AGENCY:

Transportation Security Administration, DHS.

ACTION:

60-Day notice.

SUMMARY:

The Transportation Security Administration (TSA) invites public comment on one currently approved Information Collection Request (ICR), Office of Management and Budget (OMB) control number 1652–0062 abstracted below that we will submit to OMB for a revision in compliance with the Paperwork Reduction Act (PRA). The ICR covers the assessment of current security practices in public transportation passenger rail (PTPR) and highway and motor carrier (HWY) industries by way of the Baseline Assessment for Security Enhancement (BASE) program, which encompasses site visits and interviews, and is part of the larger domain awareness, prevention, and protection program that supports the mission of TSA and the Department of Homeland Security (DHS). This voluntary collection allows TSA to conduct transportation security-related assessments during site visits with security and operating officials of certain surface transportation modes.

DATES:

Send your comments by January 12, 2024.

ADDRESSES:

Comments may be emailed to TSAPRA@tsa.dhs.gov or delivered to the TSA PRA Officer, Information Technology, TSA 11, Transportation Security Administration, 6595 Springfield Center Drive, Springfield, VA 20598–6011.

FOR FURTHER INFORMATION CONTACT:

Nicole Raymond at the above address, or by telephone (571) 227–2526.

SUPPLEMENTARY INFORMATION:

Comments Invited

In accordance with the Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et seq.), an agency may not conduct or sponsor, and a person is not required to respond to, a collection of information unless it displays a valid OMB control number. The ICR documentation will be available at https://www.reginfo.gov upon its submission to OMB. Therefore, in preparation for OMB review and approval of the following information collection, TSA is soliciting comments to—

(1) Evaluate whether the proposed information requirement is necessary for the proper performance of the functions of the agency, including whether the information will have practical utility;

(2) Evaluate the accuracy of the agency's estimate of the burden;

(3) Enhance the quality, utility, and clarity of the information to be collected; and

(4) Minimize the burden of the collection of information on those who are to respond, including using appropriate automated, electronic, mechanical, or other technological collection techniques or other forms of information technology.

Information Collection Requirement

OMB Control Number 1652–0062; Baseline Assessment for Security Enhancement (BASE) Program. Under the Aviation and Transportation Security Act and delegated authority from the Secretary of Homeland Security, TSA has broad responsibility and authority for “security in all modes of transportation including security responsibilities over modes of transportation that are exercised by the Department of Transportation.” ^[1] TSA is also required to “assess the security of each surface transportation mode and evaluate the effectiveness and efficiency of current Federal Government surface transportation security initiatives.” ^[2]

TSA developed the BASE program in 2007, in an effort to engage with surface transportation entities to establish a “baseline” of security and emergency response operations. This program was initially created for PTPR (including rail and bus operations). Based on the success of the program, TSA developed the HWY BASE program in 2012. The HWY BASE applies to trucking, school bus contractors, school districts, and over-the-road motor coaches. This voluntary program enables TSA to collect and evaluate physical and operational preparedness information and critical assets and key point-of-contact lists. TSA also reviews emergency procedures and domain awareness training and provides an opportunity to share industry best practices.

The BASE program provides TSA with current information on adopted security-practices within the PTPR and HWY modes of the surface transportation sector. The information collected also allows TSA to dynamically adapt programs to the changing threat with an understanding of the improvements surface transportation entities make in their security posture. Additionally, the relationships these face-to-face contacts foster are critical to TSA's ability to reach out to the surface transportation entities participating in the BASE program.

In carrying out the voluntary BASE program, TSA's Transportation Security Inspectors-Surface (TSIs–S) conduct BASE reviews during site visits with security and operating officials of PTPR Start Printed Page 77603 and HWY systems, throughout the U.S. The TSIs-S receive and document relevant information using a standardized checklist. In April 2020 the Government Accountability Office, audit GA–20–404, recommended TSA update the BASE cybersecurity questions to ensure they reflect key practices. As a result, TSA revised the collection to reflect the five core functions of the National Institute of Standards and Technology (NIST) cybersecurity framework. These core functions, and a majority of the subcategories, were combined with industry best practices into a set of additional questions focused on cybersecurity to identify vulnerabilities and provide support for strengthening the cybersecurity baseline for the surface transportation sector. In May 2023, TSA formed a team of surface transportation subject matter experts to review the 222 questions on the PTPR BASE and 52 that were deemed no longer relevant or repetitive, were removed.

Advance coordination and planning ensures the efficiency of the assessment process. The TSIs-S review and analyze the stakeholders' security plan, if adopted, and determine if the mitigation measures included in the plan are being effectively implemented, while providing additional resources for further security enhancement. In addition to examining the security plan document, TSIs-S reviews one or more assets of the private and/or public owner/operator.

During BASE site visits of PTPR and HWY entities, TSIs-S collect information and complete a BASE checklist from the review of each entity's documents, plans, and procedures. They also interview appropriate entity personnel and conduct system observations prompted by questions raised during the document review and interview stages. TSA conducts the interviews to establish and clarify information on security measures implemented by the entity and to identify security gaps. The one-on-one interviews establish a relationship that fosters engagement on, and implementation of, effective and sustained security.

Without this information, the ability for TSA to perform its security mission would be severely hindered. Absent this program, there would be no consistent data about these transportation security programs, nor a decentralized database TSA could use to benchmark the programs. While many PTPR and HWY entities have security and emergency response plans or protocols in place, the BASE provides a consistent approach to evaluate the extent to which security programs exist and the content of those programs.

The participants in the BASE program receive the benefit of a no-cost, voluntary, risk-based assessment tailored to their operations and the size of their organization. These targeted assessments provide actionable options for consideration to strengthen an entities lowest-scoring items. Organizations that participate in the BASE may qualify to receive grant funding to address high-risk security areas and also receive additional guidance to strengthen their security.

While TSA has not set a limit on the number of BASE program reviews to conduct, TSA estimates it will conduct approximately 70 PTPR BASE reviews and approximately 107 HWY BASE reviews on an annual basis. TSA does not intend to conduct more than one BASE review per public transportation passenger rail system in a single year. TSA estimates that the hour burden per PTPR entity to engage its security and/or operating officials with inspectors in the interactive BASE program review process is approximately 9 hours. For HWY, TSA estimates approximately 1.8 hours per HWY entity to engage its security and/or operating officials with inspectors in the interactive BASE program review process. Those who choose to also participate in the new cyber BASE will spend 7.8 hours each, and TSA expects there will be eight reviews conducted per year. The total annual hour burden for the PTPR BASE program review is 630 hours, for HWY BASE 192.6 hours, and for Cybersecurity BASE 62.4 hours, for a total annual burden of 885 hours.

Footnotes