OMB Approves NHTSA FMVSS 135 ADS NPMR

This rulemaking was not listed in the Spring 2025 Unified Agenda. This is part of NHTSA’s ongoing effort to update existing FMVSS to include (where applicable) automated driving systems equipped vehicles; see here for example.  

For this rulemaking, I would expect NHTSA to address, for instance, § 571.135 S5.3.1 states that: “The service brakes shall be activated by means of a foot control.” An ADS equipped vehicle may not be equipped with a foot brake control, requiring a change in that language. Because of the increased importance of electronic controls in an ADS-equipped vehicle, I would like to see (but do not really expect to see) some mention of cybersecurity controls in the revised standards. 

Lacking cybersecurity provisions, I would not expect to cover this rulemaking in any detail. I will at least mention the NPRM’s publication in the appropriate Short Takes post. 

FCC Sends Space Operations NPRM to OMB

On Thursday, the OMB’s Office of Information and Regulatory Affairs (OIRA) announced that it had received a notice of proposed rulemaking (NPRM) from the FCC on “Operation of Part 15 Devices in Space (ET Docket 25-XXX)”. 

This rulemaking was not listed the Spring 2025 Unified Agenda, and the ‘XXX’ docket number would seem to indicate that there is not a current FCC docket number either. The ‘Part 15’ references electronic transmission devices covered under 47 CFR Part 15, devices that “may be operated without an individual license.” {§ 15.1(a)} I would suspect that the NPRM would address any additional requirements for such devices in space operations. 

I do not expect to cover this rulemaking in any detail, but under my limited Space Geek coverage, I would expect to announce its publication in the appropriate Short Takes post. 

Review – Public ICS Disclosures – 6-6-26 – Part 1

This has been a relatively busy disclosure week. For Part 1 we have 14 vendor disclosures from B&R (2), FortiGuard (2), Hitachi (2), HP (3), HPE (4), and Mitsubishi. 

Advisories  

B&R Advisory #1 - B&R published an advisory that discusses five vulnerabilities (four with publicly available exploits) in multiple Linux based B&R products. 

B&R Advisory #2 - B&R published an advisory that discusses a race condition within a thread vulnerability in multiple B&R products. 

FortiGuard Advisory #1 - FortiGuard published an advisory that describes an internal asset exposed to unsafe debug access level or state vulnerability in their FortiOS and FortiProxy products. 

FortiGuard Advisory #2 - FortiGuard published an advisory that describes an OS command injection vulnerability in their FortiSandbox product. 

Hitachi Advisory #1 - Hitachi published an advisory that describes an iSCSI port vulnerability in multiple Hitachi products. 

Hitachi Advisory #2 - Hitachi published an advisory that discusses an improper neutralization of escape, meta or control sequences vulnerability in their Cosminexus HTTP Server and Hitachi Web Server. 

HP Advisory #1 - HP published an advisory that discusses nine vulnerabilities in multiple HP product lines. 

HP Advisory #2 - HP published an advisory that discusses an improper isolation of shared resources on system-on-a-chip vulnerability in multiple HP product lines. 

HP Advisory #3 - HP published an advisory that discusses an improper handling of insufficient entropy in TRNG vulnerability in multiple HP product lines. 

HPE Advisory #1 - HPE published an advisory that discusses an improper access control for register interface vulnerability in their ProLiant AMD Servers. 

HPE Advisory #2 - HPE published an advisory that discusses a race condition vulnerability in their RL300 Server. 

HPE Advisory #3 - HPE published an advisory that discusses the FunkyChunks vulnerability. HPE provides a list of affected products. 

HPE Advisory #4 - HPE published an advisory that discusses a heap-based buffer overflow vulnerability in their Aruba Networking Products. 

Mitsubishi Advisory - Mitsubishi published an advisory that describes a use of hard-coded credentials vulnerability in multiple home appliance products. 

For more information on these disclosures, including links to 3rd party advisories, researcher reports, and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-6-6-26-part - subscription required. 

Review – Bills Introduced – 6-11-26

Yesterday, with both the House and Senate in session, and the House leaving for a District Work Week, there were 100 bills introduced. Two of the bills will receive additional coverage here: 

HR 9260 Making appropriations for the Departments of Labor, Health and Human Services, and Education, and related agencies for the fiscal year ending September 30, 2027, and for other purposes. Aderholt, Robert B. [Rep.-R-AL-4]    

HR 9266 To require the Secretary of Transportation to issue regulations relating to the transportation of hazardous materials to require placards to be placed on all refrigerated shipping containers, and for other purposes. Carter, Earl L. "Buddy" [Rep.-R-GA-1]    

Space Geek Legislation  

I would like to mention one bill under my limited Space Geek coverage in this blog: 

S 4570 A bill to amend the Internal Revenue Code of 1986 to clarify the application of the advanced manufacturing investment credit with respect to semiconductor manufacturing facilities located in outer space. Budd, Ted [Sen.-R-NC]   

For more information on these bills, including legislative history for similar bills in the 118th Congress, as well as a mention-in-passing of a bill to require a DHS assessment of terrorist use of AI, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/bills-introduced-6-11-26 - subscription required.