60-Day Notice

1652-0050 CFI Pipelines 60DN 86 FR 34776 (6.30.2021).pdf

Critical Facility Information of the Top 100 Most Critical Pipelines

60-Day Notice

OMB: 1652-0050

Document [pdf]
Download: pdf | pdf
34775

Federal Register / Vol. 86, No. 123 / Wednesday, June 30, 2021 / Notices

Beginning date

010187
100187
010188
040188
100188
040189
100189
040191
010192
040192
100192
070194
100194
040195
070195
040196
070196
040198
010199
040199
040100
040101
070101
010102
010103
100103
040104
070104
100104
040105
100105
070106
010108
040108
070108
100108
010109
040109
010111
040111
100111
040116
040118
010119
070119
070120

.......................................................................................................
.......................................................................................................
.......................................................................................................
.......................................................................................................
.......................................................................................................
.......................................................................................................
.......................................................................................................
.......................................................................................................
.......................................................................................................
.......................................................................................................
.......................................................................................................
.......................................................................................................
.......................................................................................................
.......................................................................................................
.......................................................................................................
.......................................................................................................
.......................................................................................................
.......................................................................................................
.......................................................................................................
.......................................................................................................
.......................................................................................................
.......................................................................................................
.......................................................................................................
.......................................................................................................
.......................................................................................................
.......................................................................................................
.......................................................................................................
.......................................................................................................
.......................................................................................................
.......................................................................................................
.......................................................................................................
.......................................................................................................
.......................................................................................................
.......................................................................................................
.......................................................................................................
.......................................................................................................
.......................................................................................................
.......................................................................................................
.......................................................................................................
.......................................................................................................
.......................................................................................................
.......................................................................................................
.......................................................................................................
.......................................................................................................
.......................................................................................................
.......................................................................................................

Dated: June 24, 2021.
Jeffrey Caine,
Chief Financial Officer, U.S. Customs and
Border Protection.

ACTION:

BILLING CODE 9111–14–P

DEPARTMENT OF HOMELAND
SECURITY
Transportation Security Administration
Intent To Request Revision From OMB
of One Current Public Collection of
Information: Critical Facility
Information of the Top 100 Most
Critical Pipelines
Transportation Security
Administration, DHS.

AGENCY:

VerDate Sep<11>2014

17:47 Jun 29, 2021

Jkt 253001

Underpayments
(percent)

093087
123187
033188
093088
033189
093089
033191
123191
033192
093092
063094
093094
033195
063095
033196
063096
033198
123198
033199
033100
033101
063001
123101
123102
093003
033104
063004
093004
033105
093005
063006
123107
033108
063008
093008
123108
033109
123110
033111
093011
033116
033118
123118
063019
063020
093021

60-Day notice.

The Transportation Security
Administration (TSA) invites public
comment on one currently approved
Information Collection Request (ICR),
Office of Management and Budget
(OMB) control number 1652–0050,
abstracted below that we will submit to
OMB for a revision in compliance with
the Paperwork Reduction Act (PRA).
The ICR addresses a statutory
requirement for TSA to develop and
implement a plan to inspect critical
pipeline systems. On May 26, 2021,
OMB approved TSA’s request for an
emergency revision of this collection to
address the ongoing cybersecurity threat
to pipeline systems and associated
infrastructure. TSA is now seeking to

SUMMARY:

[FR Doc. 2021–13924 Filed 6–29–21; 8:45 am]

jbell on DSKJLSW7X2PROD with NOTICES

Ending date

PO 00000

Frm 00063

Fmt 4703

Sfmt 4703

Overpayments
(percent)

9
10
11
10
11
12
11
10
9
8
7
8
9
10
9
8
9
8
7
8
9
8
7
6
5
4
5
4
5
6
7
8
7
6
5
6
5
4
3
4
3
4
5
6
5
3

8
9
10
9
10
11
10
9
8
7
6
7
8
9
8
7
8
7
7
8
9
8
7
6
5
4
5
4
5
6
7
8
7
6
5
6
5
4
3
4
3
4
5
6
5
3

Corporate
overpayments
(Eff. 1–1–99)
(percent)
..........................
..........................
..........................
..........................
..........................
..........................
..........................
..........................
..........................
..........................
..........................
..........................
..........................
..........................
..........................
..........................
..........................
..........................
6
7
8
7
6
5
4
3
4
3
4
5
6
7
6
5
4
5
4
3
2
3
2
3
4
5
4
2

renew and revise the collection as it
expires on November 30, 2021. The ICR
describes the nature of the information
collection and its expected burden,
which TSA is seeking to continue its
collection of critical facility security
information.
Send your comments by August
30, 2021.
ADDRESSES: Comments may be emailed
to [email protected] or delivered to the
TSA PRA Officer, Information
Technology (IT), TSA–11,
Transportation Security Administration,
6595 Springfield Center Drive,
Springfield, VA 20598–6011
FOR FURTHER INFORMATION CONTACT:
Christina A. Walsh at the above address,
or by telephone (571) 227–2062.
DATES:

E:\FR\FM\30JNN1.SGM

30JNN1

34776

Federal Register / Vol. 86, No. 123 / Wednesday, June 30, 2021 / Notices

SUPPLEMENTARY INFORMATION:

jbell on DSKJLSW7X2PROD with NOTICES

Comments Invited
In accordance with the Paperwork
Reduction Act of 1995 (44 U.S.C. 3501
et seq.), an agency may not conduct or
sponsor, and a person is not required to
respond to, a collection of information
unless it displays a valid OMB control
number. The ICR documentation will be
available at http://www.reginfo.gov
upon its submission to OMB. Therefore,
in preparation for OMB review and
approval of the following information
collection, TSA is soliciting comments
to—
(1) Evaluate whether the proposed
information requirement is necessary for
the proper performance of the functions
of the agency, including whether the
information will have practical utility;
(2) Evaluate the accuracy of the
agency’s estimate of the burden;
(3) Enhance the quality, utility, and
clarity of the information to be
collected; and
(4) Minimize the burden of the
collection of information on those who
are to respond, including using
appropriate automated, electronic,
mechanical, or other technological
collection techniques or other forms of
information technology.
Information Collection Requirement
OMB Control Number 1652–0050;
Critical Facility Information of the Top
100 Most Critical Pipelines: The
Implementing Recommendations of the
9/11 Commission Act of 2007 (9/11 Act)
specifically required TSA to develop
and implement a plan for reviewing the
pipeline security plans and inspecting
the critical facilities of the 100 most
critical pipeline systems.1 Pipeline
owner/operators determine which
facilities qualify as critical facilities
based on guidance and criteria set forth
in the TSA Pipeline Security Guidelines
published in December 2010 and 2011,
with an update published in April 2021.
To execute the 9/11 Act mandate, TSA
visits critical pipeline facilities and
collects site-specific information from
pipeline owner/operators on facility
security policies, procedures, and
physical security measures.
TSA collects facility security
information during the site visits using
a Critical Facility Security Review
(CFSR) form. The CFSR looks at
individual pipeline facility security
measures and procedures.2 This
1 See sec. 1557 of the 9/11 Act, Public Law 110–
53 (121 Stat. 266, 475; Aug. 3, 2007), as codified
at 6 U.S.C. 1207.
2 The CFSR differs from a Corporate Security
Review (CSR) conducted by TSA in another
information collection that looks at corporate or

VerDate Sep<11>2014

17:47 Jun 29, 2021

Jkt 253001

collection is voluntary. Information
collected from the reviews is analyzed
and used to determine strengths and
weaknesses at the nation’s critical
pipeline facilities, areas to target for risk
reduction strategies, pipeline industry
implementation of the voluntary
guidelines, and the potential need for
regulations in accordance with the 9/11
Act provision previously cited.
TSA visits with pipeline owner/
operators to follow up on their
implementation of security
improvements and recommendations
made during facility visits. During
critical facility visits, TSA documents
and provides recommendations to
improve the security posture of the
facility. TSA intends to continue to
follow up with pipeline owner/
operators via email on their status
toward implementation of the
recommendations made during the
critical facility visits. The follow up will
be conducted at intervals of six, 12, and
18 months after the facility visit.
TSA previously initiated the PRA
approval process by publishing a notice
on April 8, 2021, 86 FR 18291,
announcing our intent to conduct this
collection with a revision. Due to the
emergency revision of the information
collection, TSA is reinitiating the
approval process.
Revision
TSA is revising the information
collection to align the CFSR question set
with the revised Pipeline Security
Guidelines, and to capture additional
criticality criteria. As a result, the
question set has been edited by
removing, adding and rewriting several
questions, to meet the Pipeline Security
Guidelines and criticality needs.
Further, TSA is moving the collection
instrument from a PDF format to an
Excel Workbook format.
Emergency Revision
While the above listed collections are
voluntary, on May 26, 2021, OMB
approved TSA’s request for an
emergency revision of this information
collection, allowing for the institution of
mandatory requirements. See ICR
Reference Number: 202105–1652–002.
The revision was necessary as a result
of the recent ransomware attack on one
of the Nation’s top pipeline supplies
and other emerging threat information.
In order to address the ongoing
cybersecurity threat to pipeline systems
and associated infrastructure, TSA
company-wide security management plans and
practices for pipeline operators. See OMB Control
No. 1652–0056 at https://www.reginfo.gov for the
PRA approval of information collection for these
CSRs.

PO 00000

Frm 00064

Fmt 4703

Sfmt 4703

issued a Security Directive (SD)
applicable to owner/operators of a
hazardous liquid and natural gas
pipeline or liquefied natural gas facility
notified by TSA that their pipeline
system or facility is critical. These
owner/operators are required to review
Section 7 of TSA’s Pipeline Security
Guidelines and assess current activities,
using the TSA Pipeline Cybersecurity
Self-Assessment form, to address cyber
risk, and identify remediation measures
that will be taken to fill those gaps and
a timeframe for achieving those
measures. The form provided is based
on the instrument used for the CFSRs,
limited to cybersecurity issues and
augmented to address the scope of the
SD. The critical pipeline owner/
operators are required to report the
results of this assessment to TSA within
30 days of issuance of the SD. In
cooperation with the Cybersecurity and
Infrastructure Security Agency, TSA
will use this information to make a
global assessment of the cyber risk
posture of the industry.
TSA is seeking renewal of this
information collection for the maximum
three-year approval period.
To the extent information provided by
operators for each information
collection is Sensitive Security
Information (SSI), TSA will protect in
accordance with procedures meeting the
transmission, handling, and storage
requirements of SSI set forth in 49 CFR
parts 15 and 1520.
TSA estimates the annual hour
burden for the information collection
related to the voluntary collection of the
CFSR form to be 320 hours. TSA will
conduct a maximum of 80 facility
reviews each year, with each review
taking approximately 4 hours (320 = 80
× 4).
TSA estimates the annual hour
burden for the information collection
related to TSA follow ups on the
recommendations based on the above
CFSRs made to facility owner/operators
to be 480 hours. TSA estimates each
owner/operator will spend
approximately 2 hours to submit a
response to TSA regarding its voluntary
implementation of security
recommendations made during each
critical facility visit. If a maximum of 80
critical facilities are reviewed each year,
and TSA follows up with each facility
owner/operator every 6, 12, and 18
months following the visit, the total
annual burden is 480 (80 × 2 x 3) hours.
For the mandatory collection, TSA
estimates 100 owner/operators will
complete and submit the Pipeline
Cybersecurity Self-Assessment form. It
will take each owner/operator
approximately 6 hours to complete and

E:\FR\FM\30JNN1.SGM

30JNN1

Federal Register / Vol. 86, No. 123 / Wednesday, June 30, 2021 / Notices
submit this form, for a total of 600 hours
(100 × 6).
The total estimated burden for the
entire information collection is 1,400
hours annually—320 hours for the CFSR
form, 480 hours for the
recommendations follow-up procedures,
and 600 hours for the Pipeline
Cybersecurity Self-Assessment form.
Dated: June 24, 2021.
Christina A. Walsh,
TSA Paperwork Reduction Act Officer,
Information Technology.
[FR Doc. 2021–13884 Filed 6–29–21; 8:45 am]
BILLING CODE 9110–05–P

DEPARTMENT OF HOMELAND
SECURITY
Transportation Security Administration
Intent To Request Extension From
OMB of One Current Public Collection
of Information: Pipeline Operator
Security Information
Transportation Security
Administration, DHS.
ACTION: 60-Day notice.
AGENCY:

The Transportation Security
Administration (TSA) invites public
comment on one currently approved
Information Collection Request (ICR),
Office of Management and Budget
(OMB) control number 1652–0055,
abstracted below that we will submit to
OMB for an extension in compliance
with the Paperwork Reduction Act
(PRA). On May 26, 2021, OMB approved
TSA’s request for an emergency revision
of this collection to address the ongoing
cybersecurity threat to pipeline systems
and associated infrastructure. TSA is
now seeking to renew the collection as
it expires on November 30, 2021. The
ICR describes the nature of the
information collection and its expected
burden. Specifically, the collection
involves the submission of data
concerning pipeline security incidents,
appointment of cybersecurity
coordinators, and coordinators’ contact
information.

SUMMARY:

Send your comments by August
30, 2021.
ADDRESSES: Comments may be emailed
to [email protected] or delivered to
the TSA PRA Officer, Information
Technology (IT), TSA–11,
Transportation Security Administration,
6595 Springfield Center Drive,
Springfield, VA 20598–6011.
FOR FURTHER INFORMATION CONTACT:
Christina A. Walsh at the above address,
or by telephone (571) 227–2062.
SUPPLEMENTARY INFORMATION:

jbell on DSKJLSW7X2PROD with NOTICES

DATES:

VerDate Sep<11>2014

17:47 Jun 29, 2021

Jkt 253001

Comments Invited
In accordance with the Paperwork
Reduction Act of 1995 (44 U.S.C. 3501
et seq.), an agency may not conduct or
sponsor, and a person is not required to
respond to, a collection of information
unless it displays a valid OMB control
number. The ICR documentation will be
available at http://www.reginfo.gov
upon its submission to OMB. Therefore,
in preparation for OMB review and
approval of the following information
collection, TSA is soliciting comments
to—
(1) Evaluate whether the proposed
information requirement is necessary for
the proper performance of the functions
of the agency, including whether the
information will have practical utility;
(2) Evaluate the accuracy of the
agency’s estimate of the burden;
(3) Enhance the quality, utility, and
clarity of the information to be
collected; and
(4) Minimize the burden of the
collection of information on those who
are to respond, including using
appropriate automated, electronic,
mechanical, or other technological
collection techniques or other forms of
information technology.
Information Collection Requirement
OMB Control Number 1652–0055;
Pipeline Operator Security Information.
In addition to TSA’s broad
responsibility and authority for
‘‘security in all modes of transportation
. . . including security responsibilities
. . . over modes of transportation [,]’’
see 49 U.S.C. 114, TSA is required to
issue recommendations for pipeline
security measures and conduct
inspections to assess implementation of
the recommendations. See sec. 1557 of
the Implementing Recommendations of
the 9/11 Commission Act of 2007,
Public Law 110–53 (August 3, 2007).
Consistent with these requirements,
TSA produced Pipeline Security
Guidelines in December 2010 and 2011,
with an update published in April 2021.
As the lead Federal agency for
pipeline security and consistent with its
statutory authorities, TSA needs to be
notified of all (1) incidents that may
indicate a deliberate attempt to disrupt
pipeline operations and (2) activities
that could be precursors to such an
attempt. The Pipeline Security
Guidelines encourage pipeline operators
to notify the Transportation Security
Operations Center (TSOC) via phone or
email as soon as possible if any of the
following incidents occurs or if there is
other reason to believe that a terrorist
incident may be planned or may have
occurred:

PO 00000

Frm 00065

Fmt 4703

Sfmt 4703

34777

• Explosions or fires of a suspicious
nature affecting pipeline systems,
facilities, or assets.
• Actual or suspected attacks on
pipeline systems, facilities, or assets.
• Bomb threats or weapons of mass
destruction threats to pipeline systems,
facilities, or assets.
• Theft of pipeline company vehicles,
uniforms, or employee credentials.
• Suspicious persons or vehicles
around pipeline systems, facilities,
assets, or right-of-way.
• Suspicious photography or possible
surveillance of pipeline systems,
facilities, or assets.
• Suspicious phone calls from people
asking about the vulnerabilities or
security practices of a pipeline system,
facility, or asset operation.
• Suspicious individuals applying for
security-sensitive positions in the
pipeline company.
• Theft or loss of Sensitive Security
Information (SSI) (detailed pipeline
maps, security plans, etc.).
When voluntarily contacting the
TSOC, the Guidelines request pipeline
operators to provide as much of the
following information as possible:
• Name and contact information
(email address, telephone number).
• The time and location of the
incident, as specifically as possible.
• A description of the incident or
activity involved.
• Who has been notified and what
actions have been taken.
• The names and/or descriptions of
persons involved or suspicious parties
and license plates as appropriate.
On May 26, 2021, OMB approved
TSA’s request for an emergency revision
of this information collection. See ICR
Reference Number: 202105–1652–002.
The revision was required as a result of
the recent ransomware attack on one of
the Nation’s top pipeline supplies and
other emerging threat information. TSA
issued a Security Directive (SD) with
requirements for TSA-specified critical
pipeline owner/operators of hazardous
liquid and natural gas pipelines and
liquefied natural gas facilities. The SD
included two new information
collections. TSA now requires all
owner/operators subject to the SD’s
requirements to report cybersecurity
incidents or potential cybersecurity
incidents on their information and
operational technology systems to the
Cybersecurity & Infrastructure Security
Agency (CISA) within 12 hours of
discovery using the CISA Reporting
System. In addition, the SD requires
critical pipeline owner/operators to
appoint cybersecurity coordinators and
to provide contact information for the
coordinators to TSA. To ensure that

E:\FR\FM\30JNN1.SGM

30JNN1


File Typeapplication/pdf
File Modified2021-06-30
File Created2021-06-30

© 2024 OMB.report | Privacy Policy