INFORMATION COLLECTION SUPPORTING STATEMENT
Exercise Information System (EXIS)
Explain the circumstances that make the collection of information necessary. Identify any legal or administrative requirements that necessitate the collection. Attach a copy of the appropriate section of each statute and regulation mandating or authorizing the collection of information. (Annotate the CFR parts/sections affected).
The Transportation Security Administration has statutory mandate to assess a security risk for any mode of transportation, develop security measures for dealing with that risk, and enforce compliance with those measures.1 TSA also has the primary federal role to enhance security for all modes of transportation, “including security responsibilities . . . over modes of transportation that are exercised by the Department of Transportation.” 2
Section 1407 of the Implementing Recommendations of the 9/11 Commission Act of 2007 (911 Act) (Pub. L. 110-53, 121 Stat. 408, Aug. 3, 2007, (codified at 6 U.S.C. 1136)) requires the Transportation Security Administration (TSA) to:
…[Establish] a program for conducting security exercises for public transportation agencies for the purpose of assessing and improving [their] capabilities…to prevent, prepare for, mitigate against, respond to, and recover from acts of terrorism.
Section 1516 of the 9/11 Act (codified at 6 U.S.C. 1166)) requires TSA to:
…[Establish] a program for conducting security exercises for railroad carriers for the purpose of assessing and improving [their] capabilities…to prevent, prepare for, mitigate against, respond to, and recover from acts of terrorism.
Section 1533 of the 9/11 Act (codified at 6 U.S.C. 1183)) requires TSA to:
…[Establish] a program for conducting security exercises for over-the-road bus transportation for the purpose of assessing and improving [their] capabilities…to prevent, prepare for, mitigate against, respond to, and recover from acts of terrorism.
In addition, the Security and Accountability For Every Port Act of 2006 (Pub. L. 109-347, 120 Stat. 1895-96, Oct. 13, 2006, codified at 6 U.S.C. 911(a) and 912(a)), requires The Department of Homeland Security to:
…[Establish] a Port Security Training Program…for the purpose of enhancing the capabilities of each [maritime transportation facility and/or vessel] …to prevent, prepare for, respond to, mitigate against, and recover from threatened or actual acts of terrorism, natural disasters, and other emergencies.
…[Establish] a Port Security Exercise Program… for the purpose of testing and evaluating the capabilities of Federal, State, local, and foreign governments, commercial seaport personnel and management, governmental and nongovernmental emergency response providers, the private sector…to prevent, prepare for, mitigate against, respond to, and recover from acts of terrorism, natural disasters, and other emergencies….
These requirements are fulfilled through the Intermodal Security Training and Exercise Program (I-STEP). I-STEP is a design, development, and tracking resource of security exercises that can assess and improve the capabilities of all surface transportation modes to prevent, prepare for, mitigate against, respond to, and recover from acts of terrorism.
The personnel resource requirements for conducting a security exercise using the resources of the I-STEP program team limit the availability of this resource to transportation stakeholders. The Exercise Information System (EXIS) is a voluntary, online tool developed by TSA that supports the I-STEP mission by expanding the availability of these resources. Using EXIS, transportation stakeholders have access to a system that will allow them to generate and conduct security exercises, expanding the reach and effectiveness of the I-STEP program and its mission to improve the capabilities of all surface transportation modes to prevent, prepare for, mitigate against, respond to, and recover from acts of terrorism. EXIS also collects lessons learned and best practices from such exercises and makes them available for the benefit of members of the TSS that participate in EXIS.
Why the collection is necessary:
There has been growing demand among government and industry security partners across the nation to expand I-STEP, which TSA developed and implemented to fulfill the 911 Act’s requirement for DHS to establish an exercise program for the Transportation Systems Sector (TSS). I-STEP brings public and private sector partners together to exercise, train, share information, and address transportation security issues to protect travelers, commerce, and infrastructure. Through the program, TSA facilitates modal and intermodal exercises and workshops throughout the country. The program also provides training support to help modal operators meet their training objectives.
Because I-STEP is a labor intensive program that requires extensive travel and other resource commitments (for both the government and stakeholders involved in the exercise), the number of exercises TSA can conduct on an annual basis is limited.
Based on consultations with its TSS stakeholders, TSA has developed the Exercise Information System (EXIS) as a technology platform that expands the capabilities of the I-STEP for TSS operators. EXIS was designed by the Federal government with input from industry partners to support their risk reduction efforts. As a result, it will both enhance security and reduce costs.
EXIS allows government to provide a voluntary electronic, exercise design and tracking tool that would be accessible to 100,000+ TSS operators. Currently, security partners from industry in the TSS have limited or no ability to obtain training on designing security exercises. The availability of EXIS would provide a TSS operator with a tool to assist in their risk reduction efforts. The availability of EXIS would provide these stakeholders with current and consistent information and data to design and track security exercises.
The availability and use of EXIS would result in an overall decrease in the cost of exercise requirements. EXIS would decrease the administrative, and acquisition, cost of exercise design by allowing for electronic collaboration between planners. This reduces the costs associated with government and industry travel to a central location to discuss exercise design specifications. It also would allow larger operators to cover multiple asset sites with a single exercise design tool.
EXIS has additional benefits. It is designed to support a TSS operator in designing and tracking security exercises without formal training. Other EXIS benefits include: access to current information/data without need to publish and send hardcopies; access to current transportation security information; a "one-stop-shop" for exercise directors to access lessons learned, best practices and "clear and consistent performance measures" for exercise design; and intuitive electronic self-help features that reduce the need for contractor assistance to setup exercises.
Use of EXIS is completely voluntary for industry and government operators in the TSS. While the 9/11 Act requires TSA to issue regulations to require security training for public transportation, railroad carrier, and over-the-road bus frontline employees, including a requirement to address “live situational training exercises regarding various threat conditions, including tunnel evacuation procedures” (see sections 1407(c)(7), 1517(c)(8), and 1534(c)(8) of the 9/11 Act, respectively), TSA does not anticipate including a requirement for covered owner/operators to use EXIS. As applicable, EXIS would, however, be available to them to help reduce the costs of any security exercises they conduct.
EXIS satisfies the “Industry Engagement” portion of the TSA Office of Security Policy and Industry Engagement’s mission, which is the office that manages EXIS. The “Industry Engagement” portion of the mission originated from the premise that regulation alone does not make the nation more secure. Much more is accomplished in the way of transportation security when the agency works with stakeholders to engage in activities that have been mutually determined to reduce risk and increase the security posture of the nation.
TSA research has shown that 100% of the largest, highest grossing TSS operators conduct at least one transportation security exercise annually as an industry best practice. All business owners/operators, including TSS companies, are aware of liability considerations, and security exercises may reduce the cost of some corporate insurance policies.
While TSA expects the EXIS tool to be useful to industry, as described above, use of the system would not guarantee compliance with any existing or future TSA, DHS, or other Federal regulation.
Indicate how, by whom, and for what purpose the information is to be used. Except for a new collection, indicate the actual use the agency has made of the information received from the current collection.
EXIS is intended to be used by stakeholders in the TSS with a desire to conduct security exercises, including TSA’s internal stakeholders (such as Federal Security Directors) and publicly- or privately-owned transportation companies or assets. TSA will collect five kinds of information online from transportation stakeholders: (1) user registration information; (2) nature and scope of exercise; (3) corrective actions/lessons learned/best practices; (4) evaluation feedback on EXIS itself; and (5) After-Action Reports.
TSA will collect registration information from all EXIS users. Most likely, these users will be mid-level staffers at the transportation company/agency. TSA will use the information to ensure only those who are involved in transportation security with a “need-to-know” can utilize the features of EXIS, which is necessary because the context may contain Sensitive Security Information (SSI). See 49 CFR Part 1520. Although participation in EXIS is voluntary, for those who choose to participate, TSA requires those respondents to submit the following registration information:
First and Last Name
Agency/Organization Type and Name
Job Title
Employer Name
Professional Phone Number
Professional E-mail Address
Employment Verification Contact Name
Employment Verification Phone Number
In addition, because EXIS content may contain SSI, all users are also required to submit an electronic non-disclosure agreement (NDA) pertaining to SSI usage. 3 Furthermore, all users will be required to review and acknowledge review of SSI handling and protection requirements. The burden of reading and acknowledging the NDA and the SSI handling and protection requirements is accounted for in the registration burden estimate under Question 12.
TSA also requests the following optional registration information:
Certifications
Professional Address, City, State, and Zip
Alternate Phone Number
Professional Fax Number
Alternate E-mail
After users are registered, the EXIS user can provide information regarding the nature and scope of the exercise that they would like to conduct. TSA then can access this information in order to generate an appropriate exercise for the user. Such information includes:
Exercise Properties
Objectives
Scenario Events
Participating Agencies
Pre-Exercise Data (to assess the user’s state of readiness for a transportation security incident prior to initiating the training exercise)
After the completion of the exercise, the EXIS user can input information regarding the exercise. The EXIS user can ultimately use this information for generating an “After Action Report”. TSA will also collect this information in order to capture lessons learned and best practices. Such information includes:
Corrective Actions
Best Practices
Lessons Learned
Users can submit feedback on EXIS itself through a voluntary evaluation survey called the “Evaluation Team Feedback”. This survey encompasses:
Evaluation Materials
Evaluator Training
Team Composition
Logistics
Finally, as previously mentioned, EXIS users can access data to generate and/or submit formal “After Action Reports” which may include:
Exercise Overview
Goals and Objectives
Event Synopsis
Analysis of Critical Issues
Exercise Design Characteristics
Conclusions
Executive Summary
An EXIS user has the ability to limit the availability of his/her exercise information to a select group of other EXIS users by creating an exercise community. By creating an exercise community, the EXIS user groups exercises and data under a private sub-site within EXIS and can control community access by choosing which other EXIS users to invite to his/her community and/or by rejecting any requests from other users to join. All EXIS users, whether TSA or non-TSA, have this ability. Regardless of whether the community organizer is TSA or non-TSA, TSA will have the ability to access and moderate all communities, although TSA will not actively do so. TSA will only step in to moderate if an issue arises in a particular community.
EXIS communities are not “bulletin boards” in the sense that all members of the community can contribute information. Rather, the community owner can post information regarding his/her exercise and other community members can only observe the posted information. Because such information may be SSI, all EXIS users will have unique usernames and passwords that meet or exceed the DHS standards of SSI access to log into EXIS. An SSI Content Management Plan has been approved for EXIS by the Office of Intelligence, and EXIS hardware and software have been approved to handle SSI by the Office of Information Technology.
Describe whether, and to what extent, the collection of information involves the use of automated, electronic, mechanical, or other technological collection techniques or other forms of information technology, e.g., permitting electronic submission of responses, and the basis for the decision for adopting this means of collection. Also describe any consideration of using information technology to reduce burden. [Effective 03/22/01, your response must SPECIFICALLY reference the Government Paperwork Elimination Act (GPEA), which addresses electronic filing and recordkeeping, and what you are doing to adhere to it. You must explain how you will provide a fully electronic reporting option by October 2003, or an explanation of why this is not practicable.]
EXIS is an electronic system, accessible through the Internet, and all information is collected electronically; thus this information collection is compliant with GPEA. The basis for adopting an online submission process include ease of accessibility for EXIS users, ease of information storage, and ease of control over information dissemination. Users can go to “https://exis.tsa.dhs.gov/default.aspx” to access the public-facing EXIS site and to request access by inputting registration information.
Describe efforts to identify duplication. Show specifically why any similar information already available cannot be used or modified for use for the purpose(s) described in Item 2 above.
TSA is not aware of any other web portal in the government that is designed to generate transportation security training exercises and to record the data/results of such exercises. The purpose of EXIS is unique, and therefore any similar information already available cannot be modified to accomplish it.
If the collection of information has a significant impact on a substantial number of small businesses or other small entities (Item 5 of the Paperwork Reduction Act submission form), describe the methods used to minimize burden.
The collection of information will not have a significant impact on a substantial number of small businesses or other small entities.
Describe the consequence to Federal program or policy activities if the collection is not conducted or is conducted less frequently, as well as any technical or legal obstacles to reducing burden.
The TSS has over 100,000 operators which need support from TSA, and insufficient awareness, prevention, response, and recovery to a transportation security incident will result in increased vulnerability of the U.S. transportation network and a reduced ability of DHS to assess system readiness. Failure to collect this information will limit TSA’s ability to effectively test security countermeasures, security plans, and the ability of a modal operator to respond to and quickly recover after a transportation security incident.
EXIS is an SSI-level system. Therefore, collection of registration information is necessary in order to determine whether users should have access to the system. Thus, failure to collect user registration information will prevent TSA from making this system available to transportation stakeholders as it would not have the ability to evaluate whether transportation stakeholders have a “need-to-know” in order to access and use EXIS.
In addition, failure to collect/monitor information regarding the nature and scope of the user’s desired exercise will prevent TSA from properly generating a relevant and useful training exercise for the user. A failure to collect corrective actions, best practices, lessons learned, and After-Action Reports from the user once the exercise is complete will hamper TSA’s attempt to record and document security feedback as well as TSA’s ability to disseminate such information to other members of the TSS. Finally, a failure to collect feedback on EXIS’s performance will limit TSA from adjusting the properties and capabilities of EXIS to better suit the needs of the TSS.
Explain any special circumstances that require the collection to be conducted in a manner inconsistent with the general information collection guidelines in 5 CFR 1320.5(d)(2).
TSA will conduct this collection in a manner consistent with the general information collection guidelines in 5 CFR 1320.5(d)(2).
Describe efforts to consult persons outside the agency to obtain their views on the availability of data, frequency of collection, the clarity of instructions and recordkeeping, disclosure, or reporting format (if any), and on the data elements to be recorded, disclosed, or reported. If applicable, provide a copy and identify the date and page number of publication in the Federal Register of the agency's notice, required by 5 CFR 1320.8(d) soliciting comments on the information collection prior to submission to OMB. Summarize public comments received in response to that notice and describe actions taken by the agency in response to these comments. Specifically address comments received on cost and hour burden.
Pursuant to 5 CFR 1320.8(d), TSA published a 60-day notice soliciting comments from persons outside of the agency regarding the data collection procedures of EXIS. This notice was published on January 6, 2011 (76 FR 792). We received three comments. The first comment was from a contractor in the Infrastructure Protection Disaster Management Division of the Science and Technology Directorate at DHS. This comment sought more information in regards to the program manager of EXIS and its role/capabilities in exercise training. TSA responded by referring the commentator to the appropriate EXIS personnel. The second comment came from a transportation security inspector in South Carolina seeking more information on the capabilities of EXIS. TSA responded by electronically sending the commentator an EXIS information brochure and referring the commentator to the EXIS email address for any additional questions. The third comment came from a writer with Chemical Facility Security News. This comment inquired about the type of information requested during EXIS registration. The writer’s comments are addressed in Question #2 of this Supporting Statement. To our knowledge, no additional comments have been received.
Explain any decision to provide any payment or gift to respondents, other than remuneration of contractors or grantees.
TSA will not provide payment or gifts to respondents.
Describe any assurance of confidentiality provided to respondents and the basis for the assurance in statute, regulation, or agency policy.
TSA will not provide any assurance of confidentiality to respondents. TSA will gather and store all information pursuant to the Privacy Act, as applicable, as well as any information deemed SSI pursuant to 49 CFR Part 1520.
Provide additional justification for any questions of sensitive nature, such as sexual behavior and attitudes, religious beliefs, and other matters that are commonly considered private.
TSA does not ask questions of a private, sensitive nature.
Provide estimates of hour burden of the collection of information.
The total annual hour burden estimate for EXIS’s collection of information is 392,385 hours. This was calculated by first, estimating the average annual number of unique respondents (112,109). The average annual number of unique respondents was then multiplied by an estimated annual response frequency (one-half of the EXIS user population will conduct one exercise per year, while the other one-half will not conduct any exercises per year) and hours per response (seven hours). A more detailed explanation of how these estimates were derived is provided below.
First, TSA used data from TSA Modal Annex reports, the Association of American Railroads (AAR), and the 2008 Motor Coach Census to estimate current surface transportation industry populations which were used as year one estimates. An annual growth rate of 0.54 percent was used to obtain year two and year three Freight Rail population estimates. The Freight Rail growth rate is based on 2006-2008 AAR statistics. An annual growth rate of 1.81 percent was applied to the remaining populations to obtain year two and year three population estimates. The 1.81 percent growth rate was based on 1999-2009 U.S. Gross Domestic Product data from the Bureau of Economic Analysis. Table 1 displays the estimated transportation surface population.
Table 1: Transportation Surface Population* |
|||||
Respondent Category |
Current Industry Population |
Annual Growth |
Year 1 Population |
Year 2 Population |
Year 3 Population |
|
A |
B |
C=A |
D=A*(1+B) |
E=D*(1+B) |
Freight Rail |
563 |
0.54% |
563 |
566 |
569 |
Mass Transit |
6,000 |
1.81% |
6,000 |
6,109 |
6,220 |
Highway |
1,075,000 |
1.81% |
1,075,000 |
1,094,498 |
1,114,350 |
School Bus |
14,000 |
1.81% |
14,000 |
14,254 |
14,512 |
Pipeline |
2,304 |
1.81% |
2,304 |
2,346 |
2,388 |
Motor Coach |
3,137 |
1.81% |
3,137 |
3,194 |
3,252 |
Total |
|
|
1,101,004 |
1,120,967 |
1,141,291 |
*Transportation surface populations are rounded to nearest whole number |
|||||
To determine the number of unique respondents, TSA assumed a ten percent industry response rate and applied it annually. The average annual number of unique respondents was then calculated by averaging the number of unique respondents over the three years of this analysis. Table 2 displays the average annual unique respondents based on a ten percent industry response rate.
Table 2: Respondents* |
|||||
Respondent Category |
Industry Response Rate** |
Unique Respondents |
Average Annual Unique Respondent |
||
Year 1 |
Year 2 |
Year 3 |
|||
|
F |
G=C*F |
H=D*F |
I=E*F |
J=(G+H+I)/3 |
Freight Rail |
10% |
56 |
57 |
57 |
57 |
Mass Transit |
10% |
600 |
611 |
622 |
611 |
Highway |
10% |
107,500 |
109,450 |
111,435 |
109,462 |
School Bus |
10% |
1,400 |
1,425 |
1,451 |
1,425 |
Pipeline |
10% |
230 |
235 |
239 |
235 |
Motor Coach |
10% |
314 |
319 |
325 |
319 |
Total |
|
110,100 |
112,097 |
114,129 |
112,109 |
*Respondents are rounded to nearest whole number |
|||||
* *Estimated Industry Response Rate is (1/10) |
|||||
TSA estimates that one-half of the respondents will conduct one training exercise per year, while the other half won’t conduct any exercises. Therefore, the resulting average annual number of responses is 56,055. TSA also estimates the burden associated with each of the EXIS information collection categories as follows:
Registration, 0.5 hours;
Creating an exercise, 2 hours;
Inputting best practices, corrective actions, and lessons learned, 2 hours;
After action reports, 2 hours; and
Evaluation Team Feedback survey of EXIS, 0.5 hours.
Thus, TSA estimates each respondent will spend approximately seven hours to respond. The average annual hour burden was calculated by multiplying average annual responses by the estimated hours per response as displayed in Table 3 below.
Table 3: Average Annual Responses & Hour Burden |
|||||
Respondent Category |
Average Annual Unique Respondents |
Annual Response Frequency |
Average Annual Responses |
Hours per Response |
Average Annual Hour Burden |
|
J |
K |
L=J*K |
M |
N=L*M |
Freight Rail |
57 |
0.5 |
29 |
7 |
203 |
Mass Transit |
611 |
0.5 |
306 |
2,142 |
|
Highway |
109,462 |
0.5 |
54,731 |
383,117 |
|
School Bus |
1,425 |
0.5 |
713 |
4,991 |
|
Pipeline |
235 |
0.5 |
118 |
826 |
|
Motor Coach |
319 |
0.5 |
160 |
1120 |
|
Total |
112,109 |
|
56,057 |
|
392,399 |
Provide an estimate of the total annual cost burden to respondents or recordkeepers resulting from the collection of information. (Do not include the cost of any hour burden shown in Items 12 and 14).
Beyond the hourly burden, there are no industry costs estimated for this collection
Provide estimates of annualized cost to the Federal Government. Also, provide a description of the method used to estimate cost, and other expenses that would not have been incurred without this collection of information.
TSA estimates the total cost to the Federal government associated with the EXIS information collection request to be approximately $796,180 annually. This includes TSA staff costs and other infrastructure costs to maintain and update EXIS. TSA staff costs were calculated by assuming approximately three TSA H/I program analysts will spend roughly 20 hours per week on EXIS-related duties. These estimates were used to calculate a TSA FTE of 1.5; 3 employees multiplied by 20 hours per week multiplied by 52 weeks divided by 2080 hours (standard work year). The TSA FTE was then multiplied by a TSA H/I Hourly wage rate of $58.32 whose product was multiplied by 2080 hours for an average annual staff cost of $181,958. Infrastructure cost is comprised of contractor costs paid to maintain and update EXIS which are as follows:
Year 1, $594,484;
Year 2, $613,880; and
Year 3, $634,300.
Thus, the average annual infrastructure cost is $614,221. Table 4 displays EXIS’s total cost to TSA.
Table 4: TSA Costs* |
|||||
|
TSA FTE |
TSA Wage Rate |
TSA Staff Cost |
Infrastructure Cost |
Total |
|
A |
B |
C=(A*B)*2080 |
D |
E=C+D |
Year 1 |
1.5 |
$58.32 |
$181,958 |
$594,484 |
$776,442 |
Year 2 |
1.5 |
$181,958 |
$613,880 |
$795,838 |
|
Year 3 |
1.5 |
$181,958 |
$634,300 |
$816,258 |
|
Average Annual |
|
|
$181,958 |
$614,221 |
$796,180 |
*Costs are rounded to nearest dollar |
|||||
Explain the reasons for any program changes or adjustments reported in Items 13 or 14 of the OMB Form 83-I.
This is a new collection, thus no changes or adjustments have been reported.
For collections of information whose results will be published, outline plans for tabulation and publication. Address any complex analytical techniques that will be used. Provide the time schedule for the entire project, including beginning and ending dates of the collection of information, completion of report, publication dates, and other actions.
User registration information will not be published. Information regarding exercise properties, lessons learned, and best practices from past exercises will be made available online to certain users in the aggregate after removal of personal, proprietary, time, date, and location information.
As previously discussed, an EXIS user has the ability to limit the availability of his/her exercise information to a select group of other EXIS users by creating an exercise community. By creating an exercise community, the EXIS user groups exercises and data under a private sub-site within EXIS and can control community access by choosing which other EXIS users to invite to his/her community and/or by rejecting any requests from other users to join. All EXIS users, whether TSA or non-TSA, have this ability. Regardless of whether the community organizer is TSA or non-TSA, TSA will have the ability to access and moderate all communities, although TSA will not actively do so. TSA will only step in to moderate if an issue arises in a particular community.
EXIS communities are not “bulletin boards” in the sense that all members of the community can contribute information. Rather, the community owner can post information regarding his/her exercise and other community members can only observe the posted information. Because such information may be SSI, all EXIS users will have unique usernames and passwords that meet or exceed the DHS standards of SSI access to log into EXIS. An SSI Content Management Plan has been approved for EXIS by the Office of Intelligence, and EXIS hardware and software have been approved to handle SSI by the Office of Information Technology.
If seeking approval to not display the expiration date for OMB approval of the information collection, explain the reasons that display would be inappropriate.
Not applicable.
Explain each exception to the certification statement identified in Item 19, “Certification for Paperwork Reduction Act Submissions,” of OMB Form 83-I.
Not applicable.
1 49 U.S.C. 114(f).
2 See 49 U.S.C. 114(d). Section 403(2) of the Homeland Security Act (HSA) of 2002, Pub. L. 107-296, 116 Stat. 2315 (2002), transferred all functions of TSA, including those of the Secretary of Transportation and the Under Secretary of Transportation of Security related to TSA, to the Secretary of Homeland Security. The TSA Administrator’s current authorities under The Aviation and Transportation Security Act (ATSA) have been delegated to him her by the Secretary of Homeland Security. Pursuant to DHS Delegation Number 7060.2, the Secretary delegated to the Administrator, subject to the Secretary’s guidance and control, the authority vested in the Secretary with respect to TSA, including that in sec. 403(2) of the HSA.
3 To the extent that exercise information and results may be Sensitive Security Information (SSI) in accordance with 49 U.S.C. 114(r) and 49 CFR Part 1520, TSA will protect it as such.
| File Type | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
| File Title | PRA 83i Form For Fill-In; with Supplemental Info Section |
| Author | Marisa.Mullen |
| File Modified | 0000-00-00 |
| File Created | 2021-01-31 |