Chemical Transportation Incidents – Week of 4-4-26

 Reporting Background 

See this post for explanation, with the most recent update here (removed from paywall). 

Data from PHMSA’s online database of transportation related chemical incidents that have been reported to the agency. 

Incidents Summary  

• Number of incidents – 509 (468 highway, 36 air, 5 rail, 0 water) 

• Serious incidents – 4 (3 Bulk release, 1 evacuation, 0 injury, 0 death, 0 major artery closed, 2 fire/explosion, 40 no release)  

• Largest container involved – 30,130-gal Railcar {Flammable Liquids, N.O.S.}  Leaking manway seal. 

• Largest amount spilled – 259-gal Tank Truck {Gasoline Includes Gasoline Mixed with Ethyl Alcohol, With Not More Than 10% Alcohol} Overfilled compartment while loading. 

• Total amount reported spilled in all incidents – 3305.7-gal 

NOTE: Links above are to Form 5800.1 for the described incidents. 

Most Interesting Chemical: Butyl Chloride: A water white liquid with a sharp odor. Flash point 20°F. Boiling point 77-78°C (173°F). Density 7.5 lb / gal. Slightly soluble in water. Vapors are heavier than air. Used in the manufacture of a variety of organic chemicals. (Source: CameoChemicals.NOAA.gov).  

Review – Bills Introduced – 5-7-26

 Yesterday, with the House and Senate meeting is pro forma session, there were 70 bills introduced. Four of those bills may receive additional coverage in this blog: 

HR 8697 To amend the Homeland Security Act of 2002 and titles 10 and 32, United States Code, to authorize the National Guard to protect certain facilities and assets from unmanned aircraft, and for other purposes. McCaul, Michael T. [Rep.-R-TX-10] 

HR 8701 To transfer to the Secretary of Transportation the functions of the Administrator of the Transportation Security Administration, and for other purposes. Moskowitz, Jared [Rep.-D-FL-23]  

HR 8702 To establish the United States Secret Service within the Executive Office of the President. Moskowitz, Jared [Rep.-D-FL-23]  

HR 8711 To require a strategy for the defense of data centers from external breaches from malefactors and the protection of the communities surrounding data centers, and for other purposes. Subramanyam, Suhas [Rep.-D-VA-10] 

For more information on these bills, including legislative history for similar bills in the 118th Congress, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/bills-introduced-5-7-26 - subscription required. 

Review – 1 Advisory and 4 Updates Published – 5-7-26

 Today CISA’s NCCIC-ICS published one control system security advisory for products from Maxhub. CISA also updated two control system security advisories for products from Schneider and Intrado. They also updated two medical device security advisories for products from Medtronic. 

Advisories  

MAXHUB Advisory - This advisory describes a use of broken or risky cryptographic algorithm vulnerability in the MAXHUB Pivot client application. 

Updates  

Intrado Update - This update provides additional information on the 911 Emergency Gateway advisory that was originally published on April 23rd, 2026. 

Schneider Update - This update provides additional information on the EcoStruxure Control Expert advisory that was originally published on November 26th, 2024.  

NOTE: I briefly mentioned the Schneider update upon which this update was based on April 19th, 2026. 

Medtronic Update #1 - This update provides additional information on the MyCareLink advisory that was originally published on July 24th, 2025. 

Medtronic Update #2 - This update provides additional information on the MyCareLink 24950 advisory that was originally published on August 7th, 2018. 

For more information on these advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/1-advisory-and-4-updates-published-37a - subscription required. 

NHTSA Sends FMVSS Update for ADS NPRM to OMB

 Yesterday, the OMB’s Office of Information and Regulatory Affairs (OIRA) announced that it had received a notice of proposed rulemaking from DOT’s National Highway Transportation Safety Administration (NHTSA) on “Modernization of Federal Motor Vehicle Safety Standard (FMVSS) No. 135 to Accommodate ADS-Equipped Vehicles”. FMVSS #135 deals with Light vehicle brake systems. This is part of NHTSA’s ongoing effort to update existing standards to reflect changing requirements for automated driving systems (ADS). 

This rulemaking was not included in the Spring 2025 Unified Agenda. 

Typically, FMVSS standards are outside the scope of this blog, but I will be watching this for any addition of cybersecurity requirements. Lacking such language, I would expect to note publication of the NPRM in the appropriate Short Takes post. 

CISA Adds Palo Alto Networks Vulnerability to KEV Catalog – 5-6-26

 Yesterday, CISA announced that it had added an out-of-bounds write vulnerability in the Palo Alto Networks PAN-OS product to their Known Exploited Vulnerabilities (KEV) catalog. Earlier yesterday, the vulnerability was disclosed by PAN. Fixes are planned for next week. PAN reports that customers with a Threat Prevention subscription can block attacks for this vulnerability. 

CISA has directed that federal agencies apply “mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.” In an untypical move, they added the following to the above boilerplate: 

“Until the vendor releases an official fix, the following workaround should be implemented: - Restrict User-ID Authentication Portal access to only trusted zones. - Disable User-ID Authentication Portal if not required.” 

CISA has provided a 3-day deadline of May 9th, 2026, to accomplish the above actions.