[Federal Register Volume 79, Number 84 (Thursday, May 1, 2014)]
[Pages 24742-24744]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2014-09992]



Transportation Security Administration

Intent To Request Approval From OMB of One Public Collection of 
Information: Exercise Information System

AGENCY: Transportation Security Administration, DHS.

ACTION: 60-day Notice.


SUMMARY: The Transportation Security Administration (TSA) invites 
public comment on one currently approved Information Collection Request 
(ICR), Office of Management and Budget (OMB) control number 1652-0057, 
abstracted below that we will submit to the Office of Management and 
Budget (OMB) for renewal in compliance with the Paperwork Reduction Act 
(PRA). The ICR describes the nature of the information collection and 
its expected burden for the TSA Exercise Information System (EXIS). 
EXIS is a web portal designed to serve stakeholders in the 
transportation industry in regard to security training exercises. EXIS 
provides stakeholders with transportation security exercise scenarios 
and objectives, best practices and lessons learned, and a repository of 
the user's own historical exercise data for use in future exercises. It 
also allows stakeholders to design their own security exercises based 
on the unique needs of their specific transportation mode or method of 
operation. Utilizing and inputting information into EXIS is completely 

DATES: Send your comments by June 30, 2014.

ADDRESSES: Comments may be emailed to [email protected] or delivered to 
the TSA PRA Officer, Office of Information Technology (OIT), TSA-11, 
Transportation Security Administration, 601 South 12th Street, 
Arlington, VA 20598-6011.

FOR FURTHER INFORMATION CONTACT: Christina Walsh at the above address, 
or by telephone 571-227-2062.


Comments Invited

    In accordance with the Paperwork Reduction Act of 1995 (44 U.S.C. 
3501 et seq.), an agency may not conduct or sponsor, and a person is 
not required to respond to, a collection of information unless it 
displays a valid OMB control number. The ICR documentation is available 
at www.reginfo.gov. Therefore, in preparation for OMB review and 
approval of the following information collection, TSA is soliciting 
comments to--
    (1) Evaluate whether the proposed information requirement is 
necessary for the proper performance of the functions of the agency, 
including whether the information will have practical utility;
    (2) Evaluate the accuracy of the agency's estimate of the burden;
    (3) Enhance the quality, utility, and clarity of the information to 
be collected; and
    (4) Minimize the burden of the collection of information on those 
who are to respond, including using appropriate automated, electronic, 
mechanical, or other technological collection techniques or other forms 
of information technology.

Information Collection Requirement

Purpose of Data Collection

    The Exercise Information System (EXIS) is an Internet-accessible 
knowledge-management system developed by TSA to serve its relevant 
stakeholders (such as members of the transportation industry, port 
authorities, Federal agencies, and state and local governments). EXIS 
integrates security-related training and exercise components 
constituting Sensitive Security Information.\1\ It gives

[[Page 24743]]

stakeholders valuable security exercise scenarios and objectives, best 
practices and lessons learned, and a repository of the users' own 
historical exercise data for use in future exercises. Transportation 
industry stakeholders can choose scenarios and objectives based on 
their vulnerabilities, mode of transportation, and the size of their 

    \1\ Sensitive Security Information (SSI) is information which, 
if publicly released, would be detrimental to transportation 
security, and is defined at 49 U.S.C. 114(r) and 49 CFR part 1520.

    As a knowledge management system, EXIS provides end-to-end security 
exercise support from the initial planning meeting through exercise 
design, implementation, evaluation, and reporting. Working in a secure 
online environment, with a username and password, EXIS users can 
     Customize exercise design: Develop objectives, scenarios, 
contingency injects, evaluation metrics, and other data sets.
     Conduct robust analyses: Sort evaluation data by exercise 
objectives, transportation modes, scenario types, or functional areas.
     Create analytical reports: Identify and sort lessons 
learned, corrective actions, and best practices from past exercises or 
from those of other jurisdictions.
     Collaborate and share information: Build relationships 
with partners.
    EXIS was developed by TSA as part of its broad responsibilities and 
authorities under the Aviation and Transportation Security Act 
(ATSA),\2\ and delegated authority from the Secretary of Homeland 
Security, for ``security in all modes of transportation . . . including 
security responsibilities . . . over modes of transportation that are 
exercised by the Department of Transportation.'' \3\ EXIS is a 
component of TSA's Intermodal Security Training Exercise Program (I-
STEP), which works with surface transportation stakeholders in 
developing and conducting security exercises. I-STEP also fulfills 
requirements of the Implementing Recommendations of the 9/11 Commission 
Act of 2007 (9/11 Act) \4\ regarding the establishment of security 
training exercises for surface modes of transportation that can assess 
and improve the capabilities of these modes in preventing, preparing 
for, mitigating against, responding to, and recovering from acts of 

    \2\ Public Law 107-71 (115 Stat. 597, Nov. 19, 2001).
    \3\ See 49 U.S.C. 114 (d).
    \4\ Public Law 110-53 (121 Stat. 266, Aug. 3, 2007).
    \5\ 9/11 Act secs. 1407 (codified at 6 U.S.C. 1136(a)), 1516 
(codified at 6 U.S.C. 1166), and 1533 (codified at 6 U.S.C. 1183). 
See also the Security and Accountability For Every Port Act of 2006 
(SAFE Port Act), Public Law 109-347 (120 Stat. 1884, Oct. 13, 2006) 
(codified at 6 U.S.C. 911 (a)).

    EXIS helps users design an exercise through the use of a ``wizard'' 
(an interface that leads the user through a series of steps to help 
them work through an otherwise potentially complex process). The EXIS 
wizard walks the user through a step-by-step process allowing them to 
build a profile for their exercise. EXIS provides users with suggested 
scenarios based on the area of focus and objectives selected by the 
user. Users also have the ability to create custom injects or modify a 
Generic EXIS Community Scenario. Exercise Administrators, who are TSA 
employees within the Program Office, may suggest modified scenarios and 
custom injects for use in exercise design.
    Once the user has worked through all the steps guided by the 
wizard, EXIS generates a collaborative workspace for exercise team 
members to work within. All exercise elements can be customized and 
saved. Lessons learned, best management practices, and corrective 
actions are pre-populated into the workspace based on the scenario and 
objectives of the exercise determined during its creation. EXIS is 
adaptable to changing exercise, tracking, and reporting needs as they 
mature and can support the addition of future exercise elements.
    By linking ``exercise communities,'' users can also tackle cross-
jurisdictional issues, such as interoperability. Users are able to 
focus on the underlying issues of transportation security and 
preparedness, and avoid repeating costly mistakes. Finally, users can 
also provide feedback on the usefulness of EXIS itself so that TSA may 
improve this system to better suit the stakeholders' future security 
    TSA intends EXIS to be used primarily by individuals with security 
responsibilities, such as heads of security, for public and private 
owner/operators in the surface transportation community, including mass 
transit systems, freight/rail operators, highway/trucking companies, 
school bus operators, and pipeline systems. These individuals, and 
other stakeholders, can voluntarily contact TSA to request access to 
EXIS; TSA does not require participation in EXIS. Those seeking access 
or desiring more information about I-STEP products and services can 
contact a TSA modal representative or send their request by email to 
[email protected].

Description of Data Collection

    TSA will collect five types of information through EXIS. The 
collection is voluntary. EXIS users are not required to provide all 
information requested--however, if users choose to withhold 
information, they will not receive the benefits of EXIS associated with 
that information collection.
    1. User registration information. Because EXIS includes SSI 
information, TSA must collect information upon registration to ensure 
only those members of the transportation community with a relevant 
interest in conducting security training exercises and with an 
appropriate level of need to access security training information are 
provided access to EXIS. Such registration information will include the 
user's name, professional contact information, agency/company, job 
title, employer, and employment verification contact information.
    2. Desired nature and scope of the exercise. TSA will collect this 
information to generate an EXIS training exercise appropriate for the 
particular user. Users are asked to submit their desired transportation 
mode, exercise properties, objectives, scenario events, and 
participating agencies.
    3. Corrective actions/lessons learned/best practices. TSA collects 
this information to document and share the users' ideas and methods for 
improving transportation security with other transportation 
stakeholders. The user has the option to suggest that their lesson(s) 
learned, best practice(s), or corrective action(s) be published to the 
wider EXIS user base. The I-STEP team sends the item to Subject Matter 
Experts within TSA for vetting and validation. Once the information is 
validated, any company or user identifying information is removed and 
the content is published to the site for all users to access.
    4. Evaluation feedback. TSA collects this information for the 
purpose of evaluating the usefulness of EXIS in facilitating security 
training exercises for the users. TSA can then modify EXIS to better 
suit its users' needs.
    5. After-Action Reports. The EXIS automatically summarizes 
information from items (2) and (3) mentioned above in order to create 
formal After-Action Reports (AAR) for users. These AARs include an 
exercise overview, goals and objectives, scenario event synopsis, 
analysis of critical issues, exercise design characteristics, 
conclusions, and the executive summary. The AAR is the output of the 
exercise process. Stakeholders use the report to identify areas in 
which they can assign resources to mitigate risk and enhance the 
security posture within their organization.

Use of Results

    TSA will use this information to assess and improve the 
capabilities of

[[Page 24744]]

all surface transportation modes to prevent, prepare for, mitigate 
against, respond to, and recover from transportation security 
incidents. A failure to collect this information will limit TSA's 
ability to effectively test security countermeasures, security plans, 
and the ability of a modal operator to respond to and quickly recover 
after a transportation security incident. Insufficient awareness, 
prevention, response, and recovery to a transportation security 
incident will result in increased vulnerability of the U.S. 
transportation network and a reduced ability of DHS to assess system 
    Based on industry population estimates and growth rates, and 
interest generated amongst the surface transportation modes during the 
first three years following EXIS' release to the public, TSA estimates 
that there will be approximately 12,998 users for the next three years 
(4,034 users in Year 1, 4,278 users in Year 2, and 4,686 users in Year 
3.) This was calculated by first estimating the future EXIS population 
using the current number of users (364) and its rate of growth per year 
(67 percent), in addition to the number of annual users added through 
outreach events (3,670). To determine the exercise response rate, the 
average number of exercises conducted annually was calculated based on 
the number of exercises built per user (roughly one in three users 
conducted an exercise). TSA calculated that 35 percent of users conduct 
one exercise per year. Thus, the estimated average number of exercises 
conducted per year totals 1,517 (12,998 users *.35)/3 years)). TSA 
estimates users will spend approximately 4 hours per EXIS exercise 
inputting the information. Finally, the average number of annual 
exercises conducted was multiplied by four hours (the amount of time 
users spent building each exercise) to determine the average annual 
hourly burden. Given this information, the total annual hourly burden 
for EXIS's collection of information is 6,068 hours (1,517 users * 4 
hours). There are no fees to use EXIS. The total annual cost burden to 
respondents is $0.00.

    Dated: April 25, 2014.
Christina Walsh,
TSA Paperwork Reduction Act Officer, Office of Information Technology.
[FR Doc. 2014-09992 Filed 4-30-14; 8:45 am]