Wednesday, July 8, 2026

Review - 2026 Unified Agenda – FAA and UAS

As I mentioned on Sunday, last week the Administration published their 2026 Unified Agenda. The DOT’s Agenda page lists 36 rulemakings from the Federal Aviation Administration. Five of those address uncrewed aircraft system (UAS) rulemakings. There are no DOT inactive rulemakings. There are just two completed FAA actions; neither of which deal with UAS regulations. 

Those five UAS rulemakings are: 

Commentary  

These five rulemakings related to UAS operations, even the fixed site designation rule, have the common thread of solidifying the place of uncrewed systems in the regulation of the national airspace. This will make counter UAS operations that much more complicated as law enforcement will have to contend with identifying whether a suspect UAS has a legal purpose in the airspace where it is operating. 


For more information on these five rulemakings, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/2026-unified-agenda-faa-and-uas - subscription required. 

Looking Back – 11-2-13, Nordex Alert

Nearly every morning I start my computer time by looking at information from Google about what happened in my blog in the previous 24 hours. Google, and blogspot.com is a Google service, provides interesting pieces of analytical data about my blog readership. One item of particular interest is the top ten blog posts each day. As you would expect, most of those posts were from the last couple of days, but with 16 years of publishing this blog, every once-in-a-while, a blog post from ancient history rises into that list. 

Today a blog post from November 2nd, 2013, made the list. It described an ICS-CERT alert about a cross-site scripting vulnerability wind turbine generator SCADA/HMI produced by Nordex. CISA’s predecessor used to issue ‘Alerts’ for reports of exploitable vulnerabilities while they were trying to work with the vendor to mitigate the issue. Unfortunately, these ‘Alerts’ were not subsequently tied to the Advisory that reported that mitigation. For this Alert the Advisory can be found here; that Advisory is as interesting as the alert. 

The Alert blog post also includes an interesting comment from Jake Brodsky about Shodan and the SHINE Project. 

BTW: The Darius Freamon Blog is still active. 

Tuesday, July 7, 2026

HR 9534 Introduced – Space Data for WFF

Last month Rep Whitesides (D,CA) introduced HR 9534, the Wildfire Response Modernization Act. The bill would require (subject to appropriations) the DOD’s Northern Command, in coordination with the Fire Guard program [link added] to “shall procure space-based commercial data and end products to support the efforts of the Department of Defense and the wildfire mission of the United States Northern Command by delivering timely, effective military support to the Federal Government and State, local, and Tribal governments to protect military readiness and installations, provide emergency military support to civil authorities, and conduct proactive wildland fire management.” 

Subsection 2(b) would specifically allow the Air Force to share space-based commercial data and end products with State, local, and Tribal governments to assist with firefighting efforts. 

Moving Forward  

Whiteside, and each of his four cosponsors, are members of the House Armed Services Committee to which this bill was assigned for consideration. This certainly means that there may be sufficient influence to see the bill considered by the Committee. Nearly identical language has been included in HR 8800, the FY 2027 National Defense Authorization Act as §1605. No action should be expected from the HASC on HR 9534 until final action has been taken on the NDAA. 

Commentary  

This looks like a classic case of a person with a hammer seeing all problems as nails to be struck with that hammer. NASA has a somewhat similar program supporting wildfire fighting efforts, the Fire Information for Resource Management System (FIRMS). Perhaps a better effort would be to require the Government Accountability Office to prepare a report comparing the two programs and suggesting ways to combine the two operations into a less expensive and more effective program, maybe under the supervision of the National Fire Administration (USNFA). 

7 Advisories Published – 7-7-26

Today CISA’s NCCIC-ICS published seven control system security advisories for products from Digi International, Labcenter, Simens (2), Hitachi Energy (2), and Hydro-Quebec. 

Advisories  

Digi Advisory - This advisory describes two vulnerabilities in the Digi International PortServer TS, Digi One SP IA. 

Labcenter Advisory - This advisory describes three vulnerabilities in the Labcenter Electronics Proteus. 

Siemens Advisory #1 - This advisory discusses 77 vulnerabilities in Siemens RUGGEDCOM RST2428P. 

Siemens Advisory #2 – This advisory describes a code injection vulnerability in the Siemens Mendix Studio Pro. 

Hitachi Energy Advisory #1 - This advisory discusses the Nginx-Rift vulnerability. 

Hitachi Energy Advisory #2 – This advisory describes a reliance on HTTP instead of HTTPS vulnerability in the Hitachi Energy PROMOD V. 

Hydro-Quebec Advisory - This advisory describes three vulnerabilities in the Hydro-Québec Le Circuit Electrique charging station backend. 

OMB Approves PHMSA Pipeline Repair NPRM

Yesterday, OMB’s Office of Information and Regulatory Affairs (OIRA) announced that it had approved a notice of proposed rulemaking (NPRM) for the DOT’s Pipeline and Hazardous Materials Safety Administration (PHMSA) on Pipeline Safety: Repair Criteria for Hazardous Liquid and Gas Transmission Pipelines”. The NPRM was submitted to OIRA on May 14th, 2026. An advanced notice of proposed rulemaking was published on May 21st, 2025. 

According to the 2026 Unified Agenda entry for this rulemaking: 

PHMSA plans a notice of proposed rulemaking that would modify the thresholds at which operators would be required to repair hazardous liquid pipelines, commonly referred to as anomaly repair criteria,” on pipelines located in high-consequence areas (HCA) and could-affect HCAs,” and develop new repair criteria for hazardous liquid pipelines in non-HCAs.  PHMSA is also examining changes to the repair criteria for gas transmission pipelines, including the anomaly thresholds for cracks, dents, and certain seam types. 

According to a PHMSA press release: 

Leveraging Modern, Proven Engineering Modeling: Prioritizes remediation based on how long pipes can safely remain in service and avoids costly, unnecessary grid outages. 

I expect that the NPRM will be published in the Federal Register in the next week or two. 

 
/* Use this with templates/template-twocol.html */