Review – Bills Introduced – 2-5-26

Yesterday with just the Senate in Washington, and the House meeting in pro forma session, there were 55 bills introduced. One of those bills will receive additional coverage in this blog:

HR 7390 SELF DRIVE Act of 2026 Latta, Robert E. [Rep.-R-OH-5]

 

For more information on these bills, including legislative history for similar bills in the 118^th Congress, as well as a mention-in-passing of a bill requiring a study of power transmission lines on highway and rail rights of way, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/bills-introduced-2-5-26 - subscription required.

Short Takes – 2-6-26 – Federal Register Edition

The Hazardous Waste Electronic Manifest System (“e-Manifest”) Advisory Board: Request for Nominations. Federal Register EPA notice. Summary: “The U.S. Environmental Protection Agency (EPA) invites the public to nominate experts in Information Technology (IT) to be considered for a three-year membership appointment to the Hazardous Waste Electronic Manifest System (“e-Manifest”) Advisory Board (the “Board”). Pursuant to the Hazardous Waste Electronic Manifest Establishment Act (the “e-Manifest Act” or the “Act”), EPA has established the Board to provide practical and independent advice, consultation, and recommendations to the EPA Administrator on the activities, functions, policies, and regulations associated with the Hazardous Waste Electronic Manifest (e-Manifest) System. In accordance with the e-Manifest Act, the EPA Administrator or designee will serve as Chair of the Board. This document solicits nominations for possible consideration of candidates to potentially fill a vacancy on the Board to serve as an IT expert for a three-year appointment. EPA may also consider nominations received through this solicitation to fill any unanticipated future vacancies on the Board for the following positions including an industry representative member with experience in using or representing users of the manifest system; and a state representative member responsible for processing manifests.” Nominations should be received by March 9^th, 2026.

Implementation of the Executive Order Entitled “Zero-Based Regulatory Budgeting To Unleash American Energy”; Correction. Federal Register DOE CFR correction amendment. Summary: “The Federal Energy Regulatory Commission (FERC) published a direct final rule [link added] in the Federal Register of October 21, 2025, revising its regulations to insert a conditional sunset date into certain regulations in response to Executive Order 14270, “Zero-Based Regulatory Budgeting to Unleash American Energy.” The document contained an error. This document corrects the regulations.” Note: This correction removes 18 CFR 157.202(2)(ii)(H), which was added here, but was not discussed in preamble.

EO 14381 - Celebrating American Greatness with American Motor Racing. Federal Register.

Review – 6 Advisories and 4 Updates Published – 2-5-26

Today CISA’s NCCIC-ICS published six control system security advisories for products from Hitachi Energy (2), Ilevia, 06 Automation, Mitsubishi, and TP-Link. They also updated advisories for products from KiloView, Multiple India-based Vendors, Hitachi Energy, and Mitsubishi.

Advisories

Hitachi Energy Advisory #1 - This advisory discusses the BlastRadius.Fail vulnerability in their FOX61x product.

NOTE: I briefly discussed the vulnerability on January 31^st, 2026.

Hitachi Energy Advisory #2 - This advisory discusses the BlastRadius.Fail vulnerability in their FOX61x product.

Ilevia Advisory - This advisory describes nine vulnerabilities (each with publicly available exploits) in the Ilevia EVE X1 Server.

06 Automation Advisory - This advisory describes an out-of-bounds write vulnerability in their Open62541 OPC UA stack.

Mitsubishi Advisory - This advisory describes an improper validation of specified quantity in input vulnerability in the MELSEC iQ-R Series products.

TP-Link Advisory - This advisory describes an improper authentication vulnerability in the TP-Link VIGI Series IP Cameras.

Updates

KiloView Update - This update provides additional information on the Encoder Series advisory that was originally published on January 29^th, 2025.

NOTE: The original advisory was a “has not responded to requests to work with CISA” advisory.

India Based Update - This update provides additional information on the CCTV Cameras advisory that was originally published on December 9^th, 2025.

NOTE: The original advisory was a “has not responded to requests to work with CISA” advisory.

Hitachi Energy Update - This update provides additional information on the Relion 670/650 advisory that was originally published on July 3^rd, 2025, and most recently updated on January 22^nd, 2026 (CISA advisory dates, not the Hitachi Energy dates listed in the ‘Revision History’).

NOTE: I briefly reported the updated information on February 1^st, 2026.

Mitsubishi Update - This update provides additional information on the MELSOFT Update Manager advisory that was originally published on July 3^rd, 2025, and most recently updated on January 20^th, 2026.

NOTE: CVE-2025-0411, listed as a third-party vulnerability in this advisory, was listed in CISA’s Known Exploited Vulnerabilities (KEV) catalog today (listed on “February 6^th, 2026”?).

 

For more information on these advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/6-advisories-and-4-updates-published - subscription required.

HR 5000 Adopted in Committee – Cybersecurity Hiring

Yesterday the House Oversight and Government Reform Committee held a markup hearing that considered 12 bills, including HR 5000, the Cybersecurity Hiring Modernization Act. An amendment in the form of a substitute was offered by Rep Comer (R,KY). That alternative language was approved by a vote of 44 to 0. The bill will now be cleared to move to the floor of the House, probably under the suspension of the rules process. Bipartisan support is expected.

The bill would limit the ability of federal agencies to require minimum educational requirements in the hiring of personnel to fill cybersecurity positions in the competitive service. No funding is authorized in this legislation.

The substitute language included a minor change in the proposed language to be added to 5 USC 3308. It added a new subparagraph (C) to the proposed §3308(b)(2), requiring the Office of Personnel Management to post regular updates to the Federal Cyber Workforce Dashboard maintained on the Office’s website.

With the bill being favorably reported by the Committee, it is now cleared for consideration by the full House; technically the Committee Report is supposed to be published first. I would expect the bill to be taken up under the suspension of the rules process; limited debate, no floor amendments, and a super majority required for passage. A similar bill,  HR 4502, the Modernizing the Acquisition of Cybersecurity Experts Act, passed in the 118^th Congress by a vote of 394 to 1.

CSB Releases Another Combustible Dust Safety Video

Yesterday the Chemical Safety Board (CSB) released a safety video outlining the causes and results of the May 2017 combustible dust explosions and fires at Di Didion Milling facility in Cambria, Wisconsin. As we have come to expect from CSB videos, the new video provides a compelling summary of the results of the CSB’s accident investigation and report.

There have been two earlier dust explosion videos from  the CSB. The first was the video about the explosions at Imperial Sugar. The second was a follow up video about the lack of action at OSHA about combustible dust hazards.

Review – Bills Introduced – 2-4-26

Yesterday, with both the House and Senate in Washington, there were 64 bills introduced. One of those bills may receive additional coverage in this blog:

HR 7384 To amend the Toxic Substances Control Act to prohibit the use of hydrogen fluoride (hydrofluoric acid) at petroleum refineries, and for other purposes. Waters, Maxine [Rep.-D-CA-43] 

Space Geek Legislation

I would like to mention one bill under my limited Space Geek coverage in this blog:

HR 7379 To amend title 51, United States Code, to provide the National Aeronautics and Space Administration authority to detect, identify, monitor, and track unmanned aircraft systems, and for other purposes. Stevens, Haley M. [Rep.-D-MI-11]

For more information on these bills, including legislative history for similar bills in the 118^th Congress, as well as a mention in passing of two bills limiting the use of facial recognition, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/bills-introduced-2-4-26 - subscription required.

DOT Publishes National Strategy for TDI RFI Notice

 Today, the DOT’s Office of the Assistant Secretary for Research and Technology (OST-R) published a request for information (RFI) in the Federal Register (91 FR 5150-5151) on “Request for Information-Research To Support Establishing a National Strategy for Transportation Digital Infrastructure”. This RFI is seeking public and stakeholder input on the research and development activities needed to modernize the nation's transportation system through the application of digital infrastructure at scale.

The RFI is looking for responses to questions in four key topic areas:

• Research, Development and Deployment,

• System Architecture, Interoperability and Standards,

• Artificial Intelligence and Automation, and

• Data Governance, Privacy, and Cybersecurity.

The last topic area includes two specific cybersecurity related questions:

The last topic area includes two specific cybersecurity related questions:

What data governance principles, access controls, and cybersecurity measures are needed to ensure trust, accountability, and privacy?

How should U.S. DOT apply the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) to TDI development and deployment?

In my opinion there should be an additional cybersecurity question added:

“Should DOT seek to establish a TDI related vulnerability disclosure process, or should it actively promote the use of CISA’s vulnerability reporting process.”

OST-R is soliciting public feedback. They request submissions be made in MS Word format and sent via email to DI-Strategy-RFI@dot.gov. Comments should be submitted by March 6^th, 2026