House Accepts Senate Amendment to HR 7147 – FY 2026 DHS Spending

This afternoon the House took up, yet again, HR 7147, the Further Additional Continuing Appropriations Act, 2026, dealing with the FY 2026 funding for DHS. They effectively withdrew their amended version that had been approved on March 27th, 2026, by a near party-line vote. Instead, the House voted (voice vote) to accept the Senate amendment of March 26th (actual Senate vote took place early on the 27th) that funded the Department except for the immigration enforcement activities of ICE and CBP. The bill now goes to the President for signing, probably this evening. 

While voice votes typically mean that there is widespread support (or at least minimal opposition) for legislation, that may not really be the case here. As with the Senate’s early morning vote there were only a limited number of members on the floor (see reporting here by the Washington Post) when the voice vote was held. This may have been done (in both the House and Senate) to provide cover to Republican members that were conflicted by their opposition to the lack of ICE/CBP funding and their desire to support the President. ICE and CBP continue to receive funding from the earlier Big Beautiful Bill and potentially a second reconciliation bill that the President has requested to be on his desk by June 1st. 

Review – 6 Advisories and 2 Updates Published – 4-30-26

Today CISA’s NCCIC-ICS published six control system security advisories for products from ABB. They also updated two advisories for products from Mitsubishi. 

I would like to remind folks that the Department of Homeland Security (including, of course, CISA’s NCCIC-ICS, the authors of these advisories) has still not been funded for FY 2026 operations since January. The Administration has repurposed funds (that were previously allocated for other uses passed September 30th, 2025) into paychecks for the people still working during this ‘limited shutdown’. Those funds have been expected to run out on or about May 1st. CISA’s cybersecurity operations are expected to continue; paychecks probably not until Congress works out this fiasco. 

Advisories  

Ability Symphony Advisory - This advisory discusses four vulnerabilities in the ABB Ability Symphony Plus Engineering product. 

AWIN Advisory - This advisory describes three vulnerabilities in the ABB AWIN Gateways products. 

Ability OPTIMAX Advisory - This advisory describes an incorrect implementation of authentication algorithm vulnerability in the ABB Ability OPTIMAX products. 

Edgenius Advisory - This advisory describes an authentication bypass using an alternate path or channel vulnerability in the ABB Edgenius Management Portal. 

PCM600 Advisory - This advisory discusses the Zip-Slip vulnerability in the ABB PCM600 product. 

System 800xA Advisory - This advisory describes an improper validation of specified quantity in input vulnerability in the ABB System 800xA, and Symphony Plus IEC 61850 products. 

Updates  

FA Products Update - This update provides additional information on the FA Products advisory that was originally published on April 25th, 2025, and most recently updated on February 3rd, 2026. 

MELSEC iQ-F Series Update - This update provides additional information on the MELSEC iQ-F Series advisory that was originally published on March 3rd, 2026. 

For more information on these advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/6-advisories-and-2-updates-published-cc0 - subscription required. 

Review – Bills Introduced – 4-29-26

 Yesterday, with both the House and Senate in session, there were 68 bills introduced. None of those bills will receive additional coverage in this blog. 

Space Geek Legislation 

I would like to mention one bill under my limited Space Geek coverage in this blog: 

HR 8584 To require the Commander of the United States Space Command to submit a feasibility report on expanding the Multinational Force Operation Olympic Defender. Min, Dave [Rep.-D-CA-47] 

For more information on these bills, including legislative history for similar bills in the 118th Congress, as well as a mention in passing of two bills to provide congressional override authority for disaster declarations, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/bills-introduced-4-29-26 - subscription required. 

Looking Back – 5-11-09 , Video Escorts

 Nearly every morning I start my computer time by looking at information from Google about what happened in my blog in the previous 24 hours. Google, and blogspot.com is a Google service, provides interesting pieces of analytical data about my blog readership. One item of particular interest is the top ten blog posts each day. As you would expect, most of those posts were from the last couple of days, but with 16 years of publishing this blog, every once-in-a-while, a blog post from ancient history rises into that list. 

Today, a blog post from May 11th, 2009, Video Escorts, made the list. This was a discussion about the use of video surveillance systems with sophisticated analytics tools to perform the required escort of uncleared personnel about a facility. While the post includes a fairly down-in-the-weeds discussion of CFATS regulatory requirements, many of those considerations are still applicable to unregulated security issues. 

There are two other interesting things about this post related to reader comments. The first is not visible. I had a number of comments submitted to this offering ‘video escort’ services that had nothing to do with security issues. This is one of the reasons that I moderate the comments published to my blog posts. 

There is a reader comment published with this post. It comes from a recognized video surveillance expert, John Honovich. One of the fun things about writing this blog over the years has been the number of intelligent subject matter experts that I have had the privilege of talking with about facility security topics. They have helped educate me about the wide variety of topics that blogs like this are forced to cover.