AGENCY:

Transportation Security Administration, DHS.

ACTION:

60-Day notice.

SUMMARY:

The Transportation Security Administration (TSA) invites public comment on one currently-approved Start Printed Page 31896Information Collection Request (ICR), Office of Management and Budget (OMB) control number 1652-0056, abstracted below that we will submit to OMB for an extension in compliance with the Paperwork Reduction Act (PRA). The ICR describes the nature of the information collection and its expected burden. The collection allows TSA to assess the current security practices in the pipeline industry through TSA's Pipeline Corporate Security Review (PCSR) program. The PCSR program is part of the larger domain awareness, prevention, and protection program supporting TSA's and the Department of Homeland Security's missions.

DATES:

Send your comments by September 3, 2019.

ADDRESSES:

Comments may be emailed to TSAPRA@tsa.dhs.gov or delivered to the TSA PRA Officer, Information Technology (IT), TSA-11, Transportation Security Administration, 601 South 12th Street, Arlington, VA 20598-6011.

FOR FURTHER INFORMATION CONTACT:

Christina A. Walsh at the above address, or by telephone (571) 227-2062.

SUPPLEMENTARY INFORMATION:

Comments Invited

In accordance with the Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et seq.), an agency may not conduct or sponsor, and a person is not required to respond to, a collection of information unless it displays a valid OMB control number. The ICR documentation will be available at http://www.reginfo.gov upon its submission to OMB. Therefore, in preparation for OMB review and approval of the following information collection, TSA is soliciting comments to—

(1) Evaluate whether the proposed information requirement is necessary for the proper performance of the functions of the agency, including whether the information will have practical utility;

(2) Evaluate the accuracy of the agency's estimate of the burden;

(3) Enhance the quality, utility, and clarity of the information to be collected; and

(4) Minimize the burden of the collection of information on those who are to respond, including using appropriate automated, electronic, mechanical, or other technological collection techniques or other forms of information technology.

Consistent with the requirements of Executive Order (E.O.) 13771, Reducing Regulation and Controlling Regulatory Costs, and E.O. 13777, Enforcing the Regulatory Reform Agenda, TSA is also requesting comments on the extent to which this request for information could be modified to reduce the burden on respondents.

Information Collection Requirement

OMB Control Number 1652-0056; Pipeline Corporate Security Review (PCSR) Program. Under the Aviation and Transportation Security Act (ATSA) ^[1] and delegated authority from the Secretary of Homeland Security, TSA has broad responsibility and authority for “security in all modes of transportation . . . including security responsibilities . . . over modes of transportation that are exercised by the Department of Transportation.” ^[2] TSA is specifically empowered to assess threats to transportation,^[3] develop policies, strategies, and plans for dealing with threats to transportation,^[4] oversee the implementation and adequacy of security measures at transportation facilities,^[5] and carry out other appropriate duties relating to transportation security.^[6] The Implementing Recommendations of the 9/11 Commission Act (9/11 Act) included a specific requirement for TSA to conduct assessments of critical pipeline facilities.^[7]

Consistent with these authorities and requirements, TSA developed the PCSR program to assess the current security practices in the pipeline industry, with a focus on the physical and cyber security of pipelines and the crude oil and petroleum products, such as gasoline, diesel, jet fuel, home heating oil, and natural gas, moving through the system infrastructure. PCSRs are voluntary, face-to-face visits, usually at the headquarters facility of the pipeline owner/operator. Typically, TSA sends one to three employees to conduct a seven to eight hour interview with representatives from the owner/operator. The TSA representatives analyze the owner/operator's security plan and policies and compare their practices with recommendations in TSA's Pipeline Security Guidelines.

During the PCSR assessment, the PCSR program subject matter experts:

• Meet with senior corporate officers and security managers.
• Develop knowledge of security planning at critical pipeline infrastructure sites.
• Establish and maintain a working relationship with key security staff who operate critical pipeline infrastructure.
• Identify industry smart practices and lessons learned.
• Maintain a dynamic modal network through effective communications with the pipeline industry and government stakeholders.

Through this engagement, TSA is also able to establish and maintain productive working relationships with key pipeline security personnel. This engagement and access to pipeline facilities also enables TSA to identify and share smart security practices observed at one facility to help enhance and improve the security of the pipeline industry. As a result, participation in the voluntary PCSR program enhances pipeline security at both specific facilities and across the industry.

TSA has developed a Question Set to aid in the conducting of PCSRs. The PCSR Question Set structures the TSA-owner/operator discussion and is the central data source for the security information TSA collects. TSA developed the PCSR Question Set based on input from government and industry stakeholders on how best to obtain relevant information from a pipeline owner/operator about its security plan and processes. The questions are designed to examine the company's current state of security, as well as to address measures that are applied if there is a change in the National Terrorism Advisory System. The PCSR Question Set also includes sections for facility site visits and owner/operator contact information. By asking questions related to specific topics (such as security program management, vulnerability assessments, components of the security plan, security training, and emergency communications), TSA is able to assess the strength of owner/operator's physical security, cyber security, emergency communication capabilities, and security training.

This PCSR information collection provides TSA with real-time information on a company's security posture. The relationships these face-to-face contacts foster are critical to the Federal government's ability to reach out to the pipeline stakeholders affected Start Printed Page 31897by the PCSRs. In addition, TSA follows up via email with owner/operators on specific recommendations made by TSA during the PCSR.

When combined with information from other companies across the sector, TSA can identify and develop recommended smart practices and security recommendations for the pipeline mode. This information allows TSA to adapt programs to the changing security threat, while incorporating an understanding of the improvements owners/operators make in their security measures. Without this information, the ability of TSA to perform its security mission would be severely hindered.

Portions of PCSR responses that are deemed Sensitive Security Information (SSI) are protected in accordance with procedures meeting the transmission, handling, and storage requirements of SSI set forth in 49 Code of Federal Regulations (CFR) parts 15 and 1520.

The annual hour burden for this information collection is estimated to be between 180 and 220 hours based upon 20 PCSR visits per year, each lasting a total of eight hours and the follow-up regarding security recommendations, lasting approximately one to three hours.

Footnotes