Chemical Transportation Incidents – Week of 4-18-26

 Reporting Background 

See this post for explanation, with the most recent update here (removed from paywall). 

Data from PHMSA’s online database of transportation related chemical incidents that have been reported to the agency. 

Incidents Summary  

• Number of incidents – 541 (503 highway, 29 air, 9 rail, 0 water) 

• Serious incidents – 4 (4 Bulk release, 0 evacuation, 0 injury, 0 death, 0 major artery closed, 2 fire/explosion, 46 no release)  

• Largest container involved – 27,400-gal DOT 111A100W5 Railcar {Hydrochloric Acid} PRD venting. 

• Largest amount spilled – 275-gal Metal Drums {Flammable Liquids, N.O.S.} Load not blocked and braced, containers crushed. 

• Total amount reported spilled in all incidents – 3305.7-gal 

NOTE: Links above are to Form 5800.1 for the described incidents. 

Most Interesting Chemical: Ammonia Anhydrous: A clear colorless gas with a strong odor. Shipped as a liquid under its own vapor pressure. Density (liquid) 6 lb / gal. Contact with the unconfined liquid can cause frostbite. Gas generally regarded as nonflammable but does burn within certain vapor concentration limits and with strong ignition. Fire hazard increases in the presence of oil or other combustible materials. Although gas is lighter than air, vapors from a leak initially hug the ground. Prolonged exposure of containers to fire or heat may cause violent rupturing and rocketing. Long-term inhalation of low concentrations of the vapors or short-term inhalation of high concentrations has adverse health effects. Used as a fertilizer, as a refrigerant, and in the manufacture of other chemicals. (Source: CameoChemicals.NOAA.gov).  

Review - HR 7625 Introduced – CG as SRMA

 Back in February, Rep McDowell (R,NC) introduced HR 7625, the Marine Transportation System Cybersecurity Budget and Evaluation Report (MTS CYBER) Act of 2026. The bill would require the GAO to assess the budget and capabilities of the Coast Guard as a Sector Risk Management Agency (SRMA) to ensure it can fulfill responsibilities for protecting the MTS against cyber threats. No new funding is authorized. 

Moving Forward  

Both McDowell, and his sole cosponsor {Rep Begich (R,AK)}, are members of the House Transportation and Infrastructure Committee to which this bill was assigned for consideration. This means that there may be sufficient influence to see the bill considered in Committee. Since this is a study-report bill, I see nothing in the bill that would engender any organized opposition. I would expect the bill to receive a certain measure of bipartisan support. Whether that support would be sufficient to see the bill move to the floor of the House under the suspension of the rules process remains to be seen. This bill is not politically important enough to move to the floor under a rule. 

For more information on the provisions of this bill, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/hr-7625-introduced-cg-as-srma - subscription required. 

Review – 5 Advisories and 2 Updates Published – 5-21-26

Today CISA’s NCCIC-ICS published five control system security advisories for products from ABB (4) and Hitachi Energy. They also updated advisories for products from ABB and Schneider Electric. 

Advisories  

ABB Advisory #1 - This advisory describes three vulnerabilities in the ABB Terra AC Wallbox EV charger. NOTE: I briefly discussed the latest update to the ABB advisory on November 30th, 2025. 

NOTE: I briefly discussed the latest update to the ABB advisory on November 30th, 2025. 

ABB Advisory #2 - This advisory describes three vulnerabilities in the ABB B&R Automation Runtime product. The vulnerability is self-reported. 

ABB Advisory #3 - This advisory discusses 25 vulnerabilities in the ABB B&R Automation Studio. ABB Advisory #4 - This advisory discusses the PixieFail vulnerabilities. 

Hitachi Energy Advisory - This advisory discusses an observable discrepancy vulnerability in the Hitachi Energy GMS600. 

Updates  

ABB Update - This update provides additional information on the Automation Builder advisory that was originally published on May 13th, 2025. 

Schneider Update - This update provides additional information on the EcoStruxure Process Expert advisory that was originally published on January 22nd, 2026. 

NOTE: I briefly listed the latest Schneider update on May 17th, 2026. 

For more information on these advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/5-advisories-and-2-updates-published-7c6 - subscription required. 

CISA Announces KEV Nominations

This morning CISA announced that it had published their new Known Exploited Vulnerabilities nomination form. According to today’s announcement: 

“The new form is a secure, web-based tool that will improve CISA’s ability to intake and analyze reported vulnerabilities and ensure we continue to help organizations effectively keep pace with threat activity. Vulnerabilities submitted for potential addition to the catalog must have a Common Vulnerabilities and Exposures (CVE) ID, evidence of exploitation, and clear mitigation guidance. Learn more about the criteria for KEV catalog submissions and CISA’s efforts to reduce KEV-related risk.” 

According to the approved information collection request (ICR) supporting this reporting form, CISA expects as many as 2,725 annual submissions 

This should allow CISA participate earlier in the exploit notification process. Instead of having to wait until they read about the exploits in the press, this will allow them to hear directly from owners, vendors, and researchers when exploits are identified.