Review - PHMSA Publishes UAS Facility Restriction NPRM

 Today, DOT’s Federal Aviation Administration (FAA) published a notice of proposed rulemaking (NPRM) in the Federal Register (91 FR 24650-24704) on “Designation-Restrict the Operation of Unmanned Aircraft in Close Proximity to a Fixed Site Facility”. The rulemaking would implement section 2209, of the FAA Extension, Safety and Security Act of 2016 {PL 114-190 (130 STAT. 634)}. FAA proposes a new part 74 to implement this mandate and properly balance FAA's other statutory mandates. 

More details about the provisions of this rule will be covered in future posts. 

Public Comments  

The FAA is soliciting public comments on this NPRM. Comments may be submitted via the Federal eRulemaking Portal (www.Regulations.gov; Docket # FAA-2026-4558). Comments should be received by July 6th, 2026. 

For more details about the provisions of this NPRM, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/phmsa-publishes-uas-facility-restriction - subscription required. 

Short Takes – 5-6-26 - Federal Register Edition

Agency Information Collection Activities; Renewal of an Approved Information Collection: Hazardous Materials Safety Permits. Federal Register FMCSA 60-day ICR renewal notice. Summary: “The HM Safety Permit regulations (49 CFR part 385, subpart E) require initial or first time HM Safety Permit carriers to file using the Unified Registration System, Form MCSA-1. Update and renewal applications must be filed with FMCSA using the “Combined Motor Carrier Identification Report and HM Permit Application” (Form MCS-150B). The HM Safety Permit regulations also require carriers to have a security program. As part of the of the HM Safety regulations, carriers are required to develop and maintain a route plan so that law enforcement officials can verify the correct location of the HM shipment. FMCSA requires companies holding permits to develop a communications plan that allows for the periodic tracking of the shipment that includes the time of the call and location of the shipment." 

Revision of Agency Information Collection Activity Under OMB Review: Critical Facility Information From the Top 100 Most Critical Pipeline Operators. Federal Register 60-day ICR revision notice. Summary: “The collection of information is being revised to remove mandatory requirements associated with the TSA Pipeline Security Directive (SD) 2021-01 Series and specifically the completion of a cybersecurity vulnerability assessment for pipeline owner/operators subject to the SD. These pipeline owner/operators have satisfied the SD's requirements and TSA expects that going forward, fewer than 10 owner/operators would respond to the collection annually. The removal of the mandatory requirements will reduce the time burden to the collection by 600 hours. In addition, TSA is revising the title of the collection from “Critical Facility Information of the Top 100 Most Critical Pipeline” to “Critical Facility Information from the Top 100 Most Critical Pipeline Operators” to more accurately align with the statutory requirements.” 

Intent To Request Extension From OMB of One Current Public Collection of Information: Security Threat Assessment for Individuals Applying for a Hazardous Materials Endorsement for a Commercial Driver's License. Federal Register TSA 60-day ICR renewal notice. Summary: “OMB Control Number 1652-0027; Security Threat Assessment for Individuals Applying for a Hazardous Materials Endorsement for a Commercial Driver's License, 49 CFR part 1572. TSA is requesting an extension of the currently approved ICR. The currently approved ICR supports implementation of 49 U.S.C. 5103a,which mandates that no state or the District of Columbia may issue an HME on a CDL unless TSA has first determined that the driver is not a threat to transportation security.” 

OMB Approves APHIS Biotech Regulation RFI

 Yesterday, OMB’s Office of Information and Regulatory Affairs (OIRA) announced that it had approved a request for information from USDA’s Animal and Plant Health Inspection Service (APHIS) on “Request for Information: Regulation of Biotechnology”. The RFI was submitted to OIRA to March 30th, 2026. 

The RFI was not listed in the Spring 2025 Unified Agenda, but that is not unusual for RFI’s. It looks like this may be in response to the December 2, 2024 vacatur of the 2020 biotechnology regulations (7 CFR 340). While APHIS has resumed enforcing the biotechnology permitting and Am I Regulated processes, this may be an initial step in rewriting the vacated regulations. If that is the case, this is more like an advanced notice of proposed rulemaking than a pure ‘request for information’. 

Since much of the ‘technology’ in biotechnology manufacturing is identical to that used in chemical manufacturing, I would expect to cover biotechnology manufacturing issues and regulations in this blog. 

Review – 5 Advisories and 2 Updates Published – 5-5-26

 Today, CISA’s NCCIC-ICS published five control system security advisories for products from Johnson Controls, ABB (3), and Hitachi Energy. They also updated advisories for products from Schneider Electric and Hitachi Energy. 

Advisories  

Johnson Controls Advisory - This advisory describes an uncontrolled search path element in the Johnson Controls CEM AC2000 access control and security management product. 

ABB Advisory #1 - This advisory describes an improper certificate validation vulnerability in the ABB B&R Automation Studio product. 

NOTE: I briefly discussed this vulnerability on January 24th, 2026. 

ABB Advisory #2 - This advisory describes an allocation of resources without limit or throttling vulnerability in the ABB B&R Automation Runtime product. 

NOTE: I briefly discussed this vulnerability on January 24th, 2026. 

ABB Advisory #3 - This advisory describes an insertion of sensitive information into a log file vulnerability in the ABB B&R PVI client application. 

I briefly discussed this vulnerability on January 31st, 2026. 

Hitachi Energy Advisory - This advisory discusses a path traversal vulnerability in the Hitachi Energy PMC600 products. 

I briefly discussed this vulnerability on Saturday. 

Updates  

Schneider Update - This update provides additional information on the EcoStruxure Control Expert advisory that was originally published on August 15th, 2023. 

NOTE: I briefly mentioned the Schneider update upon which the CISA update was based. 

Hitachi Energy Update - This update provides additional information on the MSM advisory that was originally published on November 14th, 2024. 

I briefly discussed these vulnerabilities on Sunday. 

For more information on these advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/5-advisories-and-2-updates-published-d71 - subscription required.