1652-0050 Critical Facility_Supp_Stmt

1. Explain the circumstances that make the collection of information necessary. Identify any legal or administrative requirements that necessitate the collection. Attach a copy of the appropriate section of each statute and regulation mandating or authorizing the collection of information. (Annotate the CFR parts/sections affected).

The Implementing Recommendations of the 9/11 Commission Act of 2007 (9/11Act) specifically tasked TSA to develop and implement a plan for inspecting critical facilities of the nation’s 100 most critical pipeline systems. See P. Law 110-53, 121 Stat. 266, 475 (Aug. 3, 2007) (codified at 6 U.S.C. 1207(b)). Operators determined their critical facilities based on guidance and criteria set forth in the Department of Transportation's (DOT) September 5, 2002, “Pipeline Security Information Circular” and June 2002 “Pipeline Security Contingency Planning Guidance.” TSA reached out to the operators of the top 100 critical pipeline systems and requested they submit a listing of their critical facilities to TSA. See OMB Control No.1652-0050 (approved through 2/29/2012). This critical facility information was submitted to TSA between November 2008 and August 2009. In April 2011, TSA issued new “Pipeline Security Guidelines” in consultation with stakeholders and DOT which contained revised guidance and criteria for the determination of critical facilities. TSA subsequently reached out to the operators of the top 100 critical pipeline systems to obtain revised critical facility information based on the new criteria. See OMB Control No.1652-0050 (approved through 2/29/2015). This updated critical facility information was submitted to TSA between February 2012 and July 2012.

Once updated critical facility information was obtained, TSA commenced visiting critical pipeline facilities to collect site-specific information from pipeline operators on facility security policies, procedures, and physical security measures. Information is collected on a Critical Facility Security Review (CFSR) Form. As part of this program, TSA follows up with pipeline operators on the implementation of security improvements and recommendations made during facility visits. During critical facility visits, TSA documents and provides recommendations to pipeline operators to improve the security posture of the reviewed facility. TSA then to follows up with pipeline operators via email on the status toward implementation of the recommendations made during the critical facility visits. The follow up is conducted between approximately 12 and 24 months after the facility visit.

SA is seeking OMB approval for extending approval to collect facility security information during critical facility reviews, using the CFSR Form and follow-up with pipeline operators on their implementation of the security recommendations.

2. Indicate how, by whom, and for what purpose the information is to be used. Except for a new collection, indicate the actual use the agency has made of the information received from the current collection.

TSA analyzes the information collected on the CFSR form during the onsite facility reviews, as well as the information collected from follow-up with facility operators on the status of recommendations made during the reviews, to determine strengths and weaknesses at the nation's critical pipeline facilities, areas to target for risk reduction strategies, pipeline industry implementation of the TSA “Pipeline Security Guidelines,” operator implementation of recommendations made during TSA critical facility visits, and the need for regulations in accordance with section 1557(d) of the 9/11 Act (codified at 6 U.S.C. 1207(d). TSA is generally the sole user of this information.

3. Describe whether, and to what extent, the collection of information involves the use of automated, electronic, mechanical, or other technological collection techniques or other forms of information technology, e.g., permitting electronic submission of responses, and the basis for the decision for adopting this means of collection. Also describe any consideration of using information technology to reduce burden.

TSA personnel collect facility-specific information on security policies, procedures, and physical security measures on-site using the CFSR Form. TSA personnel complete and finalize the form, then forward it to operators via electronic mail. TSA sends requests to follow up with pipeline operators regarding the status of their implementation of the recommendations made during critical facility visits via electronic mail.

4. Describe efforts to identify duplication. Show specifically why any similar information already available cannot be used or modified for use for the purpose(s) described in Item 2 above.

In some instances pipeline critical facilities may also fall under the requirements of domestic maritime security regulations required by the Maritime Transportation Security Act of 2002 (MTSA). MTSA regulations are enforced by the U.S. Coast Guard and contain specific security requirements for maritime security facilities. Many of the maritime security requirements are similar to those TSA would review and under which TSA would collect information during pipeline security reviews. Therefore, TSA asks each operator to identify those pipeline critical facilities that are also MTSA-regulated facilities, and then confirms with the U.S. Coast Guard that the facilities are indeed MTSA-regulated. Upon receiving confirmation from the U.S. Coast Guard, TSA does not review facilities that are MTSA-regulated as security information has already been collected by the U.S. Coast Guard and is available for TSA review as necessary.

5. If the collection of information has a significant impact on a substantial number of small businesses or other small entities (Item 5 of the Paperwork Reduction Act submission form), describe the methods used to minimize burden.

There will be no impact on companies that could be considered small businesses. This information request targets the Top 100 most critical pipeline systems in the U.S., and none of the operators of these pipeline systems or their parent companies could be categorized as small businesses.

6. Describe the consequence to Federal program or policy activities if the collection is not conducted or is conducted less frequently, as well as any technical or legal obstacles to reducing burden.

Failure to obtain the information from these collection would impact TSA’s ability to assess the security posture of the nation’s critical pipeline facilities, which will prevent the agency from being able to make specific recommendations to improve each facility’s security. The 9/11 Act requires TSA to monitor implementation of security recommendations in order to determine if regulations are required to mitigate risks that are not being addressed. See section 1557 of the 9/11 Act (codified at 6 U.S.C. 1207(d). Obtaining this information is also necessary for TSA to make company or site-specific recommendations to operators of critical pipeline facilities. Absent this information, the agency will be unable to assess the implementation of security recommendations at a later date, as recommended by the U.S. Government Accountability Office (GAO-10-867, August 2010). In summary, the inability to conduct these collections would greatly impede TSA’s mission to protect and secure the nation’s hazardous liquid and natural gas pipeline infrastructure.

7. Explain any special circumstances that require the collection to be conducted in a manner inconsistent with the general information collection guidelines in 5 CFR 1320.5(d)(2).

This collection will be conducted consistent with the information collection guidelines in 5 CFR 1320.5 (d)(2).

8. Describe efforts to consult persons outside the agency to obtain their views on the availability of data, frequency of collection, the clarity of instructions and recordkeeping, disclosure, or reporting format (if any), and on the data elements to be recorded, disclosed, or reported. If applicable, provide a copy and identify the date and page number of publication in the Federal Register of the agency's notice, required by 5 CFR 1320.8(d) soliciting comments on the information collection prior to submission to OMB. Summarize public comments received in response to that notice and describe actions taken by the agency in response to these comments. Specifically address comments received on cost and hour burden.

TSA published a Federal Register notice, with a 60 day comment period, soliciting comments on the information collection. See 79 FR 27631 (May 14, 2014). In response to this notice, TSA received one comment from a fertilizer manufacturing and distribution company. CF Industries wanted to know if chemical pipelines were included in the TSA list of top 100 most critical pipelines in the U.S. TSA informed the commenter that the list of the top 100 most critical pipeline systems does not extend beyond hazardous liquid and natural gas pipelines. No comments were received regarding the continued use of the CFSR document to collect facility security information or on continuing to follow up with pipeline operators on their status toward implementation of the recommendations made during facility visits. No comments were received on the cost and hour burden of this information collection.

TSA published an additional notice in the Federal Register with a 30 day running period. See 79 FR 48754 (August 18, 2014). This notice generated no further comments on the collection.

9. Explain any decision to provide any payment or gift to respondents, other than remuneration of contractors or grantees.

No payment or gift will be provided to respondents.

10. Describe any assurance of confidentiality provided to respondents and the basis for the assurance in statute, regulation, or agency policy.

To the extent that the information provided by operators is Security Sensitive Information (SSI), it will be protected in accordance with procedures meeting the transmission, handling and storage requirements set forth in 49 CFR parts 15 and 1520.

11. Provide additional justification for any questions of sensitive nature, such as sexual behavior and attitudes, religious beliefs, and other matters that are commonly considered private.

There are no questions of sensitive nature posed in the collection.

12. Provide estimates of hour burden of the collection of information.

The annual burden for the information collection related to the CFSR Form is estimated to be 360 hours. A maximum of 90 facility reviews will be conducted each year with each review taking approximately 4 hours (90 X 4 = 360).

The annual burden for the information collection related to the follow-up on the recommendations made to facility operators is estimated to be 450 hours. It will take approximately 5 hours for each operator to submit a response to TSA regarding its implementation of security recommendations made during critical facility visits. If a maximum of 90 critical facilities are reviewed each year, and TSA follows up with each facility operator between approximately 12 and 24 months following the visit, the total annual burden is 450 hours (90 x 5).

The total estimated annual number of respondents is 180 with a total annual burden of 810 hours.

13. Provide an estimate of the total annual cost burden to respondents or record keepers resulting from the collection of information.

TSA does not estimate a cost to the industry beyond the hour burden detailed in answer 12.

14. Provide estimates of annualized cost to the Federal Government. Also, provide a description of the method used to estimate cost, and other expenses that would not have been incurred without this collection of information.

For the CFSR Form information collection, the cost to the Federal government will be approximately $819,000 per year. These costs include contractor support services to aid in the conduct of the security reviews and to complete the CFSR Form for each facility visited, and total approximately $801,000 per year. In addition, Federal government travel costs for TSA personnel for the critical facility reviews are estimated to be approximately $18,000 per year. The average cost per trip is approximately $1,500. TSA estimates one trip will be conducted each month, for an annual cost to the Federal Government of $18,000 ($1,500 X 12). There are no additional costs to the Federal Government for the recommendations follow up collection.

15. Explain the reasons for any program changes or adjustments reported in Items 13 or 14 of the OMB Form 83-I.

TSA has removed the collection of revised critical facility lists from the operators of the nation’s top 100 critical pipeline systems from the ICR submitted 10/31/2011 and approved 2/24/2012 through 2/28/2015. The collection of critical facility lists from operators has been completed, and therefore does not need to be included in the ICR, which reduced the overall burden estimates.

16. For collections of information for which results will be published, outline plans for tabulation and publication. Address any complex analytical techniques that will be used. Provide the time schedule for the entire project, including beginning and ending dates of the collection of information, completion of report, publication dates, and other actions.

Critical facility security information collected on the CFSR Form will not be published.

Critical facility recommendations and implementation status will not be published.

17. If seeking approval to not display the expiration date for OMB approval of the information collection, explain the reasons that display would be inappropriate.

TSA is not seeking such approval.

18. Explain each exception to the certification statement identified in Item 19, “Certification for Paperwork Reduction Act Submissions,” of OMB Form 83-I.

TSA is not seeking any exceptions.