Review – HR 7257 Introduced – State Energy Plans

Last month Rep Latta (R,OH) introduced HR 7257, the Securing Community Upgrades for a Resilient (SECURE) Grid Act. The bill would amend 42 USC 6326 to require States to include local distribution systems in their State Energy Security Plans described in that section. No new funding is authorized by this legislation.

The bill is similar to HR 9083 that was introduced by Latta in July 2024. No action was taken on that bill in the 118^th Congress. While similar in intent, HR 7257 is a substantial rewrite. Some of the changes of interest include:

Modifying the proposed definition of the term ‘local distribution systems’ by increasing the maximum voltage from 35 kilovolts to 100 kilovolts,

Removing the proposed language being added to (b)(2)(B) referencing “energy supply disruptions resulting from increased demand on the electric grid, deteriorating assets [emphasis added], and physical and cybersecurity threats”, and

Removing from the proposed language revision in (b)(3) reference to “risks and liabilities posed by human error or mismanagement”.

Moving Forward

Latta and his two cosponsors are members of the House Energy and Commerce Committee to which this bill was assigned for consideration. This means that there could be sufficient influence to see this bill considered in Committee. I see nothing in this bill that would engender any organized opposition. I suspect that there will be some level of bipartisan support for this bill in Committee. Whether that support would be sufficient to see the bill considered in the Full House under the suspension of the rules remains to be seen.

 

For more information on the provisions of this bill, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/hr-7257-introduced-state-energy-plans - subscription required.

Review - HR 7266 Introduced – Utility Cybersecurity Grants

Last month Rep Miller-Meeks (R,IA) introduced HR 7266, the Rural and Municipal Utility Cybersecurity Act. The bill would rewrite 42 USC 18723, the Rural and municipal utility advanced cybersecurity grant and technical assistance program, to update and reauthorize that program. The existing $250 million annual authorization for the program would be extended through 2030.

The existing Rural And Municipal Utility Advances Cybersecurity Grant And Technical Assistance Program was authorized in 2021 by §40124 of the Infrastructure Investment and Jobs Act (PL 117-58, 135 STAT 953). There is no sunset provision in this statute, but the spending authorization is only included through FY 2026.

Moving Forward  

Miller-Meeks, and her two cosponsors, are all members of the House Energy and Commerce Committee to which this bill was assigned for consideration. This means that there may be sufficient influence to see the bill considered in Committee. I see nothing in the bill that would engender any organized opposition. I suspect that there would be significant bipartisan support for this bill, which should allow for it to be considered by the full House under the suspension of the rules process. That would mean limited debate, no floor amendments, and it would require a super majority for passage.

 

For more details about the provisions of the bill, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/hr-7266-introduced-utility-cybersecurity - subscription required.

Review – HR 6846 Introduced – UAS Threat Assessment

Back in December, Rep Crane (R,AZ) introduced HR 6846, the Detecting and Evaluating Foreign Exploitation of Novel Drones (DEFEND) Act. The bill would amend the Homeland Security Act of 2002 by adding a new section; §324, Annual assessment on terrorism threats to the United States relating to the use of unmanned aircraft systems by covered foreign adversaries, including terrorist organizations. No new funding is authorized by this bill.

I can find no legislation in the 118th Congress that would be similar to HR 6846. To date no congressional action has been taken on this bill.

Moving Forward

Crane and all five of his cosponsors are members of the House Homeland Security Committee to which this bill was assigned for consideration. This means that there should be sufficient influence to see this bill considered in Committee. I see nothing in this bill that would engender any organized opposition. I would expect that the bill would receive bipartisan support, and that support should be sufficient to see the bill considered in the full House under the suspension of the rules process.

Commentary

While the bill’s description of the information to be included in the assessment would seem to be comprehensive, it has two serious shortcomings. First, it does not include any consideration of the legal aspects of counter UAS operations that currently restrict State, local, and tribal organizations from effectively identifying, tracking and intercepting covered UAS systems. Second, it effectively ignores any potential efforts (and legal restriction on such efforts) by private sector critical infrastructure organizations to protect themselves.

 

For more information on the provisions of this bill, including suggested language to correct the shortcomings identified above, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/hr-6846-introduced-uas-threat-assessment - subscription required

Review – Public ICS Disclosures – Week of 2-7-26 – Part 2

 For Part 2 we have five additional vendor disclosures from Arista, HPE, Supermicro, WAGO, and Yokogawa. There are ten vendor updates from Broadcom (3), CODESYS (2), HP, HPE, and Schneider (3). We also have three researcher reports for products from Sante, Linksys, and Solax. Finally, we have three exploits for products from FortiGuard, Palo Alto Networks, and SolarWinds.

Advisories

Arista Advisory - Arista published an advisory that describes six vulnerabilities in their Next Generation Firewall.

HPE Advisory - HPE published an advisory that discusses an improper handling of values vulnerability in their ProLiant DL/ML/XD, Synergy, Edgeline, MicroServer.

Supermicro Advisory - Supermicro published an advisory that discusses 11 vulnerabilities in multiple Supermicro products.

WAGO Advisory - CERT-VDE published an advisory that describes four vulnerabilities in the WAGO Industrial-Managed-Switch 0852-XXXX products.

Yokogawa Advisory - Yokogawa published an advisory that describes six vulnerabilities in their Vnet/IP Interface Package.

Updates

Broadcom Update #1 - Broadcom published an update for their Brocade Fabric OS advisory that was originally published on August 1^st, 2023.

Broadcom Update #2 - Broadcom published an update for their Brocade Fabric OS advisory that was originally published on May 17^th, 2017.

Broadcom Update #3 - Broadcom published an update for their rsynd advisory that was originally published on September 13, 2022.

CODESYS Update #1 - CODESYS published an update for their CODESYS Control advisory that was originally published on December 1^st, 2025.

CODESYS Update #2 - CODESYS published an update for their CODESYS Control advisory that was originally published on December 1^st, 2025.

HP Update - HP published an update for their LaserJet advisory that was originally published on November 13^th, 2025, and most recently updated on December 10^th, 2025.

HPE Update - HPE published an update for their Aruba Networking EdgeConnect advisory that was originally published on January 14^th, 2026.

Schneider Update #1 - Schneider published an update for their EcoStruxure Power Operation advisory that was originally published on July 8^th, 2025.

Schneider Update #2 - Schneider published an update for their EcoStruxure Foxboro DCS advisory that was originally published on December 9^th, 2025.

Schneider Update #3 - Schneider published an update for their Uni-Telway Driver advisory that was originally published on February 11^th, 2025, and most recently updated on January 13^th, 2026.

Researcher Reports

Linksys Report - SySS Tech published a report that describes six vulnerabilities (with proof-of-concept code) in the Linksys MR9600 and MX4200 routers.

Sante Report - The Zero Day Initiative published a report that describes a buffer overflow vulnerability in the Sante DICOM Viewer Pro.

Solax Report - SEC Consult published a report that describes three vulnerabilities (with proof-of-concept code) in the Solax Power Pocket WiFi models.

Exploits

FortiGuard Exploit - Peter Gabaldon published an exploit for an exposure of sensitive information to an unauthorized actor vulnerability in the FortiGuard FortiGate product.

Palo Alto Networks Exploit - Indoushka published an exploit for four vulnerabilities in the Palo Alto Networks PAN-OS products.

 

For more information about these disclosures, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-2-c98 - subscription required.

Short Takes – 2-14-26 – Federal Register Edition

Notice of Intent To Grant an Exclusive, Co-Exclusive or Partially Exclusive Patent License. Federal Register NASA notice of intent to grant patent license. Summary: “NASA intends to grant an exclusive, co-exclusive, or partially exclusive patent license in the United States to practice the inventions described and claimed in: U.S. Patent Nos. 8,593,153 entitled “Method of Fault Detection and Rerouting,” issued on November 26, 2013, and 8,810,255 entitled “In-Situ Wire Damage Detection System,” issued on August 19, 2014, to Sun City Smart Technology Solutions, Inc., having its principal place of business in El Paso, Texas. The fields of use may be limited. NASA has not yet made a final determination to grant the requested license and may deny the requested license even if no objections are submitted within the comment period.”

Notice Hazardous Materials: Notice of Actions on Special Permits. Federal Register notice of actions on special permit applications. Summary: “In accordance with the procedures governing the application for, and the processing of, special permits from the Department of Transportation's Hazardous Material Regulations, notice is hereby given that the Office of Hazardous Materials Safety has granted or denied the application described herein.”

Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) Rulemaking; Town Hall Meetings. Federal Register CISA meeting notice. Summary: “This notice announces town hall meetings to allow external stakeholders a limited additional opportunity to provide input on refining the scope and burden of the CIRCIA Notice of Proposed Rulemaking (NPRM) issued in the Federal Register on April 4, 2024. The proposed CIRCIA rulemaking seeks to implement the Cyber Incident Reporting for Critical Infrastructure Act of 2022, as amended, by implementing covered cyber incident and ransom payment reporting requirements for covered entities.”

EO 14386 - Strengthening United States National Defense With America's Beautiful Clean Coal Power Generation Fleet. Federal Register.

Chemical Incident Reporting – Week of 2-7-26

NOTE: See here for series background.

HOCKLEY, TX– 2-7-26

Local News Report: Here and here.

There was a release of methyl mercaptan fumes from a rail car cleaning facility that caused the evacuation of a nearby school. Two students were transported to a local hospital but they treated and released. There were no physical damages related to this incident.

Not CSB reportable.

Methyl mercaptan is the chemical added in very low concentrations to natural gas and propane as an odorant to aid in detection of gas leaks of those two chemicals. VERY low concentrations in the air produce a detectable and objectionable odor.

I would like to suggest that CSB update their accidental release reporting regulations to add any release that results in the evacuation of a school or medical facility should be a reportable incident under those regulations.

Santa Rosa Beach, FL – 2-11-26

Local News Report: Here, here, and here.

There was an unidentified chemical spill from an unknown vehicle on a public road that released visible fumes. The roadway was blocked and hazmat crews cleaned up the spill. No injuries were reported.

Not CSB reportable, this was a transportation related incident.

This article raised an interesting list of questions about the response to this incident.

Midwest City, OK – 2-12-26

Local News Report: Here and here.

There was a cleaning chemical mixing incident at a food processing facility that resulted in the release of chlorine gas. The 50-gallon drum where the mixing took place was capped and the building was aired out. No injuries were reported and there were no damages related to the incident.

Not CSB reportable.

FCC Sends Satellite Broadband NPRM to OMB

Yesterday the OMB’s Office of Information and Regulatory Affairs (OIRA) announced that it had received a notice of proposed rulemaking from the Federal Communications Commission (FCC) on “Modernizing Spectrum Sharing for Satellite Broadband (SB Docket No. 25-157 [link added])”. This rulemaking was not listed in the Spring 2025 Unified Agenda. 

SB Docket 25-157 was opened on April 7^th, 2025. The FCC published a notice of proposed rulemaking for that docket on April 29^th, 2025. It is not clear what relationship exists between that NPRM and the one announced by OIRA yesterday.

I am posting this as part of my limited Space Geek coverage, and do not expect to cover this rulemaking in any detail beyond announcements of OIRA actions and mentions in the appropriate Short Takes posts for Federal Register notices.