Extension of Agency Information Collection Activity Under OMB Review: Pipeline Corporate Security Review

Issuing agencies

Abstract

This notice announces that the Transportation Security Administration (TSA) has forwarded the Information Collection Request (ICR), Office of Management and Budget (OMB) control number 1652-0056, abstracted below, to OMB for review and approval of an extension of the currently approved collection under the Paperwork Reduction Act (PRA). The ICR describes the nature of the information collection and its expected burden. The collection encompasses interviews and site visits with pipeline owner/operators regarding company security planning and plan implementation. The collection also involves requirements issued under a TSA Security Directive to address cyber security threats.

Full Text

<html>
<head>
<title>Federal Register, Volume 86 Issue 217 (Monday, November 15, 2021)</title>
</head>
<body><pre>
[Federal Register Volume 86, Number 217 (Monday, November 15, 2021)]
[Notices]
[Pages 63050-63051]
From the Federal Register Online via the Government Publishing Office [<a href="http://www.gpo.gov">www.gpo.gov</a>]
[FR Doc No: 2021-24862]


-----------------------------------------------------------------------

DEPARTMENT OF HOMELAND SECURITY

Transportation Security Administration


Extension of Agency Information Collection Activity Under OMB 
Review: Pipeline Corporate Security Review

AGENCY: Transportation Security Administration, DHS.

ACTION: 30-Day Notice.

-----------------------------------------------------------------------

SUMMARY: This notice announces that the Transportation Security 
Administration (TSA) has forwarded the Information Collection Request 
(ICR), Office of Management and Budget (OMB) control number 1652-0056, 
abstracted below, to OMB for review and approval of an extension of the 
currently approved collection under the Paperwork Reduction Act (PRA). 
The ICR describes the nature of the information collection and its 
expected burden. The collection encompasses interviews and site visits 
with pipeline owner/operators regarding company security planning and 
plan implementation. The collection also involves requirements issued 
under a TSA Security Directive to address cyber security threats.

DATES: Send your comments by December 15, 2021. A comment to OMB is 
most effective if OMB receives it within 30 days of publication.

ADDRESSES: Written comments and recommendations for the proposed 
information collection should be sent within 30 days of publication of 
this notice to <a href="http://www.reginfo.gov/public/do/PRAMain">www.reginfo.gov/public/do/PRAMain</a>. Find this particular 
information collection by selecting ``Currently under Review--Open for 
Public Comments'' and by using the find function.

FOR FURTHER INFORMATION CONTACT: Christina A. Walsh, TSA PRA Officer, 
Information Technology (IT), TSA-11, Transportation Security 
Administration, 6595 Springfield Center Drive, Springfield, VA 20598-
6011; telephone (571) 227-2062; email <a href="/cdn-cgi/l/email-protection#d783849687859697a3a4b6f9b3bfa4f9b0b8a1"><span class="__cf_email__" data-cfemail="4f1b1c0e1f1d0e0f3b3c2e612b273c61282039">[email&#160;protected]</span></a>.

SUPPLEMENTARY INFORMATION: TSA published a Federal Register notice, 
with a 60-day comment period soliciting comments, of the following 
collection of information on August 27, 2021, 86 FR 48239.

Comments Invited

    In accordance with the Paperwork Reduction Act of 1995 (44 U.S.C. 
3501 et seq.), an agency may not conduct or sponsor, and a person is 
not required to respond to, a collection of information unless it 
displays a valid OMB control number. The ICR documentation will be 
available at <a href="http://www.reginfo.gov">http://www.reginfo.gov</a> upon its submission to OMB. 
Therefore, in preparation for OMB review and approval of the following 
information collection, TSA is soliciting comments to--
    (1) Evaluate whether the proposed information requirement is 
necessary for the proper performance of the functions of the agency, 
including whether the information will have practical utility;
    (2) Evaluate the accuracy of the agency's estimate of the burden;
    (3) Enhance the quality, utility, and clarity of the information to 
be collected; and

[[Page 63051]]

    (4) Minimize the burden of the collection of information on those 
who are to respond, including using appropriate automated, electronic, 
mechanical, or other technological collection techniques or other forms 
of information technology.

Information Collection Requirement

    Title: Pipeline Corporate Security Review (PCSR).
    Type of Request: Extension of a currently approved collection.
    OMB Control Number: 1652-0056.
    Forms(s): Pipeline Corporate Security Review (PCSR) Protocol Form 
and TSA Forms related to the Security Directive.
    Affected Public: Hazardous Liquids and Natural Gas Pipeline 
Industry. Abstract: Under the Aviation and Transportation Security Act 
(ATSA) \1\ and delegated authority from the Secretary of Homeland 
Security, TSA is tasked with developing policies, strategies, and plans 
for dealing with transportation security. To carry out this 
responsibility regarding pipelines, TSA assesses current industry 
security practices through its PCSR program. The PCSR is a voluntary, 
face-to-face visit with a pipeline owner/operator during which TSA 
discusses an owner/operator's corporate security planning and the 
entries made by the owner/operator on the PCSR Form. The PCSR Form 
includes 210 questions concerning the owner/operator's corporate level 
security planning, covering security topics such as physical and cyber 
security, vulnerability assessments, training, and emergency 
communications. TSA uses the information collected during the PCSR 
process to determine baseline security standards, potential areas of 
security vulnerability, and industry ``smart'' practices throughout the 
pipeline mode.
---------------------------------------------------------------------------

    \1\ Public Law 107-71 (115 Stat. 597; Nov. 19, 2001) codified at 
49 U.S.C. 114.
---------------------------------------------------------------------------

    In addition, on July 19, 2021, TSA issued a Security Directive (SD) 
imposing mandatory cybersecurity measures on specified owner/operators 
of critical hazardous liquid and natural pipelines and liquefied 
natural gas facilities.\2\ These owner/operators are required to take 
several actions requiring a collection of information. First, they must 
develop and adopt a Cybersecurity Contingency/Response Plan to ensure 
the resiliency of their operations in the event of a cybersecurity 
attack. This report must be made available to TSA upon request. Second, 
they are required to have a third-party complete an evaluation of their 
industrial control system design and architecture to identify 
previously unrecognized vulnerabilities. The evaluation must include a 
final report that must also be made available to TSA upon request. 
Third, within 7 days of each deadline set forth in the SD, owner/
operators must ensure that their Cybersecurity Coordinator or other 
accountable executive submits a statement to TSA via email certifying 
that the owner/operator has met the requirements of the SD. For 
convenience, TSA provides an optional form for each submission deadline 
that owner/operators can complete and submit via email. To the extent 
information collected is deemed Sensitive Security Information, TSA 
will handle the information as required by 49 CFR parts 15 and 1520.
---------------------------------------------------------------------------

    \2\ On May 28, 2021, TSA issued another SD which included three 
information collections. OMB control number 1652-0055, includes two 
of these information collections, requiring owner/operators to 
report cybersecurity incidents to CISA, and to designate a 
Cybersecurity Coordinator, who is required to be available to the 
TSA 24/7 to coordinate cybersecurity practices and address any 
incidents that arise, and who must submit contact information to 
TSA. OMB control number 1652-0050 contains the remaining information 
collection, requiring owner/operators to conduct a cybersecurity 
assessment, to address cyber risk, and identify remediation measures 
that will be taken to fill those gaps and a time frame for achieving 
those measures.
---------------------------------------------------------------------------

    Number of Respondents: 97 respondents annually.
    Estimated Annual Burden Hours: 4,423 hours.\3\
---------------------------------------------------------------------------

    \3\ Since the publication of the 60-day notice, TSA has adjusted 
the annual burden to show the one-time burden for the mandatory 
collection: 4,423.333 hours = (12,610 (one-time burden) + 220 (Year 
1 annual burden) + 220 (Year 2 annual burden) + 220 (Year 3 annual 
burden) =13,270 hours, or an annual average of 4,423.33 hours.

    Dated: November 9, 2021.
Christina A. Walsh,
TSA Paperwork Reduction Act Officer, Information Technology.
[FR Doc. 2021-24862 Filed 11-12-21; 8:45 am]
BILLING CODE 9110-05-P


</pre><script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script></body>
</html>