[Federal Register Volume 74, Number 144 (Wednesday, July 29, 2009)]
[Pages 37723-37724]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: E9-17980]



Transportation Security Administration

Intent To Request Approval From OMB of One New Public Collection 
of Information: Pipeline Operator Security Information

AGENCY: Transportation Security Administration, DHS.

ACTION: 60-day Notice.


SUMMARY: The Transportation Security Administration (TSA) invites 
public comment on a new Information Collection Request (ICR). As 
required by the Paperwork Reduction Act, TSA will submit the 
application to the Office of Management and Budget (OMB) for review and 
approval. The ICR describes the nature of the information collection 
and its expected burden. Specifically, the collection involves the 
submission of contact information of the company's primary and 
alternate security manager and the telephone number of the security 
operations or control center, as well as data concerning pipeline 
security incidents.

DATES: Send your comments by September 28, 2009.

ADDRESSES: Comments may be mailed or delivered to Ginger LeMay, Office 
of Information Technology, TSA-11, Transportation Security 
Administration, 601 South 12th Street, Arlington, VA 20598-6011.

FOR FURTHER INFORMATION CONTACT: Ginger LeMay at the above address or 
by telephone (571) 227-3616 or e-mail [email protected].


Comments Invited

    In accordance with the Paperwork Reduction Act of 1995 (44 U.S.C. 
3501 et seq.), an agency may not conduct or sponsor, and a person is 
not required to respond to, a collection of information unless 
collection has been granted a valid OMB control number. Therefore, in 
preparation for OMB review and approval of the following information 
collection, TSA is soliciting comments to--
    (1) Evaluate whether the proposed information requirement is 
necessary for the proper performance of the functions of the agency, 
including whether the information will have practical utility;
    (2) Evaluate the accuracy of the agency's estimate of the burden;
    (3) Enhance the quality, utility, and clarity of the information to 
be collected; and
    (4) Minimize the burden of the collection of information on those 
who are to respond, including using appropriate automated, electronic, 
mechanical, or other technological collection techniques or other forms 
of information technology.
    The ICR documentation is available at http://www.reginfo.gov.

Information Collection Requirement

Purpose of Data Collection

    Under the Aviation and Transportation Security Act (ATSA) (Pub. L. 
107-71, 115 Stat. 597 (November 19, 2001)) and delegated authority from 
the Secretary of Homeland Security, TSA has broad responsibility and 
authority for ``security in all modes of transportation * * * including 
security responsibilities * * * over modes of transportation that are 
exercised by the Department of Transportation.'' \1\ Pipeline 
transportation is a mode of transportation over which TSA has 
jurisdiction. The Pipeline Security Division within the Office of 
Transportation Sector Network Management (TSNM) has the lead within TSA 
for pipeline matters.

    \1\ See 49 U.S.C. 114(d). The TSA Assistant Secretary's current 
authorities under ATSA have been delegated by the Secretary of 
Homeland Security. Section 403(2) of the Homeland Security Act (HSA) 
of 2002 (Pub. L. 107-296, 116 Stat. 2315 (November 25, 2002)) 
transferred all functions of TSA, including those of the Secretary 
of Transportation and the Under Secretary of Transportation related 
to TSA, to the Secretary of Homeland Security. Pursuant to DHS 
Delegation Number 7060.2, the Secretary delegated to the Assistant 
Secretary (then referred to as the Administrator of TSA), subject to 
the Secretary's guidance and control, the authority vested in the 
Secretary with respect to TSA, including that in section 403(2) of 
the HSA.

    In executing its responsibility for pipeline security, TSNM has 
employed the Pipeline Security Information Circular (Circular), which 
was issued on September 5, 2002 by the Department of Transportation's 
(DOT) Office of Pipeline Safety. The Circular defines critical pipeline 
facilities, identifies appropriate countermeasures for protecting them, 
and explains how the Federal government will verify that operators have 
taken appropriate action to implement satisfactory security procedures 
and plans. This document has been the primary Federal guideline for 
pipeline security. In 2008, TSA recognized that the Circular required 
updating, and initiated a process to amend and supersede the Circular 
with forthcoming Pipeline Security Guidelines. The document will 
include recommendations for the voluntary submission of pipeline 
operator security manager contact information to TSA's Pipeline 
Security Division and the reporting of security incident data to the 
Transportation Security Operation Center (TSOC).

Description of Data Collection

    The draft Pipeline Security Guidelines indicate that each operator 
should provide TSA with the 24/7 contact information of the company's 
primary and alternate security manager, and the telephone number of the 
security operations or control center. Submission of this voluntary 
information may be done by telephone, email, or any other method 
convenient to the pipeline operator.
    The document also requests that pipeline operators notify the TSOC 
via telephone or email if any of the following occur:
     Explosions or fires of a suspicious nature affecting 
pipeline systems, facilities, or assets
     Actual or suspected attacks on pipeline systems, 
facilities, or assets
     Bomb threats or weapons of mass destruction (WMD) threats 
to pipeline systems, facilities, or assets
     Theft of pipeline company vehicles, uniforms, or employee 
     Suspicious persons or vehicles around pipeline systems, 
facilities, assets, or right-of-way
     Suspicious photography or possible surveillance of 
pipeline systems, facilities, or assets
     Suspicious phone calls from people asking about the 
vulnerabilities or security practices of a pipeline system, facility, 
or asset operation
     Suspicious individuals applying for security-sensitive 
positions in the pipeline company
     Theft or loss of Sensitive Security Information (SSI) 
(detailed pipeline maps, security plans, etc.)
     Actual or suspected cyber attacks that could impact 
pipeline Supervisory Control and Data Acquisition (SCADA) or enterprise 
associated IT systems.
    When contacting the TSOC, the draft Guidelines request that 
pipeline operators provide as much of the following information as 
     Name and contact information (e-mail address, telephone 
     The time and location of the incident, as specifically as 
     A description of the incident or activity involved
     Who has been notified and what actions have been taken

[[Page 37724]]

     The names and/or descriptions of persons involved or 
suspicious parties and license plates as appropriate.
    There are approximately 3,000 pipeline companies in the United 
States. TSA estimates that pipeline operators will require a maximum of 
15 minutes to collect, review, and submit primary/alternate security 
manager and security operations or control center contact information 
by telephone or email. Assuming voluntary submission of the requested 
information by all operators, the potential burden to the public is 
estimated to be a maximum of 750 hours. (3,000 companies x 15 minutes = 
750 hours) Turnover of security personnel would necessitate changes to 
previously-submitted contact information on an as-occurring basis. 
Assuming an annual employee turnover rate of 10 percent, the potential 
burden to the public is estimated to be a maximum of 75 hours. (3,000 
companies x 10 percent turnover = 300 updates; 300 updates x 15 minutes 
= 75 hours)
    Reporting of pipeline security incidents will occur on an irregular 
basis. TSA estimates that approximately 140 incidents will be reported 
annually, requiring a maximum of 30 minutes to collect, review, and 
submit event information. The potential burden to the public is 
estimated to be 70 hours. (140 incidents x 30 minutes = 70 hours)

Use of Results

    TSA's Pipeline Security Division will use the operator contact 
information to provide security-related information to company security 
managers and/or the security operations or control center. 
Additionally, TSA may use operator contact information to solicit 
additional information following a pipeline security incident. TSA will 
use the security incident information provided by operators for 
vulnerability identification and analysis and trend analysis. TSA may 
also include the information, in redacted form, in the TSA Office of 
Intelligence Transportation Suspicious Incident Report (TSIR), an 
unclassified weekly comprehensive review of suspicious incident 
reporting related to transportation which is provided to industry and 
government stakeholders. To the extent that incident information 
provided by pipeline operators is SSI, it will be protected in 
accordance with procedures meeting the transmission, handling, and 
storage requirements of SSI set forth in 49 CFR parts 15 and 1520.

    Issued in Arlington, Virginia, on July 23, 2009.
Ginger LeMay,
Paperwork Reduction Act Officer, Business Improvements and 
Communications, Office of Information Technology.
[FR Doc. E9-17980 Filed 7-28-09; 8:45 am]