Pipeline_CF_List_Supporting_Statement

1. Explain the circumstances that make the collection of information necessary. Identify any legal or administrative requirements that necessitate the collection. Attach a copy of the appropriate section of each statute and regulation mandating or authorizing the collection of information. (Annotate the CFR parts/sections affected).

Section 1557(b) of the Implementing the Recommendations of the 9/11 Commission Act of 2007 specifically tasked TSA to develop and implement a plan for inspecting critical facilities of the nation’s 100 most critical pipeline systems. See Public Law 110-53, 121 Stat. 266, 475 (Aug. 3, 2007). Operators determined their critical facilities based on guidance and criteria set forth in the Department of Transportation's (DOT) September 5, 2002, ``Pipeline Security Information Circular'' and June 2002 ``Pipeline Security Contingency Planning Guidance.'' With OMB approval (OMB Control Number 1652-0050), TSA reached out to the operators of the top 125 critical pipeline systems and requested they submit a listing of their critical facilities to TSA. This critical facility information was submitted to TSA between November 2008 and August 2009. In April 2011, TSA issued new ``Pipeline Security Guidelines'' in consultation with stakeholders and DOT which contain revised guidance and criteria for the determination of critical facilities. TSA is now seeking to renew its OMB approval to request revised critical facility information from the operators of the nation’s top 125 critical pipeline systems.

Once updated critical facility information is obtained, TSA intends to visit critical pipeline facilities and collect site-specific information from pipeline operators on facility security policies, procedures, and physical security measures. Information obtained on the visits will be collected on a Critical Facility Security Review (CFSR) Form. TSA is seeking OMB approval to utilize the CFSR document during critical facility reviews in order to collect facility security information.

As part of this program, TSA also intends to follow-up with pipeline operators on the implementation of security improvements and recommendations made during facility visits. During critical facility visits, TSA documents and provides recommendations to pipeline operators to improve the security posture of the reviewed facility. TSA will then to follow-up with pipeline operators via email on the status toward implementation of the recommendations made during the critical facility visits. The follow-up will be conducted between approximately 12 and 24 months after the facility visit.

2. Indicate how, by whom, and for what purpose the information is to be used. Except for a new collection, indicate the actual use the agency has made of the information received from the current collection.

TSA is seeking to obtain this information in order to to visit and review the security of the nation’s critical pipeline facilities. TSA will be the sole user of this information. Critical facilities are determined by the individual pipeline system operators for their respective systems through their own facility assessment process based on the criteria in the “Pipeline Security Guidelines.” Information collected from the reviews will be analyzed and used by TSA to determine strengths and weaknesses at the nation's critical pipeline facilities, areas to target for risk reduction strategies, pipeline industry implementation of the TSA “Pipeline Security Guidelines,” operator implementation of recommendations made during TSA critical facility visits, and the need for regulations in accordance with Section 1557(d) of the Implementing the Recommendations of the 9/11 Commission Act of 2007.

3. Describe whether, and to what extent, the collection of information involves the use of automated, electronic, mechanical, or other technological collection techniques or other forms of information technology, e.g., permitting electronic submission of responses, and the basis for the decision for adopting this means of collection. Also describe any consideration of using information technology to reduce burden.

The requests for lists of critical facilities sent by TSA and the responses from subject pipeline system operators will be conducted via electronic mail. The requests sent by TSA to follow up with pipeline operators on their status toward implementation of the recommendations made during critical facility visits will also be conducted via electronic mail. Facility-specific information on security policies, procedures, and physical security measures, will be collected on-site by TSA personnel on a Critical Facility Security Review (CFSR) Form. Once the form is filled in and finalized by TSA personnel, the form will be forwarded to operators via electronic mail.

4. Describe efforts to identify duplication. Show specifically why any similar information already available cannot be used or modified for use for the purpose(s) described in Item 2 above.

In some instances facilities identified by operators as pipeline critical facilities may also fall under the requirements of domestic maritime security regulations required by the Maritime Transportation Security Act of 2002 (MTSA). MTSA regulations are enforced by the U.S. Coast Guard and contain specific security requirements for maritime security facilities. Many of the maritime security requirements are similar to those TSA will be reviewing and collecting information on during pipeline security reviews. When collecting each operator’s listing of pipeline critical facilities, TSA asks each operator to identify those pipeline critical facilities that are also MTSA-regulated facilities. TSA then confirms with the U.S. Coast Guard that the facilities are indeed MTSA-regulated. TSA does not review facilities that are MTSA-regulated as security information has already been collected by the U.S. Coast Guard and is available for TSA review as necessary.

5. If the collection of information has a significant impact on a substantial number of small businesses or other small entities (Item 5 of the Paperwork Reduction Act submission form), describe the methods used to minimize burden.

There will be no impact on companies that could be considered small businesses. This information request targets the Top 125 most critical pipeline systems in the U.S., and none of the operators of these pipeline systems or their parent companies could be categorized as small businesses.

6. Describe the consequence to Federal program or policy activities if the collection is not conducted or is conducted less frequently, as well as any technical or legal obstacles to reducing burden.

Failure to obtain pipeline system critical facility lists would impact TSA’s ability to collect, review, and assess the security posture at the nation’s critical pipeline facilities. TSA is reliant on pipeline operators to assess and identify their critical assets. The inability to request this information from pipeline operators will prevent TSA from being able to have accurate knowledge of the location of the nation’s critical pipeline assets. Without knowledge of the location of the nation’s critical pipeline assets, TSA will be unable to review and assess the security posture at the nation’s critical pipeline facilities, which will prevent the agency from being able to make specific recommendations to improve each facility’s security. If TSA is unable to make specific security recommendations to operators of critical pipeline facilities, the agency will not be able to assess the implementation of these recommendations at a later date, as recommended by the U.S. Government Accountability Office (GAO-10-867, August 2010). In summary, the inability to conduct these collections would greatly impede TSA’s mission to protect and secure the nation’s hazardous liquid and natural gas pipeline infrastructure.

7. Explain any special circumstances that require the collection to be conducted in a manner inconsistent with the general information collection guidelines in 5 CFR 1320.5(d)(2).

This collection will be conducted consistent with the information collection guidelines in 5 CFR 1320.5 (d)(2).

8. Describe efforts to consult persons outside the agency to obtain their views on the availability of data, frequency of collection, the clarity of instructions and recordkeeping, disclosure, or reporting format (if any), and on the data elements to be recorded, disclosed, or reported. If applicable, provide a copy and identify the date and page number of publication in the Federal Register of the agency's notice, required by 5 CFR 1320.8(d) soliciting comments on the information collection prior to submission to OMB. Summarize public comments received in response to that notice and describe actions taken by the agency in response to these comments. Specifically address comments received on cost and hour burden.

TSA published a Federal Register notice, with a 60 day notice, soliciting comments on the information collection on June 16, 2011, (76 FR 35229) and a 30 day notice on October 11, 2011, (76 FR 62818). No comments were received.

9. Explain any decision to provide any payment or gift to respondents, other than remuneration of contractors or grantees.

No payment or gift will be provided to respondents.

10. Describe any assurance of confidentiality provided to respondents and the basis for the assurance in statute, regulation, or agency policy.

To the extent that the information provided by operators is Security Sensitive Information (SSI), it will be protected in accordance with procedures meeting the transmission, handling and storage requirements set forth in 49 CFR parts 15 and 1520.

11. Provide additional justification for any questions of sensitive nature, such as sexual behavior and attitudes, religious beliefs, and other matters that are commonly considered private.

There are no questions of sensitive nature posed in the collection.

12. Provide estimates of hour burden of the collection of information.

The burden related to the collection of updated critical facility information from the top 125 pipeline system operators will require 4 hours per operator, for a burden of 500 hours (125 X 4) in the first year only. Over three years this averages to an annual number of respondents of 42 and an annual burden of approximately 168 hours.

A maximum of 120 facility reviews will be conducted each year with each review taking approximately 4 hours (120 X 4 = 480). The average annual burden for the information collection related to the Critical Facility Security Review (CFSR) Form is estimated to be 480 hours.

In the first year only, a burden of 1,750 hours is estimated for information collection on the follow-up of the recommendations made during the 350 facility visits conducted in accordance with the requirement in the 9/11 Act (350 x 5 = 1,750). It will take approximately 5 hours for each operator to submit a response to TSA regarding its implementation of security recommendations made during critical facility visits. Over three years this averages to an annual number or respondents of 117 and an annual burden of approximately 585 hours. After the first year, the annual burden for the information collection related to the follow-up on the recommendations made to facility operators is estimated to be 600 hours. If a maximum of 120 critical facilities are reviewed each year, and TSA follows up with each facility operator between approximately 12 and 24 months following the visit, the total annual burden is 600 hours (120 x 5) following the first year. Over three years this averages to an annual number of respondents of 80 and an annual burden of 400 hours. Both together, over three years these collections average to an annual number of respondents of 197 and an average annual burden of 985 hours.

Total estimated annual number of respondents is 359 with a total average annual burden of 1,633 hours.

13. Provide an estimate of the total annual cost burden to respondents or record keepers resulting from the collection of information.

TSA does not estimate a cost to the industry beyond the hour burden detailed in answer 12.

14. Provide estimates of annualized cost to the Federal Government. Also, provide a description of the method used to estimate cost, and other expenses that would not have been incurred without this collection of information.

There are no additional costs to the Federal Government for the critical facility information collection, nor the recommendation follow-up collection. For the CFSR Form information collection, the cost to the Federal government will be approximately $837K per year. These costs include contractor support services to aid in the conduct of the security reviews and to complete the CFSR Form for each facility visited, and total approximately $801K per year. In addition, Federal government travel costs for TSA personnel for the critical facility reviews are estimated to be approximately $36K per year. The average cost per trip is approximately $1,500. TSA estimates two trips will be conducted each month, for an annual cost to the Federal Government of 36K ($1,500 X 2) X (12).

15. Explain the reasons for any program changes or adjustments reported in Items 13 or 14 of the OMB Form 83-I.

Once updated lists of critical facilities are obtained, TSA intends to visit critical pipeline facilities and collect site-specific information from pipeline operators on facility security policies, procedures, and physical security measures. This is a change from how the program operated in the past and it is being initiated to allow TSA to discuss facility security directly with pipeline operators and validate by observation what security measures are in place at each facility.

In addition, GAO has recently recommended the TSA establish a database of recommendations made during critical facility visits and develop a process for following up on the implementation of those recommendations (GAO-10-867, August 2010, PIPELINE SECURITY - TSA Has Taken Actions to Help Strengthen Security, but Could Improve Priority-Setting and Assessment Processes). TSA has developed that database and it will be used to capture all recommendations, and TSA intends to follow-up with operators between approximately 12 and 24 months after each facility visit on the status toward implementation of the recommendations. This program change will help TSA comply with GAO’s recommendation, enable the agency to better analyze recommendations made, and monitor whether pipeline operators are addressing the security vulnerabilities identified at each facility. These processes will increase the annual burden by approximately 1,133 hours.

16. For collections of information for which results will be published, outline plans for tabulation and publication. Address any complex analytical techniques that will be used. Provide the time schedule for the entire project, including beginning and ending dates of the collection of information, completion of report, publication dates, and other actions.

Specific information, such as the pipeline critical facility lists , information collected on the CFSR Form, and ccritical facility recommendations and implementation status will not be published due to security sensitive matters. However, a high level summary report of findings from the critical facility reviews may be provided to pipeline industry and Federal Government stakeholders once the program is completed and and analysis of the information is performed. The purpose of the summary report will be informational in nature, contain no site-specific or SSI-designated information, and will be provided to pipeline operators and Federal Government stakeholders to identify trends and draw high-level conclusions about the security posture of the nation’s critical pipeline facilities.

17. If seeking approval to not display the expiration date for OMB approval of the information collection, explain the reasons that display would be inappropriate.

TSA is not seeking such approval.

18. Explain each exception to the certification statement identified in Item 19, “Certification for Paperwork Reduction Act Submissions,” of OMB Form 83-I.

TSA is not seeking any exceptions.