Review – Bills Introduced – 2-13-26

Yesterday, with both the House and Senate in Washington (and preparing to go on a 1 week period of working from home), there were 99 bills introduced. Two of those bills will receive additional coverage here.

HR 7525 To authorize counter-unmanned aircraft system authorities for State, local, territorial, and tribal law enforcement, and for other purposes. Burlison, Eric [Rep.-R-MO-7]

HR 7552 To amend the Chemical and Biological Weapons Control and Warfare Elimination Act of 1991 to impose sanctions on foreign countries in response to acts concerning chemical or biological programs that cause injury to other foreign countries, and for other purposes. Moore, Barry [Rep.-R-AL-1]

 

For more information on these bills, including legislative history for similar bills in the 118^th Congress, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/bills-introduced-2-13-26 - subscription required.

Chemical Transportation Incidents – Week of 1-10-26

It has now been two months since DOT’s Pipeline and Hazardous Materials Safety Administration had posted the following notice on its Incident Statistics web page:

HazmatIncidentReportSearchTool
The ability to download pdf copies of incident filings or download complete datasets of the search results has been temporarily disabled. If you need pdf copies of incidents or relevant search criteria, please email relevant incident numbers to HMRequests@dot.gov.

This appears to have gone completely beyond any possibility of technical problems with the database. It looks like it is part and parcel of the attempts of the current administration’s ongoing efforts to reduce public access to information collected by the federal government.

The information in this database is safety information that should be readily available (and ‘readily’ specifically means searchable) to the public. PHMSA needs to restore public access to this information.

OMB Approves CISA CVD Program ICR – 2-12-26

Yesterday OMB’s Office of Information and Regulatory Affairs (OIRA) announced that it had approved a new information collection request (ICR) from CISA on “CISA Coordinated Vulnerability Disclosure (CVD) Platform”. The 60-day ICR notice was published on October 30^th, 2024. The 30-day ICR notice was published on August 20^th, 2025.

The Supporting Document CISA submitted to OIRA as part of this ICR approval process noted that:

“CISA is also authorized to carry out these Coordinated Vulnerability Disclosure (CVD) functions by 6 U.S.C. 659(n) on Coordinated Vulnerability Disclosure, which authorizes CISA to in coordination with industry and other stakeholders, may develop and adhere to DHS policies and procedures for coordinating vulnerability disclosures.”

It also notes that:

“The intent of this form is to allow the public to provide information for exploited vulnerabilities that are not in the CISA Coordinated Vulnerability Disclosure (CVD) system. The submitted information will be evaluated by CISA and if CVD requirements are met, then the vulnerability would be CVD eligible. By expanding CVD, those who are required, and those who utilize the CVD system, are alerted to new additions. This allows for greater knowledge and visibility of exploited vulnerabilities and allows for enhanced vulnerability management.”

The table below shows the approved burden estimate for the ICR.

 

This ICR approves the use of two online information collections:

VINCE.pdf, and

CERT Vulnerability Notes Database.pdf

NOTE: The ICR Information Collection page list does not provide links to the ICs. Both of these pages are part of the Carnegie Mellon University, Software Engineering Institute, vulnerability reporting site.

Review – 10 Advisories and 1 Update Published – 2-12-26

Today CISA’s NCCIC-ICS published ten control system security advisories for products from Airleader, Hitachi Energy, and Siemens (8). They also updated an advisory for products from Mitsubishi.

Siemens published two other advisories and 10 updates this week that were not covered by CISA. I will cover them this weekend in my Public ICS Disclosure posts.

Advisories

Airleader advisory - This advisory describes an unrestricted upload of file with dangerous type vulnerability in the Airleader Master compressor management controller.

Hitachi Energy - This advisory describes a use of default credentials vulnerability in the Hitachi Energy SuprOS product.

NOTE: I briefly discussed this vulnerability on January 31^st, 2026.

NX Advisory - This advisory describes three vulnerabilities in the Siemens NX CAD software.

Siveillance Advisory - This advisory discusses a missing authorization vulnerability in the Siemens Siveillance Video Management Servers.

SINEC Advisory #1 - This advisory discusses 51 vulnerabilities in the Siemens SINEC OS. These are third-party vulnerabilities.

SINEC Advisory #2 - This advisory describes two uncontrolled search path element vulnerabilities in the SINEC NMS and UMC products.

Solid Edge Advisory - This advisory describes an out-of-bounds read vulnerability in the Siemens Solid Edge products.

Desigo CC Advisory - This advisory discusses an out-of-bounds write vulnerability in the Siemens Desigo CC Product Family and SENTRON Powermanager.

COMOS Advisory - This advisory discusses six vulnerabilities in the Siemens COMOS plant engineering software.

NOTE: I briefly mentioned the original Siemens COMOS advisory on December 14^th, 2025. Today’s advisory is based upon this week’s second update of that advisory.

Polarion Advisory - This advisory describes a cross-site scripting vulnerability in the Siemens Polarion application lifecycle management (ALM) platform.

Updates

Mitsubishi Update - This update provides additional information on the Iconics Digital Solutions was originally published on May 20^th, 2026, and most recently updated January 8^th, 2026.

 

For more information on these advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/10-advisories-and-1-update-published-de6 - subscription required.

OMB Approves FMCSA Nondomiciled CDL Final Rule

Yesterday OMB’s Office of Information and Regulatory Affairs (OIRA) announced that it had approved a final rule from the DOT’s Federal Motor Carriers Safety Administration (FMCSA) on “Restoring Integrity to the Issuance of Non-Domiciled Commercial Drivers Licenses (NDCDL)”. This final rule was submitted to OIRA on January 30^th, 2026. An interim final rule on this topic was published on September 29^th, 2026.

This rulemaking was not included in the Spring 2025 Unified Agenda.

The final rule will likely be published in the next week or two. I do not expect that I will be covering this final rule in any detail. I do at least expect to note its publication in the appropriate Short Takes post.

DHS Sends Title VI Recissions Direct Final Rule to OMB

Yesterday the OMB’s Office of Information and Regulatory Affairs (OIRA) announced that it had received a direct final rule from DHS Office of the Secretary on “Rescinding Portions of DHS Title VI Regulations to Conform More Closely with the Statutory Text and to Implement Executive Order 14281”. This rulemaking was not listed in the Spring 2025 Unified Agenda.

The ‘Title VI’ refers to Title VI, Civil Rights Act of 1964 (PL 88-352), codified at §2000d et seq, 42 USC. It prohibits discrimination on the basis of race, color, and national origin in programs and activities receiving federal financial assistance. EO 14281, Restoring Equality of Opportunity and Meritocracy, directs the Administration’s attack on the doctrine of ‘disparate-impact liability’: “which holds that a near insurmountable presumption of unlawful discrimination exists where there are any differences in outcomes in certain circumstances among different races, sexes, or similar groups, even if there is no facially discriminatory policy or practice or discriminatory intent involved, and even if everyone has an equal opportunity to succeed.”

I would expect changes directed by this final rule will be affecting language in Parts 15, 17, 19, and 21, of 6 CFR. What those changes might be is completely beyond me. I do not expect that I will be covering this rule in any detail, but I will at least mention it in the appropriate Short Takes post.

Review – Bills Introduced – 2-11-26

Yesterday, with both the House and Senate in Washington, there were 74 bills introduced. Two of those bills may receive additional coverage in this blog:

HR 7481 Department of Homeland Security Appropriations Act, 2026 DeLauro, Rosa L. [Rep.-D-CT-3]

HR 7512 To amend the Homeland Security Act of 2002 to extend the authorization of the Countering Weapons of Mass Destruction Office of the Department of Homeland Security, and for other purposes.

 

For more information on these bills, including legislative history for similar bills in the 118^th Congress, as well as a mention in passing of a bill to accelerate nuclear waste cleanup technologies, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/bills-introduced-2-11-26 - subscription required.