Supporting Statement for PRA Submissions

Chemical Facility Anti-Terrorism Standards

OMB CONTROL NO. 1670-NEW

A. JUSTIFICATION

1. Circumstances that make the collection of information necessary

Section 550 of P.L. 109-295 provides the Department of Homeland Security with the authority to regulate the security of high-risk chemical facilities. Before the enactment of Section 550, the Federal government did not have authority to regulate the security of most of our nation’s chemical facilities. On April 9, 2007, the Department issued an Interim Final Rule (IFR), implementing this statutory mandate at 72 FR 17688. Section 550 requires a risk-based approach to security.

The Chemical Facility Anti-Terrorism Standards (CFATS), 6 CFR Part 27, are the Department’s regulations under Section 550 governing security at high-risk chemical facilities. CFATS represents a national-level effort to minimize terrorism risk to such facilities. Its design and implementation balance maintaining economic vitality with securing facilities and their surrounding communities.

CFATS allows, and sometimes requires, facilities to communicate or notify the department of specific information. The data collection activity will be limited to representatives of affected facilities through the Chemical Security Assessment Tool (CSAT).

This collection aligns with 1670-0007 and 201001-1670-005¹ (CVI) to collect information under CFATS. This collection collects information that supports the department’s management of CFATS communications and notifications from the high-risk chemical facilities. 1670-0007 generally collects the primary core regulatory data electronically through the Chemical Security Assessment Tool (CSAT) from high-risk chemical facilities. 201001-1670-005 (CVI) is a new collection currently pending approval by OMB. 201001-1670-005 (CVI) collects information related to the unique information protection regime which ensures the information provided by high-risk chemical facilities to the federal Government is properly protected.

2. By whom, how, and for what purpose the information is to be used

There are four instruments in this collection. These instruments will be used to support the department’s management of the CFATS communications and notification from the affected facilities. The instruments that comprise this collection are as follows.

Request for Redetermination

Pursuant to 6 CFR Part 27.210 (d), a high risk facility will be required to complete this instrument if the facility has made material modifications to its operations. A material modification includes a reduction, increase, elimination or addition of one or more chemicals listed in Appendix A. A facility will also have the option to enter an alternative explanation for the redetermination. The department will notify a facility if it must submit a revised Security Vulnerability Assessment (SVA), Site Security Plan (SSP) or both.

The information is collected electronically by this instrument. Although the content necessary to collect under this instrument is unpredictable, attached is a DHS form that identifies some, but not all of the data routinely collected routinely through this instrument.

Request for an Extension

Pursuant to 6 CFR § 27.210(d), this instrument will be used by a facility to request an extension for submitting for one of the three CSAT surveys: the CSAT Top-Screen, the CSAT SVA or the CSAT SSP. Currently each facility is required to complete each survey within a specified timeframe. By completing this instrument DHS will consider extending the timeframe for a particular facility. The facility must justify a reason for the extension. A justification can include changes in the nature of the facility’s vulnerabilities, changes in operations at the facility and changes in the level of security.

The information is collected electronically by this instrument. Although the content necessary to collect under this instrument is unpredictable, attached is a DHS form that identifies some, but not all of the data routinely collected routinely through this instrument.

Notification of New Top-Screen

Pursuant to 6 CFR Part 27.210, a facility will use this instrument when a facility closes, sells, adds a new Chemical of Interest (COI), eliminates existing COI or changes the amount of COI. Tier 1 and Tier 2 covered facilities must complete and submit a new Top-Screen no less than 2 years, and no more than two years and 60 calendar days. Tier 3 and Tier 4 covered facilities must complete and submit a Top-Screen no less than 3 years and no more than 3 years and 60 calendar days.

The information is collected electronically by this instrument. Although the content necessary to collect under this instrument is unpredictable, attached is a DHS form that identifies some, but not all of the data routinely collected routinely through this instrument.

Request for Technical Consultation

Pursuant to 6 CFR Part 27, this instrument will be used by a high risk facility to request a consultation and technical assistance from DHS. The high risk facility must specify a reason for the request, and their desired outcome. Regardless of whether or when a facility submits a request for a consultation or technical guidance, the department will require the facility to comply with the regulatory requirements.

The information is collected electronically by this instrument. Although the content necessary to collect under this instrument is unpredictable, attached is a DHS form that identifies some, but not all of the data routinely collected routinely through this instrument.

3. Consideration of the use of improved information technology

This collection will leverage the Chemical Security Assessment Tool (CSAT) to reduce the burden on chemical facilities by streamlining the data collection process to meet CFATS regulatory obligations. Collecting the required information by leveraging existing and use of innovative technological developments enhances access controls and reduces the paperwork burden of the high-risk chemical facilities.

Table 1: Medium Information Is Collected In

4. Efforts to identify duplication

CFATS is a unique program, therefore the data collection instruments associated with it do not duplicate any current collection activities.

5. Methods to minimize the burden to small businesses if involved

No unique methods will be used to minimize the burden to small businesses.

6. Consequences to the Federal program if collection were conducted less frequently.

All of the instruments in this collection are initiated by the facility. As required by the regulation a facility must adhere to a specific submission schedule. Reporting less frequently will hinder a facility’s ability to comply with the regulation.

7. Explain any special circumstances that would cause the information collection to be conducted in a manner inconsistent with guidelines.

There are no special circumstances that would cause the information collected to be conducted in a manner inconsistent with guidelines.

8. Consultation

60 Day Comment Period: A 60-day public notice for comments was published in the Federal Register on July 1, 2009 at 74 FR 31458.  No comments were received.

30 Day Comment Period: A 30-day public notice for comments was published in the Federal Register on September 25, 2009 at 74 FR 48996.  No comments were received.

9. Explain any decision to provide any payment or gift to respondents.

No payment or gifts of any kind is provided.

10. Describe any assurance of confidentiality provided to respondents.

Information collected through this collection is considered Chemical-terrorism Vulnerability Information (CVI). CVI is authorized under P.L. 109-295 and implemented in 6 CFR 27.400.

DHS’s primary IT design requirement for CSAT was ensuring data security. DHS acknowledges that there is a non-zero risk, both to the original transmission and the receiving transmission, when requesting data over the Internet. DHS has weighed the risk to the data collection approach against the risk to collecting the data through paper submissions and concluded that the web-based approach was the best approach given the risk and benefits.

Further, DHS has taken a number of steps to protect both the data that will be collected through CSAT. The security of the data has been the number one priority of the system design. The site that the Department will use to collect submissions is equipped with hardware encryption that requires Transport Layer Security (TLS), as mandated by the latest Federal Information Processing Standard (FIPS). The encryption devices have full Common Criteria Evaluation and Validation Scheme (CCEVS) certifications. CCEVS is the implementation of the partnership between the National Security Agency and the National Institute of Standards (NIST) to certify security hardware and software.

11. Additional justification for any questions of a sensitive nature

There are no questions of sensitive nature in this collection.

12. Estimates of reporting and recordkeeping hour and cost burdens of the collection of information

The annual total estimate for reporting, recordkeeping and cost burden under this collection is $214,205. Individual burden estimates vary by instrument and are summarized in the table below:

Table 2: Instrument Burden Estimate

13. Estimates of annualized capital and start-up costs

There are no annualized capital or start-up costs for respondents due to this collection.

14. Estimates of annualized Federal Government costs

Federal government costs can be divided between the cost associated with collection of information and the cost associated with managing and responding to the submitted data. The cost associated with collecting the information is essentially the cost of operating and maintaining the collection instruments within CSAT. The annual Operating and Maintenance (O&M) costs for the instruments with CSAT are estimated at $0.4M. The cost associated with managing and responding to the submitted data the management is equivalent to the cost of employing three government employees at the GS-14 level.

Table 3: Estimates of Annualized Costs for the Collection of Data

Initial Capital Costs

The initial capital costs for the data collection to design, develop, and implement the instruments within CSAT are estimated to be $250,000.

Total Federal Government Costs

In sum, the estimated total annual operating cost to the United States Government for this collection is $897,700 in addition to an estimated initial capital cost of $250,000.

15. Explain the reasons for the change in burden.

This is a new collection therefore there is no change in the burden estimate.

16. For collections of information whose results are planned to be published for statistical use, outline plans for tabulation, statistical analysis and publication.

No plans exist for the use of statistical analysis or to publish this information.

17. Explain the reasons for seeking not to display the expiration date for OMB approval of the information of collection.

The instruments within this collection will be implemented within CSAT. Therefore, the department is seeking approval not to display the expiration date because the expiration dates may cause confusion with different expiration dates for other information collections also collected through CSAT.

18. Explain each exception to the certification statement.

No exceptions have been requested.