Review - S 4077 Introduced – DOD Trucking Security

Back in March, Sen Cotton (R,AR) introduced S 4077, the Trucking Security and CCP Disclosure Act of 2026. The bill would require DOD to only use motor carriers that have been certified not be owned or controlled by, and does not have significant business relationships with, any entity identified on the most recent list of Chinese military companies. It would also require the DOT’s Federal Motor Carrier Safety Administration (FMCSA) to develop and maintain a ‘Secure Defense Freight Carrier Registry’. No new funding is authorized by this legislation. 

The bill would add §2631b, Certification regarding affiliations with Chinese military companies for surface transportation contracts, to 10 USC Chapter 157. It would also add Chapter 140, Secure Defense Freight Carrier Registry, to 49 USC Subtitle IV. 

This bill is a companion measure to HR 7924, that was introduced by Rep Stefanik (R,NY) in March 2026. No action has been taken on that bill. 

Moving Forward  

Cotton is a member of the Senate Armed Services Committee to which this bill was assigned for consideration. This means that there may be sufficient influence to see the bill considered by the Committee. I see nothing in this bill that would engender organized opposition in that Committee. 

According to a press release from Stefanik’s office, she and Cotton are working to include the language from this bill in the upcoming FY 2027 National Defense Authorization Act. 

Commentary  

This bill was only assigned to the Senate Armed Services Committee for consideration. This is odd since it adds a new Chapter to 49 USC. It would seem to me that the bill should have also been assigned to the Senate Commerce, Science, and Transportation Committee for coverage of Section 3 of the bill. 

For more information on the provisions of this bill, as well as additional commentary, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/s-4077-introduced-dod-trucking-security - subscription required. 

Review – Bills Introduced – 6-8-26

Yesterday, with both the House and Senate in session, there were 64 bills introduced. None of those bills are expected to receive additional coverage here. 

Space Geek Legislation 

I would like to mention one bill under my limited Space Geek coverage in this blog: 

HR 9193 To advance NASA's use of nuclear propulsion and power systems for deep space exploration, and for other purposes. Kennedy, Mike [Rep.-R-UT-3] 

For more information on these bills, including legislative history for similar bills in the 118th Congress, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/bills-introduced-6-8-26 - subscription required. 

Short Takes – 6-9-26 - Federal Register Edition

NASA To Research, Evaluate, Assess, and Treat (TREAT) Astronauts Act. Federal Register NASA 60-day ICR revision notice. Summary: “This ongoing information collection supports clinical care and contributes to a comprehensive knowledge base on the long-term effects of spaceflight. It also enables NASA to identify gaps in services that support medical monitoring, diagnosis, and treatment of spaceflight-associated conditions. Records are collected by authorized healthcare providers within the JSC Occupational Health Branch (OHB).” 

Agency Information Collection Activities: Comment Request. Federal Register NSF 30-day ICR renewal notice. Summary: “In the event of a positive determination, the applicant is notified that their proposal has been accepted. The positive or final adverse determination concludes the SAP Portal process. In the instance of a positive determination, the data-owning agency (or agencies) contacts the applicant to provide instructions on the agency's security requirements that must be completed by the applicant to gain access to the confidential data. The completion and submission of the agency's security requirements take place outside of the SAP [Standard Application Process] Portal.” 

Request for Comment; Drive-Mode Design Best Practices. Federal Register NHTSA 30-day new ICR notice. Summary: “This is a new collection of information for which NHTSA intends to seek OMB approval for a one-time voluntary experiment which will examine how different drive-mode implementations affect driver attention and performance compared to standard interfaces.” 

APHIS Sends Biotechnology Efficiency IFR to OMB

Yesterday, OMB’s Office of Information and Regulatory Affairs (OIRA) announced that it had received an interim final rule (IFR) from the USDA’s Animal and Plant Health Inspection Service (APHIS) on “Regulatory Efficiencies for Products of Biotechnology”. 

According to the Spring 2025 Unified Agenda entry for this rulemaking: 

“This interim rule will among other things, create exemptions from USDA’s regulations for plants and microbes that are already subject to EPA regulation and products USDA previously reviewed and deregulated, and provide a permitting exemption for certain modified organisms that are commonly used in laboratory development of products of biotechnology. Other changes are also contemplated.” 

While that ‘other changes’ comment may change how I look at this rulemaking, I do not currently expect to cover this in any depth. Due to my interest in biotechnology manufacturing safety and security, I would expect to at least mention the publication of this IFR in the appropriate Short Takes post. 

Review – Bills Introduced – 6-5-26

On Friday, with neither the House nor Senate in session, there were two bills introduced. Both bills will receive additional coverage in this blog: 

HR 9170 Transportation, Housing and Urban Development, and Related Agencies Appropriations Act, 2027 Womack, Steve [Rep.-R-AR-3]    

HR 9171 Department of the Interior, Environment, and Related Agencies Appropriations Act, 2027 Simpson, Michael K. [Rep.-R-ID-2] 

For more information on these bills, including legislative history for similar bills in the 118th Congress, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/bills-introduced-6-5-26 - subscription required. 

Review - Public ICS Disclosures – Week of May 30th, 2026 – Part 2

For Part 2 we have seven additional vendor disclosures from Siemens, Supermicro, TP-Link (4), and Zyxel. There are also three vendor updates from HP (2) and Westermo. Finally, we have two exploits for vulnerabilities in products from Palo Alto Networks. 

Advisories  

Siemens Advisory - Siemens published an advisory that discusses 77 vulnerabilities in their RUGGEDCOM RST2428P (SINEC OS) product. 

Supermicro Advisory - Supermicro published an advisory that describes an OS command injection vulnerability in multiple Supermicro products. 

TP-Link Advisory #1 - TP-Link published an advisory that describes five vulnerabilities in their Tapo C520WS cameras. 

TP-Link Advisory #2 - TP-Link published an advisory that describes an improper input validation vulnerability in their Tapo C520WS cameras. 

TP-Link Advisory #3 - TP-Link published an advisory that describes a stack-based buffer overflow vulnerability in their Tapo C200 cameras. 

TP-Link Advisory #4 - TP-Link published an advisory that describes a cross-site scripting vulnerability in their TL-SG108PE smart switch. 

Zyxel Advisory - Zyxel published an advisory that describes two classic buffer overflow vulnerabilities in multiple Zyxel wireless network products. 

Updates  

HP Update #1 - HP published an update for their Intel Graphics advisory that was originally published on September 22nd, 2025, and most recently updated on March 16th, 2026. 

HP Update #2 - HP published an update for their NVIDIA GPU Display Driver advisory that was originally published on October 30th, 2025, and most recently updated on December 12th, 2025. 

Westermo Update - Westermo published an update for their Viper 3000 Bootloader advisory that was originally published on March 31st, 2026. 

Exploits  

Palo Alto Networks Exploit #1 - Ashraf Zaryouh published an exploit for a reliance on cookies without validation and integrity checking vulnerability in Palo Alto Networks PAN-OS software. 

Palo Alto Networks Exploit #2 - Tushar Gurav published an exploit for a reliance on cookies without validation and integrity checking vulnerability in Palo Alto Networks PAN-OS software. 

For more information on these disclosures, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-may-d94 - subscription required.