Years > 2021 > November, 2021 > Monday, November 15, 2021
Next Article Next
Next Previous Article
86 FR 217 pgs. 63050-63051 - Extension of Agency Information Collection Activity Under OMB Review: Pipeline Corporate Security Review

Type: NOTICEVolume: 86Number: 217Pages: 63050 - 63051
FR document: [FR Doc. 2021-24862 Filed 11-12-21; 8:45 am]
Agency: Homeland Security Department
Sub Agency: Transportation Security Administration
Official PDF Version:  PDF Version
Pages: 63050, 63051

[top] page 63050

DEPARTMENT OF HOMELAND SECURITY

Transportation Security Administration

Extension of Agency Information Collection Activity Under OMB Review: Pipeline Corporate Security Review

AGENCY:

Transportation Security Administration, DHS.

ACTION:

30-Day Notice.

SUMMARY:

This notice announces that the Transportation Security Administration (TSA) has forwarded the Information Collection Request (ICR), Office of Management and Budget (OMB) control number 1652-0056, abstracted below, to OMB for review and approval of an extension of the currently approved collection under the Paperwork Reduction Act (PRA). The ICR describes the nature of the information collection and its expected burden. The collection encompasses interviews and site visits with pipeline owner/operators regarding company security planning and plan implementation. The collection also involves requirements issued under a TSA Security Directive to address cyber security threats.

DATES:

Send your comments by December 15, 2021. A comment to OMB is most effective if OMB receives it within 30 days of publication.

ADDRESSES:

Written comments and recommendations for the proposed information collection should be sent within 30 days of publication of this notice to www.reginfo.gov/public/do/PRAMain. Find this particular information collection by selecting "Currently under Review-Open for Public Comments" and by using the find function.

FOR FURTHER INFORMATION CONTACT:

Christina A. Walsh, TSA PRA Officer, Information Technology (IT), TSA-11, Transportation Security Administration, 6595 Springfield Center Drive, Springfield, VA 20598-6011; telephone (571) 227-2062; email TSAPRA@tsa.dhs.gov.

SUPPLEMENTARY INFORMATION:

TSA published a Federal Register notice, with a 60-day comment period soliciting comments, of the following collection of information on August 27, 2021, 86 FR 48239.

Comments Invited

In accordance with the Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et seq. ), an agency may not conduct or sponsor, and a person is not required to respond to, a collection of information unless it displays a valid OMB control number. The ICR documentation will be available at http://www.reginfo.gov upon its submission to OMB. Therefore, in preparation for OMB review and approval of the following information collection, TSA is soliciting comments to-

(1) Evaluate whether the proposed information requirement is necessary for the proper performance of the functions of the agency, including whether the information will have practical utility;

(2) Evaluate the accuracy of the agency's estimate of the burden;


[top] (3) Enhance the quality, utility, and clarity of the information to be collected; and page 63051

(4) Minimize the burden of the collection of information on those who are to respond, including using appropriate automated, electronic, mechanical, or other technological collection techniques or other forms of information technology.

Information Collection Requirement

Title: Pipeline Corporate Security Review (PCSR).

Type of Request: Extension of a currently approved collection.

OMB Control Number: 1652-0056.

Forms(s): Pipeline Corporate Security Review (PCSR) Protocol Form and TSA Forms related to the Security Directive.

Affected Public: Hazardous Liquids and Natural Gas Pipeline Industry. Abstract: Under the Aviation and Transportation Security Act (ATSA)? 1 and delegated authority from the Secretary of Homeland Security, TSA is tasked with developing policies, strategies, and plans for dealing with transportation security. To carry out this responsibility regarding pipelines, TSA assesses current industry security practices through its PCSR program. The PCSR is a voluntary, face-to-face visit with a pipeline owner/operator during which TSA discusses an owner/operator's corporate security planning and the entries made by the owner/operator on the PCSR Form. The PCSR Form includes 210 questions concerning the owner/operator's corporate level security planning, covering security topics such as physical and cyber security, vulnerability assessments, training, and emergency communications. TSA uses the information collected during the PCSR process to determine baseline security standards, potential areas of security vulnerability, and industry "smart" practices throughout the pipeline mode.

Footnotes:

1 ?Public Law 107-71 (115 Stat. 597; Nov. 19, 2001) codified at 49 U.S.C. 114.

In addition, on July 19, 2021, TSA issued a Security Directive (SD) imposing mandatory cybersecurity measures on specified owner/operators of critical hazardous liquid and natural pipelines and liquefied natural gas facilities. 2 These owner/operators are required to take several actions requiring a collection of information. First, they must develop and adopt a Cybersecurity Contingency/Response Plan to ensure the resiliency of their operations in the event of a cybersecurity attack. This report must be made available to TSA upon request. Second, they are required to have a third-party complete an evaluation of their industrial control system design and architecture to identify previously unrecognized vulnerabilities. The evaluation must include a final report that must also be made available to TSA upon request. Third, within 7 days of each deadline set forth in the SD, owner/operators must ensure that their Cybersecurity Coordinator or other accountable executive submits a statement to TSA via email certifying that the owner/operator has met the requirements of the SD. For convenience, TSA provides an optional form for each submission deadline that owner/operators can complete and submit via email. To the extent information collected is deemed Sensitive Security Information, TSA will handle the information as required by 49 CFR parts 15 and 1520.

Footnotes:

2 ?On May 28, 2021, TSA issued another SD which included three information collections. OMB control number 1652-0055, includes two of these information collections, requiring owner/operators to report cybersecurity incidents to CISA, and to designate a Cybersecurity Coordinator, who is required to be available to the TSA 24/7 to coordinate cybersecurity practices and address any incidents that arise, and who must submit contact information to TSA. OMB control number 1652-0050 contains the remaining information collection, requiring owner/operators to conduct a cybersecurity assessment, to address cyber risk, and identify remediation measures that will be taken to fill those gaps and a time frame for achieving those measures.

Number of Respondents: 97 respondents annually.

Estimated Annual Burden Hours: 4,423 hours. 3

Footnotes:

3 ?Since the publication of the 60-day notice, TSA has adjusted the annual burden to show the one-time burden for the mandatory collection: 4,423.333 hours = (12,610 (one-time burden) + 220 (Year 1 annual burden) + 220 (Year 2 annual burden) + 220 (Year 3 annual burden) =13,270 hours, or an annual average of 4,423.33 hours.

Dated: November 9, 2021.

Christina A. Walsh,

TSA Paperwork Reduction Act Officer, Information Technology.

[FR Doc. 2021-24862 Filed 11-12-21; 8:45 am]

BILLING CODE 9110-05-P