Summary: “The Environmental Protection Agency (EPA or the Agency), Office of Resource Conservation and Recovery (ORCR), Polychlorinated Biphenyl's (PCBs) Program is announcing that PCB Annual Reports can be submitted via EPA's Resource Conservation and Recovery Act (RCRA) Info System (“RCRAInfo” [link added]). The Agency is moving towards all-electronic reporting to improve simplicity, cost-effectiveness, and efficiency.” 

Safety Zone; Hurricanes, Tropical Storms, and Severe Weather Events in the Sector Mobile Captain of the Port Zone. Federal Register CG notice of proposed rulemaking. Summary: “The Coast Guard is proposing to establish a safety zone in the navigable waters within the Sector Mobile Captain of the Port (COTP) zone, to be enforced in the event of hurricanes, tropical storms, and other severe weather events. This regulation establishes requirements for industry and vessel operators in the Mobile COTP zone, to ensure the safety of the safety of the ports and waters within the zone prior to, during and immediately following these events.” 

Agency Information Collection Activities; Comment Request; Presidential Cybersecurity Education Award. Federal Register Education Department 60-day information collection request reinstatement notice. Summary: “The Executive Order on America's Cybersecurity Workforce (Executive Order 13870), signed on May 2, 2019, included a directive for the Secretary of Education, in consultation with the DAPHSCT and the National Science Foundation, to develop and implement an annual Presidential Cybersecurity Education Award to be presented to one elementary and one secondary school educator per year who best instill skills, knowledge, and passion with respect to cybersecurity and cybersecurity-related subjects. This information collection request supports this executive order.” 

EO 14409 - Promoting Advanced Artificial Intelligence Innovation and Security. Federal Register. 

EPA Sends NPDES NPRM to OMB

Yesterday, the OMB’s Office of Information and Regulatory Affairs (OIRA) announced that it had received a notice of proposed rulemaking (NPRM) from the EPA on “Updates to the National Pollutant Discharge Elimination System Definitions and Exclusions”. 

This rulemaking was not listed in the Spring 2025 Unified Agenda, so the planned scope of this rulemaking is not readily available. I would assume, however, that this NPRM is part of the Administration’s deregulatory agenda. 

I would not expect to cover this rule in any detail, but at a minimum I will be mentioning the publication of the NPRM in the appropriate Short Takes post. 

Review – Public ICS Disclosures – Week of May 30th, 2026 – Part 1

This week we have a moderately busy disclosure week. For Part 1 there are 12 vendor disclosures from Arista, Dassault Sytems (2), D-Link, Eaton, HP, HPE (2), MBS, NI, Phillips, and Phoenix Contact. 

Advisories  

Arista Advisory - Arista published an advisory that discusses an improper restriction of operations within the bounds of a memory buffer vulnerability (with publicly available exploit) in their EOS platform products. 

Dassault Advisory #1 - Dassault published an advisory that describes a cross-site scripting vulnerabbility in their Process Experience Studio in DELMIA Service Process Engineer. 

Dassault Advisory #2 - Dassault published an advisory that describes a deserialization of untrusted data vulnerability in their Teamwork Cloud from No Magic product. 

D-Link Advisory - D-Link published an advisory that describes a use of weak credentials vulnerability in their DWR-X1820 router. 

Eaton Advisory - Eaton published an advisory that discusses a TOCTOU race condition vulnerabiltiy in their ProView NXG application software. 

HP Advisory - HP published an advisory that describes a stack-based buffer overflow vulnerability (with publicly available exploit) in their Poly Voice products. 

HPE Advisory #1 - HPE published an advisory that discusses ten vulnerabilities (four with publicly available exploits) in their Telco Network Function Virtualization Orchestrator. 

HPE Advisory #2 - HPE published an advisory that discusses a TOCTOU race condition vulnerability in their ArubaOS-CX Switches. 

MBS Advisory - CERT-VDE published an advisory that describes 11 vulnerabilities in the MBS Universal Gateways (UGW-A-Series, UGW-X-Series) used in multiple MBS products.3 

NI Advisory - NI published an advisory that describes two vulnerabilities in their NI-PAL product. 

Philips Advisory - Philips published an advisory that discusses the Windows’ BlueHammer, RedSun, and UnDefend vulnerabilities. 

Phoenix Contact Advisory - Phoenix Contact published an advisory that describs an exposure of sensitive information to an unauthorized actor vulnerability in their CHARX SEC-3150 product. 

For more information on these disclosures, including links to 3rd party advisories, researcher reports, and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-may - subscription required. 

Review – Bills Introduced – 6-4-26

Yesterday, with both the House and Senate in session (but leaving for an early weekend), there were 52 bills introduced. One of those bills may receive additional coverage here: 

S 4686 A bill to establish a commission on robotics, and for other purposes. McCormick, David [Sen.-R-PA] 

I can find no bills in the 118th Congress that would be similar to S 4686. There is, however, a House bill from this session (HR 7334, the National Commission on Robotic Act) that would appear to be similar. I am not covering HR 7334 because there is no language in the bill that addresses robotic cybersecurity issues. I will be watching S 4686 for language or definitions that would specifically address such issues. 

Space Geek Legislation  

I would like to mention one bill under my limited Space Geek coverage in this blog: 

S 4693 A bill to require the Secretary of Defense to carry out an operational pilot program under the Hybrid Space Architecture initiative to evaluate the use of commercially available orbital data center services and space-based cloud computing capabilities relevant to national security space and joint mission requirements, and for other purposes. Cruz, Ted [Sen.-R-TX]   

For more information on these bills, including legislative history for similar bills in the 118th Congress, as well as a mention in passing of a bill to replace high-tech weapons consumed in Iran War, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/bills-introduced-6-4-26 - subscription required.