Review - HR 8495 Introduced – FY 2027 FinServices Spending

 Last month, Rep Joyce (R,OH) introduced HR 8495, the Financial Services and General Government Appropriations Act, 2027. The House Appropriations Committee has published their Report on the bill. There are three cybersecurity mentions in the bill (only one of potential interest here), and three discussions in the Report. 

This bill is similar to HR 5166, the Financial Services and General Government Appropriations Act, 2026, that was introduced by Joyce on September 5th, 2025. The House Appropriations Committee published their Report on that bill, but no other actions were taken on this bill. 

Moving Forward 

Republicans still have the same challenges on this bill as with other spending bills. They have to get passed the Rules Committee with the three fiscal conservatives probably willing to block bills to make points. It looks like the spending bills will be partisan (the three to date certainly are), so if they get a rule they may be able to pass with just Republican votes (but maybe not). If two or three Republicans vote Nay, the bill dies and there is no chance that they would pass under suspension of the rules; Democrats will mostly vote Nay. 

But, even if both hurdles are cleared, the bill must still face the Senate, and this language is dead on arrival. There is no way that they will bet 60 votes to pass. Fortunately, the Senate Appropriations Committee will probably provide bipartisan language that will pass with 80 or more yeah votes. Then the House leadership has to decide if they want to appeal to their base and shut the government down before the election, or appeal to moderates by looking like they know how to run the government. It's anyone’s guess at this point. 

For more information on the cybersecurity provisions of the bill and its Report, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/hr-8495-introduced-fy-2027-finservices - subscription required. 

Short Takes – 5-13-26 - Federal Register Edition

 Modernizing Spectrum Sharing for Satellite Broadband. Federal Register FCC final rule. Summary: “In this document, the Federal Communications Commission (Commission or we) adopts a Report and Order (Order) that revises the spectrum sharing framework for Geostationary Orbit (GSO) and Non-Geostationary Orbit (NGSO) systems that currently relies on NGSO systems complying with Equivalent Power Flux Density (EPFD) limits developed in the late-1990s. The consequence today of applying such EPFD limits in the United States is that operators must overprotect GSO systems, which in turn means that American households and businesses—most critically in rural and remote areas—do not receive the fastest space-based NGSO satellite broadband American innovation has available. Based on the technical record in this proceeding, the Order replaces the EPFD framework with modern, performance-based GSO protection criteria. The Order extends the Commission's framework for good-faith coordination and allow NGSO and GSO operators to bargain for appropriate interference protections through voluntary, private agreement. The Order further adopts technical backstops to protect GSO systems when coordination has not been reached.” 

Pipeline Safety: Request for Special Permit; Argent LNG, LLC. Federal Register PHMSA notice. Summary: “PHMSA is publishing this notice to solicit public comments on a request for a special permit for the proposed Argent LNG Project (Project) submitted by Argent LNG, LLC (Argent LNG). Argent LNG is seeking relief from compliance with certain requirements in the Federal pipeline safety regulations. PHMSA has proposed conditions to ensure that the special permit is consistent with pipeline safety. At the conclusion of the 30-day comment period, PHMSA will review the comments received from this notice as part of its evaluation to grant or deny the special permit request.” 

Pipeline Safety: Meeting of the Gas Pipeline Advisory Committee. Federal Register PHMSA advisory committee meeting notice. Summary: “This notice announces a public meeting of the Technical Pipeline Safety Standards Committee, also known as the Gas Pipeline Advisory Committee (GPAC), to discuss the notice of proposed rulemaking (NPRM), titled “Safety of Gas Distribution Pipelines and Other Pipeline Safety Initiatives.”” 

Looking Back – 2-22-13 Honeywell EBI Advisory

Nearly every morning I start my computer time by looking at information from Google about what happened in my blog in the previous 24 hours. Google, and blogspot.com is a Google service, provides interesting pieces of analytical data about my blog readership. One item of particular interest is the top ten blog posts each day. As you would expect, most of those posts were from the last couple of days, but with 17 years of publishing this blog, every once-in-a-while, a blog post from ancient history rises into that list. 

Today a blog post from February 22nd, 2013, made the list. It describes an ICS-CERT advisory for an ActiveX vulnerability in the Honeywell Enterprise Buildings Integrator. Two interesting items were included in the discussion. First, the researchers (Rapid7) announced that they would be publishing a Metasploit module for the vulnerability, much less common back then. Second, I discussed the fact that the researcher had requested that Microsoft “issue a kill bit for the HscRemoteDeploy.dll in a future monthly Microsoft Windows security update”. That .dll was the heart of the Honeywell vulnerability. 

HR 8469 Rules Committee Action – FY 2027 MilCon Spending

 This afternoon the House Rules Committee passed H Res 1275, the rule for the consideration of five bills this week, including HR 8469, the Military Construction, Veterans Affairs, and Related Agencies Appropriations Act, 2027. The resolution passed by a party-line vote of 8 to 2. That bill will be considered under a structured rule with limited debate and 51 amendments were cleared for debate and vote during the consideration of the legislation. None of those amendments are of significant interest here. 

Two of the three fiscal problem members of the Committee voted for the Resolution. The third, Rep Roy (R,TX) did not vote, but it is not clear if that was a soft-Nay or just a missed vote. In any case, the first hurdle on the road to the President’s desk has been cleared. Later this week, the House will vote on an amended version of the bill which will rise or fall on a near party-line vote in the full House. It could still go either way. 

Review - Committee Hearings – Week of 5-10-26

With both the House and Senate back in Washington, there is a moderately busy hearing scheduled. Spending bill markups continue in the House, while the Senate concentrates on budget hearings. There is one markup hearing of interest in the House. Finally, we expect (hope) to see the first FY 2027 spending bill on the House floor this week. 

Markup Hearings  

On Thursday, the Subcommittee on Counterterrorism and Intelligence of the House Homeland Security Committee will hold a business meeting that will include the markup of the following bill of interest here: 

HR 7448, Modernizing and Improving the National Terrorism Advisory System Act of 2026. 

On the Floor  

The first FY 2027 spending bill (HR 8469) is scheduled to come to the floor in the House this week, probably Wednesday or perhaps Thursday. The first problem this bill will face will be the three fiscal fanatics in the House Rules Committee. If they do not support the rule vote in Committee, the bill will not come to the floor under a rule. While this bill may not be fiscally radical enough for them, it is certainly too radical to pass under the suspension of the rules process. There will not be enough Democrats to get the supermajority required for passage under that process. 

For more information on these hearings, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/committee-hearings-week-of-5-10-26 - subscription required. 

Review – 6 Advisories and 1 Update Published – 5-12-26

 Today CISA’s NCCIC-ICS published six control system security advisories for products from ABB (4), Subnet Solutions, and Fuji Electric. They also updated an advisory for products from Ashlar-Vellum. 

Advisories  

ABB Advisory #1 - This advisory describes three vulnerabilities in the ABB WebPro SNMP Card PowerValue product. ABB has a new version that mitigates the vulnerabilities. 

ABB Advisory #2 - This advisory discusses an out-of-bounds write vulnerability in the ABB AC500 V3 product. 

ABB Advisory #3 - This advisory discusses an insecure default initialization of resource vulnerability in the ABB Automation Builder product.  

ABB Advisory #4 - This advisory discusses three vulnerabilities in their AC500 V3 products. 

Subnet Advisory - This advisory describes four vulnerabilities in the Subnet Solutions PowerSYSTEM Center. 

Fuji Advisory - This advisory describes an exposed dangerous method or function vulnerability in the Fuji Tellus product. 

Update  

Ashlar-Vellum Update - This update provides additional information on the Cobalt advisory that was originally published on November 25, 2025. 

For more information on these advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/5-advisories-and-1-update-published-890 - subscription required.