1652-0055 PipelineOpSecInfoSS 3.28.2019 (final)

Download: docx | pdf

1. Explain the circumstances that make the collection of information necessary. Identify any legal or administrative requirements that necessitate the collection. Attach a copy of the appropriate section of each statute and regulation mandating or authorizing the collection of information. (Annotate the CFR parts/sections affected).

Under 49 U.S.C. 114 and delegated authority from the Secretary of Homeland Security, TSA has broad responsibility and authority for “security in all modes of transportation * * * including security responsibilities * * * over modes of transportation that are exercised by the Department of Transportation.” See 49 U.S.C. 114(d).

Pipeline transportation is a mode over which TSA has jurisdiction. TSA is required to develop and transmit to pipeline operators security recommendations for natural gas and hazardous liquid pipelines and pipeline facilities. See sec. 1557 of the Implementing Recommendations of the 9/11 Commission Act of 2007 (9/11 Act) (Pub. L. 110-53; August 3, 2007), codified at 6 U.S.C. 1207. Consistent with these requirements, TSA issued Pipeline Security Guidelines in December 2010, with an update published in March 2018 (Guidelines). See https://www.tsa.gov/for-industry/surface-transportation. The Guidelines, which provide agency recommendations for voluntary actions the pipeline industry can implement as best practices to enhance security. TSA developed the Guidelines with the assistance of industry and government members of the Pipeline Sector and Government Coordinating Councils, industry association representatives, and other interested parties. The Guidelines include a recommendation for submission of information to TSA related to potential security incidents and suspicious activity within the mode.

2. Indicate how, by whom, and for what purpose the information is to be used. Except for a new collection, indicate the actual use the agency has made of the information received from the current collection.

This voluntary collection collects the reporting of suspicious activities or security incident data to the TSA Transportation Security Operations Center (TSOC). As the lead Federal agency for pipeline security, TSA encourages pipeline facilities or systems to provide TSA notification of security incidents involving pipeline facilities or systems. TSA will use the security incident and suspicious activity information provided by operators for vulnerability identification/analysis and trend analysis. The information, with company-specific data redacted, may also be included in TSA’s intelligence-derived reports.

As noted in Appendix B of the Guidelines, TSA is specifically interested in incidents which are indicative of a possible deliberate attempt to disrupt pipeline operations or activities that could be precursors to such an attempt. Examples of the types of incidents are provided in the Guidelines.

3. Describe whether, and to what extent, the collection of information involves the use of automated, electronic, mechanical, or other technological collection techniques or other forms of information technology, e.g., permitting electronic submission of responses, and the basis for the decision for adopting this means of collection. Also describe any consideration of using information technology to reduce burden. [Effective 03/22/01, your response must SPECIFICALLY reference the Government Paperwork Elimination Act (GPEA), which addresses electronic filing and recordkeeping, and what you are doing to adhere to it. You must explain how you will provide a fully electronic reporting option by October 2003, or an explanation of why this is not practicable.]

In compliance with GPEA, a fully electronic reporting option is available for pipeline operators to provide suspicious incident information to TSA. Information regarding incidents which are indicative of a possible deliberate attempt to disrupt pipeline operations or activities that could be precursors to such an attempt may be submitted to the TSOC by email.

4. Describe efforts to identify duplication. Show specifically why any similar information already available cannot be used or modified for use for the purpose(s) described in Item 2 above.

While there the National Response Center (NRC) collects some of the same information covered by this collection request, the scope of the reporting population and the types of information collected are insufficient to meet TSA’s statutory responsibilities.

The NRC serves as the national point of contact for reporting all oil, chemical, radiological, biological, and etiological discharges into the environment anywhere in the United States and its territories, but the scope of the reporting is too limited for TSA’s purposes. A limited number of pipeline facilities falling under the provisions of the Maritime Transportation Security Act (MTSA) are required to report suspicious activities to the NRC. Duplicative reporting could occur if an operator chose to make a voluntary report to TSOC in addition to the mandated NRC report. Given the small population of pipeline facilities that are subject to MTSA requirements, TSA does not anticipate a large volume of duplicate reporting to TSOC and NRC. That expectation is based on the actual incident reporting patterns TSA has observed from MTSA- regulated pipeline facilities. TSOC has coordinated with the NRC to obtain pipeline incident reports that may be of concern to TSA, in the event that a MTSA-regulated pipeline operator submits a report only to the NRC.

The NRC also receives reportable incidents involving hazardous materials regulated by the Pipeline and Hazardous Materials Safety Administration (PHMSA) of the Department of Transportation under 49 CFR part 191 for natural gas and other gases transported by pipeline and 49 CFR part 195 for liquids transported by pipeline.¹ Although the NRC does accept suspicious activity reports, this reporting for purposes of PHMSA’s regulations does not necessarily overlap with the reporting recommended by TSA. To the extent that terrorist activity results in an incident meeting the reporting criteria of the PHMSA regulations and the recommended reporting in TSA’s Guidelines, duplicative reporting may occur should an operator choose to contact both the NRC and TSOC. TSA does not anticipate that this will be a common event.

5. If the collection of information has a significant impact on a substantial number of small businesses or other small entities (Item 5 of the Paperwork Reduction Act submission form), describe the methods used to minimize burden.

This voluntary collection is not expected to have a significant impact on small businesses or other small entities.

6. Describe the consequence to Federal program or policy activities if the collection is not conducted or is conducted less frequently, as well as any technical or legal obstacles to reducing burden.

TSA must maintain situational awareness of the industry in order to execute its security responsibilities for pipelines and all other modes of transportation. TSOC is TSA's 24/7 coordination center during security incidents. If incident information is not reported, the ability of the TSOC to coordinate any required agency involvement/response to the event may be inhibited.

Additionally, if the information were not reported, TSA may not otherwise become aware of the incident, which would affect the ability of the agency to meet its statutory obligation to analyze potential threats across all modes. In turn, loss of this information would reduce the efficacy of the intelligence products developed by TSA for its industry and government partners. Currently, industry suspicious incident reported information is used by TSA for several reports, including the Transportation Security and Industry Report, Pipeline Threat Assessments, and Transportation Intelligence Notes. If the collection of suspicious incident information is not conducted, it may hinder TSA’s ability to produce intelligence documents of benefit to the pipeline industry as well as other transportation and government stakeholders.

7. Explain any special circumstances that require the collection to be conducted in a manner inconsistent with the general information collection guidelines in 5 CFR 1320.5(d)(2).

This voluntary collection will be conducted consistent with the information collection guidelines.

8. Describe efforts to consult persons outside the agency to obtain their views on the availability of data, frequency of collection, the clarity of instructions and recordkeeping, disclosure, or reporting format (if any), and on the data elements to be recorded, disclosed, or reported. If applicable, provide a copy and identify the date and page number of publication in the Federal Register of the agency's notice, required by 5 CFR 1320.8(d) soliciting comments on the information collection prior to submission to OMB. Summarize public comments received in response to that notice and describe actions taken by the agency in response to these comments. Specifically address comments received on cost and hour burden.

TSA published a Federal Register notice, with a 60-day comment period, of the following collection of information on October 29, 2018 (83 FR 54368) and a 30-day notice on March 11, 2019 (84 FR 8738). Consistent with the requirements of Executive Order (E.O.) 13771, Reducing Regulation and Controlling Regulatory Costs, and E.O. 13777, Enforcing the Regulatory Reform Agenda, the notices included a specific request for comments on the extent to which this request for information could be modified to reduce the burden on respondents. TSA received one comment in response to the 30-day notice. The commenter expressed concern that TSA should have requested a revision to the collection instead of an extension based on the decrease in the burden estimates. The commenter also expressed concern that no justification was given for the burden change and that the ICR notice was deliberately misleading and incomplete.

TSA disagrees with the commenter. Historically, TSA has relied on actual data to provide its estimation of the collection burden. In this situation, TSA gathered actual data for the collection from the Transportation Security Operations Center (TSOC), which serves as TSA’s coordination center for transportation security incidents and operations. TSOC provided the number of Pipeline Incidents reported to them by Pipeline Operators for calendar years 2017 and 2018 for the purpose of this collection. Based on the number of reports received during that reporting period, TSA provided the estimates of 32 incidents. While the commenter is correct that TSA estimated 60 incidents in the 2016 ICR submission, the commenter fails to realize that those estimates were also based on actual incidents reported to TSOC. See the response to Question 2 of the 2016 Supporting Statement and to this Supporting Statement.

As to the commenter’s concern that the collection should be a revision request, there are no changes proposed for the collection, and the estimated burden hours will remain the same as set forth in the 2016 ICR. (30 minutes per report). Therefore, an ICR extension is proper rather than using the revision process.

9. Explain any decision to provide any payment or gift to respondents, other than remuneration of contractors or grantees.

No payment or gift will be provided to respondents.

10. Describe any assurance of confidentiality provided to respondents and the basis for the assurance in statute, regulation, or agency policy.

TSA assures respondents that any portion of the collection that is deemed Sensitive Security Information (SSI) will be handled appropriately as described in 49 CFR parts 15 and 1520. Per the Privacy Act of 1974, contact information for pipeline security managers is handled and maintained in accordance with the System of Records Notices (SORNs) for DHS/TSA-001 Transportation Security Enforcement Record System 79 FR 6609 (February 4, 2014) and; and DHS/TSA 011 - Transportation Security Intelligence Service Files, 75 FR 18867 (April 13, 2010). The collection is covered by Privacy Impact Assessment (PIA), DHS/TSA/PIA-029 - Operations Center Incident Management System Update (July 7, 2008), and DHS/ALL/PIA-006 DHS General Contacts (June 15, 2007). There is no assurance of confidentiality provided to the respondents.

11. Provide additional justification for any questions of sensitive nature, such as sexual behavior and attitudes, religious beliefs, and other matters that are commonly considered private.

No personal questions of a sensitive nature are posed.

12. Provide estimates of hour burden of the collection of information.

Based on previous reporting under OMB approval, TSA anticipates reporting of pipeline security incidents will occur on an irregular basis. TSA estimates that approximately 32 incidents will be reported annually, requiring a maximum of 30 minutes (0.5 hours) to collect, review, and submit event information by the respondent’s Corporate Security Manager or equivalent. The annual burden hours are estimated at 16 hours (48 over three years). Based on the respondent’s Corporate Security Manager’s fully-loaded² average hourly loaded wage rate of $102.15,³ TSA estimates a total cost of $1,634 annually ($4,903 over three years). Table 1 summarizes this these calculations.

Table 1 Public Hour Burden and Cost
Number of Reported Security Incidents	Hour Burden per Report	Annual Hour Burden	Annual Hour Burden Cost
A	B	C = A x B	D = C x $102.15
32	0.5	16	$1,634.34

13. Provide an estimate of the total annual cost burden to respondents or recordkeepers resulting from the collection of information. (Do not include the cost of any hour burden shown in Items 12 and 14).

TSA does not estimate a cost to the industry beyond the burden detailed in answer 12.

14. Provide estimates of annualized cost to the Federal Government. Also, provide a description of the method used to estimate cost, and other expenses that would not have been incurred without this collection of information.

Based on previous reporting under OMB approval, TSA estimates that approximately 32 incidents will be reported annually to TSOC, requiring a maximum of 30 minutes (0.5 hours) to process the information provided by the respondents, for a total TSA hour burden of 16 hours (48 over three years). The report is taken and processed by an H-Band TSA employee. The fully-loaded wage rate for an H-Band employee is $40.44.⁴ TSA estimates the total TSA burden to be $647 per year ($1,941 over three years). Table 2 summarizes these calculations.

Table 2. Federal Government Hour Burden and Cost
Number of Reported Security Incidents	Hour Burden per Report	Annual Hour Burden	Annual Hour Burden Cost
A	B	C = A x B	D = C x $40.44
32	0.5	16	$647.05

15. Explain the reasons for any program changes or adjustments reported in Items 13 or 14 of the OMB Form 83-I.

There are no changes to the actual security incident information being submitted to the TSOC.

16. For collections of information whose results will be published, outline plans for tabulation and publication. Address any complex analytical techniques that will be used. Provide the time schedule for the entire project, including beginning and ending dates of the collection of information, completion of report, publication dates, and other actions.

Suspicious activity and security incident information, in redacted form, may be published in TSA reports to pipeline industry and government stakeholders, with a need-to-know, providing intelligence-derived information consistent with TSA’s information sharing mandate under 49 U.S.C. 114(t) and other requirements.

17. If seeking approval to not display the expiration date for OMB approval of the information collection, explain the reasons that display would be inappropriate.

Not applicable.

18. Explain each exception to the certification statement identified in Item 19, “Certification for Paperwork Reduction Act Submissions,” of OMB Form 83-I.

No exceptions noted.

File Type	application/vnd.openxmlformats-officedocument.wordprocessingml.document
File Modified	0000-00-00
File Created	0000-00-00