FCC Sends Spectrum Sharing for Satellite Broadband Final Rule to OMB

Yesterday the OMB’s Office of Information and Regulatory Affairs (OIRA) announced that it had received a final rule from the FCC on “Modernizing Spectrum Sharing for Satellite Broadband (SB Docket No. 25-157)”. The FCC opened a docket for this rulemaking on April 7th, 2025. A notice of proposed rulemaking was published for this rule on June 13th, 2025. The FCC announced that a scheduled meeting on April 30th, 2026 would include a discussion about this rulemaking. 

Generally speaking, the FCC does not publish rulemaking information in the Unified Agenda. 

Interestingly, OIRA has previously published a notice of approval of a final rule for this action, but I can find no such publication notice in the Federal Register. 

Coverage of this final rule will be done under my limited Space Geek coverage. I would only expect to announce the publication of the final rule in the appropriate Short Takes post. 

Review - HR 8595 Introduced – FY 2027 State Spending

Last week, Rep Diaz-Balart introduced HR 8595, the National Security, Department of State, and Related Programs Appropriations Act, 2027. The House Appropriations Committee has also published their Report on the bill. There are three cybersecurity mentions in the bill and 5 more discussions in the Report. There is one chemical safety mention in the Report. 

Moving Forward  

The House Appropriations Committee approved this bill by a party-line vote (7:38 in the video). There is no section in the report for minority views, so it is difficult to gauge the level of Democratic opposition to the language in this bill. Having said that, I would expect this bill to only receive very limited (if any) support from Democrats if/when it was to come to the floor. 

For more information on the cybersecurity and chemical safety provisions of the bill and report, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/hr-8595-introduced-fy-2027-state - subscription required. 

Short Takes – 5-4-26 - Federal Register Edition

 Fire Brigades Standard; Extension of the Office of Management and Budget's (OMB) Approval of Information Collection (Paperwork) Requirements. Federal Register OSHA 60-day ICR revision notice. Summary: “OSHA is requesting that OMB extend the approval of the information collection requirements contained in the Fire Brigades Standard. The agency is seeking an adjustment increase in burden going from 2,695 to 2,819 hours, a total increase of 124 hours. The adjustment is due to an increase in the number of manufacturing facilities with 100 or more workers from 24,885 to 26,027. Also, the number of responses increased from 3,733 to 3,904.” 

National Emission Standards for Hazardous Air Pollutants: Ethylene Oxide Emissions Standards for Sterilization Facilities Residual Risk and Technology Review Reconsideration; Extension of Comment Period. Federal Register EPA notice of proposed rulemaking comment extension. Summary: “On March 17, 2026, the U.S. Environmental Protection Agency (EPA) proposed a rule titled “National Emission Standards for Hazardous Air Pollutants: Ethylene Oxide Emissions Standards for Sterilization Facilities Residual Risk and Technology Review Reconsideration.” The EPA is extending the comment period on this proposed rule, which is scheduled to close on May 1, 2026. The comment period will now end on May 15, 2026, to allow additional time for stakeholders to review and comment on the proposal.” 

The Standard on the Storage and Handling of Anhydrous Ammonia; Extension of the Office of Management and Budget's (OMB) Approval of Information Collection (Paperwork) Requirements. Federal Register OSHA 60-day ICR revision notice. Summary: “OSHA is requesting that OMB extend the approval of the information collection requirements contained in the Standard on the Storage and Handling of Anhydrous Ammonia. The agency is seeking an adjustment increase in burden of 2 hours going from 342 to 344 hours. The increase is due to an increase in the number of employers going from 2,500 to 6,125.” 

Looking Back – 12-24-21 – ChemLock Fact Sheets

 Nearly every morning I start my computer time by looking at information from Google about what happened in my blog in the previous 24 hours. Google, and blogspot.com is a Google service, provides interesting pieces of analytical data about my blog readership. One item of particular interest is the top ten blog posts each day. As you would expect, most of those posts were from the last couple of days, but with 16 years of publishing this blog, every once-in-a-while, a blog post from ancient history rises into that list. 

Today a blog post from December 24th, 2021, that looks at some of the Fact Sheet from the then new ChemLock program, makes the short list. Now that DHS is funded through the end of the fiscal year, the ChemLock program, CISA’s voluntary chemical facility security program, is back in operation. The fact sheets described in this post give a brief look at how the program works. 

Review - Public ICS Disclosures – Week of 4-25-26 – Part 2

 For Part 2 we have three additional Moxa, TP-Link, and Zyxel. There are bulk vendor updates from Moxa (6). There are three additional vendor updates from Hitachi Energy (2) and HP. There is a researcher report for vulnerabilities in products from EnOcean. Finally, we have two exploits for products from SolarEdge. 

Moxa Advisory - Moxa published an advisory that describes two vulnerabilities in their Secure Router products. 

TP-Link Advisory - TP-Link published an advisory that describes an authentication bypass by spoofing vulnerability (listed in CISA’s Known Exploited Vulnerabilities catalog) in legacy TP-Link Router and Access Point products. 

Zyxel Advisory - Zyxel published an advisory that describes two OS command injection vulnerabilities in multiple Zyxel products. 

Bulk Vendor Updates – Moxa  

• CVE-2025-0676: Command Injection Leading to Privilege Escalation in Secure Routers, Cellular Routers, Network Security Appliances,  

• CVE-2024-9404: Denial-of-Service Vulnerability Identified in Multiple PT Switches,  

• CVE-2024-7695: Out-of-bounds Write Vulnerability Identified in Multiple PT Switches,  

• CVE-2025-6892, CVE-2025-6893, CVE-2025-6894, CVE-2025-6949, CVE-2025-6950: MultipleVulnerabilities in Network Security Appliances and Routers,  

• Privilege Escalation and OS Command Injection Vulnerabilities in Cellular Routers, Secure Routers, and Network Security Appliances, and  

• CVE-2025-0415: Command Injection Leading to Denial-of-Service in Secure Routers, Cellular Routers, and Network Security Appliances. 

Updates  

Hitachi Energy Update #1 - Hitachi Energy published an update for their GMS600 advisory that was originally published on June 27th, 2023. 

Hitachi Energy Update #2 - Hitachi Energy published an update for their Web Services advisory that was originally published on October 29th, 2024. 

HP Update - HP published an update for their SECOMNService advisory that was originally published on October 15th, 2025. 

Researcher Reports  

EnOcean Report - Claroty published a report that describes two vulnerabilities in the EnOcean SmartServer IoT platform. 

Exploits  

SolarEdge Exploit #1 - Nu11secur1ty published an exploit for a cross-site scripting vulnerability in the SolarEdge product. 

SolarEdge Exploit #2 - Nu11secur1ty published an exploit for a cross-site scripting vulnerability in the SolarEdge product. 

For more information on these disclosures, including links to 3rd party advisories, researcher reports, and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-4-a0a - subscription required.