[Federal Register Volume 81, Number 71 (Wednesday, April 13, 2016)]
[Notices]
[Pages 21887-21891]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2016-08495]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF HOMELAND SECURITY

[Docket No. DHS-2015-0058]


Chemical Security Assessment Tool (CSAT)

AGENCY: National Protection and Programs Directorate, DHS.

ACTION: 30-Day Notice and request for comments; Revision of Information 
Collection Request: 1670-0007.

-----------------------------------------------------------------------

SUMMARY: The Department of Homeland Security (DHS or the Department), 
National Protection and Programs Directorate (NPPD), Office of 
Infrastructure Protection (IP), Infrastructure Security Compliance 
Division (ISCD), will submit the following Information Collection 
Request (ICR) to the Office of Management and Budget (OMB) for review 
and clearance in accordance with the Paperwork Reduction Act of 1995 
(Pub. L. 104-13, 44 U.S.C. chapter 35). The Department previously

[[Page 21888]]

published this ICR, in the Federal Register on November 18, 2015, for a 
60-day public comment period.\1\
---------------------------------------------------------------------------

    \1\ See 80 FR 72086. The 60-day Federal Register notice for 
Information Collection 1670-0007, which invited comments for 60 
days, may be found at https://www.federalregister.gov/articles/2015/11/18/2015-29457/chemical-security-assessment-tool-csat.
---------------------------------------------------------------------------

    In this notice NPPD is: (1) Responding to two commenters who 
submitted comments in response to the 60-day notice previously 
published for this ICR and (2) inviting public comment concerning this 
ICR for an additional 30 days.

DATES: Comments are encouraged and will be accepted until May 13, 2016. 
This process is conducted in accordance with 5 CFR 1320.8.

ADDRESSES: Interested persons are invited to submit written comments on 
the proposed information collection to the Office of Information and 
Regulatory Affairs, OMB. Comments should be addressed to OMB Desk 
Officer, Department of Homeland Security, National Protection and 
Programs Directorate. Comments must be identified by the docket number 
DHS-2015-0058 and may be submitted using one of the following methods:
     Federal eRulemaking Portal: http://www.regulations.gov.
     Email: [email protected]. Include the docket 
number in the subject line of the message.
     Fax: (202) 395-5806.
    Instructions: All submissions received must include the words 
``Department of Homeland Security'' and the docket number for this 
action. Comments received will be posted without alteration at http://www.regulations.gov, including any personal information provided.
    Comments that include trade secrets, confidential commercial or 
financial information, Chemical-terrorism Vulnerability Information 
(CVI),\2\ Sensitive Security Information (SSI),\3\ or Protected 
Critical Infrastructure Information (PCII) \4\ should not be submitted 
to the public regulatory docket. Please submit such comments separately 
from other comments in response to this notice. Comments containing 
trade secrets, confidential commercial or financial information, CVI, 
SSI, or PCII should be appropriately marked and packaged in accordance 
with applicable requirements and submitted by mail to the Office of 
Information and Regulatory Affairs, OMB. Comments should be addressed 
to OMB Desk Officer, Department of Homeland Security, National 
Protection and Programs Directorate. Comments must be identified by the 
docket number DHS-2015-0058.
---------------------------------------------------------------------------

    \2\ For more information about CVI see 6 CFR 27.400 and the CVI 
Procedural Manual at http://www.dhs.gov/xlibrary/assets/chemsec_cvi_proceduresmanual.pdf.
    \3\ For more information about SSI see 49 CFR part 1520 and the 
SSI Program Web page at http://www.tsa.gov.
    \4\ For more information about PCII see 6 CFR part 29 and the 
PCII Program Web page at http://www.dhs.gov/protected-critical-infrastructure-information-pcii-program.
---------------------------------------------------------------------------

    The Office of Management and Budget is particularly interested in 
comments that:
    1. Evaluate whether the proposed collection of information is 
necessary for the proper performance of the functions of the agency, 
including whether the information will have practical utility;
    2. Evaluate the accuracy of the agency's estimate of the burden of 
the proposed collection of information, including the validity of the 
methodology and assumptions used;
    3. Enhance the quality, utility, and clarity of the information to 
be collected; and
    4. Minimize the burden of the collection of information on those 
who are to respond, including through the use of appropriate automated, 
electronic, mechanical, or other technological collection techniques or 
other forms of information technology, e.g., permitting electronic 
submissions of responses.

FOR FURTHER INFORMATION CONTACT: Chemical Facility Anti-Terrorism 
Standards (CFATS) Program Manager, DHS/NPPD/IP/ISCD, [email protected].

SUPPLEMENTARY INFORMATION: Section 550 of the Homeland Security 
Appropriations Act of 2007, Public Law 109-295 (2006), provided the 
Department with the authority to regulate the security of high-risk 
chemical facilities. On April 9, 2007, the Department issued an Interim 
Final Rule (IFR), implementing this statutory mandate at 72 FR 17688. 
In December 2014, the President signed into law the Protecting and 
Securing Chemical Facilities from Terrorist Attacks Act of 2014 (the 
CFATS Act of 2014), Public Law 113-254, which authorized the Chemical 
Facility Anti-Terrorism Standards program in the Homeland Security Act 
of 2002, as amended, Public Law 107-296.\5\
---------------------------------------------------------------------------

    \5\ Section 2 of the CFATS Act of 2014 adds a new Title XXI to 
the Homeland Security Act of 2002. Title XXI contains new secs. 
numbered 2101 through 2109. Citations to the Homeland Security Act 
of 2002 throughout this document reference those secs. of Title XXI. 
Those secs. have been codified in the U.S. Code at 6 U.S.C. 621-629.
---------------------------------------------------------------------------

    The CFATS regulations (available at 6 CFR part 27) govern the 
security at covered chemical facilities that have been determined by 
the Department to be at high risk for terrorist attack. See 6 CFR part 
27. The CFATS represent national-level effort to minimize the terrorism 
risk to such facilities. Its design and implementation balance 
maintaining economic vitality with securing facilities and their 
surrounding communities. The regulations were designed to take 
advantage of protective measures already in place and to allow 
facilities to employ a wide range of tailored measures to satisfy the 
regulations' Risk-Based Performance Standards (RBPS).
    The Department collects the core regulatory data necessary to 
implement CFATS through the portions of the CSAT covered under this 
collection. For more information about CFATS and CSAT, you may access 
www.dhs.gov/chemicalsecurity. The current information collection for 
CSAT (IC 1670-0007) will expire on April 30, 2016.\6\
---------------------------------------------------------------------------

    \6\ The current information collection for CSAT may be found at 
http://www.reginfo.gov/public/do/PRAViewICR?ref_nbr=201303-1670-001.
---------------------------------------------------------------------------

Responses To Comments Submitted During 60-Day Comment Period

    The Department invited comments on four questions:
    (1) Evaluate whether the proposed collection of information is 
necessary for the proper performance of the functions of the agency, 
including whether the information will have practical utility;
    (2) Evaluate the accuracy of the agency's estimate of the burden of 
the proposed collection of information, including the validity of the 
methodology and assumptions used;
    (3) Enhance the quality, utility, and clarity of the information to 
be collected; and
    (4) Minimize the burden of the collection of information on those 
who are to respond, including through the use of appropriate automated, 
electronic, mechanical, or other technological collection techniques or 
other forms of information technology, e.g., permitting electronic 
submissions of responses.
    In response to the 60-Day Notice that solicited comments about the 
CSAT ICR, the Department received 12 comments from 2 commenters. The 2 
commenters were 1 private citizen and 1 industry association.

[[Page 21889]]

Comments Related to Whether the Proposed Collection of Information is 
Necessary for the Proper Performance of the Function of the Agency, 
Including Whether the Information Will Have Practical Utility

    The Department did not receive any comments suggesting that the 
proposed collection of information was not necessary for the proper 
performance of the functions of the agency.

Comments Related to the Accuracy of the Agency's Estimate of the Burden 
of the Proposed Collection of Information, Including the Validity of 
the Methodology and Assumptions Used

    Comment: Private Citizen commented, ``It is impossible for any 
individual or entity to make an adequate determination or estimation of 
the time and costs associated with the submission of the revised Top-
Screen document. Although the revised document is available to DHS it 
has not been published and is not available to this commenter or other 
interested entity.''
    Response: The Department calculated the reduction in Top-Screen 
time and costs by measuring the time users were logged into the CSAT 
system completing a Top-Screen between Calendar Year 2012-2014. DHS 
expects that this level of time will remain the same with the new Top-
Screen survey.
    Comment: Private Citizen commented, ``It is impossible for any 
individual or entity to make an adequate determination or estimation of 
the time and costs associated with the submission of the revised 
Security Vulnerability Assessment document. Although the revised 
document is available to DHS it has not been published and is not 
available to this commenter or other interested entity.''
    Response: The Department calculated the reduction in time and cost 
for the new Security Vulnerability Assessment (SVA) and Alternative 
Security Program (ASP) surveys submitted in lieu of the SVA by 
measuring the time users were logged into the CSAT system completing 
the previous SVA/ASP between Calendar Year 2012-2014, and subtracting 
time for the removal of duplicate questions from the current survey and 
removal of the attack scenarios from the current survey.
    Comment: Private Citizen commented, ``The Collection Request 
document also states the Department is considering requesting chemical 
facilities of interest that have chemical holdings at or above the non-
screening threshold quantities on Appendix of the CFATS complete a Top 
Screen, even if the facility has previously completed a Top-Screen and 
been determined not to be high-risk. It is understood that a new 
baseline for all assets must be established however for entities with a 
large number of registered facilities with a minimal number of tiered 
facilities this will be a costly undertaking. Again as in 1 above, it 
is impossible for any individual or entity to make an adequate 
determination or estimation of the time and costs associated with the 
submission of the revised Top-Screen document. Although the revised 
document is available to DHS it has not been published and is not 
available to this commenter or other interested entity.''
    Response: The Department is only considering requesting facilities 
that have chemical holdings at or above screening threshold quantities 
on Appendix A to submit a new Top-Screen. The Department calculated 
this cost by taking the total number of unique facilities 36,930 that 
have submitted a Top-Screen since the inception of the regulation in 
2007 and applying the time users were logged into the system completing 
a Top-Screen between Calendar Year 2012-2014.
    Comment: Private Citizen commented, ``The assumption that Site 
Security Officers are the only individuals responsible for submitting 
Top-Screens in many instances may not be a valid assumption. There are 
costs associated with other individuals that may be involved in the 
process and in other designated positions such as Submitters and 
Authorizers. In many instances the Site Security Officer position is 
not a dedicated separate position. These duties may be/are assigned as 
additional duties to facility supervisory, management, and operations 
positions as well as engineers. The cost curve for these individuals is 
much greater.''
    Response: The Department agrees that the actual cost to a facility 
may vary by the number of people involved, the type of people involved, 
and the unique facility business operations. Since 2007, the Department 
has published multiple ICRs and received a significant number of 
comments about the costs and burdens associated with how to best 
estimate the facility burden. Those commenters have consistently 
accepted the use of a Site Security Officer as a reasonable baseline to 
estimate the costs for most facilities. As a result, the Department has 
elected to retain this assumption.

Comments Related to the Quality, Utility, and Clarity of the 
Information To Be Collected

    Comment: Industry Association commented, ``Some of the questions 
are phrased as a double negative, making the question unnecessarily 
confusing. The questions should be phrased in such a way that the 
expected answer is abundantly evident. If the answer is a simple yes or 
no, indicate that in the question and provide a text box. If the 
question requires supporting information, indicate what types of 
supporting documentation would be acceptable and unacceptable.''
    Response: The Department has redesigned the CSAT tool suite. As 
part of this redesign, the Department changed the question wording 
where possible to make it clearer and easier to understand.

Comments Related to Minimizing the Burden of the Collection of the 
Information on Those Who Are To Respond, Including Through the Use of 
Appropriate Automated, Electronic Mechanical, or Other Technological 
Collection Techniques or Other Forms of Information Technology, e.g., 
Permitting Electronic Submissions of Responses

    Comment: Industry Association commented, ``The CSAT tool has 
repetitive questions throughout the document that extend the time to 
complete. For example, Risk-Based Performance Standard (RBPS) 4, 
repeats questions from RBPS 1, 2 and 3. If the questions must be asked 
multiple times, it would be helpful to identify questions that would 
elicit a similar response.''
    Response: The Department has redesigned the CSAT tool suite. As 
part of this redesign, the Department removed repetitive questions.
    Comment: Industry Association commented, ``DHS should consider the 
format of RBPS 18. RBPS 18 stipulates that every answer to every 
question must be yes. Instead of filling out a form by checking a 
series of boxes, those requirements could be explicitly stated with a 
simple signature or check box at the bottom.''
    Response: The Department has taken this recommendation and merged 
the retention of records questions that must be answered with a yes 
into one question that is an affirmation statement.

Other Comments Submitted in Response to the Information Collection 
Request

    Comment: Industry Association commented, ``DHS should consider 
removing the chlorine rail car as a theft issue in the tiering process. 
Chlorine rail

[[Page 21890]]

cars weigh between 83,000 and 93,000 lbs. when empty. Loaded rail cars 
weigh in excess of 263,000 lbs. Due to the extreme weight and the 
necessity to transport them on permanent rails using powerful 
mechanized systems, chlorine rail cars should not be considered man-
portable.''
    Response: The Department has developed an improved risk 
methodology. As part of this improved risk methodology, the Department 
will consider packaging size and type in the new vulnerability factor. 
Although loaded rail cars, which are considered bulk transportation 
items, are extremely heavy and bulky, the potential for the theft of 
these rail cars cannot be ruled out.
    Comment: Industry Association commented, ``Additionally, CI 
[Chlorine Institute] members have received feedback on Top Screens 
regarding the release volume. For EPA's RMP submissions, the single 
largest container is used as the release scenario. When this volume was 
submitted on a Top Screen, CI members were asked to instead use the 
full inventory of the COI [Chemical of Interest] within a 170 foot 
radius. Especially for members who package chlorine into multiple 
smaller containers, such as cylinders and ton containers, this scenario 
is highly impractical and improbable and has the potential to affect 
tier determination. It is also unclear the origins of the 170-foot 
radius specification.''
    Response: The CFATS program is a security-based regulation that is 
focused on mitigating the risk of intentional acts which generate high 
consequences. It is possible that these acts may involve multiple 
cylinders, containers, etc. In contrast, the EPA Risk Management 
Program is a safety-based regulation that is focused on accidental 
releases. Thus, it is appropriate for the DHS modeling to take into 
account the possibility and consequences of an intentional act that 
results in the release of multiple cylinders/containers.
    Comment: Industry Association commented, ``Since 2013, CI has had a 
Cooperative Research and Development Agreement (CRADA) with Chemical 
Security Analysis Center (CSAC) within DHS. With the support of the 
Chlorine Institute, CSAC has conducted a series of field experiments to 
study the dispersion patterns and the nature of reactivity of chlorine 
to its surroundings. From these tests, CSAC then modeled chlorine 
releases and contributed those results to the newly updated Chlorine 
Institute Pamphlet 74, Guidance on Estimating the Area Affected By A 
Chlorine Release. These models are based on real-world, large-scale 
chlorine releases, modeled by DHS scientists. For this reason, some 
members have elected to use the release estimates of Pamphlet 74 in 
lieu of RMP*COMP, and have received notification from DHS that RMP*COMP 
must be used. The RMP*COMP is based on a computational model, not real-
world tests studied by DHS scientists. DHS should consider, for 
chlorine, allowing the use of Pamphlet 74 dispersion estimates in lieu 
of RMP*COMP due to the higher level of accuracy and to conserve 
resources by using already existing dispersion analysis.''
    Response: The Department has developed an improved risk 
methodology. As part of this improved risk methodology, DHS will employ 
an atmospheric dispersion model, thus eliminating the need for 
facilities to use the EPA RMP*Comp Tool.
    Comment: Industry Association commented, ``DHS should develop a 
Compliance Guide for performing audits at each Tier Level. This will 
assist regulated communities in preparing for audits and achieving the 
intended objectives of CFATS. Additionally, some CI members have 
observed that some DHS auditors completely ignore CSAT questions during 
an audit; a Compliance Guide could standardize the auditing process.''
    Response: The Department will consider developing a Compliance 
Guide for performing audits, at each Tier Level.
    Comment: Industry Association commented, ``DHS should consider 
combining the Top Screen and Security Vulnerability Assessment 
processes. Combining the processes would save time for both the 
regulated community and DHS as each process has similar goals. DHS 
should also consider factors/measures/conditions that if existing or 
present would effectively lower the risk ranking of the security issue 
and effectively lower the Tier Level. This may reduce the number of 
facilities that are reassigned to a different tier later in the 
process.''
    Response: The Department has redesigned the CSAT tool suite. As 
part of this redesign, the Department has moved the questions relevant 
to tiering determinations from the Security Vulnerability Assessment 
survey to the Top-Screen survey. Along with the redesign of the CSAT 
tool suite DHS has also developed an improved risk methodology. In this 
improved risk methodology, DHS has included a new vulnerability metric, 
based on inherent facility characteristics that reduce vulnerability.

The Department's Methodology in Estimating the Burden for the Top-
Screen

    This 30-Day Notice relies on the analysis and resulting burden 
estimates in the 60-day notice for this instrument. The Department also 
understands CVI training may be required for some Site Security 
Officer's before being able to submit a Top-Screen. The burden for CVI 
training is accounted for in ICR: 1670- 30-Day Notice published, in the 
Federal Register, on March 18, 2013.\7\
---------------------------------------------------------------------------

    \7\ The CVI 30-Day Notice published on March 18, 2013 https://www.federalregister.gov/articles/2013/03/18/2013-06096/chemical-facility-anti-terrorism-standards-cfats-chemical-terrorism-vulnerability-information-cvi.
---------------------------------------------------------------------------

The Department's Methodology in Estimating the Burden for the Security 
Vulnerability Assessment (SVA) & Alternative Security Program (ASP) 
Submitted in Lieu of the Security Vulnerability Assessment

    This 30-Day notice relies on the analysis and resulting burden 
estimates in the 60-day notice for this instrument.

The Department's Methodology in Estimating the Burden for Site Security 
Plan (SSP) & Alternative Security Program (ASP) Submitted in Lieu of 
the Site Security Plan

    This 30-Day Notice relies on the analysis and resulting burden 
estimates in the 60-day notice for this instrument.

The Department's Methodology in Estimating the Burden for the Helpdesk

    This 30-Day Notice relies on the analysis and resulting burden 
estimates in the 60-day notice for this instrument.

The Department's Methodology in Estimating the Burden for 
Identification of Additional Facilities and Assets at Risk

    This 30-Day Notice relies on the analysis and resulting burden 
estimates in the 60-day notice for this instrument.

Analysis

Agency: Department of Homeland Security, National Protection and 
Programs Directorate, Office of Infrastructure Protection, 
Infrastructure Security Compliance Division.
Title: Chemical Security Assessment Tool.
OMB Number: 1670-0007.
Instrument: CSAT Top-Screen.
Frequency: ``On occasion'' and ``Other.''
Affected Public: Business or other for-profit.
Number of Respondents: 1,000 respondents (estimate).

[[Page 21891]]

Estimated Time per Respondent: 6.00 hours.
Total Burden Hours: 9,200 hours.
Total Burden Cost (capital/startup): $15,005,400.
Total Recordkeeping Burden: $0.
Total Burden Cost: $15,623,400.

Instrument: Security Vulnerability Assessment and Alternative Security 
Program Submitted in Lieu of the Security Vulnerability Assessment.
Frequency: ``On occasion'' and ``Other.''
Affected Public: Business or other for-profit.
Number of Respondents: 211 respondents.
Estimated Time per Respondent: 2.65 hours.
Total Burden Hours: 900 hours.
Total Burden Cost (capital/startup): $0.
Total Recordkeeping Burden: $0.
Total Burden Cost: $58,600.

Instrument: Site Security Plan and Alternative Security Program 
Submitted in Lieu of the Site Security Plan.
Frequency: ``On occasion'' and ``Other.''
Affected Public: Business or other for-profit.
Number of Respondents: 211 respondents.
Estimated Time per Respondent: 18.75 hours.
Total Burden Hours: 8,000 hours.
Total Burden Cost (capital/startup): $0.
Total Recordkeeping Burden: $438,800.
Total Burden Cost: $976,400.

Instrument: CFATS Helpdesk.
Frequency: ``On occasion'' and ``Other.''
Affected Public: Business or other for-profit.
Number of Respondents: 15,000 respondents.
Estimated Time per Respondent: 0.17 hours.
Total Burden Hours: 2,550 annual burden hours.
Total Burden Cost (capital/startup): $0.
Total Recordkeeping Burden: $0.
Total Burden Cost: $172,700.

Instrument: CSAT User Registration.
Frequency: ``On occasion'' and ``Other.''
Affected Public: Business or other for-profit.
Number of Respondents: 1000 respondents.
Estimated Time per Respondent: 2 hours.
Total Burden Hours: 2,000 hours.
Total Burden Cost (capital/startup): $283,600.
Total Recordkeeping Burden: $0.
Total Burden Cost: $419,000.

Instrument: Identification of Facilities and Assets At Risk.
Frequency: ``On occasion'' and ``Other.''
Affected Public: Business or other for-profit.
Number of Respondents: 211 respondents.
Estimated Time per Respondent: 0.17 hours.
Total Burden Hours: 40 hours.
Total Burden Cost (capital/startup): $34,600.
Total Recordkeeping Burden: $0.
Total Burden Cost: $37,000.

    Dated: April 7, 2016.
Scott Libby,
Deputy Chief Information Officer, National Protection and Programs 
Directorate, Department of Homeland Security.
[FR Doc. 2016-08495 Filed 4-12-16; 8:45 am]
 BILLING CODE 9110-9P-P