SUPPORTING STATEMENT FOR
Cyber Forensics Electronic Technology Clearinghouse (CyberFETCH) Registration Form
(OMB No. 1640-0017)
A. Justification
1. Explain the circumstances that make the collection of information necessary. Identify any legal or administrative requirements that necessitate the collection. Attach a copy of the appropriate section of each statute and regulation mandating or authorizing the collection of information.
The Department of Homeland Security Science & Technology (S&T) Directorate CyberForensics Electronic Technology Clearinghouse (CyberFETCH) program is responsible for providing a collaborative environment for cyber forensics practitioners from law enforcement, private sector and academia. This clearinghouse enables its users to share information, best practices and lessons learned within a secure collaborative environment. In order for a user to access this clearinghouse, he/she must complete a Registration Form to establish a user account. Section 313 of the Homeland Security Act of 20052 (PL 107-296) established this requirement.
2. Indicate how, by whom, and for what purpose the information is to be used. Except for a new collection, indicate the actual use the agency has made of the information received from the current collection.
Profile information (including name; organization name and address in which they are affiliated with; job title; phone number; email address; US Person status; sponsoring organization’s address, point of contact, phone number, and email address ) is collected from federal, state and local law enforcement, private sector and academia practitioners voluntarily requesting access to the CyberFETCH website. This is accomplished by an electronic Registration Form on the CyberFETCH website. The information collected is leveraged to determine the authenticity and suitability of the practitioner requesting access. Once approved, users utilize the collaborative environment to upload documents/resources, exchange information, network with other users, as well as post blogs and comments.
Once the information is collected and a respondent is approved for access, the respondent will be notified via email that they have been approved and can now access the CyberFETCH site. The site does not collect additional information except to verify the respondent’s information. Users can also elect to provide additional information to their personal profiles; however, entry of this data is not required, but is the decision of the user. As this is a social networking tool, the use of such data may be favorable to some users. The respondent will be notified via email that they have been approved.
The information collected (with the exception of the Sponsor’s information) is used to determine the authenticity and suitability of the practitioner requesting access. The information collected is also used to populate the user’s (respondent’s) profile, which is stated on the registration form. The respondent’s email is also used for occasional CyberFETCH notifications (i.e., new features, system status). Users can elect to provide additional information to their personal profiles; however, entry of this data is not required but is the decision of the user. As this is a social networking tool, the use of such data may be favorable to some users.
3. Describe whether, and to what extent, the collection of information involves the use of automated, electronic, mechanical, or other technological collection techniques or other forms of information technology, e.g., permitting electronic submission of responses, and the basis for the decision for adopting this means of collection. Also describe any consideration of using information technology to reduce burden.
The CyberFETCH website only employs secure web-based technology (i.e., electronic registration form) to collect information from users to both reduce the burden and increase the efficiency of this collection. The CyberFETCH Registration Form is located at http://www.cyberfetch.org/?q=user/register
4. Describe efforts to identify duplication. Show specifically why any similar information already available cannot be used or modified for use for the purposes described in Item 2 above.
Research on other cyber related websites that would have the same potential users uncovered a single sign on capability utilizing NC4’s Extranet Secure Portals (ESP). Implementing this capability would enable potential users the ability to utilize their account information from other ESP sponsored websites to obtain access to CyberFETCH thus minimizing duplicated efforts. NC4 was contacted to obtain additional information to determine the feasibility of the ESP capability for CyberFETCH. We did not get a response from NC4. We also heard that NC4 was not going to be supporting the ESP capability in the future. Potential users will not be able to use their account information from other ESP-sponsored websites to obtain access to CyberFETCH. Unless another type of capability similar to ESP is identified, users will not be able to access CyberFETCH using other login information.
5. If the collection of information impacts small businesses or other small entities (Item 5 of OMB Form 83-I), describe any methods used to minimize burden.
The collection of this information is not anticipated to impact small businesses or other small entities. The CyberFETCH Registration Form is strictly a voluntary form and thus does not impose any mandatory burden on any entity.
6. Describe the consequence to Federal program or policy activities if the collection is not conducted or is conducted less frequently, as well as any technical or legal obstacles to reducing burden.
No consequences have been identified. The collection of information from federal, state, and local law enforcement, private sector and academia is voluntary. There is no established increment or frequency for collecting this information.
7. Explain any special circumstances that would cause an information collection to be conducted in a manner:
• Requiring respondents to report information to the agency more often than quarterly;
• requiring respondents to prepare a written response to a collection of information in fewer than 30 days after receipt of it;
• requiring respondents to submit more than an original and two copies of any document;
• requiring respondents to retain records, other than health, medical, government contract, grant-in-aid, or tax records for more than three years;
• In connection with a statistical survey, that is not designed to produce valid and reliable results that can be generalized to the universe of study;
• requiring the use of a statistical data classification that has not been reviewed and approved by OMB;
• that includes a pledge of confidentiality that is not supported by authority established in statute or regulation, that is not supported by disclosure and data security policies that are consistent with the pledge, or which unnecessarily impedes sharing of data with other agencies for compatible confidential use; or
• requiring respondents to submit proprietary trade secret, or other confidential information unless the agency can demonstrate that it has instituted procedures to protect the information's confidentiality to the extent permitted by law.
No special circumstances have been identified.
8. If applicable, provide a copy and identify the data and page number of publication in the Federal Register of the agency's notice, required by 5 CFR 1320.8(d), soliciting comments on the information collection prior to submission to OMB. Summarize public comments received in response to that notice and describe actions taken by the agency in response to these comments. Specifically address comments received on cost and hour burden.
Describe efforts to consult with persons outside the agency to obtain their views on the availability of data, frequency of collection, the clarity of instructions and recordkeeping, disclosure, or reporting format (if any), and on the data elements to be recorded, disclosed, or reported.
Consultation with representatives of those from whom information is to be obtained or those who must compile records should occur at least once every 3 years -- even if the collection of information activity is the same as in prior periods. There may be circumstances that may preclude consultation in a specific situation. These circumstances should be explained.
The 60-day notice was published on August 2, 2013. The citation is: Vol. 78, No. 149, page 46997.
No comments were received.
The 30-day notice was published on November 7, 2013. The citation is: Vol. 78, No. 216, page 66949.
No comments were received.
9. Explain any decision to provide any payment or gift to respondents, other than remuneration of contractors or grantees.
DHS S&T will not provide payments or gifts to respondents for the collection of this information.
10. Describe any assurance of confidentiality provided to respondents and the basis for the assurance in statute, regulation, or agency policy.
A Privacy Threshold Analysis (PTA) was submitted and approved by the DHS Privacy Office on February 17, 2011 and S&T received the adjudicated document.
The results of the PTA determined that the collection is covered under the existing DHS/All-004 SORN and the existing DHS-Wide Portals PIA.
There is no assurance of confidentiality provided to the respondents.
11. Provide additional justification for any questions of a sensitive nature, such as sexual behavior and attitudes, religious beliefs, and other matters that are commonly considered private. This justification should include the reasons why the agency considers the questions necessary, the specific uses to be made of the information, the explanation to be given to person’s form whom the information is requested, and any steps to be taken to obtain their consent.
There are no questions of a sensitive nature in this information collection.
12. Provide estimates of the hour burden of the collection of information. The statement should:
• Indicate the number of respondents, frequency of response, annual hour burden, and an explanation of how the burden was estimated. Unless directed to do so, agencies should not conduct special surveys to obtain information on which to base hour burden estimates. Consultation with a sample (fewer than 10) of potential respondents is desirable. If the hour burden on respondents is expected to vary widely because of differences in activity, size, or complexity, show the range of estimated hour burden, and explain the reasons for the variance. Generally, estimates should not include burden hours for customary and usual business practices.
• If this request for approval covers more than one form, provide separate hour burden estimates for each form and aggregate the hour burdens in Item 13 of OMB Form 83-I.
• Provide estimates of annualized cost to respondents for the hour burdens for collections of information, identifying and using appropriate wage rate categories. The cost of contracting out or paying outside parties for information collection activities should not be included here. Instead, this cost should be included in Item 14
Estimated Annualized Cost to Respondents
No. of Respondents |
130 |
No. of Responses per Respondents |
1 |
Avg. Burden per Response (in hours) |
.25 (15 minutes) |
Total Annual Burden (in hours) |
32.5 |
Average Hourly Wage Rate |
$50 |
Total Annual Respondent |
$1,625 |
The total estimated annual burden (in hours) is 50. This figure was derived by multiplying the estimated number of respondents (130) by .25 (it is estimated to take each respondent 15 minutes to complete the registration form).
Public Cost: It is estimated that the annual public cost is $1,625. This figure was derived by multiplying the estimated total annual burden hours (50) by the average hourly wage rate of $50.
13. Provide an estimate of the total annual cost burden to respondents or record keepers resulting from the collection of information. (Do not include the cost of any hour burden shown in Items 12 and 14).
• The cost estimate should be split into two components: (a) a total capital and start-up cost component (annualized over its expected useful life); and (b) a total operation and maintenance and purchase of services component. The estimates should take into account costs associated with generating, maintaining, and disclosing or providing the information. Include descriptions of methods used to estimate major cost factors including system and technology acquisition, expected useful life of capital equipment, the discount rate(s), and the time period over which costs will be incurred. Capital and start-up costs include, among other items, preparations for collecting information such as purchasing computers and software; monitoring, sampling, drilling and testing equipment; and record storage facilities.
• If cost estimates are expected to vary widely, agencies should present ranges of cost burdens and explain the reasons for the variance. The cost of purchasing or contracting out information collection services should be a part of this cost burden estimate. In developing cost burden estimates, agencies may consult with a sample of respondents (fewer than 10), utilize the 60-day pre-OMB submission public comment process and use existing economic or regulatory impact analysis associated with the rulemaking containing the information collection, as appropriate.
• Generally, estimates should not include purchases of equipment or services, or portions thereof, made: (1) prior to October 1, 1995, (2) to achieve regulatory compliance with requirements not associated with the information collection, (3) for reasons other than to provide information or keep records for the government or (4) as part of customary and usual business or private practices.
There are no capital or start-up costs to the public for this information collection. The public will not be charged fees to participate in the information collection.
14. Provide estimates of annualized cost to the Federal government. Also, provide a description of the method used to estimate cost, which should include quantification of hours, operational expenses (such as equipment, overhead, printing, and support staff), and any other expense that would not have been incurred without this collection of information. Agencies also may aggregate cost estimates from Items 12, 13, and 14 in a single table.
Government Cost
The estimated annual cost to the federal government in relation to this information collection is $250,000. This cost includes equipment and staffing costs for senior and mid level engineers, IT security engineer, program management, administrative, system administrator and two federal employees at .10% FTE each.
15. Explain the reasons for any program changes or adjustments reporting in Items 13 or 14 of the OMB Form 83-I.
This is a routine information collection renewal. No changes are proposed to the previously approved information collection.
16. For collections of information whose results will be published, outline plans for tabulation, and publication. Address any complex analytical techniques that will be used. Provide the time schedule for the entire project, including beginning and ending dates of the collection of information, completion of report, publication dates, and other actions.
DHS S&T does not intend to employ the use of statistics or the publication thereof for this information collection.
17. If seeking approval to not display the expiration date for OMB approval of the information collection, explain the reasons that display would be inappropriate.
The expiration date for OMB approval of the information collection will be displayed.
18. Explain each exception to the certification statement identified in Item 19, "Certification for Paperwork Reduction Act Submission," of OMB 83-I.
DHS S&T does not request an exception to the certification of this information collection.
| File Type | application/msword |
| File Title | SUPPORTING STATEMENT FOR |
| Author | TSA Standard PC User |
| Last Modified By | tyrone.huff |
| File Modified | 2013-12-18 |
| File Created | 2013-12-18 |