Intent To Request Extension From OMB of One Current Public Collection of Information: Pipeline Operator Security Information

Issuing agencies

Abstract

The Transportation Security Administration (TSA) invites public comment on one currently approved Information Collection Request (ICR), Office of Management and Budget (OMB) control number 1652-0055, abstracted below that we will submit to OMB for an extension in compliance with the Paperwork Reduction Act (PRA). The ICR describes the nature of the information collection and its expected burden. Specifically, the collection involves the collection of pipeline security incident data, and the cybersecurity coordinator(s) and alternate(s) contact information.

Full Text

<html>
<head>
<title>Federal Register, Volume 89 Issue 221 (Friday, November 15, 2024)</title>
</head>
<body><pre>
[Federal Register Volume 89, Number 221 (Friday, November 15, 2024)]
[Notices]
[Pages 90305-90306]
From the Federal Register Online via the Government Publishing Office [<a href="http://www.gpo.gov">www.gpo.gov</a>]
[FR Doc No: 2024-26538]


-----------------------------------------------------------------------

DEPARTMENT OF HOMELAND SECURITY

Transportation Security Administration


Intent To Request Extension From OMB of One Current Public 
Collection of Information: Pipeline Operator Security Information

AGENCY: Transportation Security Administration, Department of Homeland 
Security.

ACTION: 60-Day notice.

-----------------------------------------------------------------------

SUMMARY: The Transportation Security Administration (TSA) invites 
public comment on one currently approved Information Collection Request 
(ICR), Office of Management and Budget (OMB) control number 1652-0055, 
abstracted below that we will submit to OMB for an extension in 
compliance with the Paperwork Reduction Act (PRA). The ICR describes 
the nature of the information collection and its expected burden. 
Specifically, the collection involves the collection of pipeline 
security incident data, and the cybersecurity coordinator(s) and 
alternate(s) contact information.

DATES: Send your comments by January 14, 2025.

ADDRESSES: Comments may be emailed to <a href="/cdn-cgi/l/email-protection#31656270616370714542501f5559421f565e47"><span class="__cf_email__" data-cfemail="194d4a58494b58596d6a78377d716a377e766f">[email&#160;protected]</span></a> or delivered 
to the TSA PRA Officer, Information Technology (IT), TSA-11, 
Transportation Security Administration, 6595 Springfield Center Drive, 
Springfield, VA 20598-6011.

FOR FURTHER INFORMATION CONTACT: Christina A. Walsh at the above 
address, or by telephone (571) 227-2062.

SUPPLEMENTARY INFORMATION:

Comments Invited

    In accordance with the Paperwork Reduction Act of 1995 (44 U.S.C. 
3501 et seq.), an agency may not conduct or sponsor, and a person is 
not required to respond to, a collection of information unless it 
displays a valid OMB control number. The ICR documentation will be 
available at <a href="https://www.reginfo.gov">https://www.reginfo.gov</a> upon its submission to OMB. 
Therefore, in preparation for OMB review and approval of the following 
information collection, TSA is soliciting comments to--
    (1) Evaluate whether the proposed information requirement is 
necessary for the proper performance of the functions of the agency, 
including whether the information will have practical utility;
    (2) Evaluate the accuracy of the agency's estimate of the burden;
    (3) Enhance the quality, utility, and clarity of the information to 
be collected; and
    (4) Minimize the burden of the collection of information on those 
who are to respond, including using appropriate automated, electronic, 
mechanical, or other technological collection techniques or other forms 
of information technology.

Information Collection Requirement

    OMB Control Number 1652-0055; Pipeline Operator Security 
Information. In addition to TSA's broad responsibility and authority 
for ``security in all modes of transportation . . . including security 
responsibilities . . . over modes of transportation [,]'' see 49 U.S.C. 
114, TSA is required to issue recommendations for pipeline security 
measures and conduct inspections to assess implementation of the 
recommendations. See sec. 1557 of the Implementing Recommendations of 
the 9/11 Commission Act of 2007, Public Law 110-53 (August 3, 2007). 
Consistent with these requirements, TSA produced Pipeline Security 
Guidelines in December 2010 and 2011, with an update published in April 
2021. These voluntary guidelines were developed with the assistance of 
industry and government members of the Pipeline Sector and Government 
Coordinating Councils, industry association representatives, and other 
interested parties.
    Voluntary Collection. As the lead Federal agency for pipeline 
security and consistent with its statutory authorities, TSA needs to be 
notified of all (1) incidents that may indicate a deliberate attempt to 
disrupt pipeline operations and (2) activities that could be precursors 
to such an attempt. The Pipeline Security Guidelines encourage pipeline 
operators to notify the Transportation Security Operations Center via 
phone or email as soon as possible if incidents occur or if there is 
other reason to believe that a terrorist incident may be planned or may 
have occurred. When voluntarily contacting the Transportation Security 
Operations Center, the Guidelines request pipeline operators to provide 
as much information about the incident as possible.
    Mandatory Collection. In May 2021, TSA issued a Security Directive 
(SD) series with requirements for owner/operators of hazardous liquid 
and natural gas pipelines and liquefied natural gas facilities that TSA 
designated as critical. The SD series included two mandatory 
information collections:
    1. TSA requires all owner/operators subject to the SD's 
requirements to report actual or potential cybersecurity incidents 
affecting their information technology and operational technology 
systems to the Cybersecurity and Infrastructure Security Agency (CISA) 
within 24 hours of discovery, using the CISA Incident Reporting System.

[[Page 90306]]

    2. The SD series requires critical pipeline owner/operators to 
appoint cybersecurity coordinator(s) or alternate(s) at the corporate 
level and to provide contact information for the coordinators to TSA. 
To ensure that information reported pursuant to the SD series is 
identifiable within the system, TSA requires these owners/operators to 
indicate that they are providing the information pursuant to the SD 
series.
    TSA expects voluntary reporting of pipeline security incidents will 
occur on an irregular basis. TSA estimates that pipeline owner/
operators will report approximately 118 incidents annually, requiring 
an average of 30 minutes (0.50 hour) to collect, review, and submit 
event information. The total potential burden to the public for this 
task is estimated to be 59 hours.
    Using the CISA Incident Reporting System, TSA expects the mandatory 
reporting of pipeline cybersecurity incidents to CISA will occur 20 
times per year for each covered pipeline owner/operator. TSA estimates 
that 100 pipeline owner/operators will take approximately 2 hours to 
gather the appropriate information to submit each incident report. The 
potential burden to the public for this task is 20 x 100 x 2 hours = 
4,000 hours.
    TSA estimates that approximately 100 pipeline owner/operators will 
report their cybersecurity manager and alternate point of contact 
information. It will take the pipeline owner/operator approximately 30 
minutes (0.50 hour) to do so, and the potential burden for this task is 
100 x 0.50 hour = 50 hours.
    Therefore, the total hour burden to the public for this information 
collection request is estimated to be 59 hours (Security Incidents) + 
4,000 hours (CISA Reporting) + 50 hours (Cyber POC) = 4,109 hours 
annually.

    Dated: November 8, 2024.
Christina A. Walsh,
TSA Paperwork Reduction Act Officer, Information Technology.
[FR Doc. 2024-26538 Filed 11-14-24; 8:45 am]
BILLING CODE 9110-05-P


</pre><script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script></body>
</html>