Review - CSB Publishes FY2026 – FY2030 Strategic Plan

Yesterday, without fanfare or announcement, the Chemical Safety Board added a link to their new FY 2026 – 2030 Strategic Plan to their website. While the current administration continues to try to shut down the CSB, the Board has crafted their required look into the future. The report outlines three strategic goals and sets forth the objectives that support those goals, and the steps that the Board intends to take to achieve those ends. 

The three goals are:  

Goal 1: Safeguard U.S. communities, workers, the environment, and our nation’s critical industries by preventing recurrence of significant chemical incidents through independent investigations. 

Goal 2: Advocate safety and achieve change through recommendations, outreach, and education. 

Goal 3: Create and maintain an engaged, high-performing workforce. 

Commentary  

As with most organizations' goal statements, this document is broad in its scope and sweeping in its intent, and vague in its performance measures. In today’s political environment, however, the important thing is that the Board stood up and planned for their future. They still need to hope for Congressional funding in the face of presidential opposition. The publication of this Strategic Plan helps provide support for Congressional action. 

For more information on the details of the Strategic Plan, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/csb-publishes-fy2026-fy2030-strategic - subscription required. 

BIS Sends Space-Related Export Controls IFR to OMB

Yesterday, the OMB’s Office of Information and Regulatory Affairs (OIRA) announced that it had received an interim final rule (IFR) from the DOC’s Bureau of Industry and Security (BIS) on “Export Administration Regulations: Revisions to Space-Related Export Controls”. An earlier IFR on this rulemaking was published on October 23rd, 2024. 

According to the Spring 2025 Unified Agenda entry for this rulemaking: 

“The Bureau of Industry and Security (BIS) is finalizing changes to controls for spacecraft and related items under the Export Administration Regulations (EAR) per an interim final rule published in October 2024. The IFR reduced license requirements on less sensitive items to reflect the close relations with certain countries to better facilitate space collaboration; and makes refinements and clarifications to existing controls. These changes will better enable a globally competitive U.S. space industrial base while continuing to protect U.S. national security and foreign policy interests.” 

This rulemaking is not something that I expect to cover in any depth, but as part of my limited Space Geek coverage, I would expect to at least announce it’s publication in the appropriate Short Takes post. 

Review - HR 7552 Introduced – Fentanyl and CBWC

Back in February, Rep Moore (R,AL) introduced HR 7552, the CBW Fentanyl Act. The bill would make various revisions to the Chemical and Biological Weapons Control and Warfare Elimination (CBWCE) Act of 1991 to make the international distribution of fentanyl or its precursors by a country an act of chemical or biological warfare which would require the imposition of Presidential sanctions. No new funding is authorized by this bill. 

This bill is very similar to HR 8197, the Countering Beijing’s Weaponization of Fentanyl Act, that was introduced by Rep Banks (R,IN) in June of 2024. No action was taken on that bill in the 118th Congress. The major difference between the two bills is that the new version substitutes the phrase “an individual who is an official, employee, or agent of a foreign governmental entity” for the word ‘individual’ wherever the language talks about an individual committing a covered act. There are a few other word order and phrase order changes made in this new version of the bill. 

Moving Forward 

While Moore is not a member of the House Foreign Affairs Committee to which this bill was assigned for primary consideration, one of his two cosponsors {Rep Smith (R,NJ)} is a member. This means that there may be sufficient influence to see the bill considered by that Committee. While there are certainly a substantial number of Republicans that would back this bill purely as an anti-fentanyl measure, there will be a number that would object to formally conflating a dangerous street drug with chemical weapons. I do, however, suspect that there would be sufficient bipartisan support for this bill to pass in Committee were it to be considered. There would not be sufficient support to see the bill considered under the suspension of the rules process. 

For more information on the provisions of this bill, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/hr-7552-introduced-fentanyl-and-cbwc - subscription required. 

 

Review - Public ICS Disclosures – Week of 6-6-26 – Part 3

For Part 3 we have three additional vendor disclosures from Genetec (2) and VMware. There are bulk vendor updates from HP (5) and Siemens (10). There are four additional vendor updates from ABB, FortiGuard, Mitsubishi, and Moxa. We also have three researcher reports for vulnerabilities in products from Trane, Vertiv, and Splunk. Finally, we have four exploits for products from Palo Alto Networks (2), FortiGuard, and WatchGuard. 

Advisories  

Genetec Advisory #1 - Genetec published an advisory that describes an incorrect permission assignment for critical resource vulnerability in Genetec product installations deploying RabbitMQ. 

Genetec Advisory #2 - Genetec published an advisory that describes an insertion of sensitive information into a log file vulnerability in their Security Center main server installations. 

VMware Advisory - Broadcom published an advisory that describes three cross-site scripting vulnerabilities in the VMware Cloud Foundation Operations product. 

Bulk Vendor Updates  

HP (5) 

Siemens (10) 

Updates  

ABB Update - ABB published an update for their Freelance Security Lock advisory that was originally published on November 9th, 2025. 

FortiGuard Update - FortiGuard published an update for their Sensitive 2FA Information advisory that was originally published on October 14th, 2025. 

Mitsubishi Update - Mitsubishi published an update for their Realtek Chips advisory that was originally published on March 24th, 2026. 

Moxa Update - Moxa published an update for their Diffie-Hellman Key Exchange Protocol advisory that was originally published on June 2nd, 2025. 

Researcher Reports  

Trane Report - Claroty published a report that describes five vulnerabilities in the Trane Tracer SC+ HVAC controller. 

Vertiv Report - Claroty published a report that describes two vulnerabilities in the Vertiv’s Liebert IS-UNITY-DP network cards. 

Splunk Report - WatchTowr published a report that describes a missing authentication for critical function vulnerability in the PostgreSQL Sidecar Service Endpoint in Splunk Enterprise. 

Exploits  

Palo Alto Networks Exploit #1 - Indoushka published a Metasploit module for a reliance on cookies without validation and integrity checking vulnerability in the PAN GlobalProtect product. 

Palo Alto Networks Exploit #2 - Gray Xploit published an exploit for a reliance on cookies without validation and integrity checking vulnerability in the PAN GlobalProtect product. 

FortiGuard Exploit - Indoushka published a Metasploit module for an OS command injection vulnerability in the FortiGuard FortiSandbox product. 

WatchGuard Exploit - Cody Sixteen published an exploit for a logic error vulnerability in the WatchGuard Firebox product. 

For additional information on these disclosures, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-6-81a - subscription required.