Short Takes – 5-13-26 - Federal Register Edition

 Modernizing Spectrum Sharing for Satellite Broadband. Federal Register FCC final rule. Summary: “In this document, the Federal Communications Commission (Commission or we) adopts a Report and Order (Order) that revises the spectrum sharing framework for Geostationary Orbit (GSO) and Non-Geostationary Orbit (NGSO) systems that currently relies on NGSO systems complying with Equivalent Power Flux Density (EPFD) limits developed in the late-1990s. The consequence today of applying such EPFD limits in the United States is that operators must overprotect GSO systems, which in turn means that American households and businesses—most critically in rural and remote areas—do not receive the fastest space-based NGSO satellite broadband American innovation has available. Based on the technical record in this proceeding, the Order replaces the EPFD framework with modern, performance-based GSO protection criteria. The Order extends the Commission's framework for good-faith coordination and allow NGSO and GSO operators to bargain for appropriate interference protections through voluntary, private agreement. The Order further adopts technical backstops to protect GSO systems when coordination has not been reached.” 

Pipeline Safety: Request for Special Permit; Argent LNG, LLC. Federal Register PHMSA notice. Summary: “PHMSA is publishing this notice to solicit public comments on a request for a special permit for the proposed Argent LNG Project (Project) submitted by Argent LNG, LLC (Argent LNG). Argent LNG is seeking relief from compliance with certain requirements in the Federal pipeline safety regulations. PHMSA has proposed conditions to ensure that the special permit is consistent with pipeline safety. At the conclusion of the 30-day comment period, PHMSA will review the comments received from this notice as part of its evaluation to grant or deny the special permit request.” 

Pipeline Safety: Meeting of the Gas Pipeline Advisory Committee. Federal Register PHMSA advisory committee meeting notice. Summary: “This notice announces a public meeting of the Technical Pipeline Safety Standards Committee, also known as the Gas Pipeline Advisory Committee (GPAC), to discuss the notice of proposed rulemaking (NPRM), titled “Safety of Gas Distribution Pipelines and Other Pipeline Safety Initiatives.”” 

Looking Back – 2-22-13 Honeywell EBI Advisory

Nearly every morning I start my computer time by looking at information from Google about what happened in my blog in the previous 24 hours. Google, and blogspot.com is a Google service, provides interesting pieces of analytical data about my blog readership. One item of particular interest is the top ten blog posts each day. As you would expect, most of those posts were from the last couple of days, but with 17 years of publishing this blog, every once-in-a-while, a blog post from ancient history rises into that list. 

Today a blog post from February 22nd, 2013, made the list. It describes an ICS-CERT advisory for an ActiveX vulnerability in the Honeywell Enterprise Buildings Integrator. Two interesting items were included in the discussion. First, the researchers (Rapid7) announced that they would be publishing a Metasploit module for the vulnerability, much less common back then. Second, I discussed the fact that the researcher had requested that Microsoft “issue a kill bit for the HscRemoteDeploy.dll in a future monthly Microsoft Windows security update”. That .dll was the heart of the Honeywell vulnerability. 

HR 8469 Rules Committee Action – FY 2027 MilCon Spending

 This afternoon the House Rules Committee passed H Res 1275, the rule for the consideration of five bills this week, including HR 8469, the Military Construction, Veterans Affairs, and Related Agencies Appropriations Act, 2027. The resolution passed by a party-line vote of 8 to 2. That bill will be considered under a structured rule with limited debate and 51 amendments were cleared for debate and vote during the consideration of the legislation. None of those amendments are of significant interest here. 

Two of the three fiscal problem members of the Committee voted for the Resolution. The third, Rep Roy (R,TX) did not vote, but it is not clear if that was a soft-Nay or just a missed vote. In any case, the first hurdle on the road to the President’s desk has been cleared. Later this week, the House will vote on an amended version of the bill which will rise or fall on a near party-line vote in the full House. It could still go either way. 

Review - Committee Hearings – Week of 5-10-26

With both the House and Senate back in Washington, there is a moderately busy hearing scheduled. Spending bill markups continue in the House, while the Senate concentrates on budget hearings. There is one markup hearing of interest in the House. Finally, we expect (hope) to see the first FY 2027 spending bill on the House floor this week. 

Markup Hearings  

On Thursday, the Subcommittee on Counterterrorism and Intelligence of the House Homeland Security Committee will hold a business meeting that will include the markup of the following bill of interest here: 

HR 7448, Modernizing and Improving the National Terrorism Advisory System Act of 2026. 

On the Floor  

The first FY 2027 spending bill (HR 8469) is scheduled to come to the floor in the House this week, probably Wednesday or perhaps Thursday. The first problem this bill will face will be the three fiscal fanatics in the House Rules Committee. If they do not support the rule vote in Committee, the bill will not come to the floor under a rule. While this bill may not be fiscally radical enough for them, it is certainly too radical to pass under the suspension of the rules process. There will not be enough Democrats to get the supermajority required for passage under that process. 

For more information on these hearings, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/committee-hearings-week-of-5-10-26 - subscription required. 

Review – 6 Advisories and 1 Update Published – 5-12-26

 Today CISA’s NCCIC-ICS published six control system security advisories for products from ABB (4), Subnet Solutions, and Fuji Electric. They also updated an advisory for products from Ashlar-Vellum. 

Advisories  

ABB Advisory #1 - This advisory describes three vulnerabilities in the ABB WebPro SNMP Card PowerValue product. ABB has a new version that mitigates the vulnerabilities. 

ABB Advisory #2 - This advisory discusses an out-of-bounds write vulnerability in the ABB AC500 V3 product. 

ABB Advisory #3 - This advisory discusses an insecure default initialization of resource vulnerability in the ABB Automation Builder product.  

ABB Advisory #4 - This advisory discusses three vulnerabilities in their AC500 V3 products. 

Subnet Advisory - This advisory describes four vulnerabilities in the Subnet Solutions PowerSYSTEM Center. 

Fuji Advisory - This advisory describes an exposed dangerous method or function vulnerability in the Fuji Tellus product. 

Update  

Ashlar-Vellum Update - This update provides additional information on the Cobalt advisory that was originally published on November 25, 2025. 

For more information on these advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/5-advisories-and-1-update-published-890 - subscription required. 

Reader Question – Which advisory?

 Yesterday, I had an interesting question asked me over on LinkedIn about my post last Tuesday on CISA’s control system security advisories. Taisia Berg asked: “Which of these advisories do you think will have the biggest impact on operators this week?” Quite aside from that fact that each facility is going to have its own unique mix of operational technology (and thus there will certainly be many facilities that are not affected by any of these eight advisories), manufacturing facilities generally are not able to respond to vulnerabilities on a daily or even weekly basis. Unless they can patch while operating (really not a good idea), they typically must wait for the next scheduled shutdown to patch any vulnerable equipment, and that could be months away. 

Having said all of that, this particular set of advisories presents a unique set of circumstances. The three ABB advisories relate to vulnerabilities that were all disclosed by the vendor back in January. The Hitachi Energy vulnerabilities were disclosed last week. One would like to think that owners of the affected devices/software would already have started their internal risk assessment and mitigation process for those vulnerabilities. 

So, what is the whole point about the CISA advisories, or gadflies like me writing about them? It is all about expanding the communications network that allows facilities to become aware of vulnerabilities in their equipment. In a perfect world (well almost perfect, vulnerabilities still exist) vendors would directly notify owners of their devices/software of each vulnerability as it was identified. But that is not practical because vendors frequently (usually?) sell through intermediaries and equipment frequently changes hands on resale markets. So, push notifications are not a total solution (probably not even a reasonably useful solution). 

Since many (certainly not all) vendors publish advisories for vulnerabilities in their products, one would expect owner/operators to watch the vendor's web sites for new advisories and updates. Since facilities may often have dozens (maybe hundreds) of different OT vendors to deal with, this could be a very time-consuming process (as I am acutely aware). So, CISA Advisories and blog posts like this are a shortcut to identifying new vulnerabilities (and updated information). 

Of course, CISA advisories also provide another important function, Security researchers who have not been able to successfully contact a vendor with a vulnerability notification can contact CISA to act as an intermediary. Even if CISA is similarly unable to coordinate with the vendor, they can issue an advisory based upon the researcher’s information.  

So, the unfortunate (and decidedly unhelpful) answer to the reader’s question is: “It depends.”