Daily Rules, Proposed Rules, and Notices of the Federal Government

• Home
• Departments
• Agencies
• Dates

Top Searches

Popular Sites

Common CFR Searches

Federal Register: July 29, 2009 (Volume 74, Number 144)

DOCID: fr29jy09-85 FR Doc E9-17980

DEPARTMENT OF HOMELAND SECURITY

Transportation Security Administration

NOTICE: NOTICES

DOCID: fr29jy09-85

DOCUMENT ACTION: 60-day Notice.

SUBJECT CATEGORY:

Intent To Request Approval From OMB of One New Public Collection of Information: Pipeline Operator Security Information

DATES: Send your comments by September 28, 2009.

DOCUMENT SUMMARY:

The Transportation Security Administration (TSA) invites public comment on a new Information Collection Request (ICR). As required by the Paperwork Reduction Act, TSA will submit the application to the Office of Management and Budget (OMB) for review and approval. The ICR describes the nature of the information collection and its expected burden. Specifically, the collection involves the submission of contact information of the company's primary and alternate security manager and the telephone number of the security operations or control center, as well as data concerning pipeline security incidents.

SUMMARY:

Agency Information Collection Activities; Proposals, Submissions, and Approvals

SUPPLEMENTAL INFORMATION

Comments Invited

In accordance with the Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et seq.), an agency may not conduct or sponsor, and a person is not required to respond to, a collection of information unless collection has been granted a valid OMB control number. Therefore, in preparation for OMB review and approval of the following information collection, TSA is soliciting comments to
(1) Evaluate whether the proposed information requirement is necessary for the proper performance of the functions of the agency, including whether the information will have practical utility; (2) Evaluate the accuracy of the agency's estimate of the burden; (3) Enhance the quality, utility, and clarity of the information to be collected; and
(4) Minimize the burden of the collection of information on those who are to respond, including using appropriate automated, electronic, mechanical, or other technological collection techniques or other forms of information technology.

The ICR documentation is available at http://www.reginfo.gov. Information Collection Requirement

Purpose of Data Collection

Under the Aviation and Transportation Security Act (ATSA) (Pub. L. 10771, 115 Stat. 597 (November 19, 2001)) and delegated authority from the Secretary of Homeland Security, TSA has broad responsibility and authority for ``security in all modes of transportation * * * including security responsibilities * * * over modes of transportation that are exercised by the Department of Transportation.'' \1\ Pipeline transportation is a mode of transportation over which TSA has jurisdiction. The Pipeline Security Division within the Office of Transportation Sector Network Management (TSNM) has the lead within TSA for pipeline matters.
\1\ See 49 U.S.C. 114(d). The TSA Assistant Secretary's current authorities under ATSA have been delegated by the Secretary of Homeland Security. Section 403(2) of the Homeland Security Act (HSA) of 2002 (Pub. L. 107296, 116 Stat. 2315 (November 25, 2002)) transferred all functions of TSA, including those of the Secretary of Transportation and the Under Secretary of Transportation related to TSA, to the Secretary of Homeland Security. Pursuant to DHS Delegation Number 7060.2, the Secretary delegated to the Assistant Secretary (then referred to as the Administrator of TSA), subject to the Secretary's guidance and control, the authority vested in the Secretary with respect to TSA, including that in section 403(2) of the HSA.

In executing its responsibility for pipeline security, TSNM has employed the Pipeline Security Information Circular (Circular), which was issued on September 5, 2002 by the Department of Transportation's (DOT) Office of Pipeline Safety. The Circular defines critical pipeline facilities, identifies appropriate countermeasures for protecting them, and explains how the Federal government will verify that operators have taken appropriate action to implement satisfactory security procedures and plans. This document has been the primary Federal guideline for pipeline security. In 2008, TSA recognized that the Circular required updating, and initiated a process to amend and supersede the Circular with forthcoming Pipeline Security Guidelines. The document will include recommendations for the voluntary submission of pipeline operator security manager contact information to TSA's Pipeline Security Division and the reporting of security incident data to the Transportation Security Operation Center (TSOC).

Description of Data Collection

The draft Pipeline Security Guidelines indicate that each operator should provide TSA with the 24/7 contact information of the company's primary and alternate security manager, and the telephone number of the security operations or control center. Submission of this voluntary information may be done by telephone, email, or any other method convenient to the pipeline operator.

The document also requests that pipeline operators notify the TSOC via telephone or email if any of the following occur:

Explosions or fires of a suspicious nature affecting pipeline systems, facilities, or assets

Actual or suspected attacks on pipeline systems, facilities, or assets

Bomb threats or weapons of mass destruction (WMD) threats to pipeline systems, facilities, or assets

Theft of pipeline company vehicles, uniforms, or employee credentials

Suspicious persons or vehicles around pipeline systems, facilities, assets, or rightofway

Suspicious photography or possible surveillance of pipeline systems, facilities, or assets

Suspicious phone calls from people asking about the vulnerabilities or security practices of a pipeline system, facility, or asset operation

Suspicious individuals applying for securitysensitive positions in the pipeline company

Theft or loss of Sensitive Security Information (SSI) (detailed pipeline maps, security plans, etc.)

Actual or suspected cyber attacks that could impact pipeline Supervisory Control and Data Acquisition (SCADA) or enterprise associated IT systems.

When contacting the TSOC, the draft Guidelines request that pipeline operators provide as much of the following information as possible:

Name and contact information (email address, telephone number)

The time and location of the incident, as specifically as possible

A description of the incident or activity involved

Who has been notified and what actions have been taken [[Page 37724]]

The names and/or descriptions of persons involved or suspicious parties and license plates as appropriate.

There are approximately 3,000 pipeline companies in the United States. TSA estimates that pipeline operators will require a maximum of 15 minutes to collect, review, and submit primary/alternate security manager and security operations or control center contact information by telephone or email. Assuming voluntary submission of the requested information by all operators, the potential burden to the public is estimated to be a maximum of 750 hours. (3,000 companies x 15 minutes = 750 hours) Turnover of security personnel would necessitate changes to previouslysubmitted contact information on an asoccurring basis. Assuming an annual employee turnover rate of 10 percent, the potential burden to the public is estimated to be a maximum of 75 hours. (3,000 companies x 10 percent turnover = 300 updates; 300 updates x 15 minutes = 75 hours)

Reporting of pipeline security incidents will occur on an irregular basis. TSA estimates that approximately 140 incidents will be reported annually, requiring a maximum of 30 minutes to collect, review, and submit event information. The potential burden to the public is estimated to be 70 hours. (140 incidents x 30 minutes = 70 hours) Use of Results

TSA's Pipeline Security Division will use the operator contact information to provide securityrelated information to company security managers and/or the security operations or control center. Additionally, TSA may use operator contact information to solicit additional information following a pipeline security incident. TSA will use the security incident information provided by operators for vulnerability identification and analysis and trend analysis. TSA may also include the information, in redacted form, in the TSA Office of Intelligence Transportation Suspicious Incident Report (TSIR), an unclassified weekly comprehensive review of suspicious incident reporting related to transportation which is provided to industry and government stakeholders. To the extent that incident information provided by pipeline operators is SSI, it will be protected in accordance with procedures meeting the transmission, handling, and storage requirements of SSI set forth in 49 CFR parts 15 and 1520.

Issued in Arlington, Virginia, on July 23, 2009. Ginger LeMay,
Paperwork Reduction Act Officer, Business Improvements and Communications, Office of Information Technology.
[FR Doc. E917980 Filed 72809; 8:45 am]
BILLING CODE 911005P

FOR FURTHER INFORMATION CONTACT

Ginger LeMay at the above address or by telephone (571) 2273616 or email ginger.lemay@dhs.gov.