Download:
pdf |
pdfSUPPORTING STATEMENT
U.S. Department of Commerce
Bureau of Industry and Security
Defense Industrial Base Assessment:
Information Communications Technology (ICT) Software Manufacturers and Resellers
OMB Control No. 0694-0119
A. Justification
1. Explain the circumstances that make the collection of information necessary.
The Bureau of Industry and Security’s Office of Technology Evaluation (OTE) is conducting an
industrial base survey and assessment of Information Communications Technology (ICT)
Software Manufacturers and Resellers. This study is being conducted at the request of both the
U.S. Department of Homeland Security’s National Protection and Programs Directorate (NPPD),
now part of the Cybersecurity and Infrastructure Security Agency (CISA), and the U.S.
Department of Defense’s Deputy Chief Information Officer for Resources and Analysis (DCIO
R&A).
The principal goal of this joint effort is to gain a comprehensive understanding of the domestic
ICT supply chain network and its use of select software in private, public, and federal
information network systems.
Both the NPPD/CISA and DCIO R&A are charged with protecting federal information and
information systems: NPPD/CISA oversees the cybersecurity information sharing for federal and
non-federal entities and coordinates the federal government’s asset response to cyber-related
incident. Similarly, DCIO R&A supports the Defense Department’s (DoD) CIO priority areas by
managing and overseeing the IT and cyberspace budget to help the CIO provide strategy,
leadership, and guidance to create a unified information management and technology vision for
DoD.
Despite their authorities and extensive programming responsibilities, the NPPD/CISA and DCIO
R&A lack visibility into the adoption of select software and related technologies by ICT
suppliers. This information has been deemed necessary for both NPPD/CISA and DCIO R&A to
effectively implement their mission requirements.
Specifically, OTE is conducting a survey and assessment of the types of select security-related
hardware and software products developed, manufactured, or marketed for use in information
network devices and systems. The assessment covers several topics, such as technology sharing,
information network devices incorporating software, software design and manufacturing, and
related supply chain subjects. For purposes of evaluating any impacts on viability resulting from
the adoption of security-related hardware and software, select information on company financial
performance, employment, and research and development will also be collected.
1
The resulting aggregate data and subsequent analysis will allow both the U.S. Government and
industry to understand the extent to which certain types of information network technologies
have been employed in products sold by ICT companies operating domestically. Additionally,
this data collection will enable industry and government policy officials to benchmark industry
practices while raising awareness of potential issues of concern.
During its design and development of the survey instrument, OTE conducted site visits; gathered
inputs from industry, academia, and the U.S. Government; and later field tested the draft
instrument with both companies and government experts.
OTE has authority under Section 705 of the Defense Production Act of 1950 (DPA) and
Executive Order 13603 to conduct assessments and collect information in support of the U.S.
industrial base. These assessments are normally undertaken in partnership with the U.S.
Department of Defense or with other U.S. Federal agencies; and typically, data is collected on
manufacturing capability, workforce, financial performance, and economic matters affecting key
industrial sectors or critical technologies.
The enclosed survey questionnaire, which covers a five-year period, is the primary source of
information needed for an industrial base assessment of this type.
By virtue of the above mentioned statute and executive order, OTE is the focal point for
industrial base and critical technology analyses among civilian federal agencies, which includes
mandatory data collection authority to carry out these responsibilities. OTE has conducted more
than 60 surveys and assessments of this kind in the past 29 years under various industrial base
programs. These studies review in detail those industries and technology areas with challenges
relating to employment/STEM, international competition and trade, financial performance,
production, supply chain, investment, foreign sourcing and dependencies, and other factors
influencing their ability to support end-users such as defense and national security programs.
This survey instrument is designed to collect information that facilitates such in-depth analysis.
2. Explain how, by whom, how frequently, and for what purpose the information will be
used. If the information collected will be disseminated to the public or used to support
information that will be disseminated to the public, then explain how the collection
complies with all applicable Information Quality Guidelines.
OTE intends to survey approximately 1,000 companies and organizations participating in the
Information Communications Technology (ICT) supply chain network. These include both
hardware and software manufacturers and resellers supporting federal and critical infrastructure
networks.
The survey is a one-time only request. Data obtained from the survey responses will be compiled
into a BIS owned and operated database for analysis. Publication will consist only of aggregate
results with no disclosure of proprietary information.
2
The resulting aggregate data and subsequent analysis will allow both the U.S. Government and
industry to understand the extent to which select software technologies have been embedded in
products sold by ICT companies operating domestically. Additionally, this data will enable
industry and U.S. Federal Government policy officials to benchmark industry practices while
raising awareness of potential issues of concern.
3. Describe whether, and to what extent, the collection of information involves the use of
automated, electronic, mechanical, or other technological techniques or other forms of
information technology.
To lessen the burden on respondents, OTE is asking firms to provide electronic submissions.
Each respondent will receive a personalized letter and overview fact sheet which outline the
requirements of the study and scope of information required. The letter will contain directions to
the dedicated U.S. Department of Commerce (DOC) portal where the respondent can gain access
to the Excel survey instrument and corresponding PDF materials.
This method was used successfully for the 2016 Textiles, Apparel, and Footwear; 2016 Rocket
Propulsion Industrial Base; and 2017 U.S. Air Force C-17 Aircraft Impact Assessment surveys.
These three survey instruments were also reviewed and approved by OMB.
The statistical information requested in the survey tracks closely with categories adopted in the
industry and verified by field tests. Almost all responding companies will have the necessary
information stored electronically and will be able to retrieve it in the form requested. Other
limited questions will require thought and perhaps discussion among several individuals for
proper responses. These particular questions do not lend themselves to computer automation.
However, such questions only require brief responses in the text boxes provided.
4. Describe efforts to identify duplication.
The information sought in the survey is unique and not available from any other source, either
public or private. Some of the basic corporate data requested by OTE is submitted by companies
to the U.S. Census Bureau. However, the Census Bureau is precluded by law from releasing
information on specific companies and organizations.
5. If the collection of information involves small businesses or other small entities, describe
the methods used to minimize burden.
The industry sample for the Information Communications Technology (ICT) Software
Manufacturers and Resellers survey is comprised primarily of medium and large companies. The
survey will, however, be distributed to a selection of small businesses. The survey instrument
was designed to minimize the burden on all respondents. If for any reason the respondent cannot
complete the Excel formatted survey, OTE will work closely with the respondent to facilitate an
3
alternate method of submission. Based on previous survey instruments, OTE expects almost all
companies to respond electronically.
6. Describe the consequences to the Federal program or policy activities if the collection is
not conducted or is conducted less frequently.
For the assessment of the Information Communications Technology (ICT) Software
Manufacturers and Resellers industry, a survey is the only method available for OTE to carry out
its responsibilities under the Defense Production Act (DPA), Section 705, as amended, and
Executive Order (EO) 13603. Without the survey, OTE could not obtain company specific
information on the kinds of select security-related hardware and software products developed,
manufactured, or marketed for use in information network devices and systems.
This method of collection will allow the U.S. Department of Homeland Security and the U.S.
Department of Defense to observe in requisite detail the extent to which select software
technologies have been embedded in products sold by ICT companies operating in the United
States. Additionally, this information will enable policymakers to benchmark industry practices
while raising awareness of potential issues of concern.
7. Explain any special circumstances that require the collection to be conducted in a
manner inconsistent with OMB guidelines.
There are no special circumstances that will result in the collection of information in a manner
inconsistent with the guidelines of 5 CFR 1320.6. Survey responses will contain business
confidential information which will be protected by the U.S. Department of Commerce, Bureau
of Industry and Security, consistent with OMB guidelines and 15 CFR Part 702.
8. Provide information of the PRA Federal Register notice that solicited public comments
on the information collection prior to this submission. Summarize the public comments
received in response to that notice and describe the actions taken by the agency in response
to those comments. Describe the efforts to consult with persons outside the agency to obtain
their views on the availability of data, frequency of collection, the clarity of instructions
and recordkeeping, disclosure, or reporting format (if any), and on the data elements to be
recorded, disclosed, or reported.
The Federal Register notice is not applicable to this collection because it falls within the scope of
BIS’ generic authority entitled, “National Security and Critical Technology Assessments of the
U.S. Industrial Base,” as approved under OMB Control Number 0694-0119. This authority is
renewed by OMB every three years (last in 2016) to support ongoing BIS industrial base study
needs.
4
Personnel from OTE developed the survey in close consultation with both U.S. Government and
industry experts over a period of several months. The following is a list of select individuals who
provided input:
Government:
George Lee Kennedy, Institute for Defense Analysis (FFRDC), 703-845-2000
Jacob Sylvia, Naval Sea Systems Command Cybersecurity Office, 401-832-5428
Margaret Myers, Institute for Defense Analysis (FFRDC), 703-845-2000
Michael J. Beaudin, Federal Bureau of Investigation, 703-985-1476
Industry:
Allen Thompson, United Technologies Corporation, 202-336-7455
Ken Durbin, Symantec Corporation, 301-526-8213
Norman Wong, Palo Alto Networks, 703-665-0189
Shane Flint, Raytheon Cybersecurity and Special Missions, 571-480-7766
9. Explain any decisions to provide payments or gifts to respondents, other than
remuneration of contractors or grantees.
This survey will not involve any payment or gifts to respondents.
10. Describe any assurance of confidentiality provided to respondents and the basis for
assurance in statute, regulation, or agency policy.
The survey, cover letter, and project description provide assurance to the respondents that the
information collected will be deemed business confidential and treated in accordance with
Section 705 of the Defense Production Act of 1950, as amended (50 U.S.C.A. app. Section 2061
et. seq.). This prohibits the publication or disclosure of such information unless the President
determines that its withholding is contrary to the national defense. The survey will be
administered and the information collected via a secure U.S. Department of Commerce (DOC)
portal. Data submitted to BIS will not be shared with any non-government entity, other than in
aggregate form. The DOC will protect the confidentiality of such information pursuant to the
appropriate exemptions from disclosure under the Freedom of Information Act (FOIA), should it
be the subject of a FOIA request. OTE has a long and successful track record of protecting
business confidential information collected under the above statute.
11. Provide additional justification for any questions of a sensitive nature, such as sexual
behavior and attitudes, religious beliefs, and other matters that are commonly considered
private.
5
This survey will not collect data that could be construed as being of a sensitive nature, such as
information concerning sexual behavior and attitudes, religious beliefs, and other matters that are
normally considered sensitive or private.
12. Provide an estimate in hours of the burden of the collection of information.
The Bureau of Industry and Security’s Office of Technology Evaluation (OTE) is conducting an
industrial base survey and assessment of Information Communications Technology (ICT)
Software Manufacturers and Resellers. This study is being conducted at the request of both the
U.S. Department of Homeland Security’s National Protection and Programs Directorate (NPPD),
now part of the Cybersecurity and Infrastructure Security Agency (CISA), and the U.S.
Department of Defense’s Deputy Chief Information Officer for Resources and Analysis (DCIO
R&A).
The principal goal of this joint effort is to gain a comprehensive understanding of the domestic
ICT supply chain network and its use of select software on private, public, and federal
information network systems.
The total burden placed on respondents by this survey of the Information Communications
Technology (ICT) Software Manufacturers and Resellers industry is estimated to be 14,000
hours. This approximation is based on distributing surveys to 1,000 respondents with an average
response time of 14 hours needed to complete each survey.
This burden estimate is subject to some variation among respondents due to discrepancies in the
level of participation in ICT Software, record keeping, company size, and other factors. The
projected burden is based on OTE’s overall past experience, as well as specific feedback from
industry participants in information collections such as bare printed circuit boards, cartridge and
propellant actuated devices, underwater acoustic transducers, strategic materials,
microelectronics, the U.S. space sector, healthcare products, critical facilities, and others.
The estimated total cost to respondents of this information collection is calculated as $490,000.
This estimate was made by assuming an average hourly respondent work payment rate of $35
multiplied by 14,000 total burden hours.
13. Provide an estimate of the total annual cost burden to the respondents or recordkeepers resulting from the collection (excluding the value of the burden hours in Question
12 above).
Not applicable.
14. Provide estimates of annualized cost to the Federal government.
6
The estimated total cost to the Federal Government for the survey is $329,906 over a one-year
period. A major portion of this cost is related to the survey questionnaire, which includes
preparing, collecting, verifying and tabulating the information, and analyzing the data. Other
related costs will be incurred in field testing the survey, summarizing the analysis and findings,
preparing the final report, and report printing and distribution.
The direct employee costs were estimated by assuming the annual number of hours spent on the
project (one-year equivalent, or 52 weeks) and applying said hours to the annual salary of one
GS-15, step 10 and one GS-12, step 10. The direct employee costs are $274,922 (or $166,500
plus $108,422).
Indirect or overhead costs associated with the project are calculated as 20 percent of the above
mentioned direct employee costs, or $54,984. A review of OTE budgets from previous years
indicates costs for building maintenance, telephone, computers, and space rental charges
generally run about 20 percent of total employee costs.
15. Explain the reasons for any program changes or adjustments.
Because this collection of information falls within BIS’ generic authority entitled “DOC/BIS
National Security and Critical Technology Assessments of the U.S. Industrial Base,” (OMB
Control No. 0694-0119), there is no increase in burden hours. This is the sixth time BIS has used
this authority between FY16-19 (a total of 308,000 hours were authorized in 2016). A balance
remaining of 122,700 annual burden hours (136,700 less 14,000 hours) will remain if the ICT
Software Manufacturers and Resellers industry instrument is approved under this authority.
16. For collections whose results will be published, outline the plans for tabulation and
publication.
The entirety of response information collected by OTE will be aggregated before publishing to
protect company confidentiality. The surveys will be disseminated to the 1,000 companies in
June/July 2019. The analysis will be started in November 2019 and a draft report will be
prepared by December 2019. The final report is planned for publication in 2020.
17. If seeking approval to not display the expiration date for OMB approval of the
information collection, explain the reasons why display would be inappropriate.
Not applicable. BIS will display the expiration date of this collection authority on all survey and
instructional instruments the public receives.
18. Explain each exception to the certification statement.
Not applicable.
7
B. COLLECTIONS OF INFORMATION EMPLOYING STATISTICAL METHODS
Not applicable.
8
File Type | application/pdf |
File Modified | 0000-00-00 |
File Created | 0000-00-00 |