Review – 3 Advisories Published – 6-9-26

Today, CISA’s NCCIC-ICS published three control system security advisories for products from Schneider and Siemens.  

NOTE: CISA has not yet sent out their normal email listing the advisories and updates, so I have to rely on the CISA ICS Advisories page, but that page has not listed any updates for a while now, even when they are published. 

Advisories  

Schneider Advisory #1 - This advisory discusses the BlastRadius.Fail vulnerability. 

Schneider Advisory #2 - This advisory describes an insecure default initialization of resource vulnerability in the Schneider Electric EcoStruxure Panel Server. 

NOTE: I briefly discussed the vulnerability on May 16th, 2026. 

Siemens Advisory - This advisory describes two vulnerabilities in KACO Blueplanet Inverters. 

NOTE: I briefly discussed these vulnerabilities on May 16th, 2026. 

For more information on these advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/3-advisories-published-6-9-26 - subscription required. 

CISA Adds Arista Vulnerability to KEV Catalog – 6-9-26

Today, CISA announced that it had added an incomplete comparison with missing factors vulnerability in the Arista EOS to CISA’s Known Exploited Vulnerabilities (KEV) catalog. The vulnerability was previously disclosed by Arista and was originally reported by Scott Christiansen, Lukas Peitz, Rich Compton, and Jonathan Davis at Comcast. In version 1.1 (May 6th) of their advisory, Arista reported that the vulnerability had been reported as being exploited in the wild. Arista provides settings to mitigate the vulnerability; no software fix is planned. 

CISA is requiring federal agencies to apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. A deadline of June 23rd, 2026, has been set. 

Review - S 4077 Introduced – DOD Trucking Security

Back in March, Sen Cotton (R,AR) introduced S 4077, the Trucking Security and CCP Disclosure Act of 2026. The bill would require DOD to only use motor carriers that have been certified not be owned or controlled by, and does not have significant business relationships with, any entity identified on the most recent list of Chinese military companies. It would also require the DOT’s Federal Motor Carrier Safety Administration (FMCSA) to develop and maintain a ‘Secure Defense Freight Carrier Registry’. No new funding is authorized by this legislation. 

The bill would add §2631b, Certification regarding affiliations with Chinese military companies for surface transportation contracts, to 10 USC Chapter 157. It would also add Chapter 140, Secure Defense Freight Carrier Registry, to 49 USC Subtitle IV. 

This bill is a companion measure to HR 7924, that was introduced by Rep Stefanik (R,NY) in March 2026. No action has been taken on that bill. 

Moving Forward  

Cotton is a member of the Senate Armed Services Committee to which this bill was assigned for consideration. This means that there may be sufficient influence to see the bill considered by the Committee. I see nothing in this bill that would engender organized opposition in that Committee. 

According to a press release from Stefanik’s office, she and Cotton are working to include the language from this bill in the upcoming FY 2027 National Defense Authorization Act. 

Commentary  

This bill was only assigned to the Senate Armed Services Committee for consideration. This is odd since it adds a new Chapter to 49 USC. It would seem to me that the bill should have also been assigned to the Senate Commerce, Science, and Transportation Committee for coverage of Section 3 of the bill. 

For more information on the provisions of this bill, as well as additional commentary, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/s-4077-introduced-dod-trucking-security - subscription required. 

Review – Bills Introduced – 6-8-26

Yesterday, with both the House and Senate in session, there were 64 bills introduced. None of those bills are expected to receive additional coverage here. 

Space Geek Legislation 

I would like to mention one bill under my limited Space Geek coverage in this blog: 

HR 9193 To advance NASA's use of nuclear propulsion and power systems for deep space exploration, and for other purposes. Kennedy, Mike [Rep.-R-UT-3] 

For more information on these bills, including legislative history for similar bills in the 118th Congress, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/bills-introduced-6-8-26 - subscription required. 

Short Takes – 6-9-26 - Federal Register Edition

NASA To Research, Evaluate, Assess, and Treat (TREAT) Astronauts Act. Federal Register NASA 60-day ICR revision notice. Summary: “This ongoing information collection supports clinical care and contributes to a comprehensive knowledge base on the long-term effects of spaceflight. It also enables NASA to identify gaps in services that support medical monitoring, diagnosis, and treatment of spaceflight-associated conditions. Records are collected by authorized healthcare providers within the JSC Occupational Health Branch (OHB).” 

Agency Information Collection Activities: Comment Request. Federal Register NSF 30-day ICR renewal notice. Summary: “In the event of a positive determination, the applicant is notified that their proposal has been accepted. The positive or final adverse determination concludes the SAP Portal process. In the instance of a positive determination, the data-owning agency (or agencies) contacts the applicant to provide instructions on the agency's security requirements that must be completed by the applicant to gain access to the confidential data. The completion and submission of the agency's security requirements take place outside of the SAP [Standard Application Process] Portal.” 

Request for Comment; Drive-Mode Design Best Practices. Federal Register NHTSA 30-day new ICR notice. Summary: “This is a new collection of information for which NHTSA intends to seek OMB approval for a one-time voluntary experiment which will examine how different drive-mode implementations affect driver attention and performance compared to standard interfaces.” 

APHIS Sends Biotechnology Efficiency IFR to OMB

Yesterday, OMB’s Office of Information and Regulatory Affairs (OIRA) announced that it had received an interim final rule (IFR) from the USDA’s Animal and Plant Health Inspection Service (APHIS) on “Regulatory Efficiencies for Products of Biotechnology”. 

According to the Spring 2025 Unified Agenda entry for this rulemaking: 

“This interim rule will among other things, create exemptions from USDA’s regulations for plants and microbes that are already subject to EPA regulation and products USDA previously reviewed and deregulated, and provide a permitting exemption for certain modified organisms that are commonly used in laboratory development of products of biotechnology. Other changes are also contemplated.” 

While that ‘other changes’ comment may change how I look at this rulemaking, I do not currently expect to cover this in any depth. Due to my interest in biotechnology manufacturing safety and security, I would expect to at least mention the publication of this IFR in the appropriate Short Takes post.