[Federal Register Volume 81, Number 242 (Friday, December 16, 2016)]
[Proposed Rules]
[Pages 91336-91401]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2016-28298]



[[Page 91335]]

Vol. 81

Friday,

No. 242

December 16, 2016

Part III

Book 2 of 2 Books

Pages 91335-91642





 Department of Homeland Security





-----------------------------------------------------------------------



Transportation Security Administration



-----------------------------------------------------------------------



49 CFR Ch. XII and Parts 1500, 1520, et al.



Security Training for Surface Transportation Employees and Surface 
Transportation Vulnerability Assessments and Security Plans (VASP); 
Proposed Rules

  Federal Register / Vol. 81 , No. 242 / Friday, December 16, 2016 / 
Proposed Rules  

[[Page 91336]]


-----------------------------------------------------------------------

DEPARTMENT OF HOMELAND SECURITY

Transportation Security Administration

49 CFR Parts 1500, 1520, 1570, 1580, 1582, and 1584

[Docket No. TSA-2015-0001]
RIN 1652-AA55


Security Training for Surface Transportation Employees

AGENCY: Transportation Security Administration, DHS.

ACTION: Notice of proposed rulemaking (NPRM).

-----------------------------------------------------------------------

SUMMARY: The Transportation Security Administration (TSA) is proposing 
to require security training for employees of higher-risk freight 
railroad carriers, public transportation agencies (including rail mass 
transit and bus systems), passenger railroad carriers, and over-the-
road bus (OTRB) companies. Owner/operators of these higher-risk 
railroads, systems, and companies would be required to train employees 
performing security-sensitive functions, using a curriculum addressing 
preparedness and how to observe, assess, and respond to terrorist-
related threats and/or incidents. As part of this rulemaking, TSA would 
also expand its current requirements for rail security coordinators and 
reporting of significant security concerns (currently limited to 
freight railroads, passenger railroads, and the rail operations of 
public transportation systems) to include the bus components of higher-
risk public transportation systems and higher-risk OTRB companies. TSA 
also proposes to make the maritime and land transportation provisions 
of TSA's regulations consistent with other TSA regulations by codifying 
general responsibility to comply with security requirements; 
compliance, inspection, and enforcement; and procedures to request 
alternate measures for compliance. Finally, TSA is adding a definition 
for Transportation Security-Sensitive Materials (TSSM). Other 
provisions are being amended or added, as necessary, to implement these 
additional requirements.
    While TSA will review and consider all comments submitted, TSA 
invites responses to a number of specific questions posed in the 
preamble of the NPRM. See the Comments Invited section under 
SUPPLEMENTARY INFORMATION that follows.

DATES: Submit comments by March 16, 2017.

ADDRESSES: You may submit comments, identified by the TSA docket number 
to this rulemaking, to the Federal Docket Management System (FDMS), a 
government-wide, electronic docket management system, using any one of 
the following methods:
    Electronically: You may submit comments through the Federal 
eRulemaking portal at http://www.regulations.gov. Follow the online 
instructions for submitting comments.
    Mail, In Person, or Fax: Address, hand-deliver, or fax your written 
comments to the Docket Management Facility, U.S. Department of 
Transportation, 1200 New Jersey Avenue SE., West Building Ground Floor, 
Room W12-140, Washington, DC 20590-0001; Fax 202-493-2251. The 
Department of Transportation (DOT), which maintains and processes TSA's 
official regulatory dockets, will scan the submission and post it to 
FDMS.
    See SUPPLEMENTARY INFORMATION for format and other information 
about comment submissions.

FOR FURTHER INFORMATION CONTACT: Harry Schultz (TSA Office of Security 
Policy and Industry Engagement) or Traci Klemm (TSA Office of the Chief 
Counsel) at telephone (571) 227-5563 or email to 
[email protected].

SUPPLEMENTARY INFORMATION: 

Comments Invited

    TSA invites interested persons to participate in this rulemaking by 
submitting written comments, data, or views. We also invite comments 
relating to the economic, environmental, energy, or federalism impacts 
that might result from this rulemaking action. See ADDRESSES above for 
information on where to submit comments.
    With each comment, please identify the docket number at the 
beginning of your comments. TSA encourages commenters to provide their 
names and addresses. The most helpful comments reference a specific 
portion of the rulemaking, explain the reason for any recommended 
change, and include supporting data. You may submit comments and 
material electronically, in person, by mail, or fax as provided under 
ADDRESSES, but please submit your comments and material by only one 
means. If you submit comments by mail or delivery, submit them in an 
unbound format, no larger than 8.5 by 11 inches, suitable for copying 
and electronic filing.
    If you want TSA to acknowledge receipt of comments submitted by 
mail, include with your comments a self-addressed, stamped postcard on 
which the docket number appears. We will stamp the date on the postcard 
and mail it to you.
    TSA will file in the public docket all comments TSA receives, 
except for comments containing confidential information and Sensitive 
Security Information (SSI).\1\ TSA will consider all comments received 
on or before the closing date for comments and will consider comments 
filed late to the extent practicable. The docket is available for 
public inspection before and after the comment closing date.
---------------------------------------------------------------------------

    \1\ ``Sensitive Security Information'' or ``SSI'' is information 
obtained or developed in the conduct of security activities, the 
disclosure of which would constitute an unwarranted invasion of 
privacy, reveal trade secrets or privileged or confidential 
information, or be detrimental to the security of transportation. 
The protection of SSI is governed by 49 CFR parts 15 and 1520.
---------------------------------------------------------------------------

NPRM Specific Questions

    While TSA will review and consider all comments submitted, TSA 
invites responses to the following five specific questions:
    (1) The preferred avenue to submit security training programs to 
TSA, such as through email, secure Web site, or mailing address.
    (2) TSA is proposing to use accumulated days of employment as one 
of the factors triggering whether an employee must be trained and 
requests comment specifically on how to calculate accumulated days and 
to ensure contractors are not used to avoid the requirements of this 
proposed rule.
    (3) The use of previous training to satisfy requirements in the 
proposed rule.
    (4) Options for harmonizing the proposed training schedule with 
existing training schedules and for adding efficiencies with other 
relevant regulatory requirements, including identification of any laws, 
regulations, or orders not identified by TSA that commenters believe 
would conflict with the provisions of the proposed rule.
    (5) Options for ensuring training is effective in the absence of 
proficiency standards. For example, the proposed rule does not 
prescribe conditions for a pass/fail policy that may be associated with 
post-training testing, nor recommending a specified maximum number of 
times that an individual may take a test or evaluation to demonstrate 
knowledge and competency.

Handling of Confidential or Proprietary Information and Sensitive 
Security Information (SSI) Submitted in Public Comments

    Do not submit comments that include trade secrets, confidential 
commercial

[[Page 91337]]

or financial information, or SSI to the public regulatory docket. 
Please submit such comments separately from other comments on the 
rulemaking. Comments containing this type of information must be 
appropriately marked as containing such information and submitted by 
mail to the address listed in FOR FURTHER INFORMATION CONTACT section.
    TSA will not place comments containing SSI in the public docket, 
but will handle them in accordance with applicable safeguards and 
restrictions on access. TSA will hold documents containing SSI, 
confidential business information, or trade secrets in a separate file 
to which the public does not have access, and place a note in the 
public docket that TSA has received such materials from the commenter. 
If TSA determines, however, that portions of these comments may be made 
publicly available, TSA may include a redacted version of the comment 
in the public docket. If TSA receives a request to examine or copy 
information that is not in the public docket, TSA will treat it as any 
other request under the Freedom of Information Act (FOIA) (5 U.S.C. 
552) and FOIA regulation of the Department of Homeland Security (DHS) 
found in 6 CFR part 5.

Reviewing Comments in the Docket

    Please be aware that anyone is able to search the electronic form 
of all comments in any of our dockets by the name of the individual who 
submitted the comment (or signed the comment, if submitted on behalf of 
an association, business, labor union, etc.). You may review the 
applicable Privacy Act Statement published in the Federal Register on 
April 11, 2000 (65 FR 19477) and modified on January 17, 2008 (73 FR 
3316), or you may visit http://DocketsInfo.dot.gov.
    You may review TSA's electronic public docket on the Internet at 
http://www.regulations.gov. In addition, DOT's Docket Management 
Facility provides a physical facility, staff, equipment, and assistance 
to the public. To obtain assistance or to review comments in TSA's 
public docket, you may visit this facility between 9:00 a.m. and 5:00 
p.m., Monday through Friday, excluding legal holidays, or call (202) 
366-9826. This docket operations facility is located in the West 
Building Ground Floor, Room W12-140 at 1200 New Jersey Avenue SE., 
Washington, DC 20590.

Availability of Rulemaking Document

    An electronic copy can be obtained using the Internet by--
    (1) Searching the electronic Federal Docket Management System 
(FDMS) Web page at http://www.regulations.gov;
    (2) Accessing the Government Printing Office's Web page at http://www.gpo.gov/fdsys/browse/collection.action?collectionCode=FR to view 
the daily published Federal Register edition; or accessing the ``Search 
the Federal Register by Citation'' in the ``Related Resources'' column 
on the left, if you need to do a Simple or Advanced search for 
information, such as a type of document that crosses multiple agencies 
or dates.
    In addition, copies are available by writing or calling the 
individual in the FOR FURTHER INFORMATION CONTACT section. Make sure to 
identify the docket number of this rulemaking.

Abbreviations and Terms Used in This Document

AAR--Association of American Railroads
ABA--American Bus Association
Amtrak--National Railroad Passenger Corporation
APTA--American Public Transportation Association
CD--Compact Disc
CCTV--Closed-Circuit Television
CFATS--Chemical Facility Anti-Terrorism Standards
CFATS EAP--Expedited Approval Program for the CFATS program
CFATS RBPS--Risk-Based Performance Standards of the CFATS program
CFATS SSP--Site Specific Plans part of the CFATS program
DHS--Department of Homeland Security
DIF--Difficulty-Importance-Frequency
EOD--Explosives Ordinance Disposal
FMCSA--Federal Motor Carrier Safety Administration
FRA--Federal Railroad Administration
FTA--Federal Transit Administration
GAO--U.S. Government Accountability Office
GCC--Government Coordinating Council
HMR--Hazardous Materials Regulations
HSA--Homeland Security Act of 2002
HTUA--High Threat Urban Area
IED--Improvised Explosive Device
IFR--Interim Final Rule
IRFA--Initial Regulatory Flexibility Analysis
MOU--Memorandum of Understanding
NCTC--National Counterterrorism Center
NSI--Nationwide Suspicious Activity Reporting (SAR) Initiative
OAs--Oversight Agencies
OMB--Office of Management and Budget
OTRB--Over-the-Road Bus
PAG--Transit Policing and Security Peer Advisory Group
PHMSA--Pipeline and Hazardous Materials Safety Administration
PRA--Paperwork Reduction Act of 1995
PTPR--Public Transportation and Passenger Railroads
RFA--Regulatory Flexibility Act of 1980
RIA--Regulatory Impact Analysis
RSC--Rail Security Coordinator
RSSM--Rail Security-Sensitive Material
SBA--Small Business Administration
SCC--Sector Coordinating Council
SMS--Safety Management System
SSI--Sensitive Security Information
TIH--Toxic Inhalation Hazard
TSA--Transportation Security Administration
TSGP--Transit Security Grant Program
TSSM--Transportation Security Sensitive Material
UASI--Urban Area Security Initiative
UMRA--Unfunded Mandates Reform Act of 1995
VBIED--Vehicle-Borne Improvised Explosive Device

Table of Contents

I. Executive Summary
II. Background
    A. Context and Purpose
    B. Statutory Authorities
    C. Rule Organization
III. Proposed Rule
    A. Amendments to Part 1500
    1. General Terms
    2. Transportation Security-Sensitive Materials
    B. Amendments to Part 1503
    C. Amendments to Part 1520
    D. Amendments to Part 1570
    1. Overview of changes and structure
    2. Subpart A--General
    3. Subpart B--Security Programs
    4. Subpart C--Operations
    5. Subpart D--Security Threat Assessments
    E. Security-Sensitive Employees (Sec. Sec.  1580.3, 1582.3, and 
1584.3)
    F. Security Programs--Applicability (Sec. Sec.  1580.301, 
1582.301, and 1584.301)
    1. Freight Railroads
    2. Public Transportation and Passenger Railroads
    3. Over-the-Road Buses
    4. Foreign Owner/Operators
    5. Preemption
    G. Security Program General Requirements (Sec. Sec.  1580.113, 
1582.113, and 1584.113)
    1. Information About the Owner/Operator
    2. Information on How Training Will Be Provided
    3. Ensuring Supervision of Untrained Employees and Providing 
Notice of Changes Affecting Training
    4. Methods for Determining Effectiveness of Training
    5. Relation to Other Training
    H. Security Training and Knowledge for Security-Sensitive 
Employees (Sec. Sec.  1580.115, 1582.115 and 1584.115)
    1. Training Required for Security-Sensitive Employees
    2. Limits on Use of Untrained Employees
    3. Knowledge Required
    I. Other Security Training Programs
    1. Federal Railroad Administration Safety Training Requirements
    2. Federal Transit Administration Safety Requirements
    3. OTRB Safety Requirements
    4. Hazardous Materials Regulations
    a. Overlap With DOT Regulations Regarding Transportation of 
Hazardous Materials
    b. Inspections and Enforcement
    c. Overlap With Other DHS Regulations
    J. Training Resources
    K. Programmatic Alternatives

[[Page 91338]]

IV. Stakeholder Consultations
    A. Multi-Modal Outreach
    B. Freight Rail
    C. Public Transportation and Passenger Rail
    D. Over-the-Road Buses
    E. Labor Unions
V. Rulemaking Analyses and Notices
    A. Paperwork Reduction Act
    B. Economic Impact Analyses
    1. Regulatory Impact Analysis Summary
    2. Executive Orders 12866 and 13563 Assessments
    3. OMB A-4 Statement
    4. Alternatives Considered
    5. Regulatory Flexibility Assessment
    6. International Trade Impact Assessment
    7. Unfunded Mandates Assessment
    C. Executive Order 13132, Federalism
    D. Environmental Analysis
    E. Energy Impact Analysis

I. Executive Summary

Purpose of the Regulatory Action

    The purpose of this proposed rule is to solidify the enhanced 
baseline of security for higher-risk surface transportation operations 
by improving and sustaining the capability of employees to observe, 
assess, and respond to security risks and potential security breaches. 
These critical capabilities include identifying, reporting, and 
appropriately reacting to suspicious activity, suspicious items, 
dangerous substances, and security incidents that may be associated 
with terrorist reconnaissance, preparation, or action. The proposed 
requirements specifically apply to training employees performing 
security-sensitive job functions for higher-risk public transportation 
systems, railroad carriers (passenger and freight), and OTRB owner/
operators. Preparing and training these employees to observe, assess, 
and respond to anomalies, threats, and incidents within their unique 
working environment may be the critical point for preventing a 
terrorist act and mitigating the consequences.
    Since its creation following the attacks of September 11, 2001, TSA 
has had statutory authority to assess a security risk for any mode of 
transportation, develop security measures for dealing with that risk, 
and enforce compliance with those measures.\2\ This includes broad 
regulatory authority, which enables TSA to issue, rescind, and revise 
regulations as necessary to carry out its transportation security 
functions.\3\ As part of the Implementing Recommendations of the 9/11 
Commission Act of 2007 (9/11 Act),\4\ Congress mandated that DHS use 
its authority to issue regulations and included in the statute minimum 
requirements for employees to be trained, subjects of training, and 
procedures for the submission and approval of training programs.\5\ As 
part of this mandate, the 9/11 Act also requires higher-risk railroads 
and OTRBs to appoint security coordinators.\6\ This NPRM would propose 
to implement those provisions.
---------------------------------------------------------------------------

    \2\ See Section 101 of the Aviation and Transportation Security 
Act (ATSA), Public Law 107-71, 115 Stat. 597 (Nov. 19, 2001), 
codified at 49 U.S.C. 114 (ATSA created TSA and established the 
agency's primary federal role to enhance security for all modes of 
transportation). Section 403(2) of the Homeland Security Act of 2002 
(HSA), Public Law 107-296, 116 Stat. 2135 (Nov. 25, 2002), 
transferred all functions related to transportation security, 
including those of the Secretary of Transportation and the Under 
Secretary of Transportation for Security, to the Secretary of 
Homeland Security. Pursuant to DHS Delegation Number 7060.2, the 
Secretary delegated to the Administrator, subject to the Secretary's 
guidance and control, the authority vested in the Secretary with 
respect to TSA, including that in sec. 403(2) of the HSA.
    \3\ 49 U.S.C. 114(l)(1).
    \4\ Public Law 110-53, 121 Stat. 266 (Aug. 3, 2007).
    \5\ See secs. 1408, 1517, and 1534 of the 9/11 Act, codified at 
6 U.S.C. 1137, 1167, and 1184, respectively. For the remainder of 
this NPRM, TSA will refer to the codified section numbers.
    \6\ See secs. 1512 and 1181 of the 9/11 Act, codified at 6 
U.S.C. 1162 and 1181, respectively. TSA addresses 6 U.S.C 
1162(e)(1)(A) and 1181(e)(1)(A) in this rulemaking. TSA intends to 
address the other regulatory requirements of these provisions in 
separate rulemakings.
---------------------------------------------------------------------------

Summary of the Major Provisions

    As discussed in section III.F. of this NPRM, TSA is proposing to 
apply the requirements to higher-risk operations, based on mode-
specific assessments of risk. Based on these assessments, the 
requirements would apply to:
     Class I freight railroad carriers, railroads transporting 
Rail Security-Sensitive Materials (RSSMs) through identified High 
Threat Urban Areas (HTUAs) (applying those terms as defined in current 
49 CFR 1580.3), and railroads that host other higher-risk rail 
operations. This would cover approximately 36 railroads.
     Public transportation and passenger railroads (PTPRs) 
operating in the eight regions with the highest transit-specific risk. 
This would cover approximately 46 systems.
     The National Railroad Passenger Corporation (Amtrak), an 
intercity passenger railroad.
     OTRB owner/operators providing fixed-route service (also 
referred to as regular route or scheduled service) to/through/from the 
highest-risk urban areas. This would cover approximately 202 OTRB 
owner/operators.
    This NPRM proposes requiring the entities listed above to:
     Develop security training programs to enhance and sustain 
the capability of their security-sensitive employees to observe, 
assess, and respond to security incidents as well as to have the 
training necessary to implement their specific responsibilities in the 
event of a security incident.
     Submit the required security training program to TSA for 
review and approval.
     Implement the security training program and ensure all 
existing and new security-sensitive employees complete the required 
security training within the specified timeframes for initial and 
recurrent training.
     Maintain records demonstrating compliance and make the 
records available to TSA upon request for inspection and copying.
     Appoint security coordinators and alternates-who will be 
accessible to TSA 24 hours per day, 7 days per week-and transmit 
contact information for those individuals to TSA (an extension of 
current 49 CFR part 1580 requirements).
     Report significant security incidents or concerns to TSA 
(an extension of current 49 CFR part 1580 requirements).
     Review and update security training programs as necessary 
to address changing security measures or conditions.
    The proposed rule would also amend 49 CFR part 1500 to streamline 
definitions for TSA's regulation and would add a definition of 
Transportation Security-Sensitive Materials (TSSMs). Proposed revisions 
to 49 CFR parts 1503 and 1520 would conform references and provisions 
related to enforcement and handling of SSI to the expanded scope of 
security requirements in the proposed rule.
    The most significant proposed revisions are found in subchapter D 
of chapter XII of title 49. This subchapter would be retitled 
``Maritime and Surface Transportation Security,'' reorganized, and 
expanded to include the proposed security program requirements. The 
general rules for subchapter D would continue to be in part 1570, but 
reorganized and expanded to address the new requirements proposed in 
this rule. This NPRM also proposes to add a new section (1570.7) to 
make it clear that owner/operators, employees, contractors, and other 
persons can be held liable for violating TSA's regulations. A similar 
provision is part of TSA's aviation-related regulations and adding it 
to subchapter D ensures consistency in enforcement across all modes of 
transportation. This provision is further discussed in section III.D.2 
of this NPRM.
    Some provisions currently limited to railroads under part 1580 
would be

[[Page 91339]]

moved and revised to address the additional modes, such as provisions 
related to ``compliance, inspection, and enforcement.'' This 
necessitates reorganization and minor revisions to current part 1580. 
The impact of the proposed rule on the organization and scope of 
current 49 CFR part 1580 is discussed in section II.C. of this NPRM. 
The following table (Table 1) provides a summary of the requirements 
and their applicability (distinguishing between current requirements/
applicability and proposed requirements/applicability).

                                                        Table 1--Summary of Proposed Requirements
    [Current 49 CFR part 1580 requirements incorporated into this NPRM are indicated with an ``X''; proposed requirements are indicated with a ``P'']
--------------------------------------------------------------------------------------------------------------------------------------------------------
                                                                                         Protecting                        Reporting
                                                                        Inspection       sensitive         Security         security
                                                                     authority (Sec.      security       coordinator    incidents (Sec.      Security
                                                                          1570.9)       information         (Sec.           1570.203)      training \1\
                                                                                        (part 1520)       1570.201)
--------------------------------------------------------------------------------------------------------------------------------------------------------
Freight railroad carriers..........................................               X                X                X                X                P
Rail hazardous materials shippers..................................               X                X                X                X   ...............
Rail hazardous materials receivers in HTUAs........................               X                X                X                X   ...............
Owner/operators of private rail cars...............................               X                X                X                X   ...............
Host railroads of freight or PTPR rail operations within scope of                 X                X                X                X                P
 rule..............................................................
PTPR operating rail transit systems on general railroad system,                   X                X                X                X            \2\ P
 intercity passenger train service, and commuter train services....
PTPR operating rail transit systems not part of general railroad                  X                X                X                X            \2\ P
 system............................................................
Tourist, scenic, historic, and excursion rail owner/operators......               X                X                X                X   ...............
PTPR operating bus transit or commuter bus systems in designated                  P                P                P                P                P
 areas.............................................................
OTRB owner/operators providing fixed-route service in designated                  P                P                P                P                P
 areas.............................................................
--------------------------------------------------------------------------------------------------------------------------------------------------------
\1\ 49 CFR part 1570, Subpart B (Security Programs); 49 CFR part 1580, Subpart B--Employee Security Training (freight railroads); 49 CFR part 1582,
  Subpart B--Employee Security Training (PTPR); and 49 CFR part 1584, Subpart B--Employee Security Training (OTRBs).
\2\ If Amtrak, or listed in proposed part 1582, Appendix A (a public transportation system, or part of a public transportation system).

Costs and Benefits

    TSA estimates the overall cost of this proposed rule is $157.27 
million over 10 years discounted at 7 percent. TSA estimates the cost 
of this proposed rule by the 4 affected parties (all costs are 10 years 
at 7 percent): For freight railroads the rule would cost a total of 
$90.74 million, for PTPR the cost is $53.14 million, for OTRB the cost 
is $12.08 million, and for TSA the cost is $1.31 million.
    The proposed rule, if finalized, would enhance surface 
transportation security by reducing vulnerability to terrorist attacks 
in four different ways. First, the surface transportation employees in 
each of the three covered modes would be trained to identify security 
vulnerabilities. Second, these surface transportation employees would 
be better trained to recognize potentially threatening behavior and 
properly report that information. Third, these surface employees would 
be trained to respond to incidents, thereby mitigating the consequences 
of an attack. Finally, the covered surface transportation owner/
operators would be required to report significant security concerns to 
TSA so that TSA can analyze potential threats across all modes.
    This analysis reflects information obtained through a Notice 
published in the Federal Register in 2013 \7\ (2013 Notice). Through 
that Notice, TSA requested data needed to provide a more accurate 
understanding of the existing baseline and potential costs associated 
with the proposed rule. In particular, TSA requested information 
regarding programs currently implemented--whether as a result of 
regulatory requirements, grant requirements, in anticipation of a rule, 
voluntary, or otherwise--and the costs associated with those training 
programs.
---------------------------------------------------------------------------

    \7\ 78 FR 35945 (June 14, 2013).
---------------------------------------------------------------------------

II. Background

A. Context and Purpose

    Surface transportation systems--including public transportation 
systems, intercity and commuter passenger railroads, freight railroads, 
intercity buses, and related infrastructure--are vital to our economy 
and essential to national security.\8\ The potential for a terrorist 
attack exists at each stage of moving people, goods, and services 
throughout the Nation.
---------------------------------------------------------------------------

    \8\ Surface Transportation and Rail Security Act of 2007, report 
of the Senate Committee on Commerce, Science, and Transportation at 
2 (S. Rept. 110-29, Mar. 1, 2007), quoting Executive Order (E.O.) 
13416 (Dec. 5, 2006), published at 71 FR 71033 (Dec. 7, 2006).
---------------------------------------------------------------------------

    Recent attacks indicate the risk of terrorist attack to surface 
transportation. On August 21, 2015, there was an attempted mass 
shooting on a packed high-speed train bound for Paris from 
Amsterdam.\9\ Metropolitan Police treated a December 5, 2015, knife 
attack in a London public transportation station as a terrorist 
incident.\10\ There have been other documented terrorist attacks 
targeting surface transportation, including the attack in Madrid, 
Spain, on March 11, 2004, in which terrorists attacked four commuter 
trains using 10 improvised explosive devices (IED) that exploded near-
simultaneously and resulted in the deaths of 191 people and injury to 
more than 1,800 people.\11\ In July 2005, four coordinated suicide 
bombings occurred, three on separate trains through London Underground 
stations and the fourth on a double-

[[Page 91340]]

decker bus, killed 52 people.\12\ In July 2008, a group linked to 
Lashkar-e-Tayyiba attacked Mumbai's Western Railway Line with seven 
IEDs during evening commute hours, killing 183 people.\13\ In November 
2008, this group committed another coordinated attack that included 
shooting and bombing operations at several targets--including a train 
station--and killed a total of 164 people.\14\ More recently, U.S. news 
media reported that the Federal Bureau of Investigation (FBI) uncovered 
a plot to attack the PATH commuter rail system serving New York and New 
Jersey in mid-2006.\15\ These previous events highlight the magnitude 
of the deadly consequences that an attack on surface transportation 
could have.
---------------------------------------------------------------------------

    \9\ See Michael Birnbaum, ``A change of seats for 3 Americans 
led to saved lives on Paris-bound train,'' Washington Post (Aug. 24, 
2015), available at https://www.washingtonpost.com/world/as-french-train-suspect-is-interrogated-questions-mount-on-europes-security/2015/08/23/088ff2fe-4923-11e5-9f53-d1e3ddfd0cda_story.html.
    \10\ See BBC, ``Leytonstone Tube station stabbing a `terrorist 
incident' '' (Dec. 6, 2015), available at http://www.bbc.com/news/uk-35018789.
    \11\ Encyclopedia Britannica, ``Madrid train bombings of 2004'' 
(May 19, 2013), available at http://www.britannica.com/event/Madrid-train-bombings-of-2004.
    \12\ CNN, ``July 7 2005 London Bombings Fast Facts'' (updated 
June 29, 2016, 9:44 a.m.), available at http://www.cnn.com/2013/11/06/world/europe/july-7-2005-london-bombings-fast-facts/.
    \13\ Bureau of Diplomatic Security, ``India 2013 Crime and 
Safety Report: Mumbai'' (March 5, 2013), available at https://www.osac.gov/pages/ContentReportDetails.aspx?cid=13701.
    \14\ CNN, ``Mumbai Terror Attacks Fast Facts'' (updated Nov. 4, 
2015, 11:57 a.m.), available at http://www.cnn.com/2013/09/18/world/asia/mumbai-terror-attacks/.
    \15\ Mary Frost, ``NYC subways targeted in ISIS terror plot--
NYPD, FBI evaluating threat level,'' Brooklyn Daily Eagle (Sept. 25, 
2014), available at http://www.brooklyneagle.com/articles/2014/9/25/nyc-subways-targeted-isis-terror-plot-nypd-fbi-evaluating-threat-level.
---------------------------------------------------------------------------

    As part of its ongoing communications with stakeholders, TSA has 
alerted owner/operators affected by this proposed rule to 
transportation-related threats and has worked with many of them to 
review and recognize potential vulnerabilities to their operations. The 
impact that security training can have on these operations was 
recognized by Congress when it mandated, and provided detailed 
requirements for, security training regulations as part of the 9/11 
Act.\16\
---------------------------------------------------------------------------

    \16\ Public Law 110-53, 121 Stat. 266 (Aug. 3, 2007).
---------------------------------------------------------------------------

    TSA recognizes that the owner/operators of surface transportations 
systems, both public and private, are principally responsible for the 
safety and security of the people using their services. As noted in 
Presidential Policy Directive/PPD-21, ``Critical Infrastructure 
Security and Resilience:''

    The Nation's critical infrastructure is diverse and complex. It 
includes distributed networks, varied organizational structures and 
operating models (including multinational ownership), interdependent 
functions and systems in both the physical space and cyberspace, and 
governance constructs that involve multi-level authorities, 
responsibilities, and regulations. Critical infrastructure owners 
and operators are uniquely positioned to manage risks to their 
individual operations and assets, and to determine effective 
strategies to make them more secure and resilient.\17\
---------------------------------------------------------------------------

    \17\ PPD-21 (Feb. 12, 2013) (emphasis added).

Surface transportation employees--the people who provide and support 
these services--are a critical resource for protecting passengers and 
the transportation infrastructure.
    As a result of TSA's programmatic efforts, as well as awareness of 
the requirements of the 9/11 Act, many owner/operators of higher-risk 
surface transportation operations have voluntarily implemented security 
training programs that address some of the requirements of this 
proposed rule. As noted in the economic analysis for this rulemaking, 
however, the private market may not provide adequate incentives for 
owner/operators to make a socially optimal investment in the full range 
of measures that would reduce the probability of a successful terrorist 
attack based on the economics of externalities. (Externalities are 
costs or benefits from an economic transaction experienced by parties 
``external'' to the transaction.) Specifically, for surface mode owner/
operators, the total consequences of an attack or other security 
incident to society may be greater than what would be suffered by the 
individual owner/operator of the infrastructure or facility.
    Without ignoring the voluntary efforts of owner/operators to 
increase the baseline of their security, including by providing 
security training, TSA also recognizes a firm normally would not choose 
to make an investment in security over its privately optimal amount in 
a competitive market place, since such an investment would increase the 
firm's cost of production, placing it at a disadvantage when competing 
with companies that have not chosen to make a similar investment in 
security.
    Focusing on the higher-risk operations and frontline employees 
(defined in the rule as those performing security-sensitive functions), 
this proposed rule would close gaps in the scope or breadth of training 
provided as part of voluntary efforts. To the extent resource and 
economic considerations could cause this voluntary commitment to abate 
in the future, this proposed rule, when finalized, should solidify 
these efforts and commitment to security training.
    Thus, the purpose of this proposed rule is to solidify a baseline 
of security training for surface transportation by enhancing and 
sustaining the capability of frontline employees for higher-risk public 
transportation systems, railroad carriers (passenger and freight), and 
OTRB owner/operators to observe, assess, and respond to security risks 
and potential security breaches. These critical capabilities include 
identifying, reporting, and appropriately reacting to suspicious 
activity, suspicious items, dangerous substances, and security 
incidents that may be associated with terrorist reconnaissance, 
preparation, or action. An employee who is prepared and trained to 
observe, assess, and respond may be the critical point for preventing a 
terrorist act.
    Security awareness training is an important and effective tool to 
enhance an employee's ability to detect and deter attacks by terrorists 
or others--particularly those with malicious intent to target surface 
transportation or use vehicles as delivery systems for weapons of mass 
destruction. Well-trained employees can serve as security force-
multipliers. Their familiarity with the facilities and operating 
environments of their specific transportation systems makes them 
especially effective at recognizing situations and conditions that may 
pose a threat to the safety and security of passengers, cargo, and 
transportation infrastructure.
    Employees who are prepared to execute their security-related 
responsibilities and trained to observe, assess, and respond bring an 
informed vigilance to their daily responsibilities. They are more 
capable of identifying and making timely reports to support inquiry by 
law enforcement and security personnel, increasing the potential for 
detection or disruption of terrorist planning, preparations, and 
observations. In the event an incident does occur, employees who 
understand their roles and responsibilities under the owner/operator's 
security planning and response documents are better prepared to 
initiate timely responsive actions to mitigate consequences and work 
with first responders.
    This rulemaking is part of TSA's commitment to risk-based security 
and how it implicates policy decisions, resource commitments, and 
expectations. Passengers traveling through a higher-risk area or system 
(whether by bus or train) should be able to expect the same level of 
security regardless of the carrier. Communities in HTUAs should expect 
that the freight trains carrying RSSM \18\ are operated by employees 
with a common baseline of security training, regardless of who owns or 
operates the train. The result is

[[Page 91341]]

a proposed rule that bases applicability primarily on the location 
where the transportation is operated (rather than constructs of 
ownership) and scope of employees to be trained on the functions they 
perform (rather than titles in position descriptions).
---------------------------------------------------------------------------

    \18\ As previously noted, TSA is not proposing to modify these 
terms as defined in current 49 CFR 1580.3.
---------------------------------------------------------------------------

    For these reasons, TSA proposes this regulation requiring owner/
operators to implement employee security training programs for 
employees serving in security-sensitive positions in higher-risk 
operations. TSA explains aspects of the proposed rule more fully in 
section III of this NPRM.

B. Statutory Authorities

    The security of the Nation's transportation systems is vital to the 
economic health and security of the United States. Ensuring 
transportation security while promoting the movement of legitimate 
travelers and commerce is a critical counter-terrorism mission assigned 
to TSA.
    Since its creation following the attacks of September 11, 2001, TSA 
has had broad statutory authority to assess a security risk for any 
mode of transportation, develop security measures for dealing with that 
risk, and enforce compliance with those measures.\19\ This includes 
broad regulatory authority, which enables TSA to issue, rescind, and 
revise regulations as necessary to carry out its transportation 
security functions.\20\
---------------------------------------------------------------------------

    \19\ See supra, n. 2.
    \20\ 49 U.S.C. 114(l)(1).
---------------------------------------------------------------------------

    Congress has determined that a regulation is necessary for owner/
operators of public transportation systems, passenger railroads, 
freight railroads, and OTRBs to provide security training to their 
frontline employees. As part of the 9/11 Act,\21\ Congress mandated 
that DHS use its authority to issue regulations and included in the 
statute minimum requirements for employees to be trained, subjects of 
training, and procedures for the submission and approval of training 
programs.\22\ This NPRM proposes to implement these provisions.
---------------------------------------------------------------------------

    \21\ Public Law 110-53, 121 Stat. 266 (Aug. 3, 2007).
    \22\ See 6 U.S.C. 1137, 1167, and 1184.
---------------------------------------------------------------------------

    The 9/11 Act includes a requirement to include ``[l]ive situational 
training exercises'' as part of its security training regulations.\23\ 
As part of the Homeland Security Exercise and Evaluation Program 
(HSEEP), DHS describes the benefit of exercises ``to test and validate 
plans and capabilities.'' \24\ While testing the effectiveness of 
training is important, the HSEEP focuses on the need to test 
effectiveness of the overall plan--a process that reveals any 
weaknesses in training. TSA has determined the intent of requiring 
exercises would be better met if owner/operators were required to test 
the effectiveness of their security plans--which would include testing 
employee understanding and capabilities related to their roles, 
responsibilities, protocols, and procedures. Therefore, TSA has decided 
to address this element in a separate rulemaking that will meet related 
9/11 Act provisions for security planning.\25\
---------------------------------------------------------------------------

    \23\ See 6 U.S.C. 1137(c)(7), 1167(c)(8), and 1184(c)(8).
    \24\ See DHS, ``Homeland Security Exercise and Evaluation 
Program (HSEEP)'' (April 2013), available at https://www.fema.gov/media-library-data/20130726-1914-25045-8890/hseep_apr13_.pdf.
    \25\ See requirements in 6 U.S.C. 1134 (public transportation), 
1162 (railroads), and 1181 (OTRBs).
---------------------------------------------------------------------------

    Finally, the 9/11 Act also requires DHS to define the term 
``security-sensitive material'' as it relates to materials transported 
in commerce that pose ``a significant risk to national security . . . 
due to the potential use of the material in an act of terrorism.'' \26\ 
The 9/11 Act states that the term must include specific, identified 
materials.\27\ TSA has previously identified ``security-sensitive 
materials'' transported by freight railroad carriers as ``Rail 
Security-Sensitive Materials'' (RSSM).\28\ As further discussed in 
section III.A.2 of this NPRM, TSA is proposing materials to be 
identified as ``Transportation Security-Sensitive Materials (TSSM).''
---------------------------------------------------------------------------

    \26\ 6 U.S.C. 1151(13).
    \27\ Materials to be included are Class 7 radioactive materials, 
Division 1.1, 1.2, or 1.3 explosives, materials poisonous or toxic 
by inhalation, including Division 2.3 gases and Division 6.1 
materials, and select agents or toxins regulated by the Centers for 
Disease Control and Prevention under 42 CFR part 73.
    \28\ See 49 CFR 1580.3 and 1580.100(b).
---------------------------------------------------------------------------

C. Rule Organization

    Implementing requirements in the 9/11 Act for surface 
transportation regulations necessitates making other changes to TSA's 
regulations found in title 49 of the CFR. Some of these changes are 
technical revisions or additions, such as consolidating definitions 
used in multiple parts of TSA's regulations into part 1500 and adding 
cross-references to the new regulatory requirements as relevant for 
investigations (part 1503) and protection of SSI (part 1520).
    The most significant changes are to subchapter D, which TSA 
proposes to rename ``Maritime and Surface Transportation Security.'' 
Subchapter D currently contains requirements related to security threat 
assessments (STAs) (parts 1570 and 1572) and rail security (1580). TSA 
is proposing to significantly reorganize and augment parts 1570 and 
1580, and add parts 1582 (PTPR) and 1584 (Highway and Motor Carriers).
    Many portions of the proposed rule are common to PTPR, freight, and 
OTRB operations. These are included in 49 CFR part 1570. Eliminating 
duplication of these requirements across multiple sections of TSA's 
regulations reduces unintended inconsistencies, both now and over time 
to the extent there are any amendments made to these regulations in the 
future. Because of these modifications, other organizational changes 
are being made to part 1570--including moving definitions that have 
applicability across multiple parts of TSA's regulations to part 1500 
(discussed more fully in part III.A of this NPRM) and consolidating 
provisions related to security threat assessments into a new subpart D. 
The STA provisions are being moved but are otherwise unmodified. As a 
result, the substance of these provisions is not part of this notice 
and comment rulemaking.
    TSA includes proposed requirements adapted to reflect the unique 
aspects of each mode in mode-specific parts of 49 CFR Chapter XII, 
Subchapter D--Maritime and Surface Transportation Security. Part 1580 
would be revised to focus on freight railroads. Sections in current 
part 1580 applicable to PTPR systems would be moved to a new part 1582. 
TSA also proposes creating a new part 1584, which would include the 
requirements for OTRB.
    With the exception of the following, provisions of current 49 CFR 
part 1580, Rail Transportation Security, applicable to freight 
railroads would be reorganized without substantive change. TSA proposes 
to move some provisions to part 1570--this revision would include the 
security coordinator and reporting requirements (which are being 
updated and clarified, and extended to include higher-risk buses).\29\ 
Other provisions, such as ``chain of custody'' provisions for RSSMs, 
would be reorganized within part 1580 because of this proposed rule. 
Finally, current Appendix A to part 1580 would be modified to remove 
outdated references. Table 2 provides a distribution table for changes 
to current 49 CFR part 1580. To the extent sections are being moved, 
but not revised, they are not part of this notice and comment 
rulemaking.
---------------------------------------------------------------------------

    \29\ These modifications are discussed in section III.C. of this 
NPRM.

[[Page 91342]]



              Table 2--49 CFR Part 1580 Distribution Table
------------------------------------------------------------------------
              Former section                       New section(s)
------------------------------------------------------------------------
1580.1....................................  1570.1, 1580.1, and 1582.1.
1580.3....................................  1570.3, 1580.3, and 1582.3.
1580.5....................................  1570.9.
1580.100..................................  1500.3, 1580.101.
1580.101..................................  1570.201.
1580.103..................................  1580.203.
1580.105..................................  1570.203.
1580.107..................................  1580.205.
1580.109..................................  1580.5 and 1582.5.
1580.111..................................  1580.207.
1580.200..................................  1582.101.
1580.201..................................  1570.201.
1580.203..................................  1570.203.
------------------------------------------------------------------------

III. Proposed Rule

A. Amendments to Part 1500

1. General Terms
    Consistent with the proposed rule's organization, TSA includes 
proposed definitions for terms relevant to several subchapters of TSA 
regulations, beyond the requirements of subchapter D, in part 1500. 
Terms relevant to several parts of subchapter D would be added to Sec.  
1570.3. Terms uniquely relevant to each mode would be included in the 
relevant parts (part 1580 (freight), part 1582 (PTPR), and part 1584 
(OTRB)).
    Many of the proposed definitions are identical, or nearly 
identical, to definitions codified in current 49 CFR part 1580. Some 
definitions are taken from the 9/11 Act. Other definitions are derived 
from existing Federal regulatory programs, particularly programs 
administered by DOT. A few definitions are based on industry sources. 
TSA's purpose is to use existing definitions that regulated parties are 
familiar with to the extent that the definitions are consistent with 
the 9/11 Act and the purposes of this NPRM. Where no existing 
definition is appropriate, TSA's subject matter experts developed the 
definition based upon the generally accepted and known use of terms 
within each of the modes subject to this proposed regulation. Table 3 
provides additional information on the terms that would be added to 
part 1500.

         Table 3--Explanation of Proposed Terms and Definitions
------------------------------------------------------------------------
           Summary of change                       Explanation
------------------------------------------------------------------------
Propose modifying definition of          This term is used in proposed
 ``Administrator''.                       sections regarding procedures
                                          for requesting alternative
                                          measures or challenges to
                                          required modifications. The
                                          definition is being updated to
                                          reflect TSA's transition to a
                                          DHS component.
Propose adding a definition for          This term is used in the
 ``Authorized representative''.           definition of ``Employee.'' It
                                          is intended to ensure that any
                                          ``authorized representatives''
                                          performing security-sensitive
                                          functions for an owner/
                                          operator receives the required
                                          security training, even if
                                          they are not considered a
                                          direct employee. More
                                          information can be found in
                                          the discussion of employees
                                          required to be trained in
                                          preamble section III.E.
Propose adding a definition for ``Bus''  This term is used in several
                                          other terms defined in this
                                          proposed rule. TSA's review of
                                          DOT regulations identified
                                          several definitions for this
                                          term. The definition developed
                                          by TSA for the purposes of
                                          subchapter D is a composite of
                                          DOT's definitions adopted for
                                          TSA's purposes. While it is a
                                          broad definition on its own,
                                          the other terms in which it is
                                          used limit its application.
Propose adding a definition of ``Bus     This term is used as part of
 transit system''.                        the scope of what is intended
                                          by, and included within, the
                                          definition of public
                                          transportation. Consistent
                                          with the scope of other
                                          commuter transit systems, the
                                          definition is based upon an
                                          explanation of what
                                          constitutes ``urban rapid
                                          transit service'' in 49 CFR
                                          part 209, Appendix A.
Propose adding a definition for          This term is used as part of
 ``Commuter bus system''.                 the scope of what is intended
                                          by, and included within, the
                                          definition of public
                                          transportation. Consistent
                                          with the scope of other
                                          commuter transit systems, the
                                          definition is based upon the
                                          Federal Railroad
                                          Administration's (FRA's)
                                          explanation of ``commuter
                                          service'' for rail in 49 CFR
                                          part 209, and the Federal
                                          Motor Carrier Safety
                                          Administration's (FMCSA's)
                                          definition of ``commuter
                                          service'' in 49 CFR
                                          374.303(g).
As part of reorganization of current 49  This term is used as part of
 CFR part 1580, propose moving            the scope of what is intended
 definition of ``Commuter passenger       by, and included within, the
 train service'' from 49 CFR 1580.3.      definition of public
                                          transportation.
Propose moving definition of ``DHS''     This term has general
 from 49 CFR 1520.3.                      applicability to several parts
                                          of TSA's regulations beyond
                                          the provisions in 49 CFR part
                                          1520.
Propose moving definition of ``DOT''     This term has general
 from 49 CFR 1520.3.                      applicability to several parts
                                          of TSA's regulations beyond
                                          the provisions in 49 CFR part
                                          1520.
Proposed adding definition for ``Fixed-  Used within the scope of OTRB
 route service''.                         owner/operators subject to the
                                          proposed regulation (see
                                          proposed 49 CFR 1570.101 and
                                          1584.1), this term is based on
                                          the definition of a fixed-
                                          route system found in 49 CFR
                                          37.3.
Propose moving definition of ``General   Part of reorganization of
 railroad system of transportation''      current 49 CFR part 1580. This
 from 49 CFR 1580.3.                      proposed rule does not change
                                          the definition.
Propose moving definition of             Part of reorganization of
 ``Hazardous Material'' from 49 CFR       current 49 CFR part 1580. This
 1580.3.                                  proposed rule does not change
                                          the definition.
Propose moving definition of ``Heavy     Part of reorganization of
 rail transit'' from 49 CFR 1580.3.       current 49 CFR part 1580. This
                                          proposed rule does not change
                                          the definition.
Propose adding a definition of ``Host    This term, which is consistent
 railroad''.                              with the definition in 49 CFR
                                          236.1003, is used within the
                                          scope of this proposed rule
                                          relating to operations by
                                          railroad carriers. More
                                          information can be found in
                                          the preamble discussion in
                                          section III.F.1.

[[Page 91343]]

 
Propose moving definition of             Part of reorganization of
 ``Improvised explosive device (IED)''    current 49 CFR part 1580. This
 from 49 CFR 1580.3.                      proposed rule does not change
                                          the definition.
Propose moving definition of             Part of reorganization of
 ``Intercity passenger train service''    current 49 CFR part 1580. This
 from 49 CFR 1580.3.                      proposed rule does not change
                                          the definition.
Propose moving definition of ``Light     Part of reorganization of
 rail transit'' from 49 CFR 1580.3.       current 49 CFR part 1580. This
                                          proposed rule does not change
                                          the definition.
Propose adding a definition of ``Motor   Used throughout this proposed
 vehicle''.                               rule, TSA has determined that
                                          there is no consistent
                                          definition of ``motor
                                          vehicle'' within federal
                                          regulations. TSA has reviewed
                                          various DOT regulations and
                                          relies primarily on 49 CFR
                                          390.5 for this definition as
                                          most applicable to this
                                          proposed regulation, choosing
                                          a definition that is inclusive
                                          with limitations provided in
                                          the relevant applicability
                                          sections.
Propose adding a definition for ``Over-  This term, the definition of
 the-Road Bus (OTRB)''.                   which is consistent with 6
                                          U.S.C. 1151(4), is used within
                                          other definitions and the
                                          scope of this proposed rule
                                          relating to over-the-road bus
                                          owners. More information can
                                          be found in the preamble
                                          discussion in section III.F.3.
Propose moving definition of ``owner/    Used in other definitions and
 operator'' from 49 CFR 1570.3 and        throughout the proposed rule,
 modifying to eliminate cross-reference   the definition of this term is
 to title 33 of the CFR.                  a modification of the current
                                          definition of ``owner/
                                          operator'' that affects 49
                                          CFR, subchapter D. The
                                          modifications remove outdated
                                          references to make it the term
                                          appropriate for the broader
                                          scope of transportation
                                          regulated by TSA.
Propose moving definition of             Part of reorganization of
 ``Passenger car'' from 49 CFR 1580.3     current 49 CFR part 1580. TSA
 and adding ``rail'' to the term to       is proposing to insert the
 read, ``passenger rail car''.            word ``rail'' between
                                          ``passenger'' and ``car'' to
                                          avoid any confusion between
                                          rail and motor vehicle
                                          conveyances.
Propose adding a definition of           Used both in the scope of
 ``Passenger railroad carrier''.          proposed subpart B of 49 CFR
                                          part 1570 (Security
                                          Coordinator and Reporting
                                          Requirements) and the scope of
                                          the training rule (proposed 49
                                          CFR part 1582), this term is
                                          also used in the context of
                                          host railroad operations. More
                                          information can be found in
                                          the discussion in III.F.2. The
                                          definition is based on the
                                          definition for this term found
                                          in 49 CFR 239.7.
Propose moving definition of             Part of reorganization of
 ``Passenger train'' from 49 CFR 1580.3.  current 49 CFR part 1580. This
                                          proposed rule does not change
                                          the definition.
Propose moving definition of ``Private   Part of reorganization of
 rail car'' from 49 CFR 1580.3.           current 49 CFR part 1580. This
                                          proposed rule does not change
                                          the definition.
Propose adding a definition of ``Public  Used within other terms, this
 transportation''.                        definition is based primarily
                                          on 49 U.S.C. 5302(14). Where
                                          the statute uses a definition
                                          that is characterized by what
                                          is excluded, TSA's definition
                                          focuses on what is included.
Propose adding a definition of ``Public  This term is used to define the
 transportation agency''.                 scope of owner/operators
                                          subject to the proposed rule.
                                          See proposed subpart B to 49
                                          CFR parts 1570 and 1582. See
                                          also the preamble discussion
                                          in section III.F.2 for more
                                          information. (The 9/11 Act
                                          defines a ``public
                                          transportation agency'' as a
                                          publicly owned operator of
                                          public transportation eligible
                                          to receive Federal assistance
                                          under Chapter 53 of Title 49,
                                          United States Code.''). TSA
                                          reviewed the requirements of
                                          that statute in developing
                                          this definition. As noted
                                          above, the definition of
                                          ``public transportation'' is
                                          based on 49 U.S.C. 5302(14).
Propose moving definition of ``Rail      Part of reorganization of
 hazardous materials receiver'' from 49   current 49 CFR part 1580. This
 CFR 1580.3.                              proposed rule does not change
                                          the definition.
Propose moving definition of ``Rail      Part of reorganization of
 hazardous materials shipper'' from 49    current 49 CFR part 1580. As
 CFR 1580.3, with a non-significant       proposed, the definition of
 amendment.                               ``offers or offeror'' in 49
                                          CFR 1580.3 would be deleted
                                          and a reference to the DOT
                                          definition for ``person who
                                          offers or offeror'' would be
                                          incorporated into the
                                          definition of ``rail security-
                                          sensitive material.''
Propose moving definition of ``Rail      Part of reorganization of
 secure area'' from 49 CFR 1580.3.        current 49 CFR part 1580. This
                                          proposed rule does not change
                                          the definition.
Propose moving definition of ``Rail      This term has general
 transit facility'' from 49 CFR 1520.3    applicability to several parts
 and 1580.3.                              of TSA's regulations beyond
                                          the provisions in 49 CFR part
                                          1520.
Propose moving definition of ``Rail      Part of reorganization of
 transit system or `Rail Fixed Guideway   current 49 CFR part 1580. This
 System' '' from 49 CFR 1580.3 to         proposed rule does not change
 proposed 1570.3.                         the definition.
Propose moving definition of ``Railroad  Part of reorganization of
 carrier'' from 49 CFR 1580.3.            current 49 CFR part 1580. This
                                          proposed rule does not change
                                          the definition.
Propose moving definition of             Part of reorganization of
 ``Railroad'' from 49 CFR 1580.3 and      current 49 CFR part 1580. This
 modifying it to define ``Railroad        proposed rule does not
 transportation''.                        significantly change the
                                          definition.
Propose moving definition of ``Record''  This term has general
 from 49 CFR 1520.3.                      applicability to several parts
                                          of TSA's regulations beyond
                                          the provisions in 49 CFR part
                                          1520.
Propose adding definition of             This term has general
 ``Sensitive Security Information         applicability to several parts
 consistent with 49 CFR 1520.3 to         of TSA's regulations beyond
 1570.3.                                  the provisions in 49 CFR parts
                                          1520 and 1570.
Propose moving definition of ``State''   This term has general
 from 49 CFR 1570.3.                      applicability to several parts
                                          of TSA's regulations beyond
                                          the provisions in 49 CFR parts
                                          1520 and 1570.

[[Page 91344]]

 
Propose adding definition of             The term is used in the context
 ``Transportation security equipment      of the proposed requirement
 and systems''.                           for security-sensitive
                                          employees to be trained on use
                                          of security equipment and
                                          systems. See for example,
                                          proposed 49 CFR
                                          1580.155(c)(1). TSA's subject
                                          matter experts have developed
                                          this definition based on their
                                          work with the modes in
                                          conducting assessments and
                                          developing voluntary security
                                          action items.
Propose moving definition of ``Tourist,  Part of the reorganization of
 scenic, historic, or excursion           current 49 CFR part 1580. This
 operation'' from 49 CFR 1580.3.          proposed rule does not change
                                          the definition.
Propose moving definition of             Part of the reorganization of
 ``Transit'' from 49 CFR 1580.3 with      current 49 CFR part 1580. TSA
 modifications to reflect broader scope   proposes modifying this term
 of this proposed rule.                   to reflect the multimodal
                                          scope of the proposed training
                                          rule and have the term apply
                                          across all the modes.
Propose moving definition of             Part of the reorganization of
 ``Transportation or transport'' from     current 49 CFR part 1580. TSA
 49 CFR 1580.3 with modifications to      proposes modifying this term
 reflect broader scope of this proposed   to reflect the multimodal
 rule.                                    scope of the proposed training
                                          rule and have the term apply
                                          across all the modes.
Propose moving definition of             Part of the reorganization of
 ``Transportation facility'' from 49      current 49 CFR part 1580. TSA
 CFR 1580.3 with modifications to         proposes modifying this term
 reflect broader scope of this proposed   to reflect the multimodal
 rule.                                    scope of the proposed training
                                          rule and have the term apply
                                          across all the modes.
Propose adding definition of             The definition is included to
 ``Transportation Security-Sensitive      satisfy 9/11 Act requirements.
 Materials (TSSM)''.                      See 6 U.S.C. 1151(13). The
                                          term is defined in proposed 49
                                          CFR 1570.3. More information
                                          can be found in the preamble
                                          discussion of the TSSM list in
                                          section III.A.2.
Propose moving definition of ``TSA''     This term has general
 from 49 CFR 1520.3.                      applicability to several parts
                                          of TSA's regulations beyond
                                          the provisions in 49 CFR part
                                          1520.
Propose moving definition of             This term is being modified to
 ``vulnerability assessment'' from 49     streamline terminology rather
 CFR 1520.3.                              than enumerating subcategories
                                          within each mode. It is being
                                          moved to 49 CFR part 1500 as
                                          it has relevance beyond the
                                          provisions in part 1520.
------------------------------------------------------------------------

2. Transportation Security-Sensitive Materials
    The 9/11 Act included a requirement for DHS to define ``security-
sensitive material.'' ``Security-sensitive material'' is defined as ``a 
material, or group or class of material, in a particular amount and 
form that the Secretary [of Homeland Security], in consultation with 
the Secretary of Transportation, determines, through rulemaking with 
opportunity for public comment, poses a significant risk to national 
security while being transported in commerce due to the potential use 
of the material in an act of terrorism.'' \30\ TSA has met the 
requirements of the 9/11 Act related to rail through its definition of 
RSSMs under current 49 CFR part 1580.\31\
---------------------------------------------------------------------------

    \30\ 6 U.S.C. 1151(13).
    \31\ See 49 CFR 1580.3 and 1580.100(b). See also discussion in 
73 FR 72130 at 72134 (Nov. 26, 2008).
---------------------------------------------------------------------------

    In March of 2010, DOT's Pipeline and Hazardous Materials Safety 
Administration (PHMSA) issued a final rule: ``Hazardous Materials: 
Risk-Based Adjustment of Transportation Security Plan Requirements.'' 
\32\ This PHMSA final rule amended PHMSA's security requirements for 
hazardous material (hazmat) transportation under 49 CFR part 172 of the 
Hazardous Material Regulations (HMR),\33\ applicable to freight 
railroad carriers, motor carriers, and shippers and receivers of 
hazmat. In addition to amendments to security planning requirements, 
the PHMSA final rule provided a revised list of hazardous materials for 
which a security plan is required. DOT worked closely with TSA to align 
the proposed lists of materials subject to their security programs with 
ongoing efforts by TSA. The materials considered included certain 
explosives, compressed gases and flammable liquids, poisonous gases and 
materials, corrosive materials, radioactive materials, and chemicals 
listed by the Chemical Weapons Convention. There were also requests to 
PHMSA to harmonize the list of materials for which security plans are 
required with the list of materials designated as high consequence 
dangerous goods for which enhanced security measures are recommended in 
the United Nations Model Regulations on the Transport of Dangerous 
Goods (UN Recommendations). Discussions regarding the materials 
identified in the PHMSA regulations can be found in the preambles to 
their relevant rulemakings.\34\
---------------------------------------------------------------------------

    \32\ 75 FR 10974 (Mar. 9, 2010). Additional information is 
included in the preamble to the related NPRM. See 73 FR 52558 (Sept. 
9, 2008).
    \33\ These regulations are also referred to as HM-232.
    \34\ See supra, n. 32.
---------------------------------------------------------------------------

    TSA proposes to adopt the PHMSA list for purposes of defining TSSM. 
This approach avoids unnecessary duplication and ensures consistent 
alignment of the materials meeting this standard in Federal 
regulations. A discussion regarding the materials in the list can be 
found in the preamble to PHMSA's final rule.\35\
---------------------------------------------------------------------------

    \35\ 75 FR at 10977.
---------------------------------------------------------------------------

B. Amendments to Part 1503

    TSA is proposing minor amendments to part 1503 (Investigative and 
Enforcement Procedures) as necessary to conform these regulations to 
changes made by the proposed rule. In Sec.  1503.101(b), the scope of 
statutory provisions is amended to add authorities in title 6 U.S.C. 
that are administered by the TSA Administrator--which are relevant to 
this proposed rule. These are conforming amendments with no cost 
impact.

C. Amendments to Part 1520

    TSA is also proposing to modify part 1520 (Protection of Sensitive 
Security Information). TSA is required to promulgate regulations 
governing the protection of information obtained or developed in 
carrying out security under the authority of ATSA \36\ if public 
disclosure of that information could be detrimental to transportation 
security. TSA's current SSI regulation, 49 CFR part 1520, establishes 
certain requirements for the recognition, identification, handling, and 
dissemination of SSI, including restrictions on disclosure and civil

[[Page 91345]]

penalties for violations of those restrictions. DOT has nearly 
identical SSI authority (49 U.S.C. 40119) and a nearly identical SSI 
regulation (49 CFR part 15).\37\
---------------------------------------------------------------------------

    \36\ See 49 U.S.C. 114(r).
    \37\ For more information on these regulations, see 69 FR 28078 
(May 18, 2004).
---------------------------------------------------------------------------

    Because TSA is expanding the scope of its regulatory requirements 
in order to fulfill the mandates of the 9/11 Act, it is necessary to 
conform the SSI provisions to include these transportation security-
related requirements. The proposed amendments are limited to: (1) 
Eliminating unnecessary terms from part 1520 that are added to part 
1500 and (2) replacing the limiting term ``rail transportation security 
requirement'' with ``surface transportation security requirement.'' In 
some places, such as the definition of ``vulnerability assessment'' in 
Sec.  1520.3, TSA is proposing to streamline a lengthy description of 
types of transportation to simply state ``aviation, maritime, or 
surface transportation.''
    The impact of these minor revisions should also be minimal. Under 
Sec.  1520.7(j), any person who has access to SSI is required to 
protect it according to the requirements of the regulation. While some 
of the proposed population that would be affected by this rule has not 
previously been subject to TSA regulations, most of them have 
previously received SSI information from TSA, as well as training on 
the proper handling of SSI, and have procedures in place to ensure the 
requirements of the regulation are met.\38\
---------------------------------------------------------------------------

    \38\ Publicly available information on proper handling of SSI is 
available on TSA's Web site at www.tsa.gov.
---------------------------------------------------------------------------

    TSA's regulations for SSI have a counterpart in DOT regulations 
under 49 CFR part 15. Any comments received on these proposed 
amendments will be shared with DOT. As these are parallel rules, 
assuming there are changes to part 1520 adopted as part of this notice 
and comment rulemaking, DOT may subsequently make similar changes to 
part 15. We invite comments on the proposed changes to part 1520, and 
we will share with DOT any comments received on potential changes to 
part 15. We also invite comments on this process for making changes to 
both parts.

D. Amendments to Part 1570

1. Overview of Changes and Structure
    TSA is proposing to divide part 1570 into four subparts: (1) 
Subpart A would cover general requirements applicable to all aspects of 
subchapter D to chapter XII of title 49; (2) subpart B provides the 
general framework for security programs; (3) subpart C covers 
operational requirements; and (4) subpart D would move and consolidate 
general provisions related to security threat assessments (STAs) which 
are more specifically addressed in part 1572. As previously discussed, 
mode--specific requirements are contained in subsequent parts. Because 
of the significant restructuring of part 1570, the proposed rule text 
includes the entirety of the revision--not just the parts that would be 
added because of this rulemaking. This includes terms applicable to the 
STAs required by part 1572, as well as related STA provisions that TSA 
proposes moving to new subpart D.
2. Subpart A--General
Terms and Definitions (Sec.  1570.3)
    As previously indicated, TSA is proposing to move several terms 
from Sec.  1570.3 to Sec.  1500.3 as part of a general effort to 
streamline TSA's regulations by consolidating terms used in multiple 
parts. In addition, TSA is proposing to add the terms identified in 
Table 4 to Sec.  1570.3 as they are used in multiple sections of 
subchapter D to chapter XII of title 49.

         Table 4--Explanation of Proposed Terms and Definitions
------------------------------------------------------------------------
           Summary of change                       Explanation
------------------------------------------------------------------------
Propose adding definition of             This term is used in the
 ``Contractor''.                          definition of ``employee'' for
                                          purposes of this subchapter
                                          and is based on a definition
                                          of contractor used in DOT
                                          regulations, see, e.g., 49 CFR
                                          655.4.
Propose adding definition for            This term is used in several
 ``Employee''.                            definitions, most notably, the
                                          definition of ``security-
                                          sensitive employee,'' which is
                                          the term used to define the
                                          scope of individuals who must
                                          be trained under the proposed
                                          rule (see discussion in III.E)
                                          and the requirements of the
                                          training program. See proposed
                                          definition of ``security-
                                          sensitive employee'' in 49 CFR
                                          1580.3, 1582.3, and 1584.3. It
                                          is also used in sections
                                          regarding responsibility for
                                          compliance (proposed 49 CFR
                                          1570.13), and terms used for
                                          ``chain of custody''
                                          requirements in proposed 49
                                          CFR 1580.3 (currently 49 CFR
                                          1580.107).
Propose adding definition of             This term is used in the
 ``Immediate supervisor''.                definition of ``Employee.'' It
                                          is intended to ensure that any
                                          ``immediate supervisors''
                                          performing security-sensitive
                                          functions for an owner/
                                          operator receive the required
                                          security training. It is also
                                          intended to limit the layers
                                          of management that must
                                          receive security training to
                                          those who have an actual nexus
                                          to transportation security.
                                          More information can be found
                                          in the discussion of employees
                                          required to be trained in
                                          preamble section III.E.
Propose adding definition of ``Security- This term is used in provisions
 sensitive employee''.                    of part 1570 as part of the
                                          proposed security training
                                          requirements. The definition
                                          provides a signal to find the
                                          appropriate mode-specific
                                          definitions in 49 CFR parts
                                          1580, 1582, and 1584.
Propose adding definition of ``Security- This term is used in provisions
 sensitive job function''.                of part 1570 as part of the
                                          proposed security training
                                          requirements. The definition
                                          provides a signal to find the
                                          appropriate mode-specific
                                          definitions in 49 CFR parts
                                          1580, 1582 and 1584.
------------------------------------------------------------------------


[[Page 91346]]

Security Responsibilities for Employees and Other Persons (Sec.  
1570.7)
    In proposed Sec.  1570.7, TSA is seeking to make its regulations 
regarding the responsibility for compliance consistent for all modes. 
Under 49 U.S.C. 114(f), TSA is required to enforce security related 
regulations and requirements and oversee the implementation of security 
measures for all modes of transportation.\39\ As with the similar 
aviation regulation, the obligation for compliance is not limited to 
owner/operators specifically referenced under applicability provisions. 
Any person may be held to have violated these proposed rules, including 
contractors who provide service to owner/operators and the employees of 
such contractors. For example, a contractor who is authorized by an 
owner/operator to provide security training to individuals performing 
security-sensitive functions on the owner/operator's behalf would be 
expected to fulfill all of the responsibilities under these three parts 
with respect to such training. Similarly, contractors would also be 
subject to inspection for compliance with this proposed rule and 
enforcement actions when appropriate (see following discussion on 
proposed Sec.  1570.9 for more information on TSA's investigatory and 
enforcement authority).
---------------------------------------------------------------------------

    \39\ See 49 U.S.C. 114(f)(7) and (11). A similar provision 
applicable to aviation employees and other related persons is in 49 
CFR 1540.105(a)(1) and (b).
---------------------------------------------------------------------------

Compliance, Inspection, and Enforcement (Sec.  1570.9)
    TSA is mandated to: (1) Enforce its regulations and requirements; 
(2) oversee the implementation and ensure the adequacy of security 
measures; and (3) inspect, maintain, and test security facilities, 
equipment, and systems for all modes of transportation.\40\ This 
mandate applies even in the absence of regulations stating the 
authority, but TSA has chosen to include a restatement of its authority 
in its regulations. The statute specifically requires TSA to--
---------------------------------------------------------------------------

    \40\ See 49 U.S.C. 114(f).
---------------------------------------------------------------------------

     Assess threats to transportation;
     Enforce security-related regulations and requirements;
     Inspect, maintain, and test security of facilities, 
equipment, and systems;
     Ensure the adequacy of security measures for the 
transportation of cargo;
     Oversee the implementation, and ensure the adequacy, of 
security measures at airports and other transportation facilities;
     Require background checks for airport security screening 
personnel, individuals with access to secure areas of airports, and 
other transportation security personnel; and
     Carry out such other duties, and exercise such other 
powers, relating to transportation security as the Administrator 
considers appropriate, to the extent authorized by law.
    While current part 1570 includes a provision stating TSA's 
compliance, inspection, and enforcement authority, it is not as 
detailed as what TSA has promulgated in more recent regulations.\41\ 
Therefore, TSA is proposing to transfer the text of current Sec.  
1580.5 to subpart A as proposed Sec.  1570.9, with minor modifications 
to reflect the addition of certain bus operations that have previously 
been unregulated by TSA.\42\
---------------------------------------------------------------------------

    \41\ Compare current Sec.  1570.11 with current Sec.  1580.5. 
The provision in part 1580 is also consistent with 49 CFR 1542.5, 
1544.3. 1546.3, 1548.3, and 1549.3.
    \42\ A more detailed discussion of current Sec.  1580.5, still 
relevant to the proposed section, can be found in the preamble for 
current part 1580. See 71 FR 76852 (Dec. 12, 2006) (NPRM) and 73 FR 
72130 (Nov. 26, 2008) (Final Rule).
---------------------------------------------------------------------------

3. Subpart B--Security Programs
    As previously noted, TSA intends to consolidate and avoid 
duplication of requirements in its regulations by placing all of the 
security program requirements that are consistent across all modes in 
subpart B. These include: (1) Submission, review, and approval of the 
program; (2) procedures for amending the program; (3) the training 
schedule (including initial and recurrent training, previous training, 
relation to other training, and failure to train); and (4) 
recordkeeping. Proposed requirements for which employees must be 
trained and content of the program are found in the proposed revisions 
to part 1580 (freight rail) and new parts 1582 (PTPR) and 1584 (OTRB).
Program Content (Sec.  1570.103)
    Under the statutory requirements, TSA must issue regulations 
mandating security training for owner/operators of public 
transportation agencies, railroads, and OTRBs.\43\ In proposing these 
regulations, TSA assumes that Congress intended the requirement to 
provide for the use of ``existing procedures, protocols, and standards 
to satisfy the regulatory requirements'' for vulnerability assessments 
and security plans apply equally to security training.\44\ Proposed 
Sec.  1570.3 implements these requirements by stating that each owner/
operator required to have a security program under proposed parts 1580, 
1582, and 1584 must address all of the identified requirements. In 
addition, the proposed section implements the requirement to allow for 
use of existing programs by allowing the owner/operators to include 
these existing programs as an appendix. The owner/operators would be 
required to cross-reference the relevant portions of the appendix or 
TSA could assume it is all part of the security program and enforce it 
as such.
---------------------------------------------------------------------------

    \43\ See 6 U.S.C. 1137, 1167, and 1184.
    \44\ See 6 U.S.C. 1162(j) and 1181(i) (use of existing 
procedures, protocols, and standards to satisfy regulatory 
requirements).
---------------------------------------------------------------------------

    To minimize costs of compliance, TSA may identify pre-existing or 
widely-available training programs that meet some or all of this 
proposed rule's requirements. If owner/operators decide to use a 
program already determined by TSA to meet the proposed rules 
requirements, the owner/operator must notify TSA of the program name, 
presenter, modifications made to the training material since the 
program was approved by TSA, and the last date of modification. If TSA 
has already determined the program meets some or all of the 
requirements for the proposed rule and is applicable to the owner/
operator's operations, it would be unnecessary for the owner/operator 
to submit a copy of the program to TSA for approval or include it in 
the appendix.
Responsibility for Determinations (Sec.  1570.105)
    As part of this rulemaking, TSA is proposing to apply the 
requirements to the highest-risk operations within the three modes 
identified by the 9/11 Act. As part of the surface security 
requirements in the 9/11 Act, TSA is required to develop risk 
tiers.\45\ The criteria used for determining the highest-risk tier for 
each mode is discussed in more detail in section III.F of this NPRM. 
The text of proposed Sec.  1570.105(a) informs owner/operators that TSA 
has determined the applicability criteria, but it is the owner/
operator's responsibility to determine whether their operations meet 
the criteria.
---------------------------------------------------------------------------

    \45\ For public transportation, 6 U.S.C. 1137(e) states that any 
public transportation agency that receives a grant under 6 U.S.C. 
1135 shall be required to develop and implement a training program 
pursuant to this section. The grant program implemented under sec. 
1135 relies on high-risk determinations. See also 6 U.S.C. 1162(a) 
and (h) and 1181(a) and (h) (Secretary shall identify risk tiers for 
freight railroads and OTRB and apply regulatory requirements to 
those at the highest-risk).
---------------------------------------------------------------------------

    The proposed rule would require owner/operators to notify TSA 
within 30 days of the effective date of the final rule if they meet the 
criteria for applicability. In addition to publishing the regulatory 
requirements in the Federal Register, TSA will work with

[[Page 91347]]

the relevant associations for each of the modes to ensure their 
memberships are apprised of the requirements. TSA will identify the 
form and manner of notification in the final rule consistent with cost-
effective methodologies at that time. Because the proposed rule would 
require owner/operators to determine whether the criteria apply, TSA 
could bring an enforcement action against an owner/operator that meets 
the criteria, but has failed to comply with the requirements.
    The obligation to self-determine applicability also applies to new 
and existing operations (those commencing after publication of the 
final rule). They would be required to notify TSA no later than 90 
calendar days before commencing operations or implementing 
modifications that would put them within the applicability of the 
requirements.
Recognition of Previous Training (Sec.  1570.107)
    As previously noted, TSA is required to allow use of existing 
programs to satisfy the security program requirements implemented as a 
result of 9/11 Act's provisions.\46\ Under proposed Sec.  1570.107, an 
owner/operator could rely on previous training that occurred within the 
identified periods for initial or recurrent training. In order to use 
previous training, the owner/operator would need to validate the 
training provided satisfies the requirements of this proposed rule--
including records of training, curriculum, and appropriateness for the 
employee and owner/operator's operations.
---------------------------------------------------------------------------

    \46\ See 6 U.S.C. 1162(j) and 1181(i) (use of existing 
procedures, protocols, and standards to satisfy regulatory 
requirements).
---------------------------------------------------------------------------

Security Training Program Submission, Review, and Approval (Sec.  
1570.109)
    The 9/11 Act's requirements include specific deadlines for 
submission of programs and TSA's review.\47\ Proposed Sec.  1570.109 
identifies the required deadlines for submitting security training 
programs and TSA approval.
---------------------------------------------------------------------------

    \47\ See 6 U.S.C. 1137(d)(1) and (2), 1167(d)(1) and (2), and 
1184(d)(1) and (2) (must submit program 90 days from effective date, 
TSA must approve within 60 days of receipt or notify of need for 
revisions).
---------------------------------------------------------------------------

    In general, not later than 90 days from the effective date of the 
final rule, owner/operators would be required to submit programs to TSA 
in a form and manner prescribed by TSA. Owner/operators commencing new 
businesses or operations that would make them subject to this proposed 
rule would be required to submit their security training programs to 
TSA no less than 60 days before commencing operations. In the final 
rule, TSA will provide details for submission (encouraging use of a 
secure Web site or other electronic submissions). TSA assumes 
submission would likely be by email or mail service, but requests 
comments on preferences. Consistent with requirements of the 9/11 Act, 
TSA would review the programs within 60 days of receipt and either 
approve them or specify changes that would be needed for approval.\48\ 
If TSA requires changes, the owner/operator would be required to submit 
a modified training program that meets TSA's specifications within 30 
days of notification by TSA of the needed changes. The section includes 
the availability to request reconsideration of any TSA-required 
modifications. TSA provides an analysis of burden and estimated costs 
associated with this information collection in section V.A. of this 
preamble and the draft OMB 83-I Supporting Statement for its 
information collection request, which is available in the docket for 
this rulemaking.
---------------------------------------------------------------------------

    \48\ See 6 U.S.C. 1137(d)(1) and (2), 1167(d)(1) and (2), and 
1184(d)(1) and (2) (TSA must approve within 60 days of receipt or 
notify of need for revisions).
---------------------------------------------------------------------------

Initial training (Sec.  1570.111(a))
    Consistent with the 9/11 Act's requirements, TSA proposes that 
existing employees must be trained within one year of TSA's approval of 
the program.\49\ As further required by the 9/11 Act, initial training 
for new employees or those transitioning to a covered job function (as 
identified in proposed Appendix B to parts 1580 (freight rail), 1582 
(PTPR), and 1584 (OTRB), must occur within the first 60 days of the 
date an employee begins to perform a security-sensitive function.\50\
---------------------------------------------------------------------------

    \49\ See 6 U.S.C. 1137(d)(3), 1167(d)(3), and 1184(d)(3) (no 
later than 1 year after approval of security training program, 
owner/operator must have trained all covered employees).
    \50\ This is a mandatory requirement for railroads and OTRB 
companies. See 6 U.S.C. 1167(d)(3) and 1184(d)(3) (New employees 
must be trained within first 60 days of employment).
---------------------------------------------------------------------------

    During the consultation process at the initial stages of this 
rulemaking, some stakeholders objected to a one-year deadline for 
completion of initial training. While the 9/11 Act does not provide for 
flexibility on the initial training schedule, TSA has attempted to 
address these concerns through provisions on recurrent and previous 
training (as discussed in section III.D.3 of this NPRM). In addition, 
TSA is proposing to include a section allowing regulated parties to 
request an extension if they cannot meet the required training 
schedule.\51\
---------------------------------------------------------------------------

    \51\ See Sec.  1570.115(c) of this proposed rule.
---------------------------------------------------------------------------

    Proposed Sec.  1570.111(a)(3) is included to address the situation 
of non-permanent employees. TSA recognizes that some individuals may be 
intermittently employed as contractors or representatives to perform 
security-sensitive functions; they might not perform these functions 
for 60 or more consecutive calendar days. For example, an employee may 
function as a maintenance worker for a 30-day period and then, at a 
later date, perform that function for another period of 30 days or 
longer. This may also include individuals who are employed by multiple 
owner/operators, such as multiple-employer drivers.\52\ The proposed 
rule would require that such individuals receive training within 60 
calendar days after employment that meets the definition of a security-
sensitive employee.\53\
---------------------------------------------------------------------------

    \52\ Such as individuals meeting the definition of ``multiple-
employer driver'' in the Federal Motor Carrier Safety Administration 
(FMCSA) regulations at 49 CFR 390.5.
    \53\ See discussion of ``security-sensitive employees'' in 
section III.E. of this NPRM.
---------------------------------------------------------------------------

    In general, this means that an employee would need to be trained 
within 60 days of beginning permanent employment in a position that may 
perform a security-sensitive function, whether full or part-time. If, 
however, an individual is employed on an intermittent or non-permanent 
basis, such as a contractor who is employed in a position that may 
perform a security-sensitive function for short durations, then the 
training would need to take place before the individual's total time of 
employment by the owner/operator equals sixty calendar days within a 
consecutive twelve-month period. TSA recognizes that some owner/
operators may address this requirement by requiring training for all 
regular contractors or other individuals employed for short, but 
regular durations. TSA requests comments on other options for 
determining accumulated days of employment and for ensuring owner/
operators do not engage in employment practices or use of contractors 
to avoid the requirements of this proposed rule.
    As previously noted, the proposed rule includes a provision 
regarding use of previous training (see discussion on proposed Sec.  
1570.107). TSA is aware of stakeholder concerns regarding the schedule 
for initial training, but TSA is also aware that many of the affected 
owner/operators have already implemented initial employee security 
training--frequently through the use of

[[Page 91348]]

grant funds provided by DHS for that purpose.\54\ TSA invites comments 
on these requirements as they appear in the proposed rule.
---------------------------------------------------------------------------

    \54\ Congressional appropriations to FTA fund course offerings 
to public transportation agencies that meet some of the requirements 
in this proposed rule. Similarly, appropriations through DHS fund 
the provision of courses in prevention and response that are 
available to PTPR agencies. Further, FTA and FEMA courses that may 
meet portions of this proposed rule are listed among the approved 
vendors and programs for use of TSGP awards.
---------------------------------------------------------------------------

    In meeting the initial training schedule, TSA expects that many 
owner/operators will rely on the provisions in proposed Sec.  1570.107, 
which provides standards for accepting previous training. Under this 
section of the proposed rule, TSA would allow ``training credit'' to be 
given for employees who received training that satisfies the 
requirements of the proposed rule within one year before its effective 
date.
    This may include emergency preparedness plans that railroads 
connected with the operation of passenger trains must implement to 
address such subjects as communication, employee training and 
qualification, joint operations, tunnel safety, liaison with emergency 
responders, on-board emergency equipment, and passenger safety 
information, as well as policies that transit agencies implement to 
ensure safety promotion to support the execution of the Transit Agency 
Safety Plan by all employees, agents, and contractors for the rail 
fixed guideway public transportation system.\55\ See discussion of 
these training programs in section III.I. of this NPRM. Similarly, 
public transportation agencies may have been providing training through 
funds granted under the TSGP.
---------------------------------------------------------------------------

    \55\ Id.
---------------------------------------------------------------------------

    The recordkeeping provisions of the proposed rule require an owner/
operator to provide current and former employees with documentation 
upon request of any training completed to meet the requirements of this 
rule.\56\ Options for compliance with this requirement could include 
providing employees with certificates to validate completed training.
---------------------------------------------------------------------------

    \56\ See Sec.  1570.121 of the proposed rule.
---------------------------------------------------------------------------

    This proposed requirement anticipates situations where an employee 
may have received training from a previous owner/operator, as well as 
industry practices where employees may work for multiple owner/
operators (such as commercial drivers operating OTRBs). If an owner/
operator can validate that an employee has received the required 
training within the specified timeframe, the training would not need to 
be repeated. Because it would be the obligation of the current owner/
operator to ensure that all training requirements are met, that owner/
operator would be responsible for ensuring that any previous training 
courses satisfy the proposed rule's requirements and documenting that 
the training was received within the required timeframe.
    Finally, there may be situations where ``dual-hatted'' or other 
specific-function employees are required to receive security training 
from other sources as part of their jobs, such as railroad police 
officers employed by the owner/operator. As indicated above, it is the 
obligation of the owner/operator to ensure and document the training, 
including training received under these circumstances.
Recurrent Training (Sec.  1570.111(b))
    Recurrent training is essential for maintaining a high level of 
security awareness. The 9/11 Act recognizes this by requiring routine 
and ongoing training for public transportation employees.\57\ Congress 
has left it to the discretion of TSA to determine the appropriate 
schedule for recurrent training and to require a similar schedule for 
railroad and OTRB employees.\58\
---------------------------------------------------------------------------

    \57\ See 6 U.S.C. 1137(f).
    \58\ See 6 U.S.C. 1137(c)(11), 1167(c)(12), and 1184(c)(12).
---------------------------------------------------------------------------

    TSA believes annual recurrent training is essential for 
transportation employees to maintain a high level of awareness, 
competency, and currency with overall changes in security posture 
within the surface transportation environment. TSA's decision is 
consistent with several key considerations, including: (1) Other TSA 
regulations requiring training, as well as similar training required 
for TSA employees; (2) the difficulty of learning, developing, and 
demonstrating security awareness in the dynamic aspects of the surface 
transportation environment, and (3) industry recommended guidelines for 
security awareness training.
    TSA requires annual training for aviation workers. For example, 
regulations applicable to Ground Security Coordinators used by aircraft 
operators specifically require annual training.\59\ Other aviation 
workers are required to receive annual recurrent training as part of 
the approved security program (including aircraft operators, indirect 
air carriers, air cargo, etc.).\60\
---------------------------------------------------------------------------

    \59\ See 49 CFR 1544.233.
    \60\ The relevant security program requirements are under 49 CFR 
1544.233, 1544.235, 1544.407, 1548.5, and 1549.103.
---------------------------------------------------------------------------

    TSA's decision to require annual training is supported by the 
Difficulty-Importance-Frequency (DIF) model \61\ that TSA uses for 
determining training requirements for its own employees.\62\ The DIF 
model uses three design criteria: Difficulty, importance, and 
frequency.
---------------------------------------------------------------------------

    \61\ Bill Melton & J. Bahlis, ``ADVISOR Enterprise Difficulty-
Importance-Frequency (DIF) Model Fact Sheet'', BNH Expert Software 
Inc. (February 23, 2011), available at http://www.bnhexpertsoft.com/english/products/advent/ADVISOR_DIF_Model.pdf. DIF is a standard 
instructional design tool used by a variety of users including the 
Department of Defense (DOD), the Department of Energy (DOE), and 
private sector education and healthcare providers, to determine 
training priority and frequency of training.
    \62\ The proposed schedule is consistent with TSA's security 
awareness training for its own employees--including annual training 
on operational security (OPSEC), responding to active shooter 
incidents, and social engineering that could undermine security of 
information systems.
---------------------------------------------------------------------------

    TSA's subject matter experts responsible for TSA-related training 
determined that measuring the proposed security training program 
against these standards supports annual training as: (1) The difficulty 
of learning surface transportation security awareness related 
information is at the medium/moderately difficult range because it 
requires decision making when applying what one has learned; (2) the 
importance of conducting this security training is at the high/very 
important range because the cost of failure is high and would cause 
damage and losses in the event of an attack; and (3) the frequency of 
how often the task would be performed is within medium range.
    TSA's decision is also supported by the American Public 
Transportation Association (APTA) and their recommendations for 
security training: Security Awareness Training for Transit 
Employees.\63\ Developed in collaboration and consultation with TSA and 
transportation industry stakeholders, the recommended practice provides 
minimum guidelines for security awareness training for all transit 
employees to strengthen transit system security. APTA ``recommends that 
all transit employees be refreshed on transit security awareness 
objectives annually, in an abbreviated method at least . . . to reflect 
advancements or modifications to criminal and terrorist activities and 
reinforce the security awareness training that employees received 
initially.''
---------------------------------------------------------------------------

    \63\ APTA Security Risk Management Working Group., ``Security 
Awareness Training for Transit Employees'' (March 2012), APTA-SS-
SRM-RP-005-12.
---------------------------------------------------------------------------

    TSA does not find it necessary to include the ``abbreviated 
method'' option used by APTA as part of the proposed rule for two 
reasons. First, the

[[Page 91349]]

First ObserverTM program, discussed more fully in section 
III.J. of this NPRM, will meet most of the training requirements in 
approximately one hour. Having reviewed a wide variety of programs that 
could be used to meet elements of the 9/11 Act's requirements, TSA is 
not aware of any other existing material that could meet all of the 
proposed requirements in such an abbreviated period.\64\ To the extent 
owner/operators intend to continue to use their existing training 
program to meet the regulatory requirements, they may want to consider 
using First ObserverTM as an abbreviated form of recurrent 
training.
---------------------------------------------------------------------------

    \64\ As part of the 2013 Notice, TSA included a matrix in the 
docket of training programs that meet elements of the 9/11 Act's 
requirements. The matrix is available in the docket for the 2013 
Notice at: https://www.regulations.gov/ (search for ''TSA-2013-0005-
0084''). Of the 20 programs listed, none of them addressed all of 
the 9/11 Act requirements.
---------------------------------------------------------------------------

    Second, owner/operators could request to use some other type of 
abbreviated security training as an alternative measure for compliance. 
Owner/operators may request to use alternative measures as part of the 
interactive and iterative process TSA intends to use for approval and 
review of required security programs, as detailed in proposed 49 CFR 
1570.117. Under this proposed section, the owner/operator must 
establish that the alternative is in the best interest of the public 
and transportation security. When applied to recurrent training, TSA 
may require validation that the expected baseline of security awareness 
is reached and maintained with the abbreviated program. For example, 
the owner/operator may propose abbreviated training for employees who 
can pass a pre-test.
    TSA is aware that an annual recurrent training requirement could 
present challenges for owner/operators who must also meet other 
regulatory training requirements. For example, FRA requires a two-year 
recurrent training schedule for the emergency preparedness training 
required under 49 CFR part 239 (emergency response and evacuation for 
rail passengers). The security training required by PHMSA under 49 CFR 
part 172 (securing transportation of hazardous materials) is on a 
three-year recurrent training cycle. As TSA does not control these 
training schedules, we cannot harmonize all of them through this 
rulemaking. To the extent, however, that owner/operators must comply 
with these other training requirements, they may be able to use them as 
part of their program to meet the meet recurrent training requirements. 
TSA is interested in comments regarding options for harmonizing 
training schedules and for adding efficiencies with other relevant 
regulatory requirements.
    While TSA is proposing annual recurrent training, a three-year 
recurrent cycle is included as a programmatic alternative. The results 
of the cost analysis for this alternative can be found in chapter III 
section K of the Regulatory Impact Analysis (RIA) for this rulemaking, 
which is included in the public docket.
Amendments to the Security Program (Sec. Sec.  1570.113 and 1570.115)
    Allowing owner/operators to revise or amend their programs, as 
proposed in Sec.  1570.113, is a subset of addressing the 9/11 Act's 
requirements for implementation and submission or programs.\65\ It is 
also consistent with TSA's statutory authority to allow exemptions from 
regulatory requirements.\66\ Proposed Sec.  1570.113 includes 
procedures allowing an owner/operator to submit a request to TSA to 
amend its program and the standard for TSA's approval of that request. 
The proposed section identifies appropriate reasons for amending 
programs, such as changes to an operating environment that could 
include new equipment or changes in station construction. If the 
operating environment changes, it is reasonable to expect that some 
aspects of the security training program would also need to be revised. 
TSA may approve an amendment if it is in the interest of public and 
transportation security and meets the required security standards. TSA 
could ask for additional information or time in order to makes its 
determination.
---------------------------------------------------------------------------

    \65\ See 6 U.S.C. 1137(d) (public transportation), 1167(d) 
(railroads), and 1184(d) (OTRB).
    \66\ See 49 U.S.C. 114(q) (Under Secretary may grant exemptions 
from regulatory requirements).
---------------------------------------------------------------------------

    Similarly, TSA may need to require amendments in the interest of 
the public and transportation security. The 9/11 Act specifically 
provides that TSA must update the requirements, as appropriate, ``to 
reflect new or changing security threats'' and owner/operators shall 
change their programs and retrain employees as necessary within a 
reasonable time.\67\ As indicated in proposed Sec.  1570.115, TSA could 
require owner/operators to revise their training based on emerging 
threats or methods for addressing emerging threats. For example, the 
curriculum requirements identified in the 9/11 Act do not address 
training to respond to active shooter incidents. Following several 
active shooter incidents, including one that resulted in the death of a 
Transportation Security Officer in Los Angeles, Congress prioritized 
the need for this type of training.\68\ As with other requirements 
imposed by TSA, the owner/operator could request a petition for 
reconsideration of TSA-required amendments.
---------------------------------------------------------------------------

    \67\ See 6 U.S.C. 1137(d)(4) and 1167(d)(4) and 1184(d)(4).
    \68\ See Gerardo Hernandez Airport Security Act of 2015, Public 
Law 114-50, 159 Stat. 490 (Sept. 24, 2015).
---------------------------------------------------------------------------

Alternative Measures (Sec.  1570.117)
    The proposed rule includes procedures allowing for an owner/
operator to submit a request to use alternative measures to satisfy all 
of some of the requirements of subchapter D and the standard for TSA to 
approve such a request. For example, the owner/operator could request 
to extend the time periods for submitting its training program or for 
training all of its security-sensitive employees. In reviewing such a 
request, TSA would expect the owner/operator to demonstrate good cause 
for the extension. Under this provision, an owner/operator could 
request a waiver from some or all of the regulatory requirements. TSA 
could grant such a request under the authority 49 U.S.C. 114(q), which 
provides the TSA Administrator with authority to consider and grant 
requests from an owner/operator for a waiver from all or some of the 
regulatory requirements. For example, a freight railroad may meet the 
criteria for applicability, but the operations that trigger 
applicability may be a de minimis part of its overall business 
operations. In such a situation, the owner/operator might consider 
requesting either a complete waiver or an alternative that limits the 
requirements to a more discrete part of its business. Proposed Sec.  
1570.117 would include the procedures for requesting such a waiver, 
procedures for requesting the use of alternative measures, and 
identification of the types of information TSA would need in order to 
make a decision to grant such requests. In general, TSA would need to 
consider factors, such as risk associated with the type of operation, 
any relevant threat information, and any other factors relevant to 
potential risk to the public and transportation security.
Petitions for Reconsideration (Sec.  1570.119)
    Proposed Sec.  1570.119 describes the review and petition process 
for TSA's reconsideration when it denies a request for amendment, 
waiver, or alternative measures--as well as a TSA requirement to modify 
or amend a

[[Page 91350]]

program. If an owner/operator challenges the decision, the owner/
operator would be required to submit a written petition for 
reconsideration within the time frame identified in the applicable 
section.\69\ The petition would need to include a statement, with 
supporting documentation, explaining why the owner/operator believes 
the reason for the denial or for the amendment, as applicable, is 
incorrect. If the owner/operator requested the amendment, the results 
of the reconsideration could be confirmation of TSA's previous denial 
or approval of the proposed amendment. If the issue involves a TSA 
required amendment, the results of the reconsideration could be 
withdrawal, affirmation, or modification of the amendment. TSA would 
consider whether a disposition pursuant to proposed 49 CFR 1570.119 
would constitute a final agency action for purposes of review under 49 
U.S.C. 46110.
---------------------------------------------------------------------------

    \69\ The proposed rule would require petitions for 
reconsideration to be submitted no later than 30 days of a TSA 
requirement to modify under Sec.  1570.109, denial of an owner/
operator-requested amendment under Sec.  1570.111, or denial of a 
request for waiver or alternative measures under Sec.  1570.117; 
submission would be required within 15 days for a TSA-required 
amendment under Sec.  1570.113.
---------------------------------------------------------------------------

Recordkeeping Requirements (Sec.  1570.121)
    TSA proposes that owner/operators create and maintain lists of 
their security-sensitive employees and when they received training that 
meets the requirements of the proposed rule. Specifically, records 
would need to include each trained employee's name, job title or 
function, date of hiring, and date and course information on the most 
recent security training that each employee received. Records for 
individual employees would need to reflect the training courses 
completed and date of completion. Training records for each employee of 
initial and recurrent training would need to be maintained by owner/
operators for no less than five years from the date of the training and 
available at any location(s) specified in the security training program 
approved by TSA.
    The proposed rule provides flexibility to owner/operators to decide 
whether to maintain the records in electronic format provided that (1) 
any electronic records system used is designed to prevent tampering, 
loss of data, or corruption of records, and (2) paper copies of 
records, and any amendments to those records, would be made available 
to TSA upon request for inspection or copying. Whether the records are 
kept in electronic or other form, the employee must be provided with 
proof of training upon request, at any time during the five-year 
recordkeeping period without regard to the requestor's current status 
as an employee of that entity. As discussed above in ``Initial training 
(Sec.  1570.111(a)),'' owner/operators may meet this requirement to 
provide proof of training by providing a certificate or other similar 
documentation to the employee upon completion of training. In order for 
TSA to allow any owner/operator to rely upon previous security training 
to satisfy the requirements of this proposed rule, it is critical that 
employees be able to validate whether they received previous training.
    TSA assumes training records are unlikely to include SSI, but 
nonetheless provides a reminder in the proposed section that any SSI 
maintained as a result of these recordkeeping requirements must be 
maintained consistent with the standards in 49 CFR part 1520. For 
example, an owner/operator may decide to keep a copy of the content of 
the training program with the employee files (which is not required by 
the proposed rule), if the curriculum contains SSI information, any 
file it is in would need to be stored as required by the SSI 
regulations. Owner/operators needing additional information about 
appropriately maintaining SSI may contact TSA for assistance and/or 
find information on TSA's Web site.\70\
---------------------------------------------------------------------------

    \70\ See https://www.tsa.gov/for-industry/sensitive-security-information.
---------------------------------------------------------------------------

4. Subpart C--Operations
    Under current regulations (49 CFR part 1580), TSA requires freight 
and passenger railroad carriers, rail transit systems, rail hazardous 
materials shippers, and certain rail hazardous materials receivers to 
appoint ``rail security coordinators'' \71\ (RSCs) and report 
significant security concerns to TSA.\72\ The RSC, serve as the 
security liaisons to TSA, providing a single point of contact for 
receiving communications and inquiries from TSA concerning threat 
information or security procedures, and coordinating responses with 
appropriate law enforcement and emergency response agencies. The 
information reported to TSA provides information from the frontline of 
rail transportation that can be used to identify developing threats 
based on consolidated reporting and trend analysis. Because of the 
benefits of this requirement to transportation security, TSA is 
proposing to extend these requirements to the modes of transportation 
covered by this proposed rule that are not currently subject to the 
requirements of 49 CFR part 1580.
---------------------------------------------------------------------------

    \71\ See 49 CFR 1580.101 and 1580.201.
    \72\ See 49 CFR 1580. 105 and 1580.203.
---------------------------------------------------------------------------

Security Coordinator Requirements (Sec.  1570.201)
    As previously noted, TSA currently requires security coordinators 
for rail operations including freight, passenger, and public 
transportation. In addition to mandating security coordinators for 
railroads, the 9/11 Act also requires security coordinators for OTRB 
companies.\73\ Consistent with this mandate, TSA proposes to extend the 
requirement to appoint a primary and at least one alternate security 
coordinator for OTRB companies and the bus operations of PTPR owner/
operators (with a limited impact as most public transportation bus 
agencies are part of a larger system that is required to have a 
security coordinator under current 49 CFR part 1580). This would be 
accomplished by moving the provision from part 1580 to subpart C of the 
proposed rule and eliminating rail-specific terms from the text.
---------------------------------------------------------------------------

    \73\ See 6 U.S.C. 1162(e)(1)(A) (``Identification of a security 
coordinator having authority--(i) to implement security actions 
under the plan; (ii) to coordinate security improvements; (iii) to 
receive immediate communications from appropriate Federal officials 
regarding railroad security'').
---------------------------------------------------------------------------

    Security coordinators are a vital part of transportation security, 
providing TSA and other government agencies with an identified point of 
contact with access to company leadership and knowledge of the owner/
operators operations, in the event it is necessary to convey extremely 
time-sensitive information about threats or security procedures to an 
owner/operator, particularly in situations requiring frequent 
information updates. The security coordinator and alternate provide TSA 
with a contact in a position to understand security problems; 
immediately raise issues with, or transmit information to, corporate or 
system leadership; and recognize when emergency response action is 
appropriate. The individuals must be accessible to TSA 24 hours per 
day, 7 days per week.
    The proposed rule does not change the expectation that the security 
coordinator and alternate be appointed at the headquarters level. This 
proposed rule does not require the security coordinator or alternate to 
be a dedicated position staffed by an individual who has no other 
primary or additional duties. This proposed rule, however, does require 
that the owner/operator have a designated individual

[[Page 91351]]

that TSA may reach at all times. The proposed rule would require the 
following information for both the security coordinator and alternate: 
Name, title, telephone number(s), and email address. Any change in this 
information would have to be provided to TSA within seven days of the 
change taking effect.
    As previously noted, this is not a new requirement for owner/
operators of railroads, including the rail transit operations of PTPR 
owner/operators. If an owner/operator subject to this proposed rule has 
provided the required information for primary and alternate RSCs to TSA 
in the past, it would not have to take further action to meet the 
requirement.\74\ This is the case for passenger rail carriers, freight 
railroad carriers, and rail transit systems operated by public 
transportation agencies.
---------------------------------------------------------------------------

    \74\ The requirement to inform TSA of any changes is not 
modified by this proposed rulemaking. Therefore, those currently 
covered by the security coordinator and reporting requirements under 
current 49 CFR part 1580 must report information regarding changes 
to the names, titles, telephone numbers, and email addresses of the 
RSCs and alternate RSCs to TSA within seven calendar days of the 
change taking effect.
---------------------------------------------------------------------------

Extension and Modification of Requirement To Report Security Concerns 
(Sec.  1570.203)
    TSA is proposing to make two changes to its existing requirements 
in part 1580 to report security concerns to TSA.\75\ As with the 
security coordinator requirement, TSA proposes to move and consolidate 
the requirement into proposed Sec.  1570.203 and extend it to bus 
operations.\76\
---------------------------------------------------------------------------

    \75\ See current 49 CFR 1580.105 and 1580.203.
    \76\ This extension is within TSA's discretion to require other 
actions or procedures determined to be appropriate to address the 
security of public transportation and OTRB operations. See 6 U.S.C. 
1134(c)(2)(I) and 1181(e)(1)(H).
---------------------------------------------------------------------------

    TSA is also proposing to modify the security concerns to be 
reported to address a need for clarification and align with other 
relevant standards. Since publication of 49 CFR part 1580, some 
stakeholders have asked TSA for clarification of the events they are 
required to report pursuant to 49 CFR 1580.105 and 1580.203. 
Additionally, in December 2012, the U.S. Government Accountability 
Office (GAO) published a report on passenger rail security.\77\ In the 
report, GAO stated that TSA has inconsistently overseen and enforced 
its rail security incident reporting requirement because the agency 
does not have guidance published, leading to considerable variation in 
the types and number of incidents reported. The GAO recommended that 
the agency develop guidance on the types of incidents that should be 
reported and this guidance should be disseminated to TSA inspectors and 
regulated entities, including rail and transit agencies. Pending this 
rulemaking, TSA provided information to the railroads and transit 
agencies subject to the requirements of part 1580 to provide more 
examples about the types of incidents that should be reported.
---------------------------------------------------------------------------

    \77\ See GAO, ``Passenger Rail Security, Consistent Incident 
Reporting and Analysis Needed to Achieve Program Objectives,'' GAO-
13-20 (December 2012).
---------------------------------------------------------------------------

    TSA is also modifying the list of reportable significant security 
concerns to be more consistent with the Nationwide Suspicious Activity 
Reporting (SAR) Initiative (NSI). The NSI is a partnership between 
Federal, State, local, tribal, and territorial law enforcement that 
``establishes a national capacity for gathering, documenting, 
processing, analyzing and sharing SAR information . . . in a manner 
that rigorously protects the privacy and civil liberties of 
Americans.'' \78\ The NSI defines ``suspicious activity'' as ``observed 
behavior reasonably indicative of pre-operational planning associated 
with terrorism or other criminal activity.'' \79\
---------------------------------------------------------------------------

    \78\ See Nationwide SAR Initiative (NSI), ``About the NSI'' 
(accessed Nov. 3, 2016), available at http://nsi.ncirc.gov/about_nsi.aspx.
    \79\ Id.
---------------------------------------------------------------------------

    The NSI implements a standardized, integrated approach to 
gathering, documenting, processing, analyzing, and sharing information 
about suspicious activity that is potentially terrorism-related. In 
applying this approach, standards have been developed, setting criteria 
for the types of activities that warrant reporting as suspicious and 
potentially terrorism-related. These criteria recognize the capability 
of law enforcement and security professionals to apply their experience 
and expertise to identify significant security concerns by focusing on 
the nature of the incidents and the context in which they occur. The 
standardized approach among law enforcement officers and security 
officials with surface transportation entities produces more 
informative reports that can more effectively focus investigative 
efforts and intelligence analysis for potential trends and indicators 
of terrorism-related activity.
    Thus, TSA intends to ensure clarity by incorporating the examples 
previously provided to industry and consistency by aligning its 
regulations with the concepts of the NSI. The proposed list of 
reportable incidents can be found in proposed Appendix A to part 1570 
and includes not only a list of incidents, but descriptions and 
examples to assist regulated parties in making a determination of 
whether an incident fits within the reporting requirements.
    Finally, TSA is proposing to modify the schedule for reporting 
incidents. Currently the regulation requires immediate reporting to 
TSA. If, however, there is an immediate threat, the first priority is 
to notify and work with first responders. Therefore, TSA is proposing 
to remove the necessity for immediacy and, instead, require 
notification within 24 hours of the incident (see proposed 49 CFR 
1570.203(a)). This will enable TSA to obtain timely information without 
undermining the ability of the owner/operator to appropriately handle a 
situation requiring their full attention.
Examples for Reporting Information (Sec.  1570.203(b))
    As previously noted, TSA has almost a decade of experience with 
incidents reported by railroads under current 49 CFR part 1580. Based 
on this experience, TSA recognizes that its ability to analyze the data 
and improve the quality of information disseminated back to its 
stakeholders is proportional to the quality of information it receives. 
Proposed Sec.  1570.203(b) is consistent with the previous reporting 
requirements, which reflected the need for detailed and verified 
information from individual owner/operators to enhance TSA's ability to 
provide timely and useful information products to all of the relevant 
stakeholders. While not included in the rule text, Table 5 is being 
provided to assist security coordinators and other responsible 
officials to understand TSA's expectations for the types of information 
that are needed in order to meet the standards of Sec.  1570.203(b).

[[Page 91352]]



  Table 5--Examples of Reporting Information Required by Proposed Sec.
                               1570.203(c)
------------------------------------------------------------------------
Reporting requirements in proposed Sec.
               1570.203(c)                           Examples
------------------------------------------------------------------------
(1) The name of the reporting             Company
 individual and contact information,      Representative: Joe BLOGGS.
 including a telephone number or e-mail   Company: ABC Rail Road
 address.                                 Company.
                                          Address: XXXXX, XX
                                          (Street), XXXXX (City), XX
                                          (State), XXXXX (ZIP).
                                          Phone: (111) 123-1234.
                                          POC Email:
                                          [email protected].
(2) The affected freight or passenger     Locomotive: ABCRR,
 train, transit vehicle, motor vehicle,   Reporting Marks.
 station, terminal, rail hazardous        Locomotive Number
 materials facility, or other facility    1234.
 or infrastructure, including             Rail Car: ABCRR
 identifying information and current      Railcar Number XXXX 001234.
 location.                                Train: ABCRR Train
                                          Number XXX of XX, etc.
                                          Facility: ABCRR (Rail
                                          Yard, Subway Station,
                                          Passenger Station, Storage
                                          Yard, Repair Facility, etc.)
                                          and facility physical address.
                                          Right of Way: Mile
                                          Post Marker, Sub-division, and
                                          physical address (as much as
                                          known).
(3) Scheduled origination and             ABCRR, Northern
 termination locations for the affected   Corridor Express-Boston to New
 freight or passenger train, transit      York, XYZ Line, via X, Y and Z
 vehicle, or motor vehicle, including     Cities. Train Number XXX of XX
 departure and designation city and       is currently located at: MP
 route.                                   123.12, XXX Sub-division, XXXX
                                          (City), XX (State).
                                          Transit Vehicle: ABCRR
                                          LRV Number XXXXX etc. Route:
                                          XXX North Corridor. Is
                                          currently located at XXXX Line
                                          Section or XXX Station,
                                          Street, City, State, ZIP.
(4) Description of the threat,            At XXXX hours, January
 incident, or activity, including who     01, 2020.
 has been notified and what action has    ABCRR Police Sergeant,
 been taken.                              Joe BLOGGS, badge number XXXX,
                                          ABCRR Police Department
                                          (ABCPD) reported the
                                          following: At WWWW hours,
                                          January 01, 2020, a suspicious
                                          person (described as a white
                                          male, approximately 6'0''
                                          tall, 190 lbs., blonde hair,
                                          approximately 35 to 40 years
                                          of age, wearing a long black
                                          knee[dash]length coat, blue
                                          jeans, red sneakers, and a
                                          XXXX ball club baseball hat)
                                          was detected adjacent to the
                                          ticket vending machine at the
                                          street level entrance to the
                                          XXst Street and YYYYY Avenue,
                                          Station, XXXX (City), XX
                                          (State). The person was deemed
                                          suspicious because although
                                          the temperature at the time
                                          was 85 degrees, he was wearing
                                          a knee[dash]length heavy black
                                          coat. The individual was
                                          sweating and exhibited
                                          nervousness when security
                                          officials were present (the
                                          individual looked away every
                                          time a security official
                                          appeared, so as to not reveal
                                          his face). The individual had
                                          a black ``Traveler,''
                                          ``Expandable'' suitcase with
                                          him (estimated measurements:
                                          36'' W X 24''H X 12'' D) with
                                          a red piece of ribbon tied to
                                          the handle. At WWW5 hours, the
                                          individual rapidly departed
                                          the area when a security
                                          official began to approach
                                          him, leaving the black
                                          suitcase behind. A review of
                                          the Closed-circuit television
                                          (CCTV) surveillance system
                                          determined the individual had
                                          arrived at the station at VV30
                                          hours in a Red, 4-door, Land
                                          Rover, VA License Plate
                                          XX123XXXX, which was parked
                                          adjacent to the XXXXX. Closed-
                                          circuit television revealed
                                          the vehicle was being driven
                                          by a white female with
                                          shoulder length blonde hair,
                                          approximately 35 years of age.
                                          A check of the VA DOT License
                                          registry revealed the vehicle
                                          is registered to Joe DOE, DOB:
                                          XX/XX/XXXX, POB: XXXXX (City),
                                          XX (State) and Jane (NEE:
                                          SMITH) DOE, DOB: XX/XX/XXXX,
                                          POB: XXXXX (City), XX (State)
                                          of 1234 West Disobedience
                                          Street, Anytown, VA 202XX,
                                          Phone Number: (XXX) XXX-XXXX.
                                          A check of the VA driver's
                                          license registry revealed
                                          similar/matching descriptions
                                          of Joe and Jane DOE to those
                                          persons identified during the
                                          incident. At ZZZZ hours, a
                                          XXXX City Police Explosive
                                          Ordnance Demolition (EOD) team
                                          conducted an examination of
                                          the black suitcase with x-ray
                                          equipment and determined the
                                          suitcase contained an unknown
                                          device comprised of wiring and
                                          circuitry. Explosive Ordinance
                                          Disposal (EOD) disrupted the
                                          suitcase, which yielded
                                          negative secondary results.
                                          EOD's examination of the
                                          suitcase's contents revealed
                                          limited amounts of women's
                                          clothing and what appeared to
                                          be the inner workings of a
                                          radio. At ZZZ1 hours, the
                                          scene was cleared by XXXX City
                                          Police EOD Sergeant Jeff
                                          BOMBGARTEN, badge number XXXX
                                          who secured the suitcase and
                                          its contents and transported
                                          them away from the facility.
(5) The names and other available         Witness: Joe SMITH,
 biographical data, and/or descriptions   DOB: XX/XX/XXXX, POB: XXXX
 (including vehicle or license plate      City, XX State. Address:
 information) of individuals or           XXXXX, XX Street, XXXX City,
 vehicles known or suspected to be        XX State, Phone Number (XXX)
 involved in the threat, incident, or     XXX-XXXX, ABCRR, XXXX
 activity.                                (Address), (XXX) XXX-XXXX.
                                          Security: Fred
                                          ARRESTER, Sergeant, XXXX
                                          (City) Police Department,
                                          Badge # XXXX, Phone Number:
                                          (XXX) XXX-XXXX.
                                          Suspected Associate:
                                          Mrs. Jane DOE.

[[Page 91353]]

 
                                          DOB: XX/XX/XXXX, POB:
                                          XXXX City, XX State. Address:
                                          XXXXX, XX (Street), XXXX
                                          (City), XX (State), Phone
                                          Number (XXX) XXX-XXXX, ABCRR,
                                          XXXX (Address), (XXX) XXX-
                                          XXXX.
(6) The source of any threat              Jane DOE, DOB: XX/XX/
 information.                             XXXX, POB: XXXX (City), XX
                                          (State). Address: XXXXX, XX
                                          (Street), XXXX (City), XX
                                          (State), Phone Number (XXX)
                                          XXX-XXXX, ABCRR, XXXX
                                          (Address), (XXX) XXX-XXXX.
------------------------------------------------------------------------

5. Subpart D--Security Threat Assessments
    As previously noted, TSA is including the full text of revised part 
1570 as it would look with the proposed changes--including three 
sections related to STAs generally unaffected by this rulemaking. As 
part of this rulemaking, TSA would move all sections of current part 
1570 limited to STAs to a new subpart D, to consist of Sec. Sec.  
1570.301 (formerly Sec.  1570.7--fraudulent use or manufacture; 
responsibilities of persons), 1570.303 (formerly Sec.  1570.9--
inspection of credential); and 1570.305 (formerly Sec.  1570.13--false 
statements regarding security background checks by public 
transportation agency or railroad carrier). Only the last provision 
(Sec.  1570.305) has been revised, with revisions limited to removing 
definitions for terms that have been added elsewhere as part of this 
rulemaking.

E. Security-Sensitive Employees (Sec. Sec.  1580.3, 1582.3, and 1584.3)

    As part of requiring security training for frontline employees of 
railroads, PTPR, and OTRB owner/operators-the 9/11 Act provided 
definitions for ``frontline employee'' within each mode of 
transportation.\80\ For the reasons discussed below, TSA is proposing 
to use the term ``security-sensitive employees,'' with specific 
definitions of the term for freight rail, PTPR, and OTRB operations. 
These proposed definitions, which would appear in Sec. Sec.  1580.3 
(freight rail), 1582.3 (PTPR), and 1584.3 (OTRB), would need to be used 
by owner/operators to determine which employees must receive security 
training.
---------------------------------------------------------------------------

    \80\ See 6 U.S.C. 1151(6) (railroads), 6 U.S.C. 1131(4) (public 
transportation), and 6 U.S.C. 1151(5) (OTRB and railroad frontline 
employees, respectively).
---------------------------------------------------------------------------

    TSA's proposed definition began with an analysis of the employees 
listed in the 9/11 Act's definitions of ``frontline employees'' and 
whether there are any other employees who may be in a position to spot 
suspicious activity because of where they work, their interaction with 
the public, or their access to information (such as cleaning the 
restrooms, selling tickets and providing assistance to passengers, 
maintaining equipment and operations in vulnerable areas, or operating 
a train or bus). TSA also considered who would need to know how to 
report or respond to these potential threats. The only gap identified 
between the employees stipulated in the 9/11 Act and those that would 
fall under the discretionary category are those who have specific 
responsibilities under any security plan the organization may have. 
While most of these individuals are likely identified in other 
categories, from a security perspective it is essential that there are 
no gaps, particularly where individuals may have responsibility for 
responding to a terrorist-related emergency.
    As a result of this analysis, TSA proposes that employees who 
perform functions with a direct nexus to, or impact on, transportation 
security be designated as ``security-sensitive employees'' based on 
their job functions. While TSA has proposed a specific list of job 
functions relevant to the mode, these roughly fall into similar 
categories. Table 6 aligns these categories with the definitions of 
frontline employee in the 9/11 Act.

 Table 6--Comparison of Security Training NPRM Proposed Categories for ``Security-Sensitive Employees'' to 9/11
                         Act Definitions of ``Frontline Employees'' Who Must Be Trained
----------------------------------------------------------------------------------------------------------------
                                                      9/11 Act--Definitions of frontline employees
                                      --------------------------------------------------------------------------
Proposed rule--security-sensitive job      6 U.S.C. 1151(6)     6 U.S.C. 1131(4) Public
              functions                   Railroad frontline         transportation       6 U.S.C. 1151(5) OTRB
                                              employees          frontline  employees *    frontline employees
----------------------------------------------------------------------------------------------------------------
A. Operating a vehicle...............  Locomotive engineers,    Transit vehicle driver   Drivers.
                                        conductors, trainmen,    or operator.
                                        and other onboard
                                        employees.
B. Inspecting and maintaining          Maintenance and          Maintenance and          Maintenance and
 vehicles.                              maintenance support      maintenance support      maintenance support
                                        personnel, and bridge    employee.                personnel.
                                        tenders.
C. Inspecting or maintaining building  .......................  .......................  .......................
 or transportation infrastructure.
D. Controlling dispatch or movement    Dispatchers............  Dispatchers............  Dispatchers.
 of a vehicle.
E. Providing security of the owner/    Security personnel.....  Security employee, or    Security personnel.
 operator's equipment and property.                              transit police.

[[Page 91354]]

 
F. Loading or unloading cargo or       Locomotive engineers,    Station attendant,       Ticket agents [and]
 baggage and/or.                        conductors, and other    customer service         other terminal
G. Interacting with travelling public   onboard employees.       employee, and any        employees.
 (on board a vehicle or within a                                 other employee who has
 transportation facility).                                       direct contact with
                                                                 riders on a regular
                                                                 basis.
H. Complying with security programs    Any other employees of   Any other employee of a  Other employees of an
 or measures, including those           railroad carriers that   public transportation    over-the-road bus
 required by federal law (a catch-all   the Secretary            agency that the          operator or terminal
 category that would include a small    determines should        Secretary determines     owner or operator that
 number of employees such as security   receive security         should receive           the Secretary
 coordinators and any other             training.                security training.       determines should
 individuals who may have                                                                 receive security
 responsibility for carrying out                                                          training.
 aspects of the owner/operator's
 security program or measures who are
 not otherwise identified in the
 previous categories).
----------------------------------------------------------------------------------------------------------------
* Definition of 1151(6) applies to passenger rail operations.

    In general, TSA proposes to define mode-specific ``security-
sensitive employees'' as employees performing one of the security-
sensitive job functions identified in a proposed appendix for each 
part. The definition of ``employee'' in proposed Sec.  1570.3 includes 
immediate supervisors, contractors, and other authorized 
representatives. The intent is that anyone who performs a security-
sensitive function must have the training, including managers, 
supervisors, or others who perform the function or who so directly 
supervise the performance of a function that their nexus to the job 
function is equivalent to the employee. For example, a yardmaster in 
freight railroad operations would be considered a security-sensitive 
employee because he or she directs security-sensitive functions, even 
if not in the direct management chain of all individuals performing 
those functions. At the same time, individuals within a corporate 
structure who neither perform a security-sensitive function nor have 
direct management responsibilities over individuals who do are unlikely 
to have a position within the corporation with a significant nexus to 
transportation. To the extent there are such individuals in the 
management structure, they would not be considered ``security-
sensitive'' employees.
    In choosing the term ``security-sensitive employee,'' TSA 
recognized the relationship of this proposed rule to other regulatory 
requirements applicable to the population covered by this proposed 
rule. The Department of Transportation uses the terms ``safety-
sensitive function'' and ``safety-sensitive employees'' in its 
regulations to identify employees whose functions require special 
measures to ensure (emphasis added) safety, such as drug and alcohol 
testing and rules governing hours of service.\81\ TSA proposes using 
the term ``security-sensitive'' to identify employees whose job 
functions require special measures to enhance (emphasis added) 
security.
---------------------------------------------------------------------------

    \81\ See 49 CFR 40.1; see also 49 U.S.C. 20140, 21101-21108, 49 
CFR parts 219 and 228, 49 CFR 382.107 (motor carriers), and 49 CFR 
655.4 (public transportation).
---------------------------------------------------------------------------

    The scope of security-sensitive employees is broader than safety-
sensitive employees. In other words, having analyzed the job functions 
that are regulated as safety-sensitive, TSA has determined that while 
there are some security-sensitive employees that may not be in safety-
sensitive employees, there are no safety-sensitive employees that are 
not also security-sensitive employees. In the rail context, owner/
operators have already identified employees in safety-sensitive 
positions because they are covered by the Federal hours of service laws 
\82\ during a duty tour. Therefore, TSA proposes to include any rail 
employee subject to the Federal hours of service laws (49 U.S.C. 211) 
in the designation of security-sensitive employees to reduce the 
regulatory impact of identifying these individuals. To further reduce 
the impact of these proposed training requirements, TSA and DOT 
anticipate that owner/operators will provide training sessions that 
meet the requirements of DOT and the proposed requirements of TSA.
---------------------------------------------------------------------------

    \82\ 49 U.S.C. 21101 et seq. The relevant definitions are 
included in 49 U.S.C. 21101.
---------------------------------------------------------------------------

    TSA also recognizes that each mode covered by the NPRM has unique 
operating environments and functions. To address unique aspects of each 
mode, the security-sensitive functions are identified in mode-specific 
tables within the proposed rule.\83\ These tables provide general 
categories and accompanying modal-specific security-sensitive 
functions. All employees performing ``security-sensitive functions'' as 
described in the appendices must be trained. The table in proposed part 
1580 Appendix B is unique in that it includes examples of the job 
titles related to these functions based on historic use of these terms 
for railroads. The job titles, however, are provided solely as a 
resource to help understand the functions described; whether an 
employee must be trained is based upon the function, not the job title.
---------------------------------------------------------------------------

    \83\ See proposed Appendices B to parts 1580 (freight railroad), 
1582 (passenger railroad and public transportation), and 1584 
(OTRB).
---------------------------------------------------------------------------

    TSA encourages owner/operators to consider other employees within a 
corporate structure who may not be performing a security-sensitive 
function as identified in the proposed rule, but who could provide an 
additional layer of security if they received security training. 
Furthermore, if an owner/operator identifies positions or functions not 
listed by TSA as security-sensitive, but which have the nexus to 
transportation security that is intended to be covered by the proposed 
rule, TSA would encourage the owner/operator to identify and include 
those employees within its security training program.
    Finally, TSA is aware that some freight rail employees identified 
as

[[Page 91355]]

``security-sensitive'' may also be considered ``hazmat employees'' and, 
therefore, subject to security training under 49 CFR 172.704 (these 
provisions are part of the hazardous materials regulations promulgated 
by PHMSA). It is not, however, a one-to-one correlation as determining 
which employees should be identified as ``security-sensitive'' for 
purposes of receiving training under this proposed rule is not the same 
analysis as that conducted for determining if an individual meets the 
definition of ``hazmat employees'' who must receive training under the 
PHMSA rule. As a result, there may be some overlap, but the group of 
individual employees that must be trained under the separate rules is 
unlikely to be identical. The effect of the overlap on training 
requirements is further discussed in section III.G of this NPRM.

F. Security Programs--Applicability (Sec. Sec.  1580.301, 1582.301, and 
1584.301)

    As previously noted, the 9/11 Act mandates regulations requiring 
security training for frontline employees of public transportation 
agencies (6 U.S.C. 1137); railroads (6 U.S.C. 1167); and OTRBs (6 
U.S.C. 1184). In implementing these requirements, TSA considered the 
operations and security risks associated with each mode identified in 
the 9/11 Act. This analysis determined risk consistent with DHS's 
official definition of risk as the ``potential for an adverse outcome 
assessed as a function of threats, vulnerabilities, and consequences 
associated with an incident, event, or occurrence.'' \84\ As TSA 
focuses on the risk associated with acts of terrorism, this analysis 
considers threat as informed by intelligence, potential consequences of 
a terrorist attack, and inherent vulnerabilities in transportation 
systems and operations.
---------------------------------------------------------------------------

    \84\ DHS Risk Lexicon, 2010 Edition, at 27.
---------------------------------------------------------------------------

    In general, the security training requirements of this proposed 
rule would apply to owner/operators \85\ with operations that meet the 
criteria identified in Sec. Sec.  1580.301, 1582.301, and 1584.301. 
From a counter-terrorism perspective, TSA has determined that less than 
300 out of approximately 10,000 surface transportation operations meet 
this criteria. Consistent with its commitment to a risk-based approach 
to transportation security, the proposed rule would only apply to these 
higher-risk operations. Nonetheless, TSA also encourages lower-risk 
operations to implement security training programs consistent with the 
requirements in this proposed rule.
---------------------------------------------------------------------------

    \85\ See proposed definition of ``owner/operator'' in Sec.  
1500.3 and discussion of terms in section III.A.1, Table 3, of this 
NPRM.
---------------------------------------------------------------------------

    While the proposed criteria assume general similarities for 
operations within each mode, TSA recognizes that not all owner/
operators have similar corporate structures and that there are many 
considerations affecting organizational decisions. TSA considered an 
applicability determination that would require a parent corporation to 
provide security training to its employees if one subsidiary triggered 
the requirements. But there may be some owner/operators that are 
subsidiaries of subsidiaries to a parent company that have no other 
transportation-related assets. Recognizing these variations in 
corporate structure, TSA is proposing to limit the requirements to the 
level of the subsidiary whose operations would trigger applicability. 
During the review and approval process, TSA would work with owner/
operators in an effort to address any compliance issues based on 
corporate structure. For example, owner/operator A may be organized to 
make each regional area a separate subsidiary. As such, only the 
subsidiary that meets the applicability requirements would be required 
to develop a security training program. Owner/operator B may be a 
single entity for purposes of corporate-legal structure, with branches 
rather than subsidiaries providing service on specific routes. Under 
the rule, the entire corporation would be subject to the requirements 
based on the operations of one route. In this situation, owner/operator 
A could choose to submit a proposed alternative that would apply the 
requirements to branches and a handful of headquarters or other 
regional employees that provide them operational support. The 
submission requirements and procedures for requesting alternative 
measures are discussed in section III.D.3 of this NPRM.
    The following section describes how TSA considered each of these 
risk elements in determining applicability for the proposed rule.
1. Freight Railroad
    Approximately 574 freight railroads operate on the general railroad 
system of transportation in the United States.\86\ The general railroad 
system of transportation is a shared rail network in which multiple 
railroad operators may use the same tracks for multiple purposes. Thus, 
a very small railroad operator may be using the same tracks as a large 
operator, and a freight railroad will often operate on the same tracks 
as a passenger rail operator. The geographic scope of this mode 
includes railroads operating on nearly 140,000 miles of track 
throughout North America.\87\ The freight rail system transports 40 
percent of intercity freight volume and approximately one-third of U.S. 
exports to ports and other distribution centers.\88\ Commodities and 
products include consumer goods, agriculture and food products, motor 
vehicles, coal, chemicals, paper and lumber, and other commodities 
including ores, petroleum, and minerals.\89\ In addition, freight rail 
lines are used for the operation of most of the commuter and intercity 
passenger railroads outside of the northeast corridor and freight rail 
personnel are sometimes used, on a contractual basis, to operate 
passenger trains.
---------------------------------------------------------------------------

    \86\ Under 49 CFR part 209, Appendix A, the ``general railroad 
system of transportation'' is defined as ``the network of standard 
gage track over which goods may be transported throughout the nation 
and passengers may travel between cities and within metropolitan and 
suburban areas.''
    \87\ Association of American Railroads (AAR), ``Railroad Facts, 
2014 Edition'' at pgs. 3 and 5 (2014).
    \88\ Id.
    \89\ Id.
---------------------------------------------------------------------------

    Class I railroads \90\ account for 69 percent of U.S. freight rail 
mileage and 90 percent of the employees. They are the only providers of 
intercity freight rail transportation, supporting major economic 
sectors in 44 states. Outside of the Northeast Corridor, Amtrak is 
dependent on Class I railroads for its operations--over 70 percent of 
Amtrak's routes operate on track owned by other railroads.\91\
---------------------------------------------------------------------------

    \90\ TSA is not modifying the definition of ``Class I'' in 
current 49 CFR part 1580, which incorporates by reference the 
Surface Transportation Board's classification of railroads based on 
annual operating revenues. The following are currently designated as 
Class I railroads: BNSF Railway, CSX Transportation, Grand Trunk 
Corporation, Kansas City Southern Railway, Norfolk Southern Combined 
Railroad Subsidiaries, Soo Line Corporation, and Union Pacific 
Railroad.
    \91\ See DeGood, Kevin, ``Understanding Amtrak and the 
Importance of Passenger Rail in the United States'' (posted June 4, 
2015), available at https://www.americanprogress.org/issues/economy/report/2015/06/04/114298/understanding-amtrak-and-the-importance-of-passenger-rail-in-the-united-states/. See also Amtrak, ``A Message 
from Amtrak Regarding On-Time Performance'' (posted Feb. 8, 2015), 
available at http://blog.amtrak.com/2015/02/message-amtrak-regarding-time-performance/.
---------------------------------------------------------------------------

Threat
    Intelligence reviews of various attacks worldwide, as well as 
analysis of seized documents and the interrogation of captured and 
arrested suspects, reveal historic interest in carrying out attacks on 
railroad systems. For freight rail, the threat is greatest for 
shipments of RSSM, such as poison or toxic inhalation hazards (TIH), 
which could be directly

[[Page 91356]]

targeted or used as a weapon of mass effect with devastating physical 
and psychological consequences. Materials designated as RSSM are a 
subset of hazardous materials designated by PHMSA under 49 CFR 
172.800(b).\92\
---------------------------------------------------------------------------

    \92\ TSA is proposing to adopt the list in 49 CFR 172.800(b) for 
purposes of meeting the requirement in sec. 1501 of the 9/11 Act to 
define transportation-related security-sensitive materials. This 
definition is discussed in section III.A.2 of this NPRM.
---------------------------------------------------------------------------

Vulnerability
    The diversity and expanse of the North American railroad system 
presents a unique preparedness challenge related to preventing, 
responding to, and recovering from potentially devastating effects. The 
rail network is vast and the owner/operators vary in size and 
communities served. Numerous passenger and commuter rail systems 
throughout the country operate at least partially over tracks or 
rights-of-way owned by freight railroads.
Consequences
    The interdependency of the railroad infrastructure--bridges, 
tunnels, dispatch and control centers, tracks, signals, and switches--
means that threats and incidents affecting one railroad could impact 
many others on the general railroad system of transportation. A 
successful terrorist attack on the U.S. rail system could affect the 
functioning of private businesses and the government, and cause 
cascading effects far beyond the targeted physical location. Such an 
attack could result in significant losses in terms of human casualties, 
property destruction, and economic effects, as well as damage to public 
morale and confidence. Disruption or delay of rail service would also 
have adverse impacts on other sectors. For example, freight railroads 
have a critical role in the support of the energy sector and are 
responsible for the transportation of more than 70 percent of all U.S. 
coal shipments. They are also a critical part of the supply chain for 
military weapons and supplies. While railroads have been able to 
quickly respond to delays caused by natural disasters, such as the 2013 
flooding in Colorado that washed-out tracks and delayed coal shipments 
and Amtrak service, this requires rerouting and can cause significant 
over-crowding and delays on lines used to move passengers and cargo 
pending restoration of damaged infrastructure.\93\ Similarly, the 
release of TIH or other materials designated as RSSM could be 
catastrophic if it occurs in a metropolitan area or near critical 
resources that could be contaminated by the release.
---------------------------------------------------------------------------

    \93\ See ``Colorado floods wash out tracks, delay coal 
shipments, Amtrak service,'' The Denver Post (Sept. 16, 2013), 
available at http://www.denverpost.com/2013/09/16/colorado-floods-wash-out-tracks-delay-coal-shipments-amtrak-service/.
---------------------------------------------------------------------------

Risk Determination
    TSA has determined that the highest-risk freight railroads are 
those designated as Class I based on their revenue (over $72.9 billion 
in 2013) and the Nation's dependence on these systems to move both 
freight in support of critical sectors and passengers. Similarly, there 
are other shortlines (also known as Class II or Class III railroads) 
that are also higher-risk because they transport RSSM through HTUAs. 
Finally, to the extent the preceding does not capture freight railroads 
hosting higher-risk passenger railroads, the hosting relationship and 
dual use of infrastructure puts such railroads into the higher-risk 
category.
Proposed Applicability
    Based on this risk determination, TSA is proposing to cover a 
railroad if it is designated as Class I, transports RSSM in one or more 
of the areas listed in current Appendix A to 49 CFR part 1580, or hosts 
a higher-risk rail operation (including freight railroads and the 
intercity or commuter systems identified in proposed Sec.  1582.101). 
This would cover approximately 36 freight railroads.
    In proposing this applicability, TSA recognizes that joint 
operations are common within this industry and include agreements such 
as allowing another railroad carrier to operate over track it does not 
own.\94\ In these situations, the ``host railroad'' that owns the track 
exercises operational control of the movement of trains of the other 
railroads (the ``tenant'' railroads) while they are using that 
track.\95\ Under the proposed rule, both the host and tenant railroads 
would be required to have a training program that appropriately 
addresses the ramifications of the hosting relationship. For example, 
the host railroad's training program would need to address the 
operational considerations of the hosting relationship, such as 
training dispatchers on their role and responsibilities in halting the 
tenant railroad's operations over a segment of track that has just been 
destroyed by an IED. Similarly, a tenant railroad subject to the 
security training requirements of proposed 49 CFR part 1582 (PTPR), 
would need to address the operational considerations of the hosting 
relationship, such as instructing its train and engine employees on the 
proper communication procedures to follow when informing the host 
railroad of a suspicious package blocking the track. Under either 
example, the host and tenant railroad owner/operators would only be 
responsible for training their own employees.
---------------------------------------------------------------------------

    \94\ TSA's use of this term in this proposed rule is consistent 
with industry's general understanding of its meaning and 49 CFR 
239.7, which defines ``joint operations'' as ``rail operations 
conducted by more than one railroad on the same track, except as 
necessary for the purpose of interchange, regardless of whether such 
operations are the result of: (1) Contractual arrangements between 
the railroads; (2) Order of a government agency or a court of law: 
or (3) Any other legally binding directive.''
    \95\ In recognition of these situations, TSA is proposing to add 
a definition of the term ``host railroad'' to 49 CFR 1500.3. The 
term ``host railroad'' is defined to mean ``a railroad that has 
effective control over a segment of track.''
---------------------------------------------------------------------------

    TSA also understands that some commuter passenger train services 
are owned by public transportation agencies, but operated by private 
companies (such as freight railroad carriers). This is not a hosting 
relationship. In this situation, TSA would consider the freight 
railroad carrier (the private company) to be a contractor of the PTPR 
owner/operator (the owner/operator of the passenger train service). TSA 
would hold the PTPR owner/operator primarily responsible for compliance 
and for ensuring that all security-sensitive employees receive the 
required training, whether they are employed directly by the PTPR 
owner/operator or contractor. In other words, the PTPR owner/operator 
would have the obligation to train the freight railroad carrier's 
employees that are performing security-sensitive functions related to 
the passenger train service. To the extent the contract between the 
PTPR owner/operator and the freight railroad includes a provision for 
the freight railroad to train its own employees, such training would 
need to be documented in the PTPR owner/operator's security training 
program. TSA would expect the passenger operation to clearly state in 
its security training program, as part of the submission process under 
proposed 49 CFR 1570.109, that the freight railroad carrier would 
conduct the training and provide the required information on that 
training.
Alternative Considered
    TSA considered expanding the applicability of the proposed rule to 
a broader scope of owner/operators that would be responsible for 
developing their own security training program. The parameters for this 
alternative population include all freight railroad owner/operators 
operating within, or through, any geographic areas

[[Page 91357]]

designated for purposes of the FY 2015 Urban Area Security Initiative 
(UASI) Program regions. TSA estimates that this alternative would cover 
a total of 69 freight railroads in 26 metropolitan areas. TSA estimates 
that this alternative would have a cost of approximately $91.99 million 
for freight railroad owner/operators over a 10-year period (at a 7 
percent discount rate). The basis for the estimates of benefits and 
costs are included in the RIA for this rulemaking, which is included in 
the public docket.
    TSA rejected this alternative because the agency has determined 
that the proposed applicability aligns with its commitment to risk-
based security policy and outcomes-based regulation. TSA has 
consistently recognized the security risks associated with transport of 
RSSM through the areas identified in Appendix A to current 49 CFR part 
1580. The security basis for identifying these areas has not changed. 
Furthermore, expanding beyond the proposed applicability was 
unnecessary to gain the intended security benefits as it would not 
represent a corresponding expansion of employees trained since 90 
percent of railroad employees would receive training as a result of the 
proposed rule's applicability. Additionally, when compared to the ten-
year costs of the proposed applicability rule for freight railroad 
owner/operators ($90.74 million at 7 percent), this alternative would 
result in $1.25 million in additional costs.
2. Public Transportation and Passenger Railroads
    There are more than 7,000 PTPR systems operating in the United 
States.\96\ As part of an intermodal system of transportation, commuter 
passenger railroads provide critical regional services, such as between 
a central city and adjacent suburbs during morning and evening peak 
periods, as well as connecting to other modes of transportation through 
multimodal systems and within multimodal infrastructures. Since 1995, 
public transit ridership is up 39 percent, outpacing population growth, 
which is up 21 percent, and vehicle miles traveled (VMT), which is up 
25 percent.\97\ While passenger railroads primarily operate on the same 
track as freight railroads, they have many similarities to public 
transportation because of the operational concerns related to 
transporting people. Amtrak operates the Nation's primary intercity 
passenger rail service over a 22,000-mile network (primarily over 
leased, freight railroad tracks), serving more than 500 stations in 46 
states and the District of Columbia. Many of these stations are 
multimodal transportation facilities located in higher-risk areas.
---------------------------------------------------------------------------

    \96\ APTA, ``2014 Public Transportation Fact Book,'' 65th 
Edition, at 6, (Nov. 2014), available at http://www.apta.com/resources/statistics/Documents/FactBook/2014-APTA-Fact-Book.pdf.
    \97\ See ``Quick Facts'' on APTA's Web site as of Jan. 27, 2016, 
available at http://www.apta.com/mediacenter/ptbenefits/Pages/default.aspx.
---------------------------------------------------------------------------

Threat
    Based on incidents in other countries, TSA assesses that terrorists 
view PTPR systems as attractive targets because they carry large 
numbers of people, are open and easily accessible to the public, are 
critical to regional transportation systems, and are vital to local 
economies. Terrorists have targeted rail and bus systems overseas. 
Notable incidents include the sarin gas attacks on the Tokyo subway 
system in April 1995; the multiple detonations of IEDs left on commuter 
trains in Madrid in March 2004; the multiple suicide attacks employing 
IEDs on the London Underground and a double-decker bus in London in 
July 2005; the multiple detonations of IEDs on commuter trains in the 
greater Mumbai area in July 2006; and, the double suicide attacks and 
two incidents of IED detonations in Dagestan and Moscow, respectively, 
in March, June, and August 2010.
    TSA's Office of Intelligence and Analysis assesses with high 
confidence that terrorists remain intent on perpetrating attacks 
against this mode. In the period between January 1 and December 31, 
2014, there were 144 reported attacks on mass transit systems overseas. 
Of these attacks, 76 targeted buses and associated infrastructure and 
68 targeted mass transit and passenger rail systems and associated 
infrastructure.
Vulnerability
    Attributes of PTPR systems essential to their efficiency also 
create potential security vulnerabilities that terrorists seek to 
exploit. Unlike strict access controls applicable to air transport, the 
public transportation system's multiple stops and interchanges lead to 
high passenger turnover, which is difficult to monitor effectively. In 
addition, the broad geographical coverage of passenger rail networks 
provides numerous options for access and getaway and affords the 
ability to use the system itself as the means to reach the location to 
conduct the attack.
Consequences
    A potential terrorist attack on a public transportation center in a 
major metropolitan area can result in a large number of victims, both 
killed and wounded, as well as significant infrastructure damage. Rail 
system bombings in Madrid, London, and Mumbai--all involving use of 
multiple IEDs--are tragic reminders of this reality. Attacks could be 
isolated, having minimal effect on the total operating system, or could 
result in a major impact that has national implications: an attack on 
an intercity passenger railroad operating on the general system of 
transportation could potentially shut down railroad operation support 
for specific sectors. The disruption of any portion of the operation 
can confuse the public, directly affect businesses, and lead to panic. 
Attacks on multiple portions of a PTPR system exacerbate these impacts.
Risk Determination
    In the context of resource allocations under the Transit Security 
Grant Program (TSGP), DHS has determined the highest transit-specific 
risk areas and transit systems using a model approved by the Secretary 
and vetted by Congress.\98\ DHS has consistently considered several 
factors when determining risk for PTPR, including credible and specific 
international and domestic terrorist threats based on information 
provided by the intelligence community, system and infrastructure 
vulnerabilities, and consequences primarily in terms of the impact on 
the mission. As the mission of PTPR systems is to transport people, the 
consequences include the potential for devastating casualties.\99\ TSA 
believes this model is an appropriate method for determining 
applicability for purposes of this rulemaking.
---------------------------------------------------------------------------

    \98\ Federal Emergency Management Agency (FEMA) Grant Programs 
Directorate, ``Risk Methodology, Fiscal Year 2015 Report to 
Congress, Calculating Risk for the FY 2015 DHS Preparedness Grant 
Programs'' (December 21, 2015).
    \99\ Id. at 25-26.
---------------------------------------------------------------------------

    An analysis of the transit-specific risk scores developed using the 
DHS method indicates a natural and significant break in the risk curve 
(delta between risk scores of one urban area to the next) between the 
top eight regions with the highest transit-specific risk and the 
others.\100\ When combined, these areas represent over 94 percent of 
the total transit-specific risk to all urban areas across the Nation. 
Within each of these areas, DHS has identified the systems with the 
highest-risk based on considerations related to ridership, location of 
services provided (use of the same stations and stops), and

[[Page 91358]]

relationship between feeder and primary systems.
---------------------------------------------------------------------------

    \100\ This analysis is based on SSI and/or classified 
intelligence information. As a result, TSA may not share details of 
the information or the analysis.
---------------------------------------------------------------------------

Proposed Applicability
    Using this criteria, TSA is proposing to apply the requirements of 
this proposed rule to the systems identified in proposed 49 CFR part 
1582, Appendix A. These 47 PTPR systems (46 PTPR plus Amtrak) are the 
systems with the highest risk operating in the eight regions with the 
highest transit-specific risk. Applying the rule's requirements to 
these 47 PTPR systems, corresponds to enhanced security for more than 
80 percent of all PTPR passengers.
    TSA is also proposing to apply the requirements to any PTPR owner/
operator that hosts a high-risk freight railroad as identified in 
proposed Sec.  1580.101. The reasons previously discussed for the 
parallel applicability to freight railroads in a hosting relationship 
with a high-risk passenger railroad apply equally to passenger 
railroads hosting high-risk freight railroads.
Alternative Considered
    TSA considered expanding the applicability of a security training 
program to a broader scope of owner/operators. The parameters for this 
alternative population include all PTPR operations within or through a 
UASI region. TSA estimates that this alternative would cover a total of 
253 PTPR owner/operators in 26 metropolitan areas. TSA estimates that 
this alternative would have a cost of approximately $127.88 million for 
PTPR owner/operators over a 10-year period (at a 7 percent discount 
rate). The basis for the estimates of benefits and costs are included 
in the RIA for this rulemaking, which is included in the public docket.
    TSA rejected this alternative because the agency has determined 
that the proposed applicability aligns with its commitment to risk-
based security policy and outcomes-based regulation. The risk analysis 
used for developing the TSGP funding allocations begins with 
identification of the UASI regions and then takes into consideration 
unique aspects of PTPR operations within that UASI in light of known 
risks. To adopt the UASI designations for applicability would ignore 
the second, critical step of the analysis used for TSGP allocations. By 
linking applicability to those agencies that have historically and 
consistently been designated as highest-risk for purposes of TSGP 
funding allocation, the proposed applicability links the greatest 
regulatory burden to those systems that the Federal government has 
determined merit the greatest funding allocations to address security. 
The majority of the funding under the TSGP goes to the highest-risk 
regions to ensure the greater risk is being addressed (94 percent in FY 
15 and 95 percent in FY 14).
    Based on these considerations, the negative impact of a broader 
regulatory requirement would not have a corresponding benefit to 
security--especially recognizing that the systems covered under the 
proposed applicability transport 80 percent of the PTPR ridership. 
Additionally, when compared to the ten-year costs of the proposed 
applicability rule for PTPR owner/operators ($53.14 million at 7%), 
this alternative would result in $74.74 million in additional costs.
3. Over-the-Road Buses
    Highways are the largest and most prevalent component of the 
Nation's transportation network. Virtually every location within the 
continental United States is accessible by highway. The system today 
encompasses more than four million miles of roadway on which more than 
600,000 bridges and 650 tunnels offer possible chokepoints. Within that 
system, commercial buses offer the most cost-effective intercity 
transportation to thousands of communities. For many people, fixed-
route, intercity bus service is the only alternative to private 
vehicles.
    It is estimated that there are over 3,300 private OTRB owner/
operators operating approximately 29,000 buses and employing over 
118,000 people in full and part-time jobs within the United 
States.\101\ These owner/operators primarily conduct interstate 
operations that include wholly-owned bus terminals, shared terminals 
with other transportation modes (such as passenger rail), or pre-
determined pick-up and drop-off locations (which may not be on the 
owner/operator's property).
---------------------------------------------------------------------------

    \101\ For purposes of this discussion, an OTRB is considered the 
same as a motorcoach, which is consistent with the industry's 
interchangeable use of this term. For example, the Motorcoach Census 
2015, commissioned by the American Bus Association (ABA), states: 
``a motorcoach, or over-the-road bus (OTRB), is defined as a vehicle 
designed for long-distance transportation of passengers, 
characterized by integral construction with an elevated passenger 
deck located over a baggage compartment. It is at least 35 feet in 
length with a capacity of more than 30 passengers . . . . This 
definition of a motorcoach excludes the typical city transit bus 
city sightseeing buses, such as double-decker buses and trolleys.'' 
See ABA, ``Motorcoach Census 2015,'' at 7 (Feb. 11, 2016), available 
at http://www.buses.org/assets/images/uploads/general/Motorcoach%20Census%202015.pdf.
---------------------------------------------------------------------------

    In general, OTRBs have an average capacity of 55-60 passengers per 
bus and carry approximately 751 million passengers annually to 
thousands of destinations within the United States and to/from Canada 
and Mexico. Destinations include urban areas and passenger transfer 
points with close proximity to many of the most iconic and valuable 
sites in the Nation.
Threat
    According to TSA's intelligence analysts and subject matter 
experts, buses represent attractive targets for terrorists, especially 
as it relates to hijacking, because they can be used as a vehicle-borne 
improvised explosive device (VBIED), provide the potential for large 
numbers of casualties, or could serve as a source for hostages. While 
there has not been a terrorist attack against a bus in the United 
States, threats and terrorist actions against motor coaches have 
occurred in other nations, including Israel, Spain, and the United 
Kingdom. As the Volpe National Transportation Systems Center noted, the 
industry provides terrorists with a ``physically dispersed, easily 
accessed, high volume, target rich environment with potential for mass 
casualties.'' \102\ Over-the-Road Buses ``serve all large metropolitan 
areas and travel in close proximity to some of the nation's most 
visible and populated sites, such as sporting events, major tourist 
attractions, and national landmarks.'' \103\
---------------------------------------------------------------------------

    \102\ Volpe National Transportation Systems Center, ``Security 
Enhancement Study for the U.S. Motorcoach Industry,'' at vii (May 
2003), available at http://ntl.bts.gov/lib/55000/55200/55204/Security_enhancement_motorcoach_industry_exec_summ.pdf.
    \103\ Id.
---------------------------------------------------------------------------

    TSA identifies that the most likely threat would be represented by 
an IED brought aboard by a passenger or delivered by another vehicle in 
close proximity to the OTRB. There is also the potential threat of an 
attacker intent on capturing control of the bus and using it as a 
delivery system for a weapon of mass destruction against a high-value 
destination. Terrorists with access to this type of vehicle could use 
its capacity to transport as much as 12 tons of explosives. Coupled 
with the use of such vehicles in urban centers and in daily proximity 
to high-value buildings or venues, an OTRB could serve as a VBIED.
Vulnerability
    Over-the-Road Buses travel on open roads, often on scheduled and 
predictable routes, with only a driver and passengers. While OTRBs are 
used to transport large volumes of passengers and baggage (either in 
the under-floor storage area or accessible to the

[[Page 91359]]

passenger), most owner/operators do not screen passengers and baggage 
for threats. Furthermore, OTRBs generally have large cargo compartments 
that can be reached without boarding the bus. As previously noted, a 
high number of OTRBs operate in urban settings and have the ability to 
gain close proximity to high-profile targets and highly-populated 
areas. These operations are vulnerable to a potential terrorist--
providing frequent and predictable access to a vehicle that could 
either be targeted or exploited by an individual with malicious intent: 
It is relatively easy to perform reconnaissance, purchase a ticket, and 
travel anonymously with baggage that does not undergo screening.
Consequences
    The consequence of a successful attack on an individual OTRB in a 
remote location is assumed to be the loss of the vehicle and many of 
its passengers. The same vehicle as a VBIED aimed at a high-value 
target is much greater. The National Counterterrorism Center (NCTC) 
states that one VBIED containing 4,000 kg of homemade explosives is 
equivalent to 200 pipe bombs or 20 suicide vests.\104\
---------------------------------------------------------------------------

    \104\ See ``TNT EQUIVALENTS'' at https://www.nctc.gov/site/methods.html#sarin.
---------------------------------------------------------------------------

Risk Determination
    While it is possible an OTRB could be the target of a terrorist 
attack, it is more likely that an OTRB would be used to deliver an IED, 
making the bus a VBIED that could be used to target an urban area. This 
risk determination reflects that a terrorist could obtain access to a 
large vehicle by simply purchasing a ticket for a fixed-route OTRB 
travelling to the target region (with specific knowledge of where the 
bus would transfer passengers and any close proximity that could 
provide to other targets).
    Because the risk involving an OTRB as a VBIED is primarily to the 
targeted urban area, TSA relied on a risk model developed by DHS to 
determine highest-risk urban areas for the UASI grant program.\105\ 
This model has been approved by the Secretary of Homeland Security and 
vetted by Congress as an appropriate method to determine risk to an 
individual city or urban area. As with PTPR, there is a natural and 
significant break in the risk curve (delta of risk scores or one urban 
area to the next).
---------------------------------------------------------------------------

    \105\ The UASI program is intended to assist ``high-threat, 
high-density Urban Areas in efforts to build and sustain the 
capabilities necessary to prevent, protect against, mitigate, 
respond to, and recover from acts of terrorism.'' See DHS, ``Notice 
of Funding Opportunity: Fiscal Year 2015 Homeland Security Grant 
Program,'' at 2 (FY 15 UASI Allocations), available at http://www.fema.gov/media-library-data/1429291822887-7f203c9296fde6160b727475532c7796/FY2015HSGP_NOFO_v3.pdf. See also 
supra, at n. 98.
---------------------------------------------------------------------------

Proposed Applicability
    TSA proposes to apply the requirements of this rule to owner/
operators providing fixed-route service in the 10 areas identified in 
proposed 49 CFR part 1584, Appendix A.\106\ These 10 areas are those 
that receive the highest funding allocation under the FY 2015 UASI 
grant program. UASI funds are allocated based on a risk methodology 
employed by DHS and Federal Emergency Management Agency (FEMA). 
Together, these 10 urban areas were allocated 88 percent of total UASI 
funds based on risk to these 10 regions.\107\
---------------------------------------------------------------------------

    \106\ ``Fixed-route service'' is defined in proposed Sec.  
1500.3 to mean, ``the provision of transportation service by private 
entities operated a long a prescribed route according to a fixed 
schedule.''
    \107\ See FY 2015 UASI Allocations, supra n.105.
---------------------------------------------------------------------------

    The determining factor for whether a fixed-route OTRB owner/
operator is within the scope of the proposed rule is not where they are 
headquartered, but where they provide service. In proposing this 
applicability, TSA considered factors that could make an OTRB a 
potential target for a terrorist attack, including its visibility (the 
size of its operations), the extent to which its schedule is publicly 
available, whether or not it is relatively easy for unknown individuals 
to board the bus, and whether the bus would have ease of access to 
high-consequence locations.
    TSA is aware that some private companies provide commuter services 
that may trigger applicability of the proposed rule. Diagram A provides 
a flowchart to assist with determining if the proposed rule would 
apply.

[[Page 91360]]

[GRAPHIC] [TIFF OMITTED] TP16DE16.013

TSA estimates that the applicability of the proposed rule would apply 
to approximately 202 OTRB owner/operators.
Alternative Considered
    TSA considered expanding the applicability of a security training 
program to OTRB owner/operators operating within or through one or more 
of the UASI regions. TSA estimates that this alternative would cover a 
total of 403 owner/operators in 26 metropolitan areas in year one of 
the regulation. TSA estimates that this alternative would have a cost 
of approximately $22.09 million for OTRB owner/operators over a 10-year 
period (at a 7 percent discount rate). The basis for the estimates of 
benefits and costs are included in the RIA for this rulemaking, which 
is included in the public docket.
    TSA rejected this alternative because the agency has determined 
that the proposed rule better aligns with its commitment to risk-based 
security policy and outcomes-based regulation. As previously noted, 
while it is possible an OTRB could be the target of a terrorist attack, 
it is more likely that an OTRB would be used to deliver an IED-making 
the bus a VBIED that could be used to target an urban area. While there 
are more UASI regions than those covered by the proposed rule, the 
areas identified in proposed Appendix A to part 1584 represent those 
with the highest-risk. Additionally, when compared to the ten-year 
costs of the proposed applicability rule for OTRB owner/operators 
($12.08 million at 7 percent), this alternative would result in $10.01 
million in additional costs.
4. Foreign Owner/Operators
    While the proposed applicability provisions for security training 
do not specifically reference foreign owner/operators,\108\ the 
employees who must be trained include any employee performing a 
security-sensitive function ``in the United States or in direct support 
of the common carriage of persons or property between a place in the 
United States and any place outside the United States.'' \109\ 
Therefore, the training requirements of this proposed rule would apply 
equally to domestic owner/operators and foreign owner/operators with 
employees performing covered functions within the United States or in 
support of operations within the United States. For example, if a 
Canadian OTRB owner/operator has fixed-route service that begins at a 
point in Canada and transits through an area identified in proposed 
part 1584, Appendix A before concluding at a point in Mexico, any 
employees operating that bus providing maintenance or inspection 
services, providing dispatch information, or performing any other 
security-sensitive function for that bus affecting its operations 
within the United States would need to be trained and the owner/
operator would need to submit a training plan to TSA for approval. 
Where the function is being performed, in essence whether the employee 
is performing the security-sensitive function at a location in Canada 
or along the route in the United States, is irrelevant.
---------------------------------------------------------------------------

    \108\ See proposed Sec. Sec.  1580.101 (freight railroads), 
1582.101 (PTPR), and 1584.101 (OTRBs).
    \109\ See proposed Sec. Sec.  1580.3 (freight railroads), 1582.3 
(PTPR), and 1584.3 (OTRBs).
---------------------------------------------------------------------------

    In addition, while foreign owner/operators providing service in the 
United States would be required to have a security coordinator and 
alternate, foreign owner/operators would only be required to report 
potential threats and significant security concerns for operations in 
the United States or transportation to, from, or within the

[[Page 91361]]

United States. Foreign freight railroad owner/operators currently meet 
this requirement under the requirements of current 49 CFR part 1580. 
This approach is also consistent with that taken by the FRA.
5. Preemption
    While current 49 CFR part 1580 includes a preemption provision, 
which will be carried over to the proposed revisions of part 1580 and 
addition of part 1582, that provision is based upon the specific 
statutory preemption in 49 U.S.C. 20106. There is no similar statutory 
provision for the other modes of transportation covered by this 
proposed rule. Therefore, TSA has not included preemption provisions 
for the other modes. Furthermore, based on TSA's experience with the 
implementation of 49 CFR part 1580 since it was finalized in 2008, it 
has not become aware of any State, local, or tribal laws, regulations, 
or orders that would be inconsistent with the provisions of this NPRM 
nor were any concerns raised during the consultations discussed in 
section IV of this NPRM. TSA invites comments about specific laws, 
regulations, or orders that commenters believe would conflict with the 
provisions of the proposed rule.

G. Security Program General Requirements (Sec. Sec.  1580.113, 
1582.113, and 1584.113)

    Under proposed Sec. Sec.  1580.113, 1582.113, and 1584.113 owner/
operators identified in Sec. Sec.  1580.101, 1582.101, and 1584.101 
would be required to adopt and implement a security training program 
that meets the requirements of the relevant subparts. TSA is 
deliberately proposing that owner/operators be required to ``adopt and 
implement'' rather than ``develop and implement'' training programs 
because TSA is aware that relevant training curriculum may already 
exist that aligns with most, if not all, of the curriculum 
requirements--including resources developed by TSA (which will be 
further discussed in section III.I and J. of this NPRM).
1. Information About the Owner/Operator
    This section includes proposed requirements for the content of the 
program to be submitted to TSA, including information regarding the 
owner/operator (paragraphs (b)(1) and (2)), scope of training (for 
example, number of employees to be trained by job function) (paragraph 
(b)(3)), implementation schedule for the training program (paragraph 
(b)(4)) consistent with the requirements of proposed Sec.  1570.111, 
and location of training records (paragraph (b)(5)) consistent with the 
requirements in proposed Sec.  1570.121.
2. Information on How Training Will Be Provided
    Proposed paragraphs (b)(6) through (9) require general information 
on the curriculum to be used to meet the training requirements, such as 
lesson plans, objectives, and modes of delivery. As previously noted, 
TSA is aware that some owner/operators would seek approval to use 
existing training programs, implemented to comply with other Federal 
requirements or other standards, to satisfy some or all of the 
requirements of this NPRM. Under proposed paragraph (b)(6), the 
curriculum or lesson plan for that program would need to be included in 
the training program submitted for TSA approval.
    For example, an owner/operator may have provided training on topics 
similar to those in the proposed rule to meet programs implemented to 
fulfill the HMR, such as those in 49 CFR part 172, or FRA safety/
evacuation training.\110\ In the training program submitted to TSA for 
approval, owner/operators using any of these training programs to meet 
the requirements of the proposed rule would also need to explain how 
the training programs selected meet TSA's requirements and are 
appropriate for the particular owner/operator. During review, TSA may 
need to request additional information from the owner/operator in order 
to determine if the courses selected meet this rule's requirements.
---------------------------------------------------------------------------

    \110\ See 49 CFR part 239.
---------------------------------------------------------------------------

3. Ensuring Supervision of Untrained Employees and Providing Notice of 
Changes Affecting Training
    Proposed paragraphs (b)(7) and (8) would require owner/operators to 
provide information on their plans for addressing specific requirements 
in Sec. Sec.  1580.115, 1582.115, and 1584.115. These include plans for 
ensuring untrained employees are properly supervised (as required by 
proposed Sec. Sec.  1580.115(a), 1582.115(a), and 1584.115(a)) and 
notifying employees of any changes that affect their training. For 
example, under proposed Sec.  1580.115(c) (similar provisions exist in 
Sec. Sec.  1582.115(c) and 1584.115(c)), employees must be trained on 
their responsibilities under the owner/operator's security plans and/or 
programs. If the security plans and/or programs change, the employee 
must be notified of how that change would affect the information they 
were provided during previously provided training. This would not 
affect the timing of recurrent training unless affected employees are 
required to participate in training courses as part of updates to the 
security program.
4. Methods for Determining Effectiveness of Training
    Proposed paragraph (b)(9) would require owner/operators to include 
in their training program a method for measuring the effectiveness of 
their training program. TSA would afford flexibility to each individual 
owner/operator to measure effectiveness of their security training 
program using methods and criteria appropriate for their operations. 
TSA does not prescribe the method in the proposed rule, but does 
propose that every training program specify the manner and method by 
which the effectiveness of the training program would be evaluated by 
the owner/operator. For example, TSA expects that some owner/operators 
would choose to administer a form of written test or evaluation to 
gauge their employees' level of knowledge, while others may rely upon 
operational tests conducted by supervisors to determine employees are 
being trained effectively.
    Similarly, TSA is not proposing to prescribe conditions for a pass/
fail policy that may be associated with post-training testing. While 
individual companies may elect to enforce pass/fail criteria with 
associated personnel actions, TSA is neither requiring this nor 
recommending a specified maximum number of times that an individual may 
take a test or evaluation to demonstrate knowledge and competency. As 
previously noted, the standards proposed by an owner/operator for 
determining training efficacy may affect TSA's approval of any 
alternative measures for compliance. TSA requests comments on this 
issue to further inform a final rule.
5. Relation to Other Training
    TSA is proposing paragraph (c) in recognition that many owner/
operators covered by this proposed rule are subject to training 
requirements under regulations of DOT that overlap with the training 
content identified in the 9/11 Act's requirements. For example, an 
owner/operator may have provided training on topics similar to those in 
the proposed rule to meet programs implemented under DOT hazardous 
material regulations,\111\ FRA safety/

[[Page 91362]]

evacuation training,\112\ or Federal Transit Administration (FTA) 
Safety Management System training provided under a rail fixed guideway 
public transportation system's Transit Agency Safety Plan.\113\ Other 
training programs are addressed in section III.I of this NPRM.
---------------------------------------------------------------------------

    \111\ See, e.g., 49 CFR part 172.
    \112\ See 49 CFR part 239.
    \113\ See 49 CFR 674.29 and Appendix A to part 674.
---------------------------------------------------------------------------

    TSA does not expect owner/operators to duplicate training. If they 
are already subject to requirements to provide similar training, they 
can use that training to satisfy TSA's requirements. To the extent that 
an owner/operator intends to use existing training programs implemented 
to comply with other Federal requirements or other standards in order 
to satisfy some or all of the requirements of this NPRM, the program 
submitted to TSA for approval would need to identify how the other 
training would be used to satisfy TSA's requirements, such as the 
curriculum or lesson plan for that program.
    Proposed paragraph (c)(2) requires an index to be provided if the 
owner/operator chooses to submit all or part of an existing security 
training program to TSA for approval. The index would need to be 
organized in the same sequence as the content requirements in 
Sec. Sec.  1580.115, 1582.115, and 1584.115. Indexing is a necessary 
requirement if TSA is to provide flexibility for owner/operators to use 
existing training programs to satisfy this proposed rule. TSA may 
request additional information on the program through the review and 
approval process.

H. Security Training and Knowledge for Security-Sensitive Employees 
(Sec. Sec.  1580.115, 1582.115, and 1584.115)

1. Training Required for Security-Sensitive Employees
    Any owner/operator required to have a security training program 
under Sec. Sec.  1580.101, 1582.101, or 1584.101, must provide security 
training to its security-sensitive employees. Consistent with the 
definition of employee in Sec.  1570.3, this requirement applies to any 
direct employee, contractor, employee of a contractor, or other 
authorized person who is compensated for performing a security-
sensitive function on behalf of or for the benefit of the owner/
operator. For example, if an OTRB owner/operator does not employ any 
drivers directly, but uses drivers under contract, those drivers would 
need to be trained. Similarly, if an owner/operator has chosen to 
combine dispatch services with two affiliates of its parent 
corporation, the owner/operator required to provide security training 
to its direct employees would also be required to provide security 
training to any dispatchers providing services for its fleet.
    In some circumstances, security-sensitive functions may be 
performed by individuals not within the definition of ``employee'' for 
purposes of this NPRM. For example, police officers employed by a local 
law enforcement agency may be routinely patrolling the owner/operator's 
premises and/or operations. They would not be subject to the proposed 
rule unless there is a contractual relationship for the law enforcement 
agency to provide that service and the law enforcement officer is 
assigned to that location. In situations where the owner/operator has a 
dedicated police or security force, the members of that force assigned 
to work at the facility would need to have security training consistent 
with that required for other employees. For those situations where 
those personnel are not required to be trained, TSA would encourage law 
enforcement personnel regularly assigned to patrols at that location to 
receive the same training as the employees to enhance communication and 
cooperation in response to potential threats.
2. Limits on Use of Untrained Employees
    If a security-sensitive employee does not receive the required 
security training, under the proposed rule, that employee would be 
prohibited from performing a security-sensitive function unless he or 
she is under the direct supervision of a security-sensitive employee 
who has met the training requirements. While TSA is not defining the 
word ``direct,'' TSA would expect the supervisor to be located in 
reasonable proximity to the employee to supervise actions and provide 
the necessary level of security awareness and response capabilities. 
Further, even if an employee is directly supervised, TSA proposes to 
impose a 60-day limit for the amount of time that an employee may 
perform a security-sensitive function without receiving training. After 
60 days, the proposed rule would require the owner/operator to remove 
the employee from a security-sensitive function; the owner/operator 
would, of course, retain the discretion to reassign the individual to 
other non-security-sensitive job functions.
3. Knowledge Required
    Consistent with other TSA regulations,\114\ TSA is proposing to 
require a training program that focuses on the specific knowledge 
provided to security-sensitive employees. The proposed rule affords 
flexibility for owner/operators to develop and implement a program that 
addresses the required components of the security training program in 
the context of their operational environments.
---------------------------------------------------------------------------

    \114\ See, e.g., 49 CFR 1548.11 (Training and knowledge for 
individuals with security-related duties) applicable to indirect air 
carriers).
---------------------------------------------------------------------------

    In developing the requirements, TSA considered the specifically 
enumerated subjects in the 9/11 Act, other Federal regulatory 
requirements, and curriculum elements already being provided by owner/
operators (based on information obtained as part of TSA's ongoing 
interaction with its stakeholders). TSA has organized these 
requirements into four broad categories: prepare, observe, assess, and 
respond. As noted in Diagram B below, all statutorily required program 
elements are included within these broad categories. For purposes of 
this discussion and Diagram B, the statutory requirements will be 
referenced as PT # (``PT'' aligns to 6 U.S.C. 1137 and the # with the 
relevant section in 1137(c)--for example, PT # 1 corresponds to 6 
U.S.C. 1137(c)(1)); RR # (``RR'' aligns with requirements in 6 U.S.C. 
1167 and the # with the relevant sections of 1167(c)); and OTRB # 
(``OTRB'' aligns with requirements in 6 U.S.C. 1184 and the # with the 
relevant section in 1184(c)). Other existing training that could be 
relevant to each of the categories is also identified in Diagram B as 
it could be useful to owner/operators in identifying existing training 
that could be used to satisfy the proposed regulatory requirements.
    The ``prepare'' category is intended to address training that may 
be specifically relevant to a particular job function. For example, an 
appropriate method for self-defense (as required by PT 3, RR 3, and 
OTRB 3) could vary based upon an employee's job and extent to which he 
or she interacts with the public. Similarly, an employee's role in 
operating and maintaining security equipment (as required by PT 10, RR 
11, and OTRB 11) varies based upon the responsibilities of the 
employee.
    The ``prepare'' category would also address training on discharging 
any security responsibilities that security-sensitive employees may 
have under a security plan or measure. This proposed rule does not 
require any owner/operator to adopt or implement a

[[Page 91363]]

security plan or measures. TSA is aware, however, that many owner/
operators have security plans or measures that they developed 
voluntarily, to comply with federal requirements, or to qualify for 
Federal grants. To the extent these plans or procedures exist, 
employees must be trained in order to ensure these plans or measures 
are effective. Similar to the threat and incident prevention and 
response training, this portion of the training program would need to 
be tailored to the specific operation. TSA intends for training 
provided under this category to satisfy requirements for in-depth 
security training for ``hazmat employees'' as required by 49 CFR 
172.704(a)(5). For freight railroads, the requirements in proposed 
Sec.  1580.115(c) include providing training on chain of custody and 
control requirements, as appropriate. This additional training is 
relevant to ensuring appropriate procedures are followed to comply with 
the security requirements in proposed subpart C to part 1580 (which 
contains the requirements in current Sec. Sec.  1580.103 and 1580.107).
    The ``observe'' category is intended to provide knowledge to 
increase a security-sensitive employee's observational skills. This 
category would address behavior recognition requirements of the 9/11 
Act (PT 6, RR 6 and OTRB 6)--encompassing an understanding of unusual 
or abnormal behavior that should trigger a response by employees 
because of the potential that the behavior may indicate a threat to 
transportation security. It also addresses a requirement to be able to 
recognize dangerous or suspicious items, behavior, or situations 
(required by PT 8, RR 9, and OTRB 9). In general, this training focuses 
on recognizing the difference between what is normal for the 
operational environment and abnormalities that could indicate terrorist 
planning or imminent attack. Training delivered should teach the 
employees that suspicious activity is a combination of actions and 
individual behaviors that appear strange, inconsistent, or out of the 
ordinary for the employee's work environment. In most instances, it 
will not be a single factor, but a combination of factors taking place 
at a particular time and place, that will accurately identify a 
suspicious individual or act.
    The ``assess'' category requires providing knowledge of how to 
determine if what is observed requires a response and what those 
appropriate responses may be. TSA is aware that some stakeholders 
provide training that includes tools to help employees assess the 
seriousness of a threat. This category addresses requirements in the 9/
11 Act (PT 1, RR1, and OTRB 1) as well as the security awareness 
training required for ``hazmat employees'' under 49 CFR 172.704(e)(4).
    The ``respond'' category includes training on security incident 
responses--including how to appropriately report a security threat, 
interact with the public and first responders at the scene of threat or 
incident, applicable uses of self-defense devices or protective 
equipment, and communication with passengers. This category addresses 
several elements of the 9/11 Act relating to communication and 
coordination (PT 2, RR 2, and OTRB 2), use of personal protective 
devices or equipment (PT 4, RR 4, and OTRB 4), evacuation procedures 
(PT 5, RR 5, and OTRB 5), responses to terrorist threats or incidents 
(PT 6, RR 7, and OTRB 7), and understanding procedures for interacting 
with responders (PT 9, RR 10, and OTRB 10). This category also 
addresses elements of security awareness training required by 49 CFR 
172.704(a)(4). To the extent owner/operators need to provide training 
on specific self-defense devices or protective equipment, TSA has not 
calculated these costs as it assumes this is a standard part of any 
operation before providing such devices or equipment to individuals and 
would not be a cost of this rule. Based on feedback received in 
consultation with stakeholders, TSA considered whether to tailor 
particular training requirements to specific job functions. It may be 
argued, for example, that training elements relevant to employees who 
encounter the public are not necessary for mechanics or other employees 
performing non-public functions. TSA believes, however, that there 
should be a common level of proficiency among security-sensitive 
employees of the covered entities; training in security awareness and 
behavior recognition is appropriate for all employees.
    At the same time, security-sensitive employees must be aware of 
their particular responsibility in preventing or responding to a threat 
or incident prevention and response and adequately trained to fulfill 
their roles. TSA recognizes that owner/operators may integrate into 
their required security training programs varying levels of training 
for particular categories of employees or job functions to meet the 
objectives of their overall security strategy or plan. TSA encourages 
continuation of these practices as long as the security training 
program meets the core requirements proposed in this rulemaking.
    Diagram B identifies the type of training covered within each of 
these categories by reference to the considerations that led to their 
development.

[[Page 91364]]

[GRAPHIC] [TIFF OMITTED] TP16DE16.014

I. Other Security Training Programs

    The 9/11 Act includes requirements for TSA to consider ``any 
current security training requirements or best practices'' before 
issuing security training regulations.\115\ As discussed above and 
indicated in Diagram B, TSA has taken current Federal regulations, 
guidance, and other practices affecting transportation security into 
consideration and has crafted this proposed rule to be consistent with 
those regulations and practices where they meet the requirements of the 
9/11 Act and the objectives of this rulemaking. In addition, TSA has 
been consulting with DOT to avoid potential inconsistencies and 
unnecessary duplication as a result of this proposed rule.
---------------------------------------------------------------------------

    \115\ See 6 U.S.C. 1167(a) and 1184(a).
---------------------------------------------------------------------------

    Many of the owner/operators required to provide security training 
under this regulation have been providing security training either 
under the requirements of training programs discussed in this section 
or using materials developed and/or approved by TSA for other purposes. 
A range of courses including those sponsored by TSA and other Federal 
agencies, such as FTA, Federal Emergency Management Agency (FEMA), and 
PHMSA, provide a means for covered entities to coordinate training for 
their employees in many of the elements stipulated in the proposed 
rule. For example, the training program this proposed rule would 
require is consistent with, and builds upon, security training programs 
that PTPR owner/operators have implemented through courses sponsored by 
FTA, TSA, and FEMA, including guidance provided to PTPR owner/operators 
to fast track grant applications for security training funding. In many 
cases, agencies have secured third-party training through funds awarded 
on projects approved under the TSGP administered by DHS. These 
government-sponsored and third-party courses would remain as approved 
options to the extent they adequately address the elements required in 
the final rule. As in the past, TSA would provide lists of approved 
courses to PTPR owner/operators subject to the regulatory requirements.
    As discussed in section III.D.3 (recognition of previous training) 
of this NPRM, an owner/operator may rely on this training to satisfy 
the training requirements of the proposed rule to the extent the 
training program they submit includes the curriculum and an explanation 
of how the previous training meets TSA's requirements and is 
appropriate for the particular owner/operator. TSA anticipates that for 
many owner/operators, the training discussed above would meet most of 
the requirements. It is likely, however, that additional training would 
be needed for some of the knowledge required by the ``prepare'' 
category of training in proposed Sec. Sec.  1580.115(c), 1582.115(c), 
and 1584.115(c). The following section discusses some of the programs 
and requirements that are relevant to these considerations.
1. Federal Railroad Administration Safety Training Requirements
    Passenger railroad employee training programs already comply with 
FRA safety standards requiring the preparation, adoption, and 
implementation of emergency preparedness plans by railroads connected 
with the operation of passenger trains (including freight carriers 
hosting passenger rail

[[Page 91365]]

operations).\116\ The FRA defines an ``emergency'' as an unexpected 
event related to the operation of passenger train service involving a 
significant threat to the safety or health of one or more persons 
requiring immediate action, and includes a security situation.\117\ 
Under the regulations in 49 CFR part 239, each affected railroad is 
required to instruct its employees on the provisions of its plan. 
Emergency preparedness plans must address such subjects as 
communication (including on-board crewmember notification of the 
control center and passengers about the nature of the emergency and 
control center personnel notification of outside emergency responders 
and adjacent rail modes of transportation), passenger evacuation in 
emergency situations, employee training and qualification, joint 
operations, tunnel safety, liaison with emergency responders, on-board 
emergency equipment, and passenger safety information. FRA also 
requires full-scale emergency simulations for passenger trains. In 
general, the FRA has found few failures to provide the required 
training. In FY 2014, there was a single recommended violation for 
failure to meet the requirements of 49 CFR 239.7.\118\
---------------------------------------------------------------------------

    \116\ See 49 CFR part 239.
    \117\ See 49 CFR 239.7.
    \118\ See FRA, ``Fiscal Year 2014 Enforcement Report,'' at 3. 
This is an annual report published by FRA summarizing settled claims 
for civil penalty violations of Federal railroad safety and 
hazardous materials statues, regulations and orders during Federal 
Fiscal Year 2014 and is available is available under Enforcement & 
Litigation on FRA's Web site at https://www.fra.dot.gov/eLib.
---------------------------------------------------------------------------

    As stated in Sec. Sec.  1580.113(c) and 1582.113(c) of the proposed 
rule, TSA recognizes that the training required by 49 CFR 239.7 may be 
combined with other training to partially or fully meet or exceed 
requirements under proposed Sec. Sec.  1580.115(f) or 1582.115(f) and 
would not expect owner/operators to duplicate this training. TSA would 
work in cooperation with the FRA to validate that the owner/operators 
have provided the training as represented in any programs submitted to 
TSA for approval. As previously noted, the training program required 
under this proposed rule would need to clearly describe and identify 
the training and how it is being used to satisfy the requirements of 
the TSA regulation.
2. Federal Transit Administration Safety Requirements
    Under 49 CFR part 659, the FTA manages State Safety Oversight for 
Rail Fixed Guideway Systems.\119\ Currently, part 659 requires States 
to oversee the safety and security of rail fixed guideway systems 
operating in their jurisdictions through designated Oversight Agencies 
(OAs). The OAs must require the operator of the rail fixed guideway 
system to develop and implement a written system safety program plan 
and a written system security plan as separate products. Each covered 
system must base its Transit Agency Safety Plan on an adequate Safety 
Management System (SMS), and include an adequate means of safety 
promotion to support the execution of the plan by all employees, 
agents, and contractors.\120\
---------------------------------------------------------------------------

    \119\ On March 16, 2016, the FTA published a final rule for 
State safety oversight of rail fixed guideway public transportation 
systems not regulated by the FRA that replaces the current State 
Safety Oversight (SSO) rule in 49 CFR part 659. See State Safety 
Oversight; Final Rule, 81 FR 14229 (Mar. 16, 2016) (adding part 674 
to title 49 of the CFR). The FTA will rescind the current SSO rule 
no later than April 15, 2019. SSO Agencies and rail transit agencies 
(RTAs) will continue to comply with the current SSO rule until they 
come into compliance with the new regulations. The FTA omitted 
System Security Plans from its final rule, noting, ``TSA . . . has 
the prerogative and responsibility for all rulemakings on security 
in public transportation.'' Id. at 14233.
    \120\ See 49 CFR 674.29 and Appendix A to part 674.
---------------------------------------------------------------------------

    The Safety Promotion component of the SMS includes safety 
communication, which requires a combination of training and 
communication of safety information to employees to heighten the 
efficiency and effectiveness of the transit agency's SMS, and typically 
includes training on the mechanism for employees to report safety 
concerns.\121\ Safety communication is intended to ensure that 
personnel are aware of the SMS and their role within it, and receive 
safety-critical information in an effective and timely manner.\122\
---------------------------------------------------------------------------

    \121\ Id.
    \122\ Id.
---------------------------------------------------------------------------

    Additionally, the OAs must require covered transit agencies to 
conduct annual reviews of both their system safety program plans and 
system security plans. Further, the OAs must require covered agencies 
to develop and document a process for the performance of on-going 
internal safety and security reviews in their system safety program 
plans. Finally, the OAs themselves must conduct on-site reviews of 
system safety program plan and system security plan implementation.
3. OTRB Safety Requirements
    The FMCSA has not issued regulations regarding OTRB owner/operators 
to provide training to their employees on evacuation procedures. In its 
2012 update to the ``Motorcoach Safety Action Plan,'' FMCSA noted its 
commitment to examining ``ways to convey safety information to 
passengers and improve evacuation for a diverse population.'' It is 
important to recognize that in the OTRB environment, the only employee 
of the owner/operator on the bus may be the driver. Focusing on what 
the driver can do, FMCSA published guidance in 2007 to the industry 
recommending providing pre-trip safety information to passengers. FMCSA 
also distributed safety brochures, posters, and an audio compact disc 
(CD) based on the guidance that contains safety announcements regarding 
emergency egress that can be broadcast. The original CD was in English 
and FMCSA subsequently translated it in six other languages.\123\ To 
the extent an owner/operator has provided training related to this 
issue pursuant to FMCSA recommendations, they could provide information 
on this training and their use of it to TSA as part its security 
training program submission.
---------------------------------------------------------------------------

    \123\ U.S. Department of Transportation, ``Motorcoach Safety 
Action Plan:2012 Update,'' at 29 (Dec. 2012), FMCSA-ADO-13-001. See 
id. at 42-43 for additional information on ongoing initiatives of 
FMCSA on this issue.
---------------------------------------------------------------------------

4. Hazardous Materials Regulations
a. Overlap With DOT Regulations Regarding Transportation of Hazardous 
Materials
    Both DOT and DHS have responsibility regarding the transportation 
of hazardous materials. TSA is the lead Federal entity for 
transportation security, including hazardous materials and pipeline 
security, while PHMSA has responsibility for promulgating and enforcing 
regulations and administering a national program of safety, including 
security, in multimodal hazmat transportation.\124\ As part of a 
Memorandum of Understanding (MOU) between these agencies to coordinate 
on activities related to their respective missions, TSA and PHMSA 
agreed to coordinate in the development of standards, regulations, 
guidelines, or directives and to build on existing standards when it is 
determined that the adequacy of existing standards needs to be 
addressed.\125\ Consistent with that agreement, TSA and PHMSA have 
coordinated regarding PHMSA's security regulations and on this NPRM.

[[Page 91366]]

A copy of the MOU is available in the docket for this rulemaking.
---------------------------------------------------------------------------

    \124\ See ``Annex to the Memorandum of Understanding Between the 
Department of Homeland Security and the Department of Transportation 
Concerning Transportation Security Administration and Pipeline and 
Hazardous Materials Safety Administration Cooperation on Pipeline 
and Hazardous Materials Transportation Security,'' at secs. III.b. 
and III.c. (August 2006).
    \125\ Id. at sec. II.
---------------------------------------------------------------------------

    For the purposes of this rulemaking, it is important to recognize 
that PHMSA's security requirements for hazmat transportation apply to 
freight railroad carriers, motor carriers, and shippers and receivers 
of hazmat. Within these populations, PHMSA regulations require all 
individuals within the definition of ``hazmat employee'' to receive 
training in security awareness.\126\ The HMR also requires hazmat 
employers who offer for transportation or who transport a subset of 
hazardous materials in specific quantities to develop security 
plans.\127\ In addition, any hazmat employer required to have a 
security plan must provide in-depth security training to its 
employees.\128\
---------------------------------------------------------------------------

    \126\ 49 CFR 172.704(a)(4). See 49 CFR 171.8 for definition of 
``hazmat employee.''
    \127\ 49 CFR 172.800 and 172.802.
    \128\ Whether a hazmat employer is required to have a security 
plan, and therefore provide in-depth security training, is 
determined by whether they transport any of the materials identified 
in 49 CFR 172.800.
---------------------------------------------------------------------------

    Specifically, the HMR require training of hazmat employees in: (1) 
Familiarity with the general provisions of the HMR and recognizing and 
identifying hazardous materials; (2) knowledge of specific HMR 
requirements applicable to functions performed; and (3) knowledge of 
emergency response information, self-protection measures, and accident 
prevention methods. The in-depth security training requirements include 
training on: (1) Awareness of the security issues associated with 
hazardous materials transportation and possible methods to enhance 
transportation security; and (2) the owner/operator's security 
objectives, specific security procedures, employee responsibilities, 
actions to be taken in the event of a security breach, and the 
organizational security structure.\129\
---------------------------------------------------------------------------

    \129\ Id.
---------------------------------------------------------------------------

    TSA's proposed rule would apply to a subset of those entities 
required to have security training programs under the HMR. Within the 
population subject to both the HMR and TSA's proposed rule, employees 
to be trained also differs. PHMSA applies the definition of ``hazmat 
employee'' used for their safety regulations,\130\ while TSA's proposed 
rule applies to employees whose functions are determined by TSA to be 
``security-sensitive.'' Data is not available to precisely determine 
the extent of overlap. For the subset of the HMR population also within 
the scope of TSA's proposed rule, TSA's proposed training requirements 
go beyond the baseline required by PHMSA. Diagram B includes references 
to the HMR requirements.
---------------------------------------------------------------------------

    \130\ 49 CFR 171.8.
---------------------------------------------------------------------------

    PHMSA has reviewed TSA's proposed requirements and agrees that 
owner/operators subject to its rule who meet TSA's proposed 
requirements would also satisfy the corresponding provisions in PHMSA's 
security training requirements. PHMSA's regulations state that training 
conducted by owner/operators to comply with security training programs 
required by other Federal agencies may be used to satisfy their hazmat 
employee training to the extent that such training addresses the 
training components specified for hazmat employee training.\131\
---------------------------------------------------------------------------

    \131\ 49 CFR 172.704(b).
---------------------------------------------------------------------------

b. Inspections and Enforcement
    TSA recognizes that stakeholders may be concerned about the 
potential overlap between PHMSA's regulations and TSA's proposed 
regulations. For example, under its Secure Contact Review program, the 
FRA audits railroads and evaluates their compliance with security plans 
and security training as mandated by the PHMSA regulations. Federal 
Railroad Administration inspectors are given authority to write 
citations for an owner/operator's failure to properly comply with the 
requirements. PHMSA also conducts periodic compliance investigations 
and its inspectors are given authority to write citations for failure 
to properly comply with the requirements.\132\
---------------------------------------------------------------------------

    \132\ See 75 FR 10974 (Mar. 9, 2010). See also 49 CFR 107.301 et 
seq.
---------------------------------------------------------------------------

    PHMSA recognizes TSA's lead role and regulatory responsibilities in 
the secure transport of hazmat. After summarizing TSA's authorities in 
its preamble to the final rule amending the HMR, PHMSA stated:

 When PHMSA adopted its security regulations, it was stated that these 
regulations were `the first step in what may be a series of rulemakings 
to address the security of hazardous materials shipments.' 68 FR 14511. 
PHMSA noted in the NPRM that TSA `is developing regulations that are 
likely to impose additional requirements beyond those established in 
this final rule' and stated that it would `consult and coordinate with 
TSA concerning security-related hazardous materials transportation 
    regulations . . . .TSA intends to promulgate additional 
regulations for railroad carriers and other modes of surface 
transportation that will require them to submit vulnerability 
assessments and security plans to DHS for review and approval, as 
well as to develop and implement security training programs for 
employees performing security-sensitive functions to prepare for 
potential security threats and conditions. The security plan 
requirements established by the HMR are to be used as a baseline for 
security planning. When TSA regulations are issued, the PHMSA 
security plan and security training requirements for regulated 
parties that will be subject to the TSA regulations will be 
reevaluated and revised as appropriate.\133\
---------------------------------------------------------------------------

    \133\ 75 FR at 10976.

    DHS and DOT are committed to coordinating on the oversight of 
security-related training for carriers of RSSM. Consistent with the MOU 
previously discussed, PHMSA's Final Rule revising the HMR acknowledged 
---------------------------------------------------------------------------
the agreement between the agencies:

    If, in the course of an inspection of a railroad or motor 
carrier or a rail or highway hazardous material shipper or receiver, 
TSA identifies evidence of non-compliance with a DOT safety or 
security regulation, TSA will provide the information to FRA (for 
rail) or FMCSA (for motor carriers) and PHMSA for appropriate 
action. Similarly, since DOT does not have the authority to enforce 
TSA security requirements, if a DOT inspector identifies evidence of 
non-compliance with a TSA security regulation or identifies other 
security deficiencies, DOT will provide the information to TSA for 
appropriate action.\134\
---------------------------------------------------------------------------

    \134\ Id. at 10977.

TSA has committed to DOT to do the same.

c. Overlap With Other DHS Regulations

    Parts of TSA's current regulations for rail security include 
requirements applicable to certain shippers and receivers of hazardous 
materials.\135\ While TSA is not modifying its existing requirements 
for shippers and receivers as part of this proposed rule, it is also 
not proposing to apply the security training requirements to shippers 
and receivers.
---------------------------------------------------------------------------

    \135\ See scope identified in current Sec.  1580.1.
---------------------------------------------------------------------------

    This is consistent with TSA's intent to avoid any overlap with 
regulations promulgated by the National Protection and Programs 
Directorate (NPPD) of DHS for the security of certain high-risk 
chemical facilities in the United States.\136\ NPPD has previously 
recognized that certain aspects of its authorities \137\ are concurrent 
and overlapping with TSA due to the transportation of these chemicals 
by rail, but stated that it does not presently plan to screen railroad 
facilities for inclusion in the CFATS program (although the Department 
reserved the right to reevaluate possible scope at a

[[Page 91367]]

future date).\138\ TSA and NPPD, continue to work closely together to 
ensure that the efforts directed at these facilities are coordinated 
and consistent.
---------------------------------------------------------------------------

    \136\ Promulgated under the authority of sec. 550 of the 
Department of Homeland Security Appropriations Act, 2007 (2007 DHS 
Appropriations Act), Public Law 109-295, 120 Stat. 1355 (Oct. 4, 
2006).
    \137\ See id.
    \138\ See 72 FR 17729, 17698-17699 (Apr. 9, 2007) (IFR for 
CFATS).
---------------------------------------------------------------------------

    While facility security training and transportation security 
training have unique differences and shall be considered as separate 
issues, TSA's subject matter experts have reviewed the training 
requirements of CFATS RBPS 11 and determined that they meet or exceed 
the requirements considered necessary by TSA for secure transportation 
of the identified chemicals. There would be no additional security 
benefit from extending the training requirements of this proposed rule 
to entities subject to CFATS. This determination was considered as part 
of TSA's decision not to include shippers and receivers of hazardous 
materials within the scope of this proposed rule.

J. Training Resources

    As previously discussed, TSA is aware that many owner/operators 
that would be subject to this proposed rule already provide security 
training to their employees that may meet the proposed requirements. To 
further reduce the burden to owner/operators who do not have an 
existing training program or whose program does not include all of the 
required content, TSA is expanding existing resources that will be made 
available to owner/operators at no cost. Owner/operators would be able 
to use these expanded resources, described below, to meet the content 
requirements of Sec. Sec.  1580.115, 1582.115, and 1584.115 of the 
proposed rule.
First ObserverTM
    First ObserverTM is a national training program 
initially created through a grant from DHS to raise security awareness 
for highway modes.\139\ It was designed to provide transportation 
professionals with information that will enable them to observe 
effectively, assess and report suspicious individuals, vehicles, 
packages, and/or objects. The program has been used to teach thousands 
of highway transportation professionals to actively participate in 
recognizing suspicious activities and reporting them through 
appropriate mechanisms.
---------------------------------------------------------------------------

    \139\ ``First ObserverTM'' refers to the current 
program and any future expansion or changes to the program.
---------------------------------------------------------------------------

    TSA is expanding the program to be relevant to other modes of 
surface transportation, including freight railroads, passenger 
railroads, and public transportation systems. The First 
ObserverTM Program is undergoing extensive revision and TSA 
is ensuring the content of all revised First ObserverTM 
products will ultimately meet the security training requirements set 
forth in a final rule. At this time, TSA does not anticipate that First 
ObserverTM will satisfy the requirement to provide employer 
specific training to security-sensitive employees with responsibility 
under their employer's specific security programs or measures--
addressed under the ``Prepare'' component of training--as this is 
company-specific training. TSA does, however, anticipate that the 
SMARToolbox, discussed below, may provide resources needed to reduce 
costs for this aspect of the proposed training.
    To ensure the expanded program is relevant to all of the modes of 
transportation covered by this proposed rule, TSA sought to obtain 
input from its stakeholders and will continue with this effort. For 
example, while this rulemaking was under development, a meeting of the 
joint industry-government panel operating as the Transit Policing and 
Security Peer Advisory Group (PAG) \140\ looked at available training 
programs in light of what the 9/11 Act specified as required training 
for public transportation.\141\ For purposes of the discussion on the 
9/11 Act's requirements, the FTA's representatives included a course 
curriculum developer. The group produced a comprehensive matrix that 
included standards and criteria needed to meet the training elements 
required by the 9/11 Act as well as suggested learning objectives to 
assist in the creation of lesson plans. The intent was to provide a 
resource that could be used by transit agencies to: (1) Review their 
existing training programs and close any gaps; (2) develop new 
programs; or (3) evaluate commercial courses. The panel also pre-
screened a selection of available courses that could be used for 
training that met all of the elements identified in the 9/11 Act. The 
standards and criteria developed by this group feeds into the 
considerations identified in Diagram B. This exercise also supports 
TSA's assumption that most of the owner/operators that would be 
affected by this proposed rule already have training programs in place 
that would substantially comply with the proposed rule's requirements.
---------------------------------------------------------------------------

    \140\ The PAG shares expertise and guidance among TSA, transit 
police chiefs, and security directors. The group meets by 
teleconference with TSA at least once a month to discuss relevant 
issues involving transit security and anti-terrorism approaches.
    \141\ See 6 U.S.C. 1137(c).
---------------------------------------------------------------------------

SMARToolbox
    As with the general security training content, TSA is aware that 
many owner/operators already provide training to prepare security-
sensitive employees for their specific responsibilities under their 
company's security plan as required by proposed Sec. Sec.  1580.115(c), 
1582.115(c), and 1584.115(c). For example, any owner/operator subject 
to the security training requirements of 49 CFR part 172 is required to 
provide in-depth training on company-specific measures under 49 CFR 
172.704(a)(5). This population overlaps with most of the freight 
railroad population that would be subject to this proposed rule.
    For those that do not currently provide this type of training, TSA 
has resources available to reduce the burden. In particular, TSA 
encourages owner/operators to use the SMARToolbox--an industry-led 
initiative supported by TSA--as a resource presenting a broad range of 
security measures that peer agencies have identified as valuable to 
their organization. A searchable, modifiable database allows for 
various specified searches--making it easy for the users to find 
information relevant to their specific needs. SMARToolbox includes 
measures gathered from publically available sources as well as from 
discussions amongst industry representatives at a variety of 
stakeholder events. As part of this rulemaking effort, TSA has ensured 
the SMARToolbox includes information relevant to this training 
requirement.

K. Programmatic Alternatives

    In addition to the applicability alternatives discussed in section 
III.F. of this NPRM, TSA has also considered other programmatic 
alternatives. In general, these alternatives eliminated aspects of the 
proposed rule that are within TSA's discretion, or even necessary parts 
of implementing the statutory requirements, but not directly mandated 
by the 9/11 Act.
    Table 7 identifies these provisions relevant to each mode.

[[Page 91368]]



       Table 7--Identification of Programmatic Requirements Eliminated or Modified in Alternative Analysis
----------------------------------------------------------------------------------------------------------------
                                                Freight rail     PTPR (Rail)       PTPR (Bus)         OTRB)
----------------------------------------------------------------------------------------------------------------
Recordkeeping...............................               X                X                X                X
Training on chain of custody requirements...               X   ...............  ...............  ...............
Security coordinators and alternates........  ...............  ...............               X   ...............
Reporting security incidents................  ...............  ...............               X                X
Annual recurrent training (replaced with 3                 X                X                X                X
 year cycle)................................
----------------------------------------------------------------------------------------------------------------

    In determining the implications of these alternatives, TSA 
continues to assume that owner/operators would use First 
ObserverTM to meet the requirements--or to fill any gaps in 
their current training programs. In most cases, the programmatic 
alternatives assume elimination of the requirement. For recurrent 
training, the alternative assumes recurrent training would occur every 
three years rather than annually (since there is not a statutory 
requirement for how often covered security sensitive employees must be 
trained, TSA sets the minimum interval of recurrent training to once 
every three years as opposed to the annual training TSA is requiring in 
the proposed rule). Based on these assumptions, these alternatives 
would have an estimated cost of approximately--
     $25.27 million for freight railroad owner/operators over a 
10-year period (at a 7 percent discount rate).
     $18.50 million for PTPR owner/operators over a 10-year 
period (at a 7 percent discount rate).
     $5.85 million for OTRB owner/operators over a 10-year 
period (at a 7 percent discount rate).

The basis for the estimates of benefits and costs is set forth in the 
RIA for this rulemaking, which is included in the public docket.
    TSA rejected these alternatives because the agency has determined 
that the proposed rule better aligns with its commitment to risk-based 
security policy and outcomes-based regulation. While recordkeeping is 
not specifically stated as a requirement in the 9/11 Act, it is a 
necessary part of enforcing any regulatory requirement. TSA also 
believes requiring owner/operators to maintain records of training and 
provide proof of training to current and former employees upon request 
can reduce costs of training based upon the recognition given to prior 
training. Chain of custody is a critical requirement for freight 
railroads to ensure security during the transportation of RSSM. TSA 
believes it is essential for employees with responsibility to perform 
requirements identified in part 1580 related to chain of custody be 
trained on how to perform those requirements as part of their security 
training curriculum. To inconsistently apply the requirement for 
security coordinators and reporting of security incidents for high-risk 
entities could create significant gaps in the information obtained and 
shared--creating unnecessary security vulnerabilities. TSA discusses 
its basis for requiring annual training in section III.D.3 of this 
NPRM.

IV. Stakeholder Consultations

    The 9/11 Act directed TSA to consult with major stakeholders during 
the development of this NPRM.\142\ The categories of stakeholders to be 
included in these consultations consist of industry representatives, 
first responders, terrorism experts, and, nonprofit employee labor 
organizations. As discussed below, TSA has complied with these 
requirements through meetings with stakeholders before drafting of this 
proposed rule began, requests for comments submitted through 
associations, as well as a targeted request for additional input 
through a Notice published in the Federal Register.
---------------------------------------------------------------------------

    \142\ See 6 U.S.C. 1137(b), 1167(b), and 1184(b).
---------------------------------------------------------------------------

    As noted, TSA published a notice in the Federal Register requesting 
the public to provide comments and data on employee security training 
programs and planned security training exercises currently provided by 
owner/operators of freight railroads, passenger railroads, public 
transportation systems (excluding ferries), and OTRBs.\143\ TSA 
received a few responsive comments from trade associations, public 
agencies, and private companies that helped TSA to understand the 
current ``baseline'' training environment for freight rail, PTPR, and 
OTRB employees. As the limited information received provided data 
relevant to the economic impact of this proposed rule, it is discussed 
more fully in the RIA for this rulemaking, which can be found in the 
docket.
---------------------------------------------------------------------------

    \143\ See 78 FR 35945 (June 14, 2013).
---------------------------------------------------------------------------

    TSA has taken stakeholder comments into consideration in developing 
the NPRM. The text below describes stakeholder outreach TSA has 
conducted.

A. Multi-Modal Outreach

    In September and October of 2009, TSA reached out to 
representatives of the constituencies mandated by 6 U.S.C. 1137, 1167, 
and 1184. These stakeholders included representatives of State, local, 
and tribal governmental authorities; first responders; security and 
terrorism experts; appropriate labor organizations; and organizations 
representing the elderly and disabled.
    On September 14, 2009, TSA reached out to representatives of the 
following stakeholder groups by transmitting a letter and summary 
document outlining the key statutory requirements of the NPRM and 
requesting their comments: TSA/Office of Civil Rights and Liberties; 
Homeland Security Institute; Mineta Transportation Institute; FEMA/
United States Fire Administration/National Fire Programs; International 
Association of Chiefs of Police; National Sheriffs Association; 
National Emergency Medical Services Association; Commercial Vehicle 
Safety Alliance; State, Local, Tribal, and Territorial Government 
Coordinating Council (GCC); and DHS/National Protection and Programs 
Directorate/Intergovernmental Programs.

B. Freight Rail

    TSA conducted meetings and conference calls with representatives of 
the freight railroad industry, including trade associations 
representing railroad carriers and shippers of hazardous materials. 
Class I carriers as well as short line and regional railroads 
participated in these consultations. TSA also met with representatives 
from two rail labor organizations. In addition, TSA met with members of 
the AAR in November 2009 to discuss the proposed security training.
    The AAR has stated that ``TSA regulation of security training for 
railroad employees is unnecessary'' \144\

[[Page 91369]]

because most freight rail hazmat employees already receive training in 
compliance with the PHMSA, which requires freight rail employees who 
perform HAZMAT functions to ``receive training that provides an 
awareness of security risks associated with hazardous materials 
transportation . . . this training must also include a component 
covering how to recognize and respond to possible security threats.'' 
\145\ The AAR affirms this and explicitly states in its comments that 
``railroads provide security awareness training to their front line 
employees and have done so for many years'' and employees have to take 
recurrent training every three years, at minimum.\146\ The American 
Short Line and Regional Railroad Association also submitted comments 
and stated that, with regards to its members, the current level of 
``[t]raining involves looking for suspicious persons, items[, w]hat 
IEDs may look like[, and h]ow to handle different situations . . . .'' 
\147\
---------------------------------------------------------------------------

    \144\ ``Comments of the Association of American Railroads'' 
(Docket ID: TSA-2013-0005-0116), available at https://www.regulations.gov/. Input the Docket ID ``TSA-2013-0005-0116'' 
into the blue ``Search'' field.
    \145\ 49 CFR 172.704(a)(4).
    \146\ Id. (citing 49 CFR 172.704(a)(4)).
    \147\ ``Comments of the American Short Line and Regional 
Railroad Association'' (Docket ID: TSA-2013-0005-0124), available at 
https://www.regulations.gov/. Input the Docket ID ``TSA-2013-0005-
0124'' into the blue ``Search'' field.
---------------------------------------------------------------------------

    TSA's freight rail subject matter experts confirmed that higher-
risk freight railroad owner/operators currently provide training to 
their security-sensitive employees on the procedures on chain of 
custody control requirements-based on the compliance rates for current 
49 CFR 1580.107. This information leads TSA to conclude that all 
freight rail owner/operators affected by the proposed rule that 
transport RSSM provide training to their employees on, at minimum, 
security awareness; employee- and company-specific security program and 
measures; and chain of custody and control requirements.

C. Public Transportation and Passenger Rail

    TSA consulted with industry representatives, governmental 
authorities, security experts, first responders, and employee 
representatives through the Transit, Commuter and Long Distance Rail 
GCC,\148\ the Mass Transit Sector Coordinating Council (SCC),\149\ and 
PAG.\150\
---------------------------------------------------------------------------

    \148\ The Commuter and Long Distance Rail GCC includes 
representatives from TSA, other DHS components, the FTA, and the 
FBI.
    \149\ The Mass Transit SCC is a representative group for the 
mass transit and passenger rail community formed in accordance with 
the National Infrastructure Protection Plan to advance the public-
private partnership for mass transit and passenger rail security. 
Its membership includes senior executives, law enforcement chiefs, 
and security directors for mass transit and passenger rail agencies 
of varying sizes, locations, and system types as well as 
representatives of APTA, the Community Transportation Association of 
America, and the Amalgamated Transit Union.
    \150\ As previously noted, see supra, n. 140, the PAG brings 
together the expertise of some 15 law enforcement chiefs and 
security directors from mass transit and passenger rail systems 
across the Nation of varying location, size, and system type as a 
consultative forum with extensive experience to facilitate 
development and implementation of effective security programs. To 
advance these purposes, the Group, which formed in November 2006, 
convenes with TSA officials in monthly teleconferences. Membership 
in the PAG consists of the law enforcement chiefs or security 
directors of public transportation agencies in large metropolitan 
areas, as well as Amtrak. In addition to Amtrak, the following 
agencies are members of the PAG: Metro Transit of Harris County, 
Texas (Houston Area), Massachusetts Bay Transportation Authority; 
New York Metropolitan Transportation Authority; New York Police 
Department--Transit Bureau; New Jersey Transit; Southeast 
Pennsylvania Transportation Authority; Washington Metropolitan Area 
Transit Authority; Metropolitan Atlanta Rapid Transit Authority; 
Chicago Transit Authority; Dallas Area Rapid Transit; Denver 
Regional Transportation District; King County Metro Transit (Seattle 
Area); Bay Area Rapid Transit; and Los Angeles County Sheriff's 
Department.
---------------------------------------------------------------------------

    TSA initiated consultations in October 2007 by explaining the 
planned approach in a joint meeting with the SCC and via a 
teleconference with the PAG. Participants at both forums were advised 
that a summary of the developing concepts and considerations for the 
security training program rulemaking would be prepared and provided to 
them for review and feedback. In preparing the summary, TSA coordinated 
with the membership of the GCC. The summary was completed in November 
2007. Dissemination to the SCC and PAG for review and comment occurred 
in December 2007 and January 2008. TSA received feedback in February 
and March 2008.
    A second round of consultations with the SCC and PAG occurred 
during October and November 2009. At that time, the consultations 
expanded to include additional law enforcement chiefs and security 
directors, specifically those not previously consulted to participate 
in the semi-annual Transit Safety and Security Roundtables.\151\
---------------------------------------------------------------------------

    \151\ TSA, FTA, and FEMA host semi-annual Transit Safety and 
Security Roundtables with the law enforcement chiefs and security 
directors of the largest 50 mass transit and passenger rail systems 
(by passenger volume) and Amtrak. These agencies account for more 
than 80 percent of all users of public transportation services 
nationally. The three-day sessions employ a workshop format to 
address specific issues pertaining to terrorism prevention and 
response. The collective expertise fosters the development of 
collaborative security solutions, informs setting of priorities for 
security programs, and advances the strategic priority of elevating 
the baseline level of security throughout the mass transit and 
passenger rail mode.
---------------------------------------------------------------------------

    In its general comments in response to the 2013 Notice, APTA 
asserted that ``the elements of the 9/11 Act are already addressed 
within the scope of security training programs throughout the public 
transportation industry.'' \152\ The American Public Transportation 
Association cited training required by 49 CFR 239.101 as evidence that 
they meet certain portions of the 9/11 Act. As noted in section III.G.1 
of this NPRM, 49 CFR part 239 (also known as the ``Passenger Train 
Emergency Preparedness Rule'') has a training requirement for rail 
equipment familiarization, situational awareness, coordination of 
functions, and `hands-on' instruction concerning the location, 
function, and operation of on-board emergency equipment.\153\ These 
requirements, which align with some of those in TSA's proposed rule, 
apply to many of the public transportation modes affected by the 
proposed rule (intercity passenger rail and commuter rail). Individual 
public transportation agencies--including a few that would be affected 
by the proposed rule-also provided comments on the type of training 
they currently implement for frontline employees. This training 
includes programs on security awareness and employee- and company-
specific training on their own security programs and measures (which 
employees have to take every two years). All of this information has 
led TSA to conclude that some PTPR owner/operators, either in 
compliance with other security rules or because the owner/operator 
makes security a priority, invest in security training for their 
frontline employees and, at minimum, cover the topics of security 
awareness, and employee- and company-specific security program and 
measures.
---------------------------------------------------------------------------

    \152\ APTA, ``RE: Docket No. TSA-2013-0005'' (Docket ID: TSA-
2013-0005-0114), available at https://www.regulations.gov/. Input 
the Docket ID ``TSA-2013-0005-0114'' into the blue ``Search'' field.
    \153\ Id.
---------------------------------------------------------------------------

D. Over-the-Road Buses

    TSA conducted a meeting with industry stakeholders in November 
2007. In July 2009, TSA met again with industry representatives. During 
the 2007 consultations, industry stakeholders included large motorcoach

[[Page 91370]]

operators and trade associations representing both large and small 
operators. In July 2009, TSA again met with representatives of the OTRB 
community and presented a series of issues on which TSA sought their 
individual opinions.
    In its response to the 2013 Notice, the American Bus Association 
(ABA) \154\ described the importance of the OTRB Security Grant Program 
in providing financial assistance to the industry for implementing 
security measures, such as equipment and training.\155\ According to 
the ABA, nearly 10 percent of the funding from the OTRB Security Grant 
Program went to security training. The OTRB Security Grant Program has 
since been discontinued and the ABA states that some security upgrades 
were not enacted because:
---------------------------------------------------------------------------

    \154\ The ABA describes itself as a trade association that is 
``home to some 850 bus operating companies and over 3,000 other 
companies, organizations and partnerships involved in providing 
transportation, tour and travel services to the traveling public.'' 
See ``Comments of the American Bus Association'' (Docket ID: TSA-
2013-0005-0119), available at https://www.regulations.gov/. Input 
the Docket ID ``TSA-2013-0005-0119'' into the blue ``Search'' field.
    \155\ Id.

    [T]he private bus industry was largely unable to pay for such 
upgrades. The inability to pay is a function of the small business 
nature of the industry, the huge number of bus operators with few 
resources and the inability of bus passengers to absorb any fare 
increases that could be used to pay for security upgrades.\156\
---------------------------------------------------------------------------

    \156\ Id.

    The ABA states that despite this loss in funding, two of the major 
private OTRB companies currently use ``Operation Secure Transport''--an 
OTRB-specific version of First ObserverTM--to train their 
``front line'' employees. This is validated by the comments provided by 
the private companies themselves. Additionally, according to comments 
from the OTRB Working Group of the Highway Motor Carrier SCC, ``all [of 
its] PAG members have supplied training to front line employees using 
Highway Watch, First ObserverTM, or Cat Eyes training.'' 
\157\ This group includes a third, major OTRB company. All of this 
information has led TSA to conclude that, at minimum, three of the 
larger OTRB companies currently use First ObserverTM to 
train their ``front line'' employees.
---------------------------------------------------------------------------

    \157\ Id.
---------------------------------------------------------------------------

E. Labor Unions

    In addition to inviting participation of labor union 
representatives in many of the mode-specific meetings, TSA also met 
specifically with labor unions as part of its stakeholder consultation 
process. In December 2007, TSA met with representatives of several 
labor unions. On November 3, 2009, TSA met with representatives from 
the Transportation Trades Department of the American Federation of 
Labor and Congress of Industrial Organizations, the International 
Brotherhood of Teamsters, the Brotherhood of Locomotive Engineers and 
the Amalgamated Transit Union to discuss the surface training issues.

V. Rulemaking Analyses and Notices

A. Paperwork Reduction Act

    The Paperwork Reduction Act of 1995 (PRA) \158\ requires that TSA 
consider the impact of paperwork and other information collection 
burdens imposed on the public and, under the provisions of PRA sec. 
3507(d), obtain approval from the OMB for each collection of 
information it conducts, sponsors, or requires through regulations.
---------------------------------------------------------------------------

    \158\ 44 U.S.C. 3501 et seq.
---------------------------------------------------------------------------

    Under OMB Control No. 1652-0051, OMB has approved a related 
information collection request for contact information for RSCs and 
alternate RSCs, as well as the reporting of significant security 
concerns by freight railroad carriers, passenger rail road carriers, 
and rail transit systems.
    This proposed rule contains new information collection activities 
subject to the PRA. Accordingly, TSA has submitted the following 
information requirements to OMB for its review. The OMB 83-I Supporting 
Statement for this information collection request is available in the 
docket for this rulemaking.
    Title: Security Training Programs for Surface Mode Employees.
    Summary: This proposed rule would require the following information 
collections:
    First, owner/operators identified in 49 CFR 1580.101, 1582.101, and 
1584.101 would be required to submit to TSA for approval a security 
training program for security-sensitive employees that meets the 
requirements of subpart B of 49 CFR part 1580, subpart B of 49 CFR part 
1582, and subpart B of 49 CFR part 1584.
    Second, respondents would be required to retain individual training 
records on security-sensitive employees at the location(s) specified in 
each respondent's respective security training program, and make such 
records available to TSA upon request.
    Third, the public transportation bus systems and OTRB owner/
operators to whom the proposed rule applies would be required to report 
significant security concerns, which includes incidents, suspicious 
activities, and/or threat information.
    Finally, the owner/operators to whom the proposed rule applies 
would be required to make their operations and records available for 
announced or unannounced inspections that would assess compliance with 
the NPRM.
    Use of: This proposal would support the information needs to 
evaluate security training programs against requirements set forth in 
the NPRM. Recordkeeping requirements would be used to verify employee 
training is in compliance with the proposed rule. Security coordinator 
information would support respondent communications with TSA concerning 
intelligence information, security related activities, and incident or 
threat response with appropriate law enforcement and emergency response 
agencies. The reporting of significant security concerns would support 
the analysis of trends and indicators of developing threats and 
potential terrorist activity. Finally, information collected through 
inspections would be used to enforce compliance with the proposed 
requirements.
    Respondents (including number of): The likely respondents to this 
information collection are the owners and/or operators of covered 
surface modes, which are estimated to incur approximately 1,374,501 
responses over the next 3 years (including 449,067 freight railroad 
responses; 673,033 PTPR responses; and 252,401 OTRB company responses), 
which amounts to an average annual cost of $657,370.
    Frequency: TSA estimates that following initial submission, 
security training programs would need to be periodically updated as 
appropriate. Security training records would need to be updated after 
each training occurrence. Security coordinator information would need 
to be updated as appropriate. Significant security concerns would be 
reported as they occur. TSA estimates inspections for compliance would 
occur at a rate of one inspection per year per owner/operator.
    Annual Burden Estimate: The average yearly burden for security 
training program development and submission, security coordinator 
submission, employee training documentation recordkeeping, and incident 
reporting is estimated to be 1,518 hours for freight railroads; 2,147 
hours for PTPRs; and 4,247 hours for OTRB companies. The total average 
annual time burden estimate is approximately 7,912 hours. Table 8 shows 
the information collections and corresponding hour

[[Page 91371]]

burdens for entities falling under the requirements of the proposed 
rule.

                                                              Table 8--PRA Hours of Burden
--------------------------------------------------------------------------------------------------------------------------------------------------------
                                                             Time per                   Number of responses                                   Average
                       Collection                            response    ------------------------------------------------   3-Year time     annual time
                                                              (hours)         Year 1          Year 2          Year 3          burden          burden
--------------------------------------------------------------------------------------------------------------------------------------------------------
                                              Initial Security Training Program Development and Submission
--------------------------------------------------------------------------------------------------------------------------------------------------------
Freight Rail............................................              52              36               0               0           1,872             624
PTPR....................................................              52              47               0               0           2,444             815
OTRB (Large to Medium)..................................              32              28               0               1             928             309
OTRB (Small)............................................              16             174               3               3           2,883             961
--------------------------------------------------------------------------------------------------------------------------------------------------------
                                              Modified Security Training Program Development and Submission
--------------------------------------------------------------------------------------------------------------------------------------------------------
Freight Rail............................................              25              32               0               0             810             270
PTPR....................................................              25              21               0               0             518             173
OTRB (Large to Medium)..................................              16              25               0               0             418             139
OTRB (Small)............................................               8             157               3               3           1,297             432
--------------------------------------------------------------------------------------------------------------------------------------------------------
                                                       Security Coordinator Information Submission
--------------------------------------------------------------------------------------------------------------------------------------------------------
PTPR....................................................             0.5              52               8               8              35              12
OTRB....................................................             0.5             459             178             181             409             136
--------------------------------------------------------------------------------------------------------------------------------------------------------
                                                      Employee Training Documentation Recordkeeping
--------------------------------------------------------------------------------------------------------------------------------------------------------
Freight Rail............................................           0.004         148,992         149,665         150,341           1,871             624
PTPR....................................................           0.004         219,437         219,646         219,856           2,746             915
OTRB....................................................           0.004          41,300          41,824          42,355             523             174
--------------------------------------------------------------------------------------------------------------------------------------------------------
                                                                   Incident Reporting
--------------------------------------------------------------------------------------------------------------------------------------------------------
PTPR....................................................            0.05           4,652           4,652           4,652             698             233
OTRB....................................................            0.05          41,173          41,898          42,635           6,285           2,095
                                                         -----------------------------------------------------------------------------------------------
    Total Burden (responses)............................  ..............  ..............  ..............  ..............       1,374,501  ..............
                                                         -----------------------------------------------------------------------------------------------
    Total Burden (hours)................................  ..............  ..............  ..............  ..............          23,735           7,912
--------------------------------------------------------------------------------------------------------------------------------------------------------

    TSA is soliciting comments to--
    (1) Evaluate whether the proposed information requirement is 
necessary for the proper performance of the functions of the agency, 
including whether the information would have practical utility;
    (2) Evaluate the accuracy of the agency's estimate of the burden;
    (3) Enhance the quality, utility, and clarity of the information to 
be collected; and
    (4) Minimize the burden of the collection of information on those 
who are to respond, including using appropriate automated, electronic, 
mechanical, or other technological collection techniques or other forms 
of information technology.
    Individuals and organizations may submit comments on the 
information collection requirements by February 14, 2017. Direct the 
comments to the address listed in the ADDRESSES section of this 
document, and email your comments to OMB using the following address: 
[email protected]. A comment to OMB is most effective if OMB 
receives it within 30 days of publication. TSA will publish the OMB 
control number for this information collection in the Federal Register 
after OMB approves it.
    As provided by the PRA, as amended, an agency may not conduct or 
sponsor, and a person is not required to respond to, a collection of 
information unless it displays a currently valid OMB control number.

B. Economic Impact Analyses

1. Regulatory Impact Analysis Summary
    Changes to Federal regulations must undergo several economic 
analyses. First, Executive Order (E.O.) 12866, Regulatory Planning and 
Review,\159\ as supplemented by E.O. 13563, Improving Regulation and 
Regulatory Review,\160\ directs each Federal agency to propose or adopt 
a regulation only upon a reasoned determination that the benefits of 
the intended regulation justify its costs. Second, the Regulatory 
Flexibility Act of 1980 (RFA) \161\ requires agencies to consider the 
economic impact of regulatory changes on small entities. Third, the 
Trade Agreement Act of 1979 \162\ prohibits agencies from setting 
standards that create unnecessary obstacles to the foreign commerce of 
the United States. Fourth, the Unfunded Mandates Reform Act of 1995 
\163\ (UMRA) requires agencies to prepare a written assessment of the 
costs, benefits, and other effects of proposed or final rules that 
include a Federal mandate likely to result in the expenditure by State, 
local, or tribal governments, in the aggregate, or by the private 
sector, of $100 million or more annually (adjusted for inflation).
---------------------------------------------------------------------------

    \159\ 58 FR 51735 (Oct. 4, 1993).
    \160\ 76 FR 3821 (Jan. 21, 2011).
    \161\ Public Law 96-354, 94 Stat. 1164 (Sept. 19, 1980) 
(codified at 5 U.S.C. 601 et seq., as amended by the Small Business 
Regulatory Enforcement Fairness Act of 1996 (SBREFA)).
    \162\ Public Law 96-39, 93 Stat. 144 (July 26, 1979) (codified 
at 19 U.S.C. 2531-2533).
    \163\ Public Law 104-4, 109 Stat. 66 (Mar. 22, 1995) (codified 
at 2 U.S.C. 1181-1538).

---------------------------------------------------------------------------

[[Page 91372]]

2. Executive Orders 12866 and 13563 Assessments
    Executive Orders 12866 and 13563 direct agencies to assess the 
costs and benefits of available regulatory alternatives and, if 
regulation is necessary, to select regulatory approaches that maximize 
net benefits (including potential economic, environmental, public 
health and safety effects, distributive impacts, and equity). Executive 
Order 13563 emphasizes the importance of quantifying both costs and 
benefits, of reducing costs, of harmonizing rules, and of promoting 
flexibility.
    In conducting these analyses, TSA has determined:
    1. This rulemaking is a ``significant regulatory action,'' although 
not an economically significant regulatory action, under sec. 3(f) of 
E.O. 12866. Accordingly, the Office of Management and Budget (OMB) has 
reviewed this NPRM.
    2. TSA has prepared an Initial Regulatory Flexibility Analysis 
(IRFA), which suggests this rulemaking would have a significant impact 
on a substantial number of small entities.
    3. This rulemaking would not constitute a barrier to international 
trade.
    4. This rulemaking does not impose an unfunded mandate on State, 
local, or tribal governments, or on the private sector under UMRA.
    TSA has prepared an analysis of its estimated costs and benefits, 
summarized in the following paragraphs. The OMB Circular A-4 Accounting 
Statement for this proposed rule is in section V.C. When estimating the 
cost of a rulemaking, agencies typically estimate future expected costs 
imposed by a regulation over a period of analysis. For this rule's 
period of analysis, TSA uses a 10-year period of analysis to estimate 
the initial and recurring costs of the regulated surface mode owner/
operators and new owner/operators that are expected due to industry 
growth.
    TSA concluded the following about the current, or baseline, 
training environment for freight rail, public transportation and 
passenger railroad (PTPR), and OTRB employees (see section 1.9 of the 
RIA placed in the docket for further detailed information on the 
current baseline):
    There are 574 U.S. freight rail owners/operators and are composed 
of 7 Class I, 21 Class II, and 546 Class III railroads.\164\ A total of 
36 (7 Class I, 8 Class II, and 21 Class III) out of the 574 U.S. 
freight rail owner/operators carry RSSM through an HTUA and would be 
affected by the proposed rule.\165\ These 36 freight rail owner/
operators provide security awareness \166\ and chain of custody and 
control \167\ trainings to their employees. These trainings address two 
of the required elements of security training required by the proposed 
rule in Sec.  1580.115 (Security training and knowledge for security-
sensitive employees: Prepare and Assess). Additionally, freight rail 
owner/operators are already required to comply with the requirements to 
assign security coordinators and report significant security concerns 
to TSA under current 49 CFR 1580. Table 9 below displays the 
requirements of the proposed rule for freight rail. The check marked 
items in the table represent existing requirements under PHMSA 49 CFR 
172.704 and 1580.107, therefore do not represent additional burden to 
the freight rail owners/operators.
---------------------------------------------------------------------------

    \164\ AAR, ``Railroad Facts, 2015 Edition,'' at 3 (2015).
    \165\ TSA used its railcar tracking system that monitors toxic 
inhalant hazard cars, the Toxic Inhalation Hazard Risk Reduction 
Verification System, (TIHRRVS) to identify freight rail owner/
operators.
    \166\ As required by PHMSA 49 CFR 172.704.
    \167\ In place because of the chain of custody requirement in 49 
CFR 1580.107.
[GRAPHIC] [TIFF OMITTED] TP16DE16.015

    There are more than 7,100 public transportation organizations.\168\ 
Of these, 47 PTPR owner/operators \169\ fall within the applicability 
of the proposed rule. Twenty-four of these 47 PTPR owner/operators 
effectively provide training to their employees on security awareness 
and employee- and company-specific security programs and measures.\170\ 
These trainings address two of the required elements of security 
training required by the proposed rule in Sec.  1582.115 (Security 
training and knowledge for security-sensitive employees: Prepare and 
Assess). Additionally, 23 PTPR owner/operators are already required to 
comply with the requirements to assign security coordinators and report 
significant security concerns to TSA under current 49 CFR 1580. Table 
10 below displays the requirements of the proposed rule for PTPRs. The 
check marked items in the table represent existing requirements under 
49 CFR 1580 and, therefore do not represent additional burden to the 
freight rail owners/operators.
---------------------------------------------------------------------------

    \168\ APTA, ``2014 Public Transportation Fact Book'' (Nov. 
2014), available at http://www.apta.com/resources/statistics/Documents/FactBook/2014-APTA-Fact-Book.pdf.
    \169\ TSA elicited and used input from SMEs in its Surface 
Division, combined with data from the Federal Transit 
Administration's (FTA) National Transit Database (NTD) to identify 
the 47 PTPR owner/operators.
    \170\ Agencies identified using latest evaluation from TSA's 
BASE assessment. Information on BASE assessment can be found here: 
https://www.tsa.gov/news/top-stories/2015/09/21/transit-agencies-earn-high-ratings-through-base-program.

---------------------------------------------------------------------------

[[Page 91373]]

[GRAPHIC] [TIFF OMITTED] TP16DE16.016

    There are 3,741 U.S. companies in the motorcoach industry.\171\ Of 
these, 202 of them \172\ fall within the applicability of the proposed 
rule. Three of the 202 are large OTRB companies that currently use the 
TSA-supplied First ObserverTM program, which covers a 
majority of the 9/11 Act security training requirements, to train their 
employees. This training addresses three of the security training 
elements of this proposed rule Sec.  1584.115 (Security training and 
knowledge for security-sensitive employees: Observe, Assess, and 
Respond). Table 11 displays the requirements of this proposed rule for 
OTRB owner/operators. The check marked items in the table represent the 
training components already covered by the First ObserverTM 
program and, therefore do not represent additional burden to the ORTB 
owners/operators currently using this program compared to the ``no-
action'' baseline.\173\ In Appendix A of the RIA, however, TSA has also 
monetized the cost of their current participation in First 
ObserverTM. TSA estimated this cost at $0.36 million to 
these owner/operators over 10 years (discounted at 7 percent).\174\
---------------------------------------------------------------------------

    \171\ American Bus Association Foundation, ``Motorcoach Census 
2014'' (Mar. 12, 2015), available at http://www.buses.org/assets/images/uploads/general/Report%20-%20Census2013data.pdf.
    \172\ TSA relied on a variety of sources to identify the 202 
owner/operators: TSA Intercity Bus Security Grant Program (IBSGP) 
applications, the American Intercity Bus Riders Association (AIBRA) 
intercity bus service operator list, consultations with ABA, and 
Internet research of Web sites like GotoBus.com and other publicly 
available sources of information.
    \173\ OMB, ``Circular A-4,'' at 2 (Sept. 17, 2003), available at 
https://www.whitehouse.gov/sites/default/files/omb/assets/regulatory_matters_pdf/a-4.pdf (``Benefits and costs are defined in 
comparison with a clearly stated alternative. This normally will be 
a `no action' baseline: What the world will be like if the proposed 
rule is not adopted.'').
    \174\ OMB also requires TSA to consider a ``pre-statute'' 
baseline. Id. at 16. Costs of First ObserverTM have 
accrued since passage of the 9/11 Act and are part of this ``pre-
statute'' baseline.
[GRAPHIC] [TIFF OMITTED] TP16DE16.017

    TSA summarizes the costs of the proposed rule to be borne by four 
affected parties: Freight railroad owner/operators, PTPR owner/
operators, OTRB owner/operators, and TSA. As displayed in Table 12, TSA 
estimates

[[Page 91374]]

the 10-year total cost of this proposed rule to be $222.80 million 
undiscounted, $190.45 million discounted at 3 percent, and $157.27 
million discounted at 7 percent. The costs to industry (all three 
surface modes) comprise approximately 99 percent of the total costs of 
the rule; and the remaining costs are incurred by TSA.

                                                   Table 12--Total Cost of the Proposed Rule by Entity
                                                                      [$ millions]
--------------------------------------------------------------------------------------------------------------------------------------------------------
                                                                                                                     Total proposed rule cost
                                                                                                         -----------------------------------------------
                  Year                     Freight rail        PTPR            OTRB             TSA                        Discounted at   Discounted at
                                                                                                           Undiscounted         3%              7%
--------------------------------------------------------------------------------------------------------------------------------------------------------
1.......................................          $14.51           $9.29           $2.04           $0.52          $26.35          $25.59          $24.63
2.......................................           14.37            5.84            1.62            0.12           21.95           20.69           19.17
3.......................................            8.68            9.06            1.47            0.13           19.33           17.69           15.78
4.......................................           14.50            5.85            1.66            0.13           22.13           19.67           16.89
5.......................................           14.56            9.08            1.68            0.13           25.45           21.95           18.15
6.......................................            8.93            6.00            1.82            0.18           16.93           14.18           11.28
7.......................................           14.69            9.10            1.73            0.13           25.65           20.86           15.98
8.......................................           14.76            5.87            1.76            0.14           22.66           17.78           13.11
9.......................................            8.92            9.11            1.60            0.14           19.76           15.15           10.75
10......................................           14.89            5.88            1.80            0.14           22.71           16.91           11.55
                                         ---------------------------------------------------------------------------------------------------------------
    Total...............................          128.80           75.08           17.17            1.75          222.80          190.45          157.27
    Annualized..........................  ..............  ..............  ..............  ..............  ..............           22.33           22.39
--------------------------------------------------------------------------------------------------------------------------------------------------------
Note: Totals may not add due to rounding.

    TSA estimates the 10-year costs to the freight railroad industry to 
be $128.80 million undiscounted, $110.00 million discounted at 3 
percent, and $90.74 million discounted at 7 percent, as displayed by 
cost categories in Table 13.
[GRAPHIC] [TIFF OMITTED] TP16DE16.018

    TSA estimates the 10-year costs to the PTPR industry to be $75.08 
million undiscounted, $64.26 million discounted at 3 percent, and 
$53.14 million discounted at 7 percent, as displayed by cost categories 
in Table 14.

[[Page 91375]]

[GRAPHIC] [TIFF OMITTED] TP16DE16.019

    TSA estimates the 10-year costs to the OTRB industry to be $17.17 
million undiscounted, $14.65 million discounted at 3 percent, and 
$12.08 million discounted at 7 percent, as displayed by cost categories 
in Table 15.
[GRAPHIC] [TIFF OMITTED] TP16DE16.020

    TSA estimates the 10-year costs to TSA to be $1.75 million 
undiscounted, $1.54 million discounted at 3 percent, and $1.31 million 
discounted at 7 percent, as displayed by cost categories in Table 16.

[[Page 91376]]

[GRAPHIC] [TIFF OMITTED] TP16DE16.021

    The proposed rule would enhance surface transportation security by 
reducing vulnerability to terrorist attacks in four different ways. 
First, the surface transportation employees in each of the three 
covered modes would be trained to identify security vulnerabilities. 
Second, these surface transportation employees would be better trained 
to recognize potentially threatening behavior and properly report that 
information. Third, these surface employees would be trained to respond 
to incidents, thereby mitigating the consequences of an attack. 
Finally, the covered surface transportation owner/operators would be 
required to report significant security concerns to TSA so that TSA can 
analyze potential threats across all modes.
    While training is not an absolute deterrent for terrorists intent 
on carrying out attacks on surface modes of transportation, TSA expects 
the probability of success for such attacks to decrease if security-
sensitive employees within these transportation modes are trained in 
the elements required under the proposed rule.
    TSA uses a break-even analysis to frame the relationship between 
the potential benefits of the proposed rule and the costs of 
implementing the rule. When it is not possible to quantify or monetize 
a majority of the incremental benefits of a regulation, OMB recommends 
conducting a threshold, or ``break-even'' analysis. According to OMB 
Circular No. A-4, ``Regulatory Analysis,'' such an analysis answers the 
question ``How small could the value of the non-qualified benefits be 
(or how large would the value of the non-quantified costs need to be) 
before the rule would yield zero net benefits?'' \175\
---------------------------------------------------------------------------

    \175\ See id.
---------------------------------------------------------------------------

    To conduct the break-even analysis, TSA evaluates three composite 
scenarios for each the three modes covered by the proposed rule. For 
each scenario, TSA calculates a total monetary consequence from an 
estimated statistical value of the human casualties and capital 
replacement resulting from the attack (see Section 4.3 of the Surface 
Training Program for Surface Mode Employees Regulatory Impact Analysis 
for a more detailed description of these calculations however many 
assumptions regarding specific terrorist attacks scenarios are SSI and 
cannot be publically released).
    Table 17 presents the composite or weighted average of direct 
consequences from a successful attack on each mode.

[[Page 91377]]

[GRAPHIC] [TIFF OMITTED] TP16DE16.022

    TSA compared the estimated direct monetary costs of an attack to 
the annualized cost (discounted at 7 percent) to industry and TSA from 
the proposed rule for each mode to estimate how often an attack of that 
nature would need to be averted for the expected benefits to equal 
estimated costs. Table 18 presents the results of the break-even 
analysis for each mode. For example, Table 18 shows that if the freight 
rail training requirements in this rule prevents one freight rail 
terrorist attack every 96 years, this rule ``breaks-even'' (the 
benefits equal the costs).
---------------------------------------------------------------------------

    \176\ As explained in the RIA in the docket, to monetize 
injuries, TSA used two approaches (depending on whether the injury 
was due to exposure to hazardous chemicals). To monetize ``non-
chemical'' injuries, TSA uses guidance from the Department of 
Transportation for valuing injuries based on the Abbreviated Injury 
Scale. To monetize chemical-related injuries, TSA obtained 
information on the cost of medical treatment for poisoning injuries.
    \177\ Total Direct Consequences = (Deaths x $9.1 million VSL) + 
(Severe injuries x $2.42 million) + (Moderate injuries x $0.43 
million) + (Severe chemical injuries x $42,462) + (Moderate chemical 
injuries x $1,563) + Public property loss + Private property loss + 
Rescue and clean-up cost.
---------------------------------------------------------------------------

    The break-even analysis does not include the difficult to quantify 
indirect costs of an attack or the macroeconomic impacts that could 
occur due to a major attack. In addition to the direct impacts of a 
terrorist attack in terms of lost life and property, there are other 
more indirect impacts that are difficult to measure. As noted by Cass 
Sunstein in the Laws of Fear, ``. . . fear is a real social cost, and 
it is likely to lead to other social costs.'' \178\ In addition, 
Ackerman and Heinzerling state ``. . . terrorism `works' through the 
fear and demoralization caused by uncontrollable uncertainty.'' \179\ 
As devastating as the direct impacts of a successful terrorist attack 
can be in terms of the immediate loss of life and property, avoiding 
the impacts of the more difficult to measure indirect effects are also 
substantial benefits of preventing a terrorist attack.
---------------------------------------------------------------------------

    \178\ Cass R. Sunstein, ``Laws of Fear,'' at 127 (2005).
    \179\ Frank Ackerman and Lisa Heinzerling, ``Priceless On 
Knowing the Price of Everything and the Value of Nothing,'' at 136 
(2004).

                                      Table 18--Break-Even Analysis Results
                                                  [$ millions]
----------------------------------------------------------------------------------------------------------------
                                                   Weighted
                                                average direct    Annualized
                     Modes                        costs of a      cost of the       Breakeven averted attack
                                                  successful     proposed rule        frequency  c = a / b
                                                   attack  a       at 7%  b
----------------------------------------------------------------------------------------------------------------
Freight Rail..................................       $1,218.92          $12.94  One attack every 94 years.
PTPR..........................................          613.19            7.60  One attack every 81 years.
OTRB..........................................          679.02            1.86  One attack every 365 years.
----------------------------------------------------------------------------------------------------------------
Note: Totals may not add due to rounding.

3. OMB A-4 Statement
    The OMB A-4 Accounting Statement (in Table 19) presents annualized 
costs and qualitative benefits of the proposed rule.

[[Page 91378]]



                                    Table 19--OMB A-4 $ Accounting Statement
                                          [in $ millions, 2015 dollars]
----------------------------------------------------------------------------------------------------------------
                                                                                              Source citation
           Category             Primary  estimate   Minimum  estimate   Maximum  estimate       (final RIA,
                                                                                              preamble, etc.)
----------------------------------------------------------------------------------------------------------------
                                  Benefits ($ millions)
----------------------------------------------------------------------------------------------------------------
Annualized monetized benefits  ..................  ..................  ..................  NPRM RIA.
 (discount rate in
 parentheses).
                              ------------------------------------------------------------
Unquantified benefits........     The requirements proposed in this rule, if finalized,    NPRM RIA.
                                   produce benefits by reducing security risks through
                                  training security-sensitive surface mode employees to
                                 identify and/or mitigate an attempted terrorist attack.
----------------------------------------------------------------------------------------------------------------
                                    Costs ($ millions)
----------------------------------------------------------------------------------------------------------------
Annualized monetized costs     (7%) $22.39         ..................  ..................  NPRM RIA.
 (discount rate in             (3%) $22.33
 parentheses).
Annualized quantified, but     0                   0                   0                   NPRM RIA.
 unmonetized, costs.
                              ------------------------------------------------------------
Qualitative costs                                          N/A                             NPRM RIA.
 (unquantified).
----------------------------------------------------------------------------------------------------------------
                                        Transfers
----------------------------------------------------------------------------------------------------------------
Annualized monetized           0                   0                   0                   NPRM RIA.
 transfers: ``on budget''.
From whom to whom?...........  N/A                 N/A                 N/A                 None.
Annualized monetized           0                   0                   0                   NPRM RIA.
 transfers: ``off-budget''.
From whom to whom?...........  N/A                 N/A                 N/A                 None.
----------------------------------------------------------------------------------------------------------------
   Miscellaneous Analyses/                               Effects                           Source Citation (NPRM
           Category                                                                         RIA, preamble,
                                                                                            etc.).
----------------------------------------------------------------------------------------------------------------
Effects on State, local, and/                             None                             NPRM RIA.
 or tribal governments.
Effects on small businesses..                         Prepared IRFA                        IRFA.
Effects on wages.............                             None                             None.
Effects on growth............                             None                             None.
----------------------------------------------------------------------------------------------------------------

4. Alternatives Considered
    In addition to the proposed rule, TSA also considered two 
alternative policies. As discussed in section III.K of this NPRM, the 
first alternative (Alternative 1) only includes requirements that are 
statutory according to the 9/11 Act.\180\ The second alternative 
(Alternative 2) expands the population of owners/operators to all who 
operate within the UASI--which includes the entire metropolitan 
statistical area--and requires them to develop their own training 
program. This would be the case if First Observer PlusTM 
were not made available to owner/operators or if the owners/operators 
would not adopt First Observer PlusTM. This alternative was 
considered in the early stages of this proposed rule when the First 
ObserverTM program was still in development. Notionally, an 
owner/operator-developed training program would provide a marginal 
increase in effectiveness over a ``one size fits all'' training program 
because it would be customized to the individual owner/operator and 
take into account the unique security and structural characteristics 
inherent in a large and complicated system like a transportation 
network.
---------------------------------------------------------------------------

    \180\ Table 59 in the RIA found in the docket provides a 
section-by section analysis of which regulatory provisions are 
statutorily required and which provisions are discretionary.
---------------------------------------------------------------------------

    Though not the least costly option, TSA selects the proposed rule 
as its preferred alternative because TSA recommends that all surface 
mode employees be refreshed on their security training objectives 
annually, in an abbreviated method at the very least. TSA recognizes 
recurrent training as essential to maintaining a high level of security 
awareness. The 9/11 Act recognizes this as well by requiring routine 
and ongoing training for public transportation employees. Congress has 
left it to the discretion of TSA to determine the appropriate schedule 
for recurrent training. TSA believes that annual training is essential 
for maintaining a high level of security awareness among surface 
transportation employees. TSA's goal is to ensure the expected baseline 
of security awareness is reached and maintained across the higher-risk 
systems and will work with the owner/operators as necessary to ensure 
that goal is accomplished.
    Additionally, the affected population for the proposed rule (and 
Alternative 1) is based on a risk assessment on these modes of 
transportation (for more detail see preamble section III.B.). TSA 
reviewed the scope of the relevant industries and the security risks 
associated with each. This assessment considers not only threat (as 
informed by intelligence), but also the potential consequences of a 
terrorist attack on a system or vehicle(s) and the vulnerabilities 
inherent in the design and/or operation of these systems and vehicles. 
Both the proposed rule and Alternative 1 target higher-risk areas or 
transportation systems as opposed to Alternative 2, which covers a 
broader population and sets its parameters by other industry 
characteristics. The reasons for rejecting Alternative 2 are discussed 
in section III.D. of this NPRM. For these reasons, TSA has chosen the 
proposed rule as its preferred alternative. Table 20 presents a

[[Page 91379]]

comparison of the costs by cost component for industry and TSA for the 
proposed rule and both alternatives.
[GRAPHIC] [TIFF OMITTED] TP16DE16.023


[[Page 91380]]


[GRAPHIC] [TIFF OMITTED] TP16DE16.024

5. Regulatory Flexibility Assessment
    The Regulatory Flexibility Act (RFA) of 1980 requires agencies to 
consider the impacts of their rules on small entities. TSA performed an 
Initial Regulatory Flexibility Analysis (IRFA) to analyze the impact to 
small entities affected by the proposed rule. See the RIA in the docket 
for the full IRFA. A summary of the RFA is below.
    Under the RFA, the term ``small entities'' comprises small 
businesses, not-for-profit organizations that are independently owned 
and operated and are not dominant in their fields, and small 
governmental jurisdictions with populations of less than 50,000. 
Individuals and States are not considered ``small entities'' based on 
the definitions in the RFA (5 U.S.C. 601).
    The PTPR owner/operators affected by this proposed rule are not 
considered small because they are either owned/operated by governmental 
jurisdictions that exceed the RFA population threshold of 50,000 or a 
business that exceeds the SBA size threshold. Only freight rail and 
OTRB owner/operators have small entities that may be affected by the 
proposed rule. TSA uses the Small Business Administration's (SBA) size 
standards to identify that 13 freight rail owner/operators affected by 
the proposed rule are considered a small business. TSA calculates that 
proposed rule's requirements are estimated to cost $68.78 per employee 
and $6,068.49 per entity to these freight rail owner/operators. Of 
these 13 small freight rail owner/operators, TSA estimates that only 
one of them would have an impact to revenue greater that 1 percent. For 
OTRBs, TSA uses SBA's threshold to estimate that 174 OTRB owner/
operators affected by the proposed rule are considered a small 
business. TSA calculates that the proposed rule's requirements are 
estimated to cost $33.41 per employee and $3,347.67 per entity to these 
OTRB owner/operators. Of these 174 small OTRB owner/operators, TSA 
estimates that 20 of them would have an impact to revenue greater than 
1 percent.
    TSA considered two alternative policies in addition to the proposed 
rule. As discussed in section III.K of this NPRM and section 5.1 of the 
RIA, the first alternative (Alternative 1) only includes requirements 
that are statutory according to the 9/11 Act. This alternative would 
remain applicable to the same population of the proposed rule, but 
would only require owner/operators to train security-sensitive 
employees according to statutory guidelines set in the 9/11 Act. In 
Alternative 1, recurrent training is required only once every three 
years--similar to other training requirements of transportation modes--
because the 9/11 Act does not require annual recurrent training as TSA 
does in the proposed rule.
    As discussed in section III.F(1)(2)(3) of this NPRM (Alternatives 
Considered) and section 5.2 of the RIA, the second alternative 
(Alternative 2) expands the population of owners/operators to all who 
operate within the UASI--which includes the entire metropolitan 
statistical area-and requires them to develop their own training 
program. TSA considered Alternative 2 while the First 
ObserverTM program was still in development.
    TSA chose the proposed rule as its preferred alternative, thus 
rejecting Alternative 1, because TSA recommends that all surface mode 
employees be refreshed on their security training objectives annually. 
TSA recognizes recurrent training as essential to maintaining a high 
level of security awareness. TSA's objective is to ensure the expected 
baseline of security

[[Page 91381]]

awareness is reached and maintained across the higher-risk systems and 
will work with the owner/operators as necessary to ensure that goal is 
accomplished. TSA has met this objective by developing First Observer 
PlusTM. TSA intends for the training content in First 
Observer PlusTM to align with most of the regulatory 
requirements in a final rule. This resource will be provided free to 
owner/operators so that they may comply with the proposed rule at 
minimized costs.
    Additionally, the affected population for the proposed rule (and 
Alternative 1) is based on a risk assessment on these modes of 
transportation (for more detail see section III.B of this NPRM). TSA 
reviewed the scope of the relevant industries and the security risks 
associated with each. This assessment considers not only threat (as 
informed by intelligence), but also the potential consequences of a 
terrorist attack on a system or vehicle(s) and the vulnerabilities 
inherent in the design and/or operation of these systems and vehicles. 
Both the proposed rule and Alternative 1 target higher-risk areas or 
transportation systems as opposed to Alternative 2, which covers a 
broader population and sets its parameters by other industry 
characteristics. Alternative 2 leads to higher costs to small entities 
not necessarily considered higher-risk. TSA rejected Alternative 2 
because the agency has determined that the proposed rule better aligns 
with its commitment to risk-based security policy and outcomes-based 
regulation and because it would impose a higher cost to small entities 
outside the higher-risk profile.
    TSA invites all interested parties to submit data and information 
regarding the potential economic impact on small entities that would 
result from the adoption of the proposed requirements in the proposed 
rule.
6. International Trade Impact Assessment
    The Trade Agreement Act of 1979 prohibits Federal agencies from 
establishing any standards or engaging in related activities that 
create unnecessary obstacles to the foreign commerce of the United 
States. Legitimate domestic objectives, such as safety, are not 
considered unnecessary obstacles. The statute also requires 
consideration of international standards and, where appropriate, that 
they be the basis for U.S. standards. TSA has assessed the potential 
effect of this proposed rule and has determined that it would have only 
a domestic impact and therefore no effect on any trade-sensitive 
activity.
7. Unfunded Mandates Assessment
    The Unfunded Mandates Reform Act of 1995 (UMRA) is intended, among 
other things, to curb the practice of imposing unfunded Federal 
mandates on State, local, and tribal governments. Title II of the UMRA 
requires each Federal agency to prepare a written statement assessing 
the effects of any Federal mandate in a proposed or final agency rule 
that may result in a $100 million or more expenditure (adjusted 
annually for inflation) in any one year by State, local, and tribal 
governments, in the aggregate, or by the private sector; such a mandate 
is deemed to be a ``significant regulatory action.''
    This proposed rule does not contain such a mandate. The 
requirements of Title II of the UMRA, therefore, do not apply and TSA 
has not prepared a statement.

C. Executive Order 13132, Federalism

    TSA has analyzed this rulemaking under the principles and criteria 
of Executive Order 13132, Federalism. We determined that this action 
would not have a substantial direct effect on the States, on the 
relationship between the National Government and the States, or on the 
distribution of power and responsibilities among the various levels of 
government, and therefore would not have federalism implications.

D. Environmental Analysis

    TSA has reviewed this rulemaking for purposes of the National 
Environmental Policy Act of 1969 (NEPA) (42 U.S.C. 4321-4347) and has 
determined that this action will not have a significant effect on the 
human environment. This action is covered by categorical exclusion 
(CATEX) number A3(b) in DHS Management Directive 023-01 (formerly 
Management Directive 5100.1), Environmental Planning Program, which 
guides TSA compliance with NEPA.

E. Energy Impact Analysis

    The energy impact of this rulemaking has been assessed in 
accordance with the Energy Policy and Conservation Act (EPCA), Public 
Law 94-163, as amended (42 U.S.C. 6362). TSA has determined that this 
rulemaking is not a major regulatory action under the provisions of the 
EPCA.

List of Subjects

49 CFR Part 1500

    Air carriers, Air transportation, Aircraft, Airports, Bus transit 
systems, Commuter bus systems, Law enforcement officer, Maritime 
carriers, Over-the-Road buses, Public transportation, Rail hazardous 
materials receivers, Rail hazardous materials shippers, Rail transit 
systems, Railroad carriers, Railroad safety, Railroads, Reporting and 
recordkeeping requirements, Security measures, Transportation facility, 
Vessels.

49 CFR Part 1520

    Air carriers, Air transportation, Aircraft, Airports, Bus transit 
systems, Commuter bus systems, Law enforcement officer, Maritime 
carriers, Over-the-Road buses, Public transportation, Rail hazardous 
materials receivers, Rail hazardous materials shippers, Rail transit 
systems, Railroad carriers, Railroad safety, Railroads, Reporting and 
recordkeeping requirements, Security measures, Transportation facility, 
Vessels.

49 CFR Part 1570

    Commuter bus systems, Crime, Fraud, Hazardous materials 
transportation, Motor carriers, Over-the-Road bus safety, Over-the-Road 
buses, Public transportation, Public transportation safety, Rail 
hazardous materials receivers, Rail hazardous materials shippers, Rail 
transit systems, Railroad carriers, Railroad safety, Railroads, 
Reporting and recordkeeping requirements, Security measures, 
Transportation facility, Transportation Security-Sensitive Materials.

49 CFR Part 1580

    Hazardous materials transportation, Rail hazardous materials 
receivers, Rail hazardous materials shippers, Railroad carriers, 
Railroad safety, Railroads, Reporting and recordkeeping requirements, 
Security measures.

49 CFR Part 1582

    Public transportation, Public transportation safety, Railroad 
carriers, Railroad safety, Railroads, Rail transit systems, Reporting 
and recordkeeping requirements, Security measures.

49 CFR Part 1584

    Over-the-Road bus safety, Over-the-Road buses, Reporting and 
recordkeeping requirements, Security measures.

The Proposed Amendments

    For the reasons set forth in the preamble, the Transportation 
Security Administration proposes to amend Chapter XII, of Title 49, 
Code of Federal Regulations to read as follows:

[[Page 91382]]

SUBCHAPTER A--ADMINISTRATIVE AND PROCEDURAL RULES

PART 1500--APPLICABILITY, TERMS, AND ABBREVIATIONS

0
1. The authority citation for part 1500 is revised to read as follows:

    Authority:  6 U.S.C. 1137, 1151, 1167, and 1184; 49 U.S.C. 114, 
5103, 40113, 44901-44907, 44913-44914, 44916-44918, 44935-44936, 
44942, 46105.

0
2. Revise Sec.  1500.3 to read as follows:


Sec.  1500.3  Terms and abbreviations used in this chapter.

    As used in this chapter:
    Administrator means the Assistant Secretary for Homeland Security, 
Transportation Security Administration (Assistant Secretary), who is 
the highest-ranking TSA official, or his or her designee. Administrator 
also means the Under Secretary of Transportation for Security 
identified in 49 U.S.C. 114(b).
    Authorized representative means any individual who is not a direct 
employee of a person regulated under this title, but is authorized to 
act on that person's behalf to perform measures required under the 
Transportation Security Regulations, or a TSA security program. For 
purposes of this subchapter, the term ``authorized representative'' 
includes agents, contractors, and subcontractors, and employees of the 
same.
    Bus means any of several types of motor vehicles used by public or 
private entities to provide transportation service for passengers.
    Bus transit system means a public transportation system providing 
frequent transportation service (not limited to morning and evening 
peak travel times) for the primary purpose of moving passengers between 
bus stops, often through multiple connections (a bus transit system 
does not become a commuter bus system even if its primary purpose is 
the transportation of commuters). This term does not include tourist, 
scenic, historic, or excursion operations.
    Commuter bus system means a system providing passenger service 
primarily during morning and evening peak periods, between an urban 
area and more distant outlying communities in a greater metropolitan 
area. This term does not include tourist, scenic, historic, or 
excursion operations.
    Commuter passenger train service means ``train, commuter'' as 
defined in 49 CFR 238.5, and includes service provided by diesel or 
electric powered locomotives and railroad passenger cars to serve an 
urban area, its suburbs, and more distant outlying communities in the 
greater metropolitan area. A commuter passenger train service is part 
of the general railroad system of transportation regardless of whether 
it is physically connected to other railroads.
    DHS means the Department of Homeland Security and any directorate, 
bureau, or other component within the Department of Homeland Security, 
including the United States Coast Guard.
    DOT means the Department of Transportation and any operating 
administration, entity, or office within the Department of 
Transportation.
    Fixed-route service means the provision of transportation service 
by private entities operated along a prescribed route according to a 
fixed schedule.
    General railroad system of transportation means ``the network of 
standard gauge track over which goods may be transported throughout the 
nation and passengers may travel between cities and within metropolitan 
and suburban areas'' as defined in Appendix A to 49 CFR part 209.
    Hazardous material means ``hazardous material'' as defined in 49 
CFR 171.8.
    Heavy rail transit means service provided by self-propelled 
electric railcars, typically drawing power from a third rail, operating 
in separate rights-of-way in multiple cars; also referred to as 
subways, metros or regional rail.
    Host railroad means a railroad that has effective control over a 
segment of track.
    Improvised explosive device (IED) means a device fabricated in an 
improvised manner that incorporates explosives or destructive, lethal, 
noxious, pyrotechnic, or incendiary chemicals in its design, and 
generally includes a power supply, a switch or timer, and a detonator 
or initiator.
    Intercity passenger train service means both ``train, long-distance 
intercity passenger'' and ``train, short-distance intercity passenger'' 
as defined in 49 CFR 238.5.
    Light rail transit means service provided by self-propelled 
electric railcars, typically drawing power from an overhead wire, 
operating in either exclusive or non-exclusive rights-of-way in single 
or multiple cars, with shorter distance trips, and frequent stops; also 
referred to as streetcars, trolleys, and trams.
    Motor vehicle means a vehicle, machine, tractor, trailer, or 
semitrailer propelled or drawn by mechanical power and used upon the 
highways in the transportation of passengers or property, or any 
combination thereof, but does not include any vehicle, locomotive, or 
car operated exclusively on a rail or rails, or a trolley bus operated 
by electric power derived from a fixed overhead wire, furnishing local 
passenger transportation similar to street-railway service.
    Over-the-Road Bus (OTRB) means a bus characterized by an elevated 
passenger deck located over a baggage compartment.
    Owner/operator means any person that owns, or maintains operational 
control over, any transportation infrastructure asset, facility, or 
system regulated under this title, including airport operator, aircraft 
operator, foreign air carrier, indirect air carrier, certified cargo 
screening facility, flight school within the meaning of 49 CFR 
1552.1(b), motor vehicle, public transportation agency, or railroad 
carrier. For purposes of a maritime facility or a vessel, owner/
operator has the same meaning as defined in 33 CFR 101.105.
    Passenger rail car means rail rolling equipment intended to provide 
transportation for members of the general public and includes a self-
propelled rail car designed to carry passengers, baggage, mail, or 
express. This term includes a rail passenger coach, cab car, and a 
Multiple Unit (MU) locomotive. In the context of articulated equipment, 
``passenger rail car'' means that segment of the rail rolling equipment 
located between two trucks. This term does not include a private rail 
car.
    Passenger railroad carrier means a railroad carrier that provides 
transportation to persons (other than employees, contractors, or 
persons riding equipment to observe or monitor railroad operations) by 
railroad in intercity passenger service or commuter or other short-haul 
passenger service in a metropolitan or suburban area.
    Passenger train means a train that transports or is available to 
transport members of the general public.
    Person means an individual, corporation, company, association, 
firm, partnership, society, joint-stock company, or governmental 
authority. It includes a trustee, receiver, assignee, successor, or 
similar representative of any of them.
    Private rail car means rail rolling equipment that is used only for 
excursion, recreational, or private transportation purposes. A private 
rail car is not a passenger rail car.
    Public transportation means transportation provided to the general 
public by a regular and continuing general or specific transportation 
vehicle that is owned or operated by a

[[Page 91383]]

public transportation agency, including providing one or more of the 
following types of passenger transportation:
    (1) Intercity or commuter passenger train service or other short-
haul railroad passenger service in a metropolitan or suburban area (as 
described by 49 U.S.C. 20102(1)).
    (2) Heavy or light rail transit service, whether on or off the 
general railroad system of transportation.
    (3) An automated guideway, cable car, inclined plane, funicular, or 
monorail system.
    (4) Bus transit or commuter bus service.
    Public transportation agency means any publicly-owned or operated 
provider of regular and continuing public transportation.
    Rail hazardous materials receiver means any owner/operator of a 
fixed-site facility that has a physical connection to the general 
railroad system of transportation and receives or unloads from 
transportation in commerce by rail one or more of the categories and 
quantities of rail security-sensitive materials identified in 49 CFR 
1580.3, but does not include the owner/operator of a facility owned or 
operated by a department, agency or instrumentality of the Federal 
government.
    Rail hazardous materials shipper means the owner/operator of any 
fixed-site facility that has a physical connection to the general 
railroad system of transportation and offers (as defined in the 
definition of ``person who offers or offeror'' in 49 CFR 171.8), 
prepares or loads for transportation by rail one or more of the 
categories and quantities of rail security-sensitive materials as 
identified in 49 CFR 1580.3, but does not include the owner/operator of 
a facility owned or operated by a department, agency or instrumentality 
of the Federal government.
    Rail secure area means a secure location(s) identified by a rail 
hazardous materials shipper or rail hazardous materials receiver where 
security-related pre-transportation or transportation functions are 
performed or rail cars containing the categories and quantities of rail 
security-sensitive materials are prepared, loaded, stored, and/or 
unloaded.
    Rail transit facility means rail transit stations, terminals, and 
locations at which rail transit infrastructure assets are stored, 
command and control operations are performed, or maintenance is 
performed. The term also includes rail yards, crew management centers, 
dispatching centers, transportation terminals and stations, fueling 
centers, and telecommunication centers.
    Rail transit system or ``Rail Fixed Guideway System'' means any 
light, heavy, or rapid rail system, monorail, inclined plane, 
funicular, cable car, trolley, or automated guideway that traditionally 
does not operate on track that is part of the general railroad system 
of transportation.
    Railroad carrier means an owner/operator providing railroad 
transportation.
    Railroad transportation means any form of non-highway ground 
transportation that runs on rails or electromagnetic guideways, 
including (1) commuter or other short-haul rail passenger service in a 
metropolitan or suburban area and (2) high speed ground transportation 
systems that connect metropolitan areas, without regard to whether 
those systems use new technologies not associated with traditional 
railroads. Such term includes rail transit service operating on track 
that is part of the general railroad system of transportation but does 
not include rapid transit operations in an urban area that are not 
connected to the general railroad system of transportation.
    Record includes any means by which information is preserved, 
irrespective of format, including a book, paper, drawing, map, 
recording, tape, film, photograph, machine-readable material, and any 
information stored in an electronic format. The term record also 
includes any draft, proposed, or recommended change to any record.
    Sensitive security information (SSI) means information that is 
described in and must be managed in accordance with 49 CFR part 1520.
    State means a State of the United States and the District of 
Columbia.
    Tourist, scenic, historic, or excursion operation means a railroad 
or bus operation that carries passengers, often using antiquated 
equipment, with the conveyance of the passengers to a particular 
destination not being the principal purpose. Train or bus movements of 
new passenger equipment for demonstration purposes are not tourist, 
scenic, historic, or excursion operations.
    Transit means mass transportation by a conveyance that provides 
regular and continuing general or special transportation to the public, 
but does not include school bus, charter, or sightseeing 
transportation. Rail transit may occur on or off the general railroad 
system of transportation.
    Transportation or transport means the movement of property 
including loading, unloading, and storage. Transportation or transport 
also includes the movement of people, boarding, and disembarking 
incident to that movement.
    Transportation facility means a location at which transportation 
cargo, equipment or infrastructure assets are stored, equipment is 
transferred between conveyances and/or modes of transportation, 
transportation command and control operations are performed, or 
maintenance operations are performed. The term also includes, but is 
not limited to, passenger stations and terminals (including any fixed 
facility at which passengers are picked-up or discharged), vehicle 
storage buildings or yards, crew management centers, dispatching 
centers, fueling centers, and telecommunication centers.
    Transportation security equipment and systems means items, both 
integrated into a system and stand-alone, used by owner/operators to 
enhance capabilities to detect, deter, prevent, or respond to a threat 
or incident, including, but not limited to, video surveillance, 
explosives detection, radiological detection, intrusion detection, 
motion detection, and security screening.
    Transportation Security Regulations (TSR) means the regulations 
issued by the Transportation Security Administration, in title 49 of 
the Code of Federal Regulations, chapter XII, which includes parts 1500 
through 1699.
    Transportation Security-Sensitive Material (TSSM) means hazardous 
materials identified in 49 CFR 172.800(b).
    TSA means the Transportation Security Administration.
    United States, in a geographical sense, means the States of the 
United States, the District of Columbia, and territories and 
possessions of the United States, including the territorial sea and the 
overlying airspace.
    Vulnerability assessment includes any review, audit, or other 
examination of the security of a transportation system, infrastructure 
asset, or a transportation-related automated system or network to 
determine its vulnerability to unlawful interference, whether during 
the conception, planning, design, construction, operation, or 
decommissioning phase. A vulnerability assessment includes the 
methodology for the assessment, the results of the assessment, and any 
proposed, recommended, or directed actions or countermeasures to 
address security concerns.

[[Page 91384]]

PART 1503--INVESTIGATIVE AND ENFORCEMENT PROCEDURES

0
3. The authority citation for part 1503 continues to read as follows:

    Authority: 6 U.S.C. 1142; 18 U.S.C. 6002; 28 U.S.C. 2461 (note); 
49 U.S.C. 114, 20109, 31105, 40113-40114, 40119, 44901-44907, 46101-
46107, 46109-46110, 46301, 46305, 46311, 46313-46314.

Subpart B--Scope of Investigative and Enforcement Procedures

0
4. In Sec.  1503.101 revise paragraphs (b)(1) and (b)(2), and add 
paragraph (b)(3) to read as follows:


Sec.  1503.101  TSA requirements.

* * * * *
    (b) * * *
    (1) Those provisions of title 49 U.S.C. administered by the 
Administrator;
    (2) 46 U.S.C. chapter 701; and
    (3) Those provisions of title 6 U.S.C. administered by the 
Administrator.

SUBCHAPTER B--SECURITY RULES FOR ALL MODES OF TRANSPORTATION

PART 1520--PROTECTION OF SENSITIVE SECURITY INFORMATION

0
5. The authority citation for part 1520 continues to read as follows:

    Authority: 46 U.S.C. 70102-70106, 70117; 49 U.S.C. 114, 40113, 
44901-44907, 44913-44914, 44916-44918, 44935-44936, 44942, 46105.


Sec.  1520.3  [Amended]

0
6. In Sec.  1520.3 remove the definitions for ``DHS, ``DOT'', ``Rail 
facility'', ``Rail hazardous materials receiver'', ``Rail hazardous 
materials shipper, ``Rail transit facility'', ``Rail transit system or 
Rail Fixed Guideway System'', ``Railroad'', ``Record'', and 
``Vulnerability assessment''.
0
7. In Sec.  1520.5 revise paragraphs (b)(1), (b)(6)(i), (b)(8) 
introductory text, (b)(10), (b)(12) introductory text, and (b)(15) to 
read as follows:


Sec.  1520.5  Sensitive security information.

* * * * *
    (b) * * *
    (1) Security programs, security plans, and contingency plans. Any 
security program, security plan, or security contingency plan issued, 
established, required, received, or approved by DHS or DOT, including 
any comments, instructions, or implementing guidance, including--
    (i) Any aircraft operator, airport operator, fixed base operator, 
or air cargo security program, or security contingency plan under this 
chapter;
    (ii) Any vessel, maritime facility, or port area security plan 
required or directed under Federal law;
    (iii) Any national or area security plan prepared under 46 U.S.C. 
70103;
    (iv) Any security incident response plan established under 46 
U.S.C. 70104, and
    (v) Any security program or plan required under subchapter D of 
this title.
* * * * *
    (6) * * *
    (i) Details of any aviation, maritime, or surface transportation 
inspection, or any investigation or an alleged violation of aviation, 
maritime, or surface transportation security requirements of Federal 
law, that could reveal a security vulnerability, including the identity 
of the Federal special agent or other Federal employee who conducted 
the inspection or investigation, and including any recommendations 
concerning the inspection or investigation.
* * * * *
    (8) Security measures. Specific details of aviation, maritime, or 
surface transportation security measures, both operational and 
technical, whether applied directly by the Federal government or 
another person, including the following:
* * * * *
    (10) Security training materials. Records created or obtained for 
the purpose of training persons employed by, contracted with, or acting 
for the Federal government or another person to carry out aviation, 
maritime, or surface transportation security measures required or 
recommended by DHS or DOT.
* * * * *
    (12) Critical transportation infrastructure asset information. Any 
list identifying systems or assets, whether physical or virtual, so 
vital to the aviation, maritime, or surface transportation that the 
incapacity or destruction of such assets would have a debilitating 
impact on transportation security, if the list is--
* * * * *
    (15) Research and development. Information obtained or developed in 
the conduct of research related to aviation, maritime, or surface 
transportation, where such research is approved, accepted, funded, 
recommended, or directed by DHS or DOT, including research results.
* * * * *
0
8. In Sec.  1520.7 revise paragraph (n) to read as follows:


Sec.  1520.7   Covered persons.

* * * * *
    (n) Each owner/operator of maritime or surface transportation 
subject to the requirements of subchapter D of this chapter.
0
9. Revise the heading for subchapter D to read as follows:

SUBCHAPTER D--MARITIME AND SURFACE TRANSPORTATION SECURITY

0
10. Revise part 1570 to read as follows:

PART 1570--GENERAL RULES

Subpart A--General
Sec.
1570.1 Scope.
1570.3 Terms used in this subchapter.
1570.5 Fraud and intentional falsification of records.
1570.7 Security responsibilities of employees and other persons.
1570.9 Compliance, inspection, and enforcement.
Subpart B--Security Programs
Sec.
1570.101 Scope.
1570.103 Content.
1570.105 Responsibility for Determinations.
1570.107 Recognition of prior or established security measures or 
programs.
1570.109 Submission and approval.
1570.111 Implementation schedules.
1570.113 Amendments requested by owner/operator.
1570.115 Amendments required by TSA.
1570.117 Alternative measures.
1572.119 Petitions for reconsideration.
1570.121 Recordkeeping and availability.
Subpart C--Operations
Sec.
1570.201 Security Coordinator.
1570.203 Reporting significant security concerns.
Subpart D--Security Threat Assessments
Sec.
1570.301 Fraudulent use or manufacture; responsibilities of persons.
1570.303 Inspection of credential.
1570.305 False statements regarding security background checks by 
public transportation agency or railroad carrier.

Appendix A to Part 1570--Reporting Of Significant Security Concerns

    Authority: 6 U.S.C. 469, 1134, 1137, 1143, 1151, 1162, 1167, 
1170, 1181 and 1184; 18 U.S.C. 842, 845; 46 U.S.C. 70105; 49 U.S.C. 
114, 5103a, 40113, and 46105.

Subpart A--General


Sec.  1570.1  Scope.

    This part applies to any person involved in maritime or surface 
transportation as specified in this subchapter.


Sec.  1570.3  Terms used in this subchapter.

    In addition to the definitions in Sec. Sec.  1500.3, 1500.5, and 
1503.202 of subchapter A, the following terms are used in this 
subchapter:

[[Page 91385]]

    Adjudicate means to make an administrative determination of whether 
an applicant meets the standards in this subchapter, based on the 
merits of the issues raised.
    Alien means any person not a citizen or national of the United 
States.
    Alien registration number means the number issued by the U.S. 
Department of Homeland Security (DHS) to an individual when he or she 
becomes a lawful permanent resident of the United States or attains 
other lawful, non-citizen status.
    Applicant means a person who has applied for one of the security 
threat assessments identified in this subchapter.
    Commercial driver's license (CDL) is used as defined in 49 CFR 
383.5.
    Contractor means a person or organization that provides a service 
for an owner/operator regulated under this subchapter consistent with a 
specific understanding or arrangement. The understanding can be a 
written contract or an informal arrangement that reflects an ongoing 
relationship between the parties.
    Convicted means any plea of guilty or nolo contendere, or any 
finding of guilt, except when the finding of guilt is subsequently 
overturned on appeal, pardoned, or expunged. For purposes of this 
subchapter, a conviction is expunged when the conviction is removed 
from the individual's criminal history record and there are no legal 
disabilities or restrictions associated with the expunged conviction, 
other than the fact that the conviction may be used for sentencing 
purposes for subsequent convictions. In addition, where an individual 
is allowed to withdraw an original plea of guilty or nolo contendere 
and enter a plea of not guilty and the case is subsequently dismissed, 
the individual is no longer considered to have a conviction for 
purposes of this subchapter.
    Determination of No Security Threat means an administrative 
determination by TSA that an individual does not pose a security threat 
warranting denial of an HME or a TWIC.
    Employee means an individual who is engaged or compensated by an 
owner/operator regulated under this subchapter, or by a contractor to 
an owner/operator regulated under this subchapter. The term includes 
direct employees, contractor employees, authorized representatives, 
immediate supervisors, and individuals who are self-employed.
    Federal Maritime Security Coordinator (FMSC) has the same meaning 
as defined in 46 U.S.C. 70103(a)(2)(G); is the Captain of the Port 
(COTP) exercising authority for the COTP zones described in 33 CFR part 
3, and is the Port Facility Security Officer as described in the 
International Ship and Port Facility Security (ISPS) Code, part A.
    Final Determination of Threat Assessment means a final 
administrative determination by TSA, including the resolution of 
related appeals, that an individual poses a security threat warranting 
denial of an HME or a TWIC.
    Hazardous materials endorsement (HME) means the authorization for 
an individual to transport hazardous materials in commerce, an 
indication of which must be on the individual's commercial driver's 
license, as provided in the Federal Motor Carrier Safety Administration 
(FMCSA) regulations in 49 CFR part 383.
    Immediate supervisor means a manager, supervisor, or agent of the 
owner/operator to the extent the individual (a) performs the work of a 
security-sensitive employee or (b) supervises and otherwise directs the 
performance of a security-sensitive employee.
    Imprisoned or imprisonment means confined to a prison, jail, or 
institution for the criminally insane, on a full-time basis, pursuant 
to a sentence imposed as the result of a criminal conviction or finding 
of not guilty by reason of insanity. Time spent confined or restricted 
to a half-way house, treatment facility, or similar institution, 
pursuant to a sentence imposed as the result of a criminal conviction 
or finding of not guilty by reason of insanity, does not constitute 
imprisonment for purposes of this rule.
    Incarceration means confined or otherwise restricted to a jail-type 
institution, half-way house, treatment facility, or another institution 
on a full or part-time basis, pursuant to a sentence imposed as the 
result of a criminal conviction or finding of not guilty by reason of 
insanity.
    Initial Determination of Threat Assessment means an initial 
administrative determination by TSA that an applicant poses a security 
threat warranting denial of an HME or a TWIC.
    Initial Determination of Threat Assessment and Immediate Revocation 
means an initial administrative determination that an individual poses 
a security threat that warrants immediate revocation of an HME or 
invalidation of a TWIC. In the case of an HME, the State must 
immediately revoke the HME if TSA issues an Initial Determination of 
Threat Assessment and Immediate Revocation. In the case of a TWIC, TSA 
invalidates the TWIC when TSA issues an Initial Determination of Threat 
Assessment and Immediate Revocation.
    Invalidate means the action TSA takes to make a credential 
inoperative when it is reported as lost, stolen, damaged, no longer 
needed, or when TSA determines an applicant does not meet the security 
threat assessment standards of 49 CFR part 1572.
    Lawful permanent resident means an alien lawfully admitted for 
permanent residence, as defined in 8 U.S.C. 1101(a)(20).
    Maritime facility has the same meaning as ``facility'' together 
with ``OCS facility'' (Outer Continental Shelf facility), as defined in 
33 CFR 101.105.
    Mental health facility means a mental institution, mental hospital, 
sanitarium, psychiatric facility, and any other facility that provides 
diagnoses by licensed professionals of mental retardation or mental 
illness, including a psychiatric ward in a general hospital.
    National of the United States means a citizen of the United States, 
or a person who, though not a citizen, owes permanent allegiance to the 
United States, as defined in 8 U.S.C. 1101(a)(22), and includes 
American Samoa and Swains Island.
    Revocation means the termination, deactivation, rescission, 
invalidation, cancellation, or withdrawal of the privileges and duties 
conferred by an HME or TWIC, when TSA determines an applicant does not 
meet the security threat assessment standards of 49 CFR part 1572.
    Secure area means the area on board a vessel or at a facility or 
outer continental shelf facility, over which the owner/operator has 
implemented security measures for access control, as defined by a Coast 
Guard approved security plan. It does not include passenger access 
areas or public access areas, as those terms are defined in 33 CFR 
104.106 and 105.106 respectively. Vessels operating under the waivers 
provided for at 46 U.S.C. 8103(b)(3)(A) or (B) have no secure areas. 
Facilities subject to 33 CFR chapter I, subchapter H, part 105 may, 
with approval of the Coast Guard, designate only those portions of 
their facility that are directly connected to maritime transportation 
or are at risk of being involved in a transportation security incident 
as their secure areas.
    Security threat means an individual whom TSA determines or suspects 
of posing a threat to national security; to transportation security; or 
of terrorism.
    Security-sensitive employee, for purposes of this part, means 
``security sensitive employee'' as defined in Sec. Sec.  1580.3, 
1582.3, or 1584.3 of this title.

[[Page 91386]]

    Security-sensitive job function, for purposes of this part, means a 
job function identified in Appendix B to part 1580, Appendix B to part 
1582, and Appendix B to part 1584 of this title.
    Transportation Worker Identification Credential (TWIC) means a 
Federal biometric credential, issued to an individual, when TSA 
determines that the individual does not pose a security threat.
    Withdrawal of Initial Determination of Threat Assessment is the 
document that TSA issues after issuing an Initial Determination of 
Security Threat, when TSA determines that an individual does not pose a 
security threat that warrants denial of an HME or TWIC.


Sec.  1570.5  Fraud and intentional falsification of records.

    No person may make, cause to be made, attempt, or cause to attempt 
any of the following:
    (a) Any fraudulent or intentionally false statement in any record 
or report that is kept, made, or used to show compliance with the 
subchapter, or exercise any privileges under this subchapter.
    (b) Any reproduction or alteration, for fraudulent purpose, of any 
record, report, security program, access medium, or identification 
medium issued under this subchapter or pursuant to standards in this 
subchapter.


Sec.  1570.7  Security responsibilities of employees and other persons.

    (a) No person may--
    (1) Tamper or interfere with, compromise, modify, attempt to 
circumvent, or cause another person to tamper or interfere with, 
compromise, modify, or attempt to circumvent any security measure 
implemented under this subchapter.
    (2) Enter, or be present within, a secured or restricted area 
without complying with the security measures applied as required under 
this subchapter to control access to, or presence or movement in, such 
areas.
    (3) Use, allow to be used, or cause to be used, any approved access 
medium or identification medium that authorizes the access, presence, 
or movement of persons or vehicles in secured or restricted areas in 
any other manner than that for which it was issued by the appropriate 
authority to meet the requirements of this subchapter.
    (b) The provisions of paragraph (a) of this section do not apply to 
conducting inspections or tests to determine compliance with this 
subchapter authorized by--
    (1) TSA and DHS officials working with TSA; or
    (2) The owner/operator when acting in accordance with the 
procedures described in a security plan and/or program approved by TSA.


Sec.  1570.9  Compliance, inspection, and enforcement.

    (a) Each person subject to any of the requirements of this 
subchapter, must allow TSA and other authorized DHS officials, at any 
time and in a reasonable manner, without advance notice, to enter, 
assess, inspect, and test property, facilities, equipment, and 
operations; and to view, inspect, and copy records, as necessary to 
carry out TSA's security-related statutory or regulatory authorities, 
including its authority to--
    (1) Assess threats to transportation.
    (2) Enforce security-related laws, regulations, directives, and 
requirements.
    (3) Inspect, maintain, and test the security of facilities, 
equipment, and systems.
    (4) Ensure the adequacy of security measures for the transportation 
of passengers and cargo.
    (5) Oversee the implementation, and ensure the adequacy, of 
security measures for the owner/operator's conveyances and vehicles, at 
transportation facilities and infrastructure and other assets related 
to transportation.
    (6) Review security plans and/or programs.
    (7) Determine compliance with any requirements in this chapter.
    (8) Carry out such other duties, and exercise such other powers, 
relating to transportation security, as the Administrator for TSA 
considers appropriate, to the extent authorized by law.
    (b) At the request of TSA, each owner/operator subject to the 
requirements of this subchapter must provide evidence of compliance 
with this chapter, including copies of records.
    (c) TSA and other authorized DHS officials, may enter, without 
advance notice, and be present within any area or within any vehicle or 
conveyance, terminal, or other facility covered by this chapter without 
access media or identification media issued or approved by an owner/
operator covered by this chapter in order to inspect or test 
compliance, or perform other such duties as TSA may direct.
    (d) TSA inspectors and other authorized DHS officials working with 
TSA will, on request, present their credentials for examination, but 
the credentials may not be photocopied or otherwise reproduced.

Subpart B--Security Programs


Sec.  1570.101  Scope.

    The requirements of this subpart address general security program 
requirements applicable to each owner/operator required to have a 
security program under subpart B to 49 CFR parts 1580, 1582, and 1584.


Sec.  1570.103  Content.

    (a) Security program. Except as otherwise approved by TSA, each 
owner/operator required to have a security program must address each of 
the security program requirements identified in subpart B to 49 CFR 
parts 1580, 1582, and 1584.
    (b) Use of appendices. The owner/operator may comply with the 
requirements referenced in paragraph (a) of this section by including 
in its security program, as an appendix, any document that contains the 
information required by the applicable subpart B, including procedures, 
protocols or memorandums of understanding related to external agency 
response to security incidents or events. The appendix must be 
referenced in the corresponding section(s) of the security program.


Sec.  1570.105  Responsibility for Determinations.

    (a) Higher-risk operations. While TSA has determined the criteria 
for applicability of the requirements in subpart B to 49 CFR parts 
1580, 1582, and 1584 based on risk-assessments for freight railroad, 
public transportation system, passenger railroad, or over-the-road 
(OTRB) owner/operators are required to determine if the applicability 
requirements apply to them using the criteria identified in 49 CFR 
1580.101, 1582.101, and 1584.101. Owner/operators are required to 
notify TSA of applicability within 30 days of [Insert effective date of 
final rule in the Federal Register].
    (b) New or modified operations. If an owner/operator commences new 
operations or modifies existing operations after [Insert date of 
publication of final rule in the Federal Register], that person is 
responsible for determining whether the new or modified operations 
would meet the applicability determinations in subpart B to 49 CFR 
parts 1580, 1582, or 1584 and must notify TSA no later than 90 calendar 
days before commencing operations or implementing modifications.


Sec.  1570.107  Recognition of prior or established security measures 
or programs.

    Previously provided security training may be credited towards 
satisfying the

[[Page 91387]]

requirements of this subchapter provided the owner/operator--
    (a) Obtains a complete record of such training and validates the 
training meets requirements of Sec. Sec.  1580.115, 1582.115, or 
1584.115 of this subchapter as it relates to the function of the 
individual security-sensitive employee and the training was provided 
within the schedule required for recurrent training.
    (b) Retains a record of such training in compliance with the 
requirements of Sec.  1570.121 of this part.


Sec.  1570.109  Submission and approval.

    (a) Submission of security program. Each owner/operator required 
under parts 1580, 1582, or 1584 of this subchapter to adopt and carry 
out a security program must submit it to TSA for approval in a form and 
manner prescribed by TSA.
    (b) Security training deadlines. Except as otherwise directed by 
TSA, each owner/operator required under subpart B to parts 1580, 1582, 
or 1584 of this subchapter to develop a security training program 
must--
    (1) Submit its program to TSA for approval no later than 90 
calendar days after [insert effective date of final rule in the Federal 
Register].
    (2) If commencing or modifying operations so as to be subject to 
the requirements of subpart B to 49 CFR parts 1580, 1582, or 1584 after 
[Insert effective date of final rule in the Federal Register], submit a 
training program to TSA no later than 90 calendar days before 
commencing new or modified operations.
    (c) TSA approval. (1) No later than 60 calendar days after 
receiving the proposed security program required by subpart B to 49 CFR 
parts 1580, 1582, and 1584, TSA will either approve the program or 
provide the owner/operator with written notice to modify the program to 
comply with the applicable requirements of this subchapter. TSA will 
notify the owner/operator if it needs an extension of time to approve 
the program or provide the owner/operator with written notice to modify 
the program to comply with the applicable requirements of this 
subchapter.
    (2) Notice to modify. If TSA provides the owner/operator with 
written notice to modify the security program to comply with the 
applicable requirements of this subchapter, the owner/operator must 
provide a modified security program to TSA for approval within the 
timeframe specified by TSA.
    (3) TSA may request additional information, and the owner/operator 
must provide the information within the time period TSA prescribes. The 
60-day period for TSA approval or modification will begin when the 
owner/operator provides the additional information.
    (g) Petition for reconsideration. Within 30 days of receiving the 
notice to modify, the owner/operator may file a petition for 
reconsideration under Sec.  1570.119 of this part.


Sec.  1570.111  Implementation schedules.

    (a) Initial security training. (1) Once TSA approves an owner/
operator's security training program, the owner/operator must provide 
initial security training to a security-sensitive employee--
    (2) No later than one year after the date of approval if the 
employee is employed to perform a security-sensitive function on the 
date TSA approves the program.
    (3) No later than 60 calendar days after the employee first 
performs a security-sensitive job function if performance of a 
security-sensitive job function is initiated after TSA approves the 
program.
    (4) No later than the 60th calendar day of employment performing a 
security-sensitive function, aggregated over a consecutive 12-month 
period, if the security-sensitive job function is performed 
intermittently.
    (b) Recurrent security training. Each owner/operator must provide 
annual recurrent security training to each employee performing a 
security-sensitive job function not later than the anniversary calendar 
month of the employee's initial security training. If the owner/
operator provides the recurrent security training in the month of, the 
month before, or the month after it is due, the employee is considered 
to have taken the training in the month it is due. Recurrent training 
must use the most recent iteration of any training materials submitted 
to, and approved by, TSA.
    (c) Extensions of time. TSA may grant an extension of time for 
implementing a security program identified in subpart B to parts 1580, 
1582, and 1584 of this subchapter upon a showing of good cause. The 
owner/operator must request the extension of time in writing and TSA 
must receive the request within a reasonable time before the due date 
to be extended; an owner/operator may request an extension after the 
expiration of a due date by sending a written request describing why 
the failure to meet the due date was excusable. TSA will respond to the 
request in writing.


Sec.  1570.113  Amendments requested by owner/operator.

    (a) Requirement to request amendment. Each owner/operator required 
under parts 1580, 1582, or 1584 of this subchapter to adopt and carry 
out a security program must submit a request to amend its security 
program if, after approval, changes expected to have a duration of 60 
calendar days or more have occurred to the--
    (1) Ownership or control of the operations; and/or
    (2) Measures, training, or staffing described in the security 
program.
    (b) Schedule for requesting amendment. The owner/operator must file 
the request for an amendment with TSA no later than 45 calendar days 
before the proposed amendment takes effect, unless TSA allows a shorter 
time period.
    (c) TSA approval. (1) Within 30 calendar days after receiving a 
proposed amendment, TSA will, in writing, either approve or deny the 
request to amend. TSA will notify the owner/operator if it needs an 
extension of time to consider the proposed amendment.
    (2) TSA may approve an amendment to a security program if TSA 
determines that it is in the interest of the public and transportation 
security and the proposed amendment provides the level of security 
required under this subchapter. TSA may request additional information 
from the owner/operator before rendering a decision.
    (d) No later than 30 calendar days after receiving a denial, the 
owner/operator may file a petition for reconsideration under Sec.  
1570.119 of this part.


Sec.  1570.115  Amendments required by TSA.

    (a) Notification of requirement to amend. TSA may require 
amendments to a security program in the interest of the public and 
transportation security, including any new information about emerging 
threats, or methods for addressing emerging threats, as follows:
    (1) TSA will notify the owner/operator of the proposed amendment, 
fixing a period of not less than 30 calendar days within which the 
owner/operator may submit written information, views, and arguments on 
the amendment.
    (2) After TSA considers all relevant material received, TSA will 
notify the owner/operator of any amendment adopted or rescind the 
notice.
    (b) Effective date of amendment. If TSA adopts the amendment, it 
becomes effective not less than 30 calendar days after the owner/
operator receives the notice of amendment, unless the owner/

[[Page 91388]]

operator disagrees with the proposed amendment and files a petition for 
reconsideration under Sec.  1570.119 of this part no later than 15 
calendar days before the effective date of the amendment. A timely 
petition for reconsideration stays the effective date of the amendment.
    (c) Emergency amendments. If TSA determines that there is an 
emergency requiring immediate action in the interest of the public or 
transportation security, TSA may issue an amendment, without the prior 
notice and comment procedures in paragraph (a) of this section, 
effective without stay on the date the covered owner/operator receives 
notice of it. In such a case, TSA will incorporate in the notice a 
brief statement of the reasons and findings for the amendment to be 
adopted. The owner/operator may file a petition for reconsideration 
under Sec.  1570.119 of this part; however, this does not stay the 
effective date of the emergency amendment.


Sec.  1570.117  Alternative measures.

    (a) If in TSA's judgment, the overall security of transportation 
provided by an owner/operator subject to the requirements of 49 CFR 
parts 1580, 1582, or 1584 are not diminished, TSA may approve 
alternative measures.
    (b) Each owner/operator requesting alternative measures must file 
the request for approval in a form and manner prescribed by TSA. The 
filing of such a request does not affect the owner/operator's 
responsibility for compliance while the request is being considered.
    (c) TSA may request additional information, and the owner/operator 
must provide the information within the time period TSA prescribes. 
Within 30 calendar days after receiving a request for alternative 
measures and all requested information, TSA will, in writing, either 
approve or deny the request.
    (d) If TSA finds that the use of the alternative measures is in the 
interest of the public and transportation security, it may grant the 
request subject to any conditions TSA deems necessary. In considering 
the request for alternative measures, TSA will review all relevant 
factors including--
    (1) The risks associated with the type of operation, for example, 
whether the owner/operator transports hazardous materials or passengers 
within a high threat urban area, whether the owner/operator transports 
passengers and the volume of passengers transported, or whether the 
owner/operator hosts a passenger operation.
    (2) Any relevant threat information.
    (3) Other circumstances concerning potential risk to the public and 
transportation security.
    (e) No later than 30 calendar days after receiving a denial, the 
owner/operator may petition for reconsideration under Sec.  1570.119 of 
this part.


Sec.  1570.119  Petitions for reconsideration.

    (1) If an owner/operator seeks to petition for reconsideration of a 
determination, required modification, denial of a request for amendment 
by the owner/operator, denial to rescind a TSA-required amendment, or 
denial of an alternative measure, the owner/operator must submit a 
written petition for reconsideration that includes a statement and any 
supporting documentation explaining why the owner/operator believes 
TSA's decision is incorrect.
    (2) Upon review of the petition for reconsideration, the 
Administrator or designee will dispose of the petition by affirming, 
modifying, or rescinding its previous decision. This is considered a 
final agency action.


Sec.  1570.121   Recordkeeping and availability.

    (a) Retention. Each owner/operator required to have a security 
program under subpart B to parts 1580, 1582, and 1584 of this 
subchapter must--
    (1) Retain security training records for each individual trained 
for no less than five years from the date of training that, at a 
minimum--
    (i) Includes employee's full name, job title or function, date of 
hire, and date of initial and recurrent security training; and
    (ii) Identifies the date, course name, course length, and list of 
topics addressed for the security training most recently provided in 
each of the areas required under Sec. Sec.  1580.115, 1582.115, and 
1584.115 of this subchapter.
    (2) Retain records of initial and recurrent security training for 
no less than five years from the date of training.
    (3) Provide records to current and former employees upon request 
and at no charge as necessary to provide proof of training.
    (b) Electronic records. Each owner/operator required to retain 
records under this section may keep them in electronic form. An owner/
operator may maintain and transfer records through electronic 
transmission, storage, and retrieval provided that the electronic 
system provides for the maintenance of records as originally submitted 
without corruption, loss of data, or tampering.
    (c) Protection of SSI. Each owner/operator must restrict the 
distribution, disclosure, and availability of security sensitive 
information, as identified in part 1520 of this chapter, to persons 
with a need to know. The owner/operator must refer requests for such 
information by other persons to TSA.
    (d) Availability. Each owner/operator must make the records 
available to TSA upon request for inspection and copying.

Subpart C--Operations


Sec.  1570.201  Security Coordinator.

    (a) Except as provided in paragraph (b) of this section, each 
owner/operator identified in Sec. Sec.  1580.1, 1582.1, and 1584.101 of 
this subchapter must designate and use a primary and at least one 
alternate Security Coordinator.
    (b) An owner/operator described in Sec.  1580.101(a)(5) or Sec.  
1582.101(a)(4) of this subchapter must designate and use a primary and 
at least one alternate Security Coordinator, only if notified by TSA in 
writing that a threat exists concerning that type of operation.
    (c) The Security Coordinator and alternate(s) must be appointed at 
the corporate level.
    (d) Each owner/operator required to have a Security Coordinator 
must provide in writing to TSA the names, U.S. citizenship status, 
titles, phone number(s), and email address(es) of the Security 
Coordinator and alternate Security Coordinator(s) within 7 calendar 
days of the effective date of this rule, commencement of operations, or 
change in any of the information required by this section.
    (e) Each owner/operator required to have a Security Coordinator 
must ensure that at least one Security Coordinator--
    (1) Serves as the primary contact for intelligence information and 
security-related activities and communications with TSA. Any individual 
designated as a Security Coordinator may perform other duties in 
addition to those described in this section.
    (2) Is accessible to TSA on a 24-hours a day, 7 days a week basis.
    (3) Coordinates security practices and procedures internally and 
with appropriate law enforcement and emergency response agencies.


Sec.  1570.203  Reporting significant security concerns.

    (a) Each owner/operator identified in Sec. Sec.  1580.1, 1582.1, 
and 1584.101 of this subchapter must report, within 24 hours of initial 
discovery, any potential threats and significant security concerns 
involving transportation-related operations in the United States or 
transportation to, from, or within the United States as soon as 
possible by the methods prescribed by TSA.

[[Page 91389]]

    (b) Potential threats or significant security concerns encompass 
incidents, suspicious activities, and threat information including, but 
not limited to, the categories of reportable events listed in Appendix 
A to this part.
    (c) Information reported must include the following, as available 
and applicable:
    (1) The name of the reporting individual and contact information, 
including a telephone number or email address.
    (2) The affected freight or passenger train, transit vehicle, motor 
vehicle, station, terminal, rail hazardous materials facility, or other 
facility or infrastructure, including identifying information and 
current location.
    (3) Scheduled origination and termination locations for the 
affected freight or passenger train, transit vehicle, or motor 
vehicle--including departure and destination city and route.
    (4) Description of the threat, incident, or activity, including who 
has been notified and what action has been taken.
    (5) The names, other available biographical data, and/or 
descriptions (including vehicle or license plate information) of 
individuals or motor vehicles known or suspected to be involved in the 
threat, incident, or activity.
    (6) The source of any threat information.

Subpart D--Security Threat Assessments


Sec.  1570.301  Fraudulent use or manufacture; responsibilities of 
persons.

    (a) No person may use or attempt to use a credential, security 
threat assessment, access control medium, or identification medium 
issued or conducted under this subchapter that was issued or conducted 
for another person.
    (b) No person may make, produce, use or attempt to use a false or 
fraudulently created access control medium, identification medium or 
security threat assessment issued or conducted under this subchapter.
    (c) No person may tamper or interfere with, compromise, modify, 
attempt to circumvent, or circumvent TWIC access control procedures.
    (d) No person may cause or attempt to cause another person to 
violate paragraphs (a)-(c) of this section.


Sec.  1570.303  Inspection of credential.

    (a) Each person who has been issued or possesses a TWIC must 
present the TWIC for inspection upon a request from TSA, the Coast 
Guard, or other authorized DHS representative; an authorized 
representative of the National Transportation Safety Board; or a 
Federal, State, or local law enforcement officer.
    (b) Each person who has been issued or who possesses a TWIC must 
allow his or her TWIC to be read by a reader and must submit his or her 
reference biometric, such as a fingerprint, and any other required 
information, such as a PIN, to the reader, upon a request from TSA, the 
Coast Guard, other authorized DHS representative; or a Federal, State, 
or local law enforcement officer.


Sec.  1570.305  False statements regarding security background checks 
by public transportation agency or railroad carrier.

    (a) Scope. This section implements sections 1414(e) (6 U.S.C. 1143) 
and 1522(e) (6 U.S.C. 1170) of the ``Implementing Recommendations of 
the 9/11 Commission Act of 2007,'' Public Law 110-53 (121 Stat. 266, 
Aug. 3, 2007).
    (b) Definitions. In addition to the terms in Sec. Sec.  1500.3, 
1500.5, and 1503.202 of subchapter A and Sec.  1570.3 of subchapter D 
of this chapter, the following terms apply to this part:
    Covered individual means an employee of a public transportation 
agency or a contractor or subcontractor of a public transportation 
agency or an employee of a railroad carrier or a contractor or 
subcontractor of a railroad carrier.
    Security background check means reviewing the following for the 
purpose of identifying individuals who may pose a threat to 
transportation security, national security, or of terrorism:
    (1) Relevant criminal history databases.
    (2) In the case of an alien (as defined in sec. 101 of the 
Immigration and Nationality Act (8 U.S.C. 1101(a)(3)), the relevant 
databases to determine the status of the alien under the immigration 
laws of the United States.
    (3) Other relevant information or databases, as determined by the 
Secretary of Homeland Security.
    (c) Prohibitions. (1) A public transportation agency or a 
contractor or subcontractor of a public transportation agency may not 
knowingly misrepresent to an employee or other relevant person, 
including an arbiter involved in a labor arbitration, the scope, 
application, or meaning of any rules, regulations, directives, or 
guidance issued by the Secretary of Homeland Security related to 
security background check requirements for covered individuals when 
conducting a security background check.
    (2) A railroad carrier or a contractor or subcontractor of a 
railroad carrier may not knowingly misrepresent to an employee or other 
relevant person, including an arbiter involved in a labor arbitration, 
the scope, application, or meaning of any rules, regulations, 
directives, or guidance issued by the Secretary of Homeland Security 
related to security background check requirements for covered 
individuals when conducting a security background check.

Appendix A to Part 1570--Reporting of Significant Security Concerns

 
------------------------------------------------------------------------
           Category                           Description
------------------------------------------------------------------------
Breach, Attempted Intrusion,   Unauthorized personnel attempting to or
 and/or Interference.           actually entering a restricted area or
                                secure site relating to a transportation
                                facility or conveyance owned, operated,
                                or used by an owner/operator subject to
                                this part. This includes individuals
                                entering or attempting to enter by
                                impersonation of authorized personnel
                                (for example, police/security, janitor,
                                vehicle owner/operator). Activity that
                                could interfere with the ability of
                                employees to perform duties to the
                                extent that security is threatened.
Misrepresentation............  Presenting false, or misusing, insignia,
                                documents, and/or identification, to
                                misrepresent one's affiliation with an
                                owner/operator subject to this part to
                                cover possible illicit activity that may
                                pose a risk to transportation security.
Theft, Loss, and/or Diversion  Stealing or diverting identification
                                media or badges, uniforms, vehicles,
                                keys, tools capable of compromising
                                track integrity, portable derails,
                                technology, or classified or sensitive
                                security information documents which are
                                proprietary to the facility or
                                conveyance owned, operated, or used by
                                an owner/operator subject to this part.

[[Page 91390]]

 
Sabotage, Tampering, and/or    Damaging, manipulating, or defeating
 Vandalism.                     safety and security appliances in
                                connection with a facility,
                                infrastructure, conveyance, or routing
                                mechanism, resulting in the compromised
                                use or the temporary or permanent loss
                                of use of the facility, infrastructure,
                                conveyance or routing mechanism. Placing
                                or attaching a foreign object to a rail
                                car(s).
Cyber Attack.................  Compromising, or attempting to compromise
                                or disrupt the information/technology
                                infrastructure of an owner/operator
                                subject to this part.
Expressed or Implied Threat..  Communicating a spoken or written threat
                                to damage or compromise a facility/
                                infrastructure/conveyance owned,
                                operated, or used by an owner/operator
                                subject to this part (for example, a
                                bomb threat or active shooter).
Eliciting Information........  Questioning that may pose a risk to
                                transportation or national security,
                                such as asking one or more employees of
                                an owner/operator subject to this part
                                about particular facets of a facility's
                                conveyance's purpose, operations, or
                                security procedures.
Testing or Probing of          Deliberate interactions with employees of
 Security.                      an owner/operator subject to this part
                                or challenges to facilities or systems
                                owned, operated, or used by an owner/
                                operator subject to this part that
                                reveal physical, personnel, or cyber
                                security capabilities.
Photography..................  Taking photographs or video of
                                facilities, conveyances, or
                                infrastructure owned, operated, or used
                                by an owner/operator subject to this
                                part in a manner that may pose a risk to
                                transportation or national security.
                                Examples include taking photographs or
                                video of infrequently used access
                                points, personnel performing security
                                functions (for example, patrols, badge/
                                vehicle checking), or security-related
                                equipment (for example, perimeter
                                fencing, security cameras).
Observation or Surveillance..  Demonstrating unusual interest in
                                facilities or loitering near
                                conveyances, railcar routing appliances
                                or any potentially critical
                                infrastructure owned or operated by an
                                owner/operator subject to this part in a
                                manner that may pose a risk to
                                transportation or national security.
                                Examples include observation through
                                binoculars, taking notes, or attempting
                                to measure distances.
Materials Acquisition and/or   Acquisition and/or storage by an employee
 Storage.                       of an owner/operator subject to this
                                part of materials such as cell phones,
                                pagers, fuel, chemicals, toxic
                                materials, and/or timers that may pose a
                                risk to transportation or national
                                security (for example, storage of
                                chemicals not needed by an employee for
                                the performance of his or her job
                                duties).
Weapons Discovery, Discharge,  Weapons or explosives in or around a
 or Seizure.                    facility, conveyance, or infrastructure
                                of an owner/operator subject to this
                                part that may present a risk to
                                transportation or national security (for
                                example, discovery of weapons
                                inconsistent with the type or quantity
                                traditionally used by company security
                                personnel).
Suspicious Items or Activity.  Discovery or observation of suspicious
                                items, activity or behavior in or around
                                a facility, conveyance, or
                                infrastructure of an owner/operator
                                subject to this part that results in the
                                disruption or termination of operations
                                (for example, halting the operation of a
                                conveyance while law enforcement
                                personnel investigate a suspicious bag,
                                briefcase, or package).
------------------------------------------------------------------------

0
11. Revise part 1580 to read as follows:

PART 1580--FREIGHT RAIL TRANSPORTATION SECURITY

Subpart A--General
Sec.
1580.1 Scope.
1580.3 Terms used in this part.
1580.5 Preemptive effect.
Subpart B--Security Programs
Sec.
1580.101 Applicability.
1580.103 [Reserved]
1580.105 [Reserved]
1580.107 [Reserved]
1580.109 [Reserved]
1580.111 [Reserved]
1580.113 Security training program general requirements.
1580.115 Security training and knowledge for security-sensitive 
employees.
Subpart C--Operations
Sec.
1580.201 Applicability.
1580.203 Location and shipping information.
1580.205 Chain of custody and control requirements.
1580.207 Harmonization of federal regulation of nuclear facilities.
Subpart D [Reserved]

Appendix A to Part 1580--High Threat Urban Areas (HTUAs)

Appendix B to Part 1580--Security-Sensitive Job Functions For Freight 
Rail

    Authority: 6 U.S.C. 1162 and 1167; 49 U.S.C. 114.

Subpart A--General


Sec.  1580.1  Scope.

    (a) Except as provided in paragraph (b) of this section, this part 
includes requirements for the following persons. Specific sections in 
this part provide detailed requirements.
    (1) Each freight railroad carrier that operates rolling equipment 
on track that is part of the general railroad system of transportation.
    (2) Each rail hazardous materials shipper.
    (3) Each rail hazardous materials receiver located within an HTUA.
    (4) Each freight railroad carrier serving as a host railroad to a 
freight railroad operation described in paragraph (a)(1) of this 
section or a passenger operation described in Sec.  1582.1 of this 
subchapter.
    (5) Each owner/operator of private rail cars, including business/
office cars and circus trains, on or connected to the general railroad 
system of transportation.
    (b) This part does not apply to a freight railroad carrier that 
operates rolling equipment only on track inside an installation that is 
not part of the general railroad system of transportation.


Sec.  1580.3  Terms used in this part.

    In addition to the terms in Sec. Sec.  1500.3, 1500.5, and 1503.202 
of subchapter A and Sec.  1570.3 of subchapter D of this chapter, the 
following terms apply to this part:
    Class I means Class I as assigned by regulations of the Surface 
Transportation Board (STB) (49 CFR part 1201; General Instructions 1-
1).

[[Page 91391]]

    A rail car is attended if an employee--
    (1) Is physically located on-site in reasonable proximity to the 
rail car;
    (2) Is capable of promptly responding to unauthorized access or 
activity at or near the rail car, including immediately contacting law 
enforcement or other authorities; and
    (3) Immediately responds to any unauthorized access or activity at 
or near the rail car either personally or by contacting law enforcement 
or other authorities.
    Document the transfer means documentation uniquely identifying that 
the rail car was attended during the transfer of custody, including:
    (1) Car initial and number.
    (2) Identification of individuals who attended the transfer (names 
or uniquely identifying employee number).
    (3) Location of transfer.
    (4) Date and time the transfer was completed.
    High threat urban area (HTUA) means, for purposes of this part, an 
area comprising one or more cities and surrounding areas including a 
10-mile buffer zone, as listed in Appendix A to this part 1580.
    Maintains positive control means that the rail hazardous materials 
receiver and the railroad carrier communicate and cooperate with each 
other to provide for the security of the rail car during the physical 
transfer of custody. Attending the rail car is a component of 
maintaining positive control.
    Rail security-sensitive materials (RSSM) means--
    (1) A rail car containing more than 2,268 kg (5,000 lbs.) of a 
Division 1.1, 1.2, or 1.3 (explosive) material, as defined in 49 CFR 
173.50;
    (2) A tank car containing a material poisonous by inhalation as 
defined in 49 CFR 171.8, including anhydrous ammonia, Division 2.3 
gases poisonous by inhalation as set forth in 49 CFR 173.115(c), and 
Division 6.1 liquids meeting the defining criteria in 49 CFR 
173.132(a)(1)(iii) and assigned to hazard zone A or hazard zone B in 
accordance with 49 CFR 173.133(a), excluding residue quantities of 
these materials; and
    (3) A rail car containing a highway route-controlled quantity of a 
Class 7 (radioactive) material, as defined in 49 CFR 173.403.
    Residue means the hazardous material remaining in a packaging, 
including a tank car, after its contents have been unloaded to the 
maximum extent practicable and before the packaging is either refilled 
or cleaned of hazardous material and purged to remove any hazardous 
vapors.
    Security-sensitive employee means an employee who performs--
    (1) Service subject to the Federal hours of service laws (49 U.S.C. 
chapter 211), regardless of whether the employee actually performs such 
service during a particular duty tour; or
    (2) One or more of the security-sensitive job functions identified 
in Appendix B to this part where the security-sensitive function is 
performed in the United States or in direct support of the common 
carriage of persons or property between a place in the United States 
and any place outside of the United States.


Sec.  1580.5  Preemptive effect.

    Under 49 U.S.C. 20106, issuance of the regulations in this 
subchapter preempts any State law, regulation, or order covering the 
same subject matter, except an additional or more stringent law, 
regulation, or order that is necessary to eliminate or reduce an 
essentially local security hazard; that is not incompatible with a law, 
regulation, or order of the U.S. Government; and that does not 
unreasonably burden interstate commerce. For example, under 49 U.S.C. 
20106, issuance of 49 CFR 1580.205 preempts any State or tribal law, 
rule, regulation, order or common law requirement covering the same 
subject matter.

Subpart B--Security Programs


Sec.  1580.101  Applicability.

    This subpart applies to each of the following owner/operators:
    (a) Described in Sec.  1580.1(a)(1) of this part that is a Class I 
freight railroad.
    (b) Described in Sec.  1580.1(a)(1) of this part that transports 
one or more of the categories and quantities of RSSM in an HTUA.
    (c) Described in Sec.  1580.1(a)(4) of this part that serves as a 
host railroad to a freight railroad described in paragraph (a) of (b) 
of this section or a passenger operation described in Sec.  1582.101 of 
this subchapter.


Sec.  1580.103  [Reserved]


Sec.  1580.105  [Reserved]


Sec.  1580.107  [Reserved]


Sec.  1580.109  [Reserved]


Sec.  1580.111  [Reserved]


Sec.  1580.113  Security training program general requirements.

    (a) Security training program required. Each owner/operator 
identified in Sec.  1580.101 of this part is required to adopt and 
carry out a security training program under this subpart.
    (b) General requirements. The security training program must 
include the following information:
    (1) Name of owner/operator.
    (2) Name, title, telephone number, and email address of the primary 
individual to be contacted with regard to review of the security 
training program.
    (3) Number, by specific job function category identified in 
Appendix B to this part, of security-sensitive employees trained or to 
be trained.
    (4) Implementation schedule that identifies a specific date by 
which initial and recurrent security training required by Sec.  
1570.111 of this part will be completed.
    (5) Location where training program records will be maintained.
    (6) Curriculum or lesson plan, learning objectives, and method of 
delivery (such as instructor-led or computer-based training) for each 
course used to meet the requirements of Sec.  1580.115 of this part. 
TSA may request additional information regarding the curriculum during 
the review and approval process.
    (7) Plan for ensuring supervision of untrained security-sensitive 
employees performing functions identified in Appendix B to this part.
    (8) Plan for notifying employees of changes to security measures 
that could change information provided in previously provided training.
    (9) Method(s) for evaluating the effectiveness of the security 
training program in each area required by Sec.  1580.115 of this part.
    (c) Relation to other training. (1) Training conducted by owner/
operators to comply other requirements or standards, such as emergency 
preparedness training required by the Department of Transportation 
(DOT) (49 CFR part 239) or other training for communicating with 
emergency responders to arrange the evacuation of passengers, may be 
combined with and used to satisfy elements of the training requirements 
in this subpart.
    (2) If the owner/operator submits a security training program that 
relies on pre-existing or previous training materials to meet the 
requirements of subpart B, the program submitted for approval must 
include an index, organized in the same sequence as the requirements in 
this subpart.
    (d) Submission and Implementation. The owner/operator must submit 
and implement the security training program in accordance with the 
schedules identified in Sec. Sec.  1570.109 and 1570.111 of this 
subchapter.

[[Page 91392]]

Sec.  1580.115  Security training and knowledge for security-sensitive 
employees.

    (a) Training required for security-sensitive employees. No owner/
operator required to have a security training program under Sec.  
1580.101 of this part may use a security-sensitive employee to perform 
a function identified in Appendix B to this part, unless that 
individual has received training as part of a security training program 
approved by TSA under 49 CFR part 1570, subpart B, or is under the 
direct supervision of a security-sensitive employee who has received 
the training required by this section.
    (b) Limits on use of untrained employees. Notwithstanding paragraph 
(a) of this section, a security-sensitive employee may not perform a 
security-sensitive function for more than sixty (60) calendar days 
without receiving security training.
    (c) Prepare. (1) Each owner/operator must ensure that each of its 
security-sensitive employees with position- or function-specific 
responsibilities under the owner/operator's security program has 
knowledge of how to fulfill those responsibilities in the event of a 
security threat, breach, or incident to ensure--
    (i) Employees with responsibility for transportation security 
equipment and systems are aware of their responsibilities and can 
verify the equipment and systems are operating and properly maintained; 
and
    (ii) Employees with other duties and responsibilities under the 
company's security plans and/or programs, including those required by 
Federal law, know their assignments and the steps or resources needed 
to fulfill them.
    (2) Each employee who performs any security-related functions under 
Sec.  1580.205 of this subpart must be provided training specifically 
applicable to the functions the employee performs. As applicable, this 
training must address--
    (i) Inspecting rail cars for signs of tampering or compromise, 
IEDs, suspicious items, and items that do not belong;
    (ii) Identification of rail cars that contain rail security-
sensitive materials, including the owner/operator's procedures for 
identifying rail security-sensitive material cars on train documents, 
shipping papers, and in computer train/car management systems; and
    (iii) Procedures for completing transfer of custody documentation.
    (d) Observe. Each owner/operator must ensure that each of its 
security-sensitive employees has knowledge of the observational skills 
necessary to recognize--
    (1) Suspicious and/or dangerous items (such as substances, 
packages, or conditions (for example, characteristics of an IED and 
signs of equipment tampering or sabotage);
    (2) Combinations of actions and individual behaviors that appear 
suspicious and/or dangerous, inappropriate, inconsistent, or out of the 
ordinary for the employee's work environment which could indicate a 
threat to transportation security; and
    (3) How a terrorist or someone with malicious intent may attempt to 
gain sensitive information or take advantage of vulnerabilities.
    (e) Assess. Each owner/operator must ensure that each of its 
security-sensitive employees has knowledge necessary to--
    (1) Determine whether the item, individual, behavior, or situation 
requires a response as a potential terrorist threat based on the 
respective transportation environment; and
    (2) Identify appropriate responses based on observations and 
context.
    (f) Respond. Each owner/operator must ensure that each of its 
security-sensitive employees has knowledge of how to--
    (1) Appropriately report a security threat, including knowing how 
and when to report internally to other employees, supervisors, or 
management, and externally to local, state, or federal agencies 
according to the owner/operator's security procedures or other relevant 
plans;
    (2) Interact with the public and first responders at the scene of 
the threat or incident, including communication with passengers on 
evacuation and any specific procedures for individuals with 
disabilities and the elderly; and
    (3) Use any applicable self-defense devices or other protective 
equipment provided to employees by the owner/operator.

Subpart C--Operations


Sec.  1580.201  Applicability.

    This subpart applies to the following:
    (1) Each owner/operator described in paragraph (a)(1) of Sec.  
1580.1 of this part that transports one or more of the categories and 
quantities of rail security-sensitive materials.
    (2) Each owner/operator described in paragraphs (a)(2) and (3) of 
Sec.  1580.1 of this part.


Sec.  1580.203  Location and shipping information.

    (a) General Requirement. Each owner/operator described in Sec.  
1580.201 of this part must have procedures in place to determine the 
location and shipping information for each rail car under its physical 
custody and control that contains one or more of the categories and 
quantities of rail security-sensitive materials.
    (b) Required Information. The location and shipping information 
must include the following:
    (1) The rail car's current location by city, county, and state, 
including, for freight railroad carriers, the railroad milepost, track 
designation, and the time that the rail car's location was determined.
    (2) The rail car's routing, if a freight railroad carrier.
    (3) A list of the total number of rail cars containing rail 
security-sensitive materials, broken down by--
    (i) The shipping name prescribed for the material in column 2 of 
the table in 49 CFR 172.101;
    (ii) The hazard class or division number prescribed for the 
material in column 3 of the table in 49 CFR 172.101; and
    (iii) The identification number prescribed for the material in 
column 4 of the table in 49 CFR 172.101.
    (4) Each rail car's initial and number.
    (5) Whether the rail car is in a train, rail yard, siding, rail 
spur, or rail hazardous materials shipper or receiver facility, 
including the name of the rail yard or siding designation.
    (c) Timing-Class I Freight Railroad Carriers. Upon request by TSA, 
each Class I freight railroad carrier described in paragraph (a) of 
this section must provide the location and shipping information to TSA 
no later than--
    (1) Five minutes if the request applies to a single (one) rail car; 
and
    (2) Thirty minutes if the request concerns multiple rail cars or a 
geographic region.
    (d) Timing-Other than Class I Freight Railroad Carriers. Upon 
request by TSA, all owner/operators described in paragraph (a) of this 
section, other than Class I freight railroad carriers, must provide the 
location and shipping information to TSA no later than 30 minutes, 
regardless of the number of cars covered by the request.
    (e) Method. All owner/operators described in paragraph (a) of this 
section must provide the requested location and shipping information to 
TSA by one of the following methods:
    (1) Electronic data transmission in spreadsheet format.
    (2) Electronic data transmission in Hyper Text Markup Language 
(HTML) format.
    (3) Electronic data transmission in Extensible Markup Language 
(XML).

[[Page 91393]]

    (4) Facsimile transmission of a hard copy spreadsheet in tabular 
format.
    (5) Posting the information to a secure Web site address approved 
by TSA.
    (6) Another format approved by TSA.
    (f) Telephone Number. Each owner/operator described in Sec.  
1580.201 of this part must provide a telephone number for use by TSA to 
request the information required in paragraph (b) of this section.
    (1) The telephone number must be monitored at all times.
    (2) A telephone number that requires a call back (such as an 
answering service, answering machine, or beeper device) does not meet 
the requirements of this paragraph.


Sec.  1580.205  Chain of custody and control requirements.

    (a) Within or outside of an HTUA, rail hazardous materials shipper 
transferring to carrier. Except as provided in paragraph (g) of this 
section, at each location within or outside of an HTUA, a rail 
hazardous materials shipper transferring custody of a rail car 
containing one or more of the categories and quantities of rail 
security-sensitive materials to a freight railroad carrier must do the 
following:
    (1) Physically inspect the rail car before loading for signs of 
tampering, including closures and seals; other signs that the security 
of the car may have been compromised; and suspicious items or items 
that do not belong, including the presence of an improvised explosive 
device.
    (2) Keep the rail car in a rail secure area from the time the 
security inspection required by paragraph (a)(1) of this section or by 
49 CFR 173.31(d), whichever occurs first, until the freight railroad 
carrier takes physical custody of the rail car.
    (3) Document the transfer of custody to the railroad carrier in 
hard copy or electronically.
    (b) Within or outside of an HTUA, carrier receiving from a rail 
hazardous materials shipper. At each location within or outside of an 
HTUA where a freight railroad carrier receives from a rail hazardous 
materials shipper custody of a rail car containing one or more of the 
categories and quantities of rail security-sensitive materials, the 
freight railroad carrier must document the transfer in hard copy or 
electronically and perform the required security inspection in 
accordance with 49 CFR 174.9.
    (c) Within an HTUA, carrier transferring to carrier. Within an 
HTUA, whenever a freight railroad carrier transfers a rail car 
containing one or more of the categories and quantities of rail 
security-sensitive materials to another freight railroad carrier, each 
freight railroad carrier must adopt and carry out procedures to ensure 
that the rail car is not left unattended at any time during the 
physical transfer of custody. These procedures must include the 
receiving freight railroad carrier performing the required security 
inspection in accordance with 49 CFR 174.9. Both the transferring and 
the receiving railroad carrier must document the transfer of custody in 
hard copy or electronically.
    (d) Outside of an HTUA, carrier transferring to carrier. Outside an 
HTUA, whenever a freight railroad carrier transfers a rail car 
containing one or more of the categories and quantities of rail 
security-sensitive materials to another freight railroad carrier, and 
the rail car containing this hazardous material may subsequently enter 
an HTUA, each freight railroad carrier must adopt and carry out 
procedures to ensure that the rail car is not left unattended at any 
time during the physical transfer of custody. These procedures must 
include the receiving railroad carrier performing the required security 
inspection in accordance with 49 CFR 174.9. Both the transferring and 
the receiving railroad carrier must document the transfer of custody in 
hard copy or electronically.
    (e) Within an HTUA, carrier transferring to rail hazardous 
materials receiver. A freight railroad carrier delivering a rail car 
containing one or more of the categories and quantities of rail 
security-sensitive materials to a rail hazardous materials receiver 
located within an HTUA must not leave the rail car unattended in a non-
secure area until the rail hazardous materials receiver accepts custody 
of the rail car. Both the railroad carrier and the rail hazardous 
materials receiver must document the transfer of custody in hard copy 
or electronically.
    (f) Within an HTUA, rail hazardous materials receiver receiving 
from carrier. Except as provided in paragraph (j) of this section, a 
rail hazardous materials receiver located within an HTUA that receives 
a rail car containing one or more of the categories and quantities of 
rail security-sensitive materials from a freight railroad carrier 
must--
    (1) Ensure that the rail hazardous materials receiver or railroad 
carrier maintains positive control of the rail car during the physical 
transfer of custody of the rail car;
    (2) Keep the rail car in a rail secure area until the car is 
unloaded; and
    (3) Document the transfer of custody from the railroad carrier in 
hard copy or electronically.
    (g) Within or outside of an HTUA, rail hazardous materials receiver 
rejecting car. This section does not apply to a rail hazardous 
materials receiver that does not routinely offer, prepare, or load for 
transportation by rail one or more of the categories and quantities of 
rail security-sensitive materials. If such a receiver rejects and 
returns a rail car containing one or more of the categories and 
quantities of rail security-sensitive materials to the originating 
offeror or shipper, the requirements of this section do not apply to 
the receiver. The requirements of this section do apply to any railroad 
carrier to which the receiver transfers custody of the rail car.
    (h) Document retention. Covered entities must maintain the 
documents required under this section for at least 60 calendar days and 
make them available to TSA upon request.
    (i) Rail secure area. The rail hazardous materials shipper and the 
rail hazardous materials receiver must use physical security measures 
to ensure that no unauthorized individual gains access to the rail 
secure area.
    (j) Exemption for rail hazardous materials receivers. A rail 
hazardous materials receiver located within an HTUA may request from 
TSA an exemption from some or all of the requirements of this section 
if the receiver demonstrates that the potential risk from its 
activities is insufficient to warrant compliance with this section. TSA 
will consider all relevant circumstances, including the following:
    (1) The amounts and types of all hazardous materials received.
    (2) The geography of the area surrounding the receiver's facility.
    (3) Proximity to entities that may be attractive targets, including 
other businesses, housing, schools, and hospitals.
    (4) Any information regarding threats to the facility.
    (5) Other circumstances that indicate the potential risk of the 
receiver's facility does not warrant compliance with this section.


Sec.  1580.207  Harmonization of federal regulation of nuclear 
facilities.

    TSA will coordinate activities under this subpart with the Nuclear 
Regulatory Commission (NRC) and the Department of Energy (DOE) with 
respect to regulation of rail hazardous materials shippers and 
receivers that are also licensed or regulated by the NRC or DOE under 
the Atomic Energy Act of 1954, as amended, to maintain consistency with 
the requirements imposed by the NRC and DOE.

Appendix A to Part 1580--High Threat Urban Areas (HTUAs)

[[Page 91394]]



----------------------------------------------------------------------------------------------------------------
                State                         Urban area                        Geographic areas
----------------------------------------------------------------------------------------------------------------
AZ...................................  Phoenix Area...........  Chandler, Gilbert, Glendale, Mesa, Peoria,
                                                                 Phoenix, Scottsdale, Tempe, and a 10-mile
                                                                 buffer extending from the border of the
                                                                 combined area.
CA...................................  Anaheim/Santa Ana Area.  Anaheim, Costa Mesa, Garden Grove, Fullerton,
                                                                 Huntington Beach, Irvine, Orange, Santa Ana,
                                                                 and a 10-mile buffer extending from the border
                                                                 of the combined area.
                                       Bay Area...............  Berkeley, Daly City, Fremont, Hayward, Oakland,
                                                                 Palo Alto, Richmond, San Francisco, San Jose,
                                                                 Santa Clara, Sunnyvale, Vallejo, and a 10-mile
                                                                 buffer extending from the border of the
                                                                 combined area.
                                       Los Angeles/Long Beach   Burbank, Glendale, Inglewood, Long Beach, Los
                                        Area.                    Angeles, Pasadena, Santa Monica, Santa Clarita,
                                                                 Torrance, Simi Valley, Thousand Oaks, and a 10-
                                                                 mile buffer extending from the border of the
                                                                 combined area.
                                       Sacramento Area........  Elk Grove, Sacramento, and a 10-mile buffer
                                                                 extending from the border of the combined area.
                                       San Diego Area.........  Chula Vista, Escondido, and San Diego, and a 10-
                                                                 mile buffer extending from the border of the
                                                                 combined area.
CO...................................  Denver Area............  Arvada, Aurora, Denver, Lakewood, Westminster,
                                                                 Thornton, and a 10-mile buffer extending from
                                                                 the border of the combined area.
DC...................................  National Capital Region  National Capital Region and a 10-mile buffer
                                                                 extending from the border of the combined area.
FL...................................  Fort Lauderdale Area...  Fort Lauderdale, Hollywood, Miami Gardens,
                                                                 Miramar, Pembroke Pines, and a 10-mile buffer
                                                                 extending from the border of the combined area.
                                       Jacksonville Area......  Jacksonville and a 10-mile buffer extending from
                                                                 the city border.
                                       Miami Area.............  Hialeah, Miami, and a 10-mile buffer extending
                                                                 from the border of the combined area.
                                       Orlando Area...........  Orlando and a 10-mile buffer extending from the
                                                                 city border.
                                       Tampa Area.............  Clearwater, St. Petersburg, Tampa, and a 10-mile
                                                                 buffer extending from the border of the
                                                                 combined area.
GA...................................  Atlanta Area...........  Atlanta and a 10-mile buffer extending from the
                                                                 city border.
HI...................................  Honolulu Area..........  Honolulu and a 10-mile buffer extending from the
                                                                 city border.
IL...................................  Chicago Area...........  Chicago and a 10-mile buffer extending from the
                                                                 city border.
IN...................................  Indianapolis Area......  Indianapolis and a 10-mile buffer extending from
                                                                 the city border.
KY...................................  Louisville Area........  Louisville and a 10-mile buffer extending from
                                                                 the city border.
LA...................................  Baton Rouge Area.......  Baton Rouge and a 10-mile buffer extending from
                                                                 the city border.
                                       New Orleans Area.......  New Orleans and a 10-mile buffer extending from
                                                                 the city border.
MA...................................  Boston Area............  Boston, Cambridge, and a 10-mile buffer
                                                                 extending from the border of the combined area.
MD...................................  Baltimore Area.........  Baltimore and a 10-mile buffer extending from
                                                                 the city border.
MI...................................  Detroit Area...........  Detroit, Sterling Heights, Warren, and a 10-mile
                                                                 buffer extending from the border of the
                                                                 combined area.
MN...................................  Twin Cities Area.......  Minneapolis, St. Paul, and a 10-mile buffer
                                                                 extending from the border of the combined
                                                                 entity.
MO...................................  Kansas City Area.......  Independence, Kansas City (MO), Kansas City
                                                                 (KS), Olathe, Overland Park, and a 10-mile
                                                                 buffer extending from the border of the
                                                                 combined area.
                                       St. Louis Area.........  St. Louis and a 10-mile buffer extending from
                                                                 the city border.
NC...................................  Charlotte..............  Charlotte and a 10-mile buffer extending from
                                       Area...................   the city border.
NE...................................  Omaha Area.............  Omaha and a 10-mile buffer extending from the
                                                                 city border.
NJ...................................  Jersey City/Newark Area  Elizabeth, Jersey City, Newark, and a 10-mile
                                                                 buffer extending from the border of the
                                                                 combined area.
NV...................................  Las Vegas Area.........  Las Vegas, North Las Vegas, and a 10-mile buffer
                                                                 extending from the border of the combined
                                                                 entity.
NY...................................  Buffalo Area...........  Buffalo and a 10-mile buffer extending from the
                                                                 city border.
                                       New York City Area.....  New York City, Yonkers, and a 10-mile buffer
                                                                 extending from the border of the combined area.
OH...................................  Cincinnati Area........  Cincinnati and a 10-mile buffer extending from
                                                                 the city border.
                                       Cleveland Area.........  Cleveland and a 10-mile buffer extending from
                                                                 the city border.
                                       Columbus Area..........  Columbus and a 10-mile buffer extending from the
                                                                 city border.
                                       Toledo Area............  Oregon, Toledo, and a 10-mile buffer extending
                                                                 from the border of the combined area.
OK...................................  Oklahoma City Area.....  Norman, Oklahoma and a 10-mile buffer extending
                                                                 from the border of the combined area.
OR...................................  Portland Area..........  Portland, Vancouver, and a 10-mile buffer
                                                                 extending from the border of the combined area.
PA...................................  Philadelphia Area......  Philadelphia and a 10-mile buffer extending from
                                                                 the city border.
                                       Pittsburgh Area........  Pittsburgh and a 10-mile buffer extending from
                                                                 the city border.
TN...................................  Memphis Area...........  Memphis and a 10-mile buffer extending from the
                                                                 city border.
TX...................................  Dallas/Fort Worth/       Arlington, Carrollton, Dallas, Fort Worth,
                                        Arlington Area.          Garland, Grand Prairie, Irving, Mesquite,
                                                                 Plano, and a 10-mile buffer extending from the
                                                                 border of the combined area.
                                       Houston Area...........  Houston, Pasadena, and a 10-mile buffer
                                                                 extending from the border of the combined
                                                                 entity.
                                       San Antonio Area.......  San Antonio and a 10-mile buffer extending from
                                                                 the city border.
WA...................................  Seattle Area...........  Seattle, Bellevue, and a 10-mile buffer
                                                                 extending from the border of the combined area.
WI...................................  Milwaukee Area.........  Milwaukee and a 10-mile buffer extending from
                                                                 the city border.
----------------------------------------------------------------------------------------------------------------

Appendix B to Part 1580--Security-Sensitive Functions for Freight Rail

    This table identifies security-sensitive job functions for owner/
operators regulated under this part. All employees performing security-
sensitive functions are ``security-sensitive employees'' for purposes 
of this rule and must be trained.

[[Page 91395]]



------------------------------------------------------------------------
                                                         Examples of job
                                Security-sensitive job       titles
          Categories             functions for freight    applicable to
                                         rail           these functions*
------------------------------------------------------------------------
A. Operating a vehicle........  1. Employees who
                                 operate or directly
                                 control the movements
                                 of locomotives or
                                 other self-powered
                                 rail vehicles.
                                2. Train conductor,
                                 trainman, brakeman,
                                 or utility employee
                                 or performs
                                 acceptance
                                 inspections, couples
                                 and uncouples rail
                                 cars, applies
                                 handbrakes, or
                                 similar functions.
                                3. Employees covered    Engineer,
                                 under the Federal       conductor.
                                 hours of service laws
                                 as ``train
                                 employees.'' See 49
                                 U.S.C. 21101(5) and
                                 21103.
B. Inspecting and maintaining   Employees who inspect   Carman, car
 vehicles.                       or repair rail cars     repairman, car
                                 and locomotives.        inspector,
                                                         engineer,
                                                         conductor.
C. Inspecting or maintaining    1. Employees who--....  Signalman,
 building or transportation     a. Maintain, install,    signal
 infrastructure.                 or inspect              maintainer,
                                 communications and      trackman, gang
                                 signal equipment.       foreman, bridge
                                                         and building
                                                         laborer,
                                                         roadmaster,
                                                         bridge, and
                                                         building
                                                         inspector/
                                                         operator.
                                b. Maintain, install,
                                 or inspect track and
                                 structures,
                                 including, but not
                                 limited to, bridges,
                                 trestles, and tunnels.
                                2. Employees covered
                                 under the Federal
                                 hours of service laws
                                 as ``signal
                                 employees.'' See 49
                                 U.S.C. 21101(3) and
                                 21104.
D. Controlling dispatch or      1. Employees who--....  Yardmaster,
 movement of a vehicle.         a. Dispatch, direct,     dispatcher,
                                 or control the          block operator,
                                 movement of trains..    bridge
                                                         operator.
                                b. Operate or
                                 supervise the
                                 operations of
                                 moveable bridges..
                                c. Supervise the
                                 activities of train
                                 crews, car movements,
                                 and switching
                                 operations in a yard
                                 or terminal..
                                2. Employees covered
                                 under the Federal
                                 hours of service laws
                                 as ``dispatching
                                 service employees.''
                                 See 49 U.S.C.
                                 21101(2) and 21105.
E. Providing security of the    Employees who provide   Police officer,
 owner/operator's equipment      for the security of     special agent;
 and property.                   the railroad            patrolman;
                                 carrier's equipment     watchman;
                                 and property,           guard.
                                 including acting as a
                                 railroad police
                                 officer (as that term
                                 is defined in 49 CFR
                                 207.2)..
F. Loading or unloading cargo   Includes, but is not    Service track
 or baggage.                     limited to, employees   employee.
                                 that load or unload
                                 hazardous materials.
G. Interacting with travelling  Employees of a freight  Conductor,
 public (on board a vehicle or   railroad operating in   engineer,
 within a transportation         passenger service.      agent.
 facility).
H. Complying with security      1. Employees who serve  Security
 programs or measures,           as security             coordinator,
 including those required by     coordinators            train master,
 federal law.                    designated in Sec.      assistant train
                                 1570.201 of this        master,
                                 subchapter, as well     roadmaster,
                                 as any designated       division
                                 alternates or           roadmaster.
                                 secondary security
                                 coordinators.
                                2. Employees who--....
                                a. Conduct training
                                 and testing of
                                 employees when the
                                 training or testing
                                 is required by TSA's
                                 security regulations..
                                b. Perform inspections
                                 or operations
                                 required by Sec.
                                 1580.205 of this
                                 subchapter..
                                c. Manage or direct
                                 implementation of
                                 security plan
                                 requirements.
------------------------------------------------------------------------
* These job titles are provided solely as a resource to help understand
  the functions described; whether an employee must be trained is based
  upon the function, not the job title.

0
12. Add part 1582 to read as follows:

PART 1582--PUBLIC TRANSPORTATION AND PASSENGER RAILROAD SECURITY

Subpart A--General
Sec.
1582.1 Scope.
1582.3 Terms used in this part.
1582.5 Preemptive effect.
Subpart B--Security Programs
1582.101 Applicability.
1582.103 [Reserved]
1582.105 [Reserved]
1582.107 [Reserved]
1582.109 [Reserved]
1582.111 [Reserved]
1582.113 Security training program general requirements.
1582.115 Security training and knowledge for security-sensitive 
employees.
Subpart C--[Reserved]

Appendix A to Part 1582--Public Transportation Agencies

Appendix B to Part 1582--Security-Sensitive Job Functions For Public 
Transportation and Passenger Railroads

    Authority: 6 U.S.C. 1134 and 1137; 49 U.S.C. 114.

Subpart A--General


Sec.  1582.1   Scope.

    (a) Except as provided in paragraph (b) of this section, this part 
includes requirements for the following persons. Specific sections in 
this part provide detailed requirements.
    (1) Each passenger railroad carrier.
    (2) Each public transportation agency.
    (3) Each operator of a rail transit system that is not operating on 
track that is part of the general railroad system of transportation, 
including heavy rail transit, light rail transit, automated guideway, 
cable car, inclined plane, funicular, and monorail systems.
    (4) Each tourist, scenic, historic, and excursion rail owner/
operator, whether operating on or off the general railroad system of 
transportation.
    (b) This part does not apply to a ferry system required to conduct 
training pursuant to 46 U.S.C. 70103.


Sec.  1582.3   Terms used in this part.

    In addition to the terms in Sec. Sec.  1500.3, 1500.5, and 1503.202 
of subchapter A and Sec.  1570.3 of subchapter D of this chapter, the 
following term applies to this part.
    Security-sensitive employee means an employee whose 
responsibilities for the owner/operator include one or more of the 
security-sensitive job functions identified in Appendix B to this part 
if

[[Page 91396]]

the security-sensitive function is performed in the United States or in 
direct support of the common carriage of persons or property between a 
place in the United States and any place outside of the United States.


Sec.  1582.5  Preemptive effect.

    Under 49 U.S.C. 20106, issuance of the passenger railroad and 
public transportation regulations in this subchapter preempts any State 
law, regulation, or order covering the same subject matter, except an 
additional or more stringent law, regulation, or order that is 
necessary to eliminate or reduce an essentially local security hazard; 
that is not incompatible with a law, regulation, or order of the U.S. 
Government; and that does not unreasonably burden interstate commerce.

Subpart B--Security Programs


Sec.  1582.101   Applicability.

    The requirements of this subpart apply to the following:
    (1) Amtrak (also known as the National Railroad Passenger 
Corporation).
    (2) Each owner/operator identified in Appendix A to this part.
    (3) Each owner/operator described in Sec.  1582.1(a)(1) through (3) 
of this part that serves as a host railroad to a freight operation 
described in Sec.  1580.301 of this subchapter or to a passenger train 
operation described in paragraph (a)(1) or (a)(2) of this section.


Sec.  1582.103   [Reserved]


Sec.  1582.105   [Reserved]


Sec.  1582.107   [Reserved]


Sec.  1582.109   [Reserved]


Sec.  1582.111   [Reserved]


Sec.  1582.113   Security training program general requirements.

    (a) Security training program required. Each owner/operator 
identified in Sec.  1582.101 of this part is required to adopt and 
carry out a security training program under this subpart.
    (b) General requirements. The security training program must 
include the following information:
    (1) Name of owner/operator.
    (2) Name, title, telephone number, and email address of the primary 
individual to be contacted with regard to review of the security 
training program.
    (3) Number, by specific job function category identified in 
Appendix B to this part, of security-sensitive employees trained or to 
be trained.
    (4) Implementation schedule that identifies a specific date by 
which initial and recurrent security training required by Sec.  
1570.111 of this subchapter will be completed.
    (5) Location where training program records will be maintained.
    (6) Curriculum or lesson plan, learning objectives, and method of 
delivery (such as instructor-led or computer-based training) for each 
course used to meet the requirements of Sec.  1582.115 of this part. 
TSA may request additional information regarding the curriculum during 
the review and approval process.
    (7) Plan for ensuring supervision of untrained security-sensitive 
employees performing functions identified in Appendix B to this part.
    (8) Plan for notifying employees of changes to security measures 
that could change information provided in previously provided training.
    (9) Method(s) for evaluating the effectiveness of the security 
training program in each area required by Sec.  1582.115 of this part.
    (c) Relation to other training. (1) Training conducted by owner/
operators to comply other requirements or standards, such as emergency 
preparedness training required by the Department of Transportation 
(DOT) (49 CFR part 239) or other training for communicating with 
emergency responders to arrange the evacuation of passengers, may be 
combined with and used to satisfy elements of the training requirements 
in this subpart.
    (2) If the owner/operator submits a security training program that 
relies on pre-existing or previous training materials to meet the 
requirements of subpart B, the program submitted for approval must 
include an index, organized in the same sequence as the requirements in 
this subpart.
    (d) Submission and Implementation. The owner/operator must submit 
and implement the security training program in accordance with the 
schedules identified in Sec. Sec.  1570.109 and 1570.111 of this 
subchapter.


Sec.  1582.115   Security training and knowledge for security-sensitive 
employees.

    (a) Training required for security-sensitive employees. No owner/
operator required to have a security training program under Sec.  
1582.101 of this part may use a security-sensitive employee to perform 
a function identified in Appendix B to this part unless that individual 
has received training as part of a security training program approved 
by TSA under 49 CFR part 1570, subpart B, or is under the direct 
supervision of a security-sensitive employee who has received the 
training required by this section.
    (b) Limits on use of untrained employees. Notwithstanding paragraph 
(a) of this section, a security-sensitive employee may not perform a 
security-sensitive function for more than sixty (60) calendar days 
without receiving security training.
    (c) Prepare. Each owner/operator must ensure that each of its 
security-sensitive employees with position- or function-specific 
responsibilities under the owner/operator's security program have 
knowledge of how to fulfill those responsibilities in the event of a 
security threat, breach, or incident to ensure--
    (1) Employees with responsibility for transportation security 
equipment and systems are aware of their responsibilities and can 
verify the equipment and systems are operating and properly maintained; 
and
    (2) Employees with other duties and responsibilities under the 
company's security plans and/or programs, including those required by 
Federal law, know their assignments and the steps or resources needed 
to fulfill them.
    (d) Observe. Each owner/operator must ensure that each of its 
security-sensitive employees has knowledge of the observational skills 
necessary to recognize--
    (1) Suspicious and/or dangerous items (such as substances, 
packages, or conditions (for example, characteristics of an IED and 
signs of equipment tampering or sabotage);
    (2) Combinations of actions and individual behaviors that appear 
suspicious and/or dangerous, inappropriate, inconsistent, or out of the 
ordinary for the employee's work environment which could indicate a 
threat to transportation security; and
    (3) How a terrorist or someone with malicious intent may attempt to 
gain sensitive information or take advantage of vulnerabilities.
    (e) Assess. Each owner/operator must ensure that each of its 
security-sensitive employees has knowledge necessary to--
    (1) Determine whether the item, individual, behavior, or situation 
requires a response as a potential terrorist threat based on the 
respective transportation environment; and
    (2) Identify appropriate responses based on observations and 
context.
    (f) Respond. Each owner/operator must ensure that each of its 
security-sensitive employees has knowledge of how to--
    (1) Appropriately report a security threat, including knowing how 
and when to report internally to other

[[Page 91397]]

employees, supervisors, or management, and externally to local, state, 
or federal agencies according to the owner/operator's security 
procedures or other relevant plans;
    (2) Interact with the public and first responders at the scene of 
the threat or incident, including communication with passengers on 
evacuation and any specific procedures for individuals with 
disabilities and the elderly; and
    (3) Use any applicable self-defense devices or other protective 
equipment provided to employees by the owner/operator.

Subpart C [Reserved]

Appendix A to Part 1582--Determinations for Public Transportation and 
Passenger Railroads

------------------------------------------------------------------------
             State                  Urban area            Systems
------------------------------------------------------------------------
CA............................  Bay Area.........  Alameda-Contra Costa
                                                    Transit District (AC
                                                    Transit).
                                                   Altamont Commuter
                                                    Express (ACE).
                                .................  San Francisco Bay
                                                    Area Rapid Transit
                                                    District (BART).
                                .................  Central Contra Costa
                                                    Transit Authority.
                                .................  Golden Gate Bridge,
                                                    Highway and
                                                    Transportation
                                                    District (GGBHTD).
                                .................  Peninsula Corridor
                                                    Joint Powers Board
                                                    (PCJPB) (Caltrain).
                                .................  San Francisco
                                                    Municipal Railway
                                                    (MUNI) (San
                                                    Francisco Municipal
                                                    Transportation
                                                    Agency).
                                .................  San Mateo County
                                                    Transit Authority
                                                    (SamTrans).
                                .................  Santa Clara Valley
                                                    Transportation
                                                    Authority (VTA).
                                .................  Transbay Joint Powers
                                                    Authority.
                                Greater Los        City of Los Angeles
                                 Angeles Area       Department of
                                 (Los Angeles/      Transportation
                                 Long Beach and     (LADOT).
                                 Anaheim/Santa     Foothill Transit.
                                 Ana UASI Areas).  Long Beach Transit
                                                    (LBT).
                                .................  Los Angeles County
                                                    Metropolitan
                                                    Transportation
                                                    Authority (LACMTA).
                                .................  Montebello Bus Lines
                                                    (MBL).
                                .................  Omnitrans (OMNI).
                                .................  Orange County
                                                    Transportation
                                                    Authority (OCTA).
                                .................  Santa Monica's Big
                                                    Blue Bus (Big Blue
                                                    Bus).
                                .................  Southern California
                                                    Regional Rail
                                                    Authority
                                                    (Metrolink).
DC/MD/VA......................  Greater National   Arlington Rapid
                                 Capital Region     Transit.
                                 (National         City of Alexandria
                                 Capital Region     (Alexandria Transit
                                 and Baltimore      Company) (Dash).
                                 UASI Areas).
                                .................  Fairfax County
                                                    Department of
                                                    Transportation--Fair
                                                    fax Connector Bus
                                                    System.
                                .................  Maryland Transit
                                                    Administration
                                                    (MTA).
                                .................  Montgomery County
                                                    Department of
                                                    Transportation (Ride-
                                                    On Montgomery County
                                                    Transit).
                                .................  Potomac and
                                                    Rappahannock
                                                    Transportation
                                                    Commission.
                                .................  Prince George's
                                                    County Department of
                                                    Public Works and
                                                    Transportation (The
                                                    Bus).
                                .................  Virginia Railway
                                                    Express (VRE).
                                .................  Washington
                                                    Metropolitan Area
                                                    Transit Authority
                                                    (WMATA).
GA............................  Atlanta Area.....  Georgia Regional
                                                    Transportation
                                                    Authority (GRTA).
                                                   Metropolitan Atlanta
                                                    Rapid Transit
                                                    Authority (MARTA).
IL/IN.........................  Chicago Area.....  Chicago Transit
                                                    Authority (CTA).
                                .................  Northeast Illinois
                                                    Commuter Railroad
                                                    Corporation (Metra/
                                                    NIRCRC).
                                .................  Northern Indiana
                                                    Commuter
                                                    Transportation
                                                    District (NICTD).
                                .................  PACE Suburban Bus
                                                    Company.
MA............................  Boston Area......  Massachusetts Bay
                                                    Transportation
                                                    Authority (MBTA).
NY/NJ/CT......................  New York City/     Connecticut
                                 Northern New       Department of
                                 Jersey Area (New   Transportation
                                 York City and      (CDOT).
                                 Jersey City/
                                 Newark UASI
                                 Areas).
                                .................  Connecticut Transit
                                                    (Hartford Division
                                                    and New Haven
                                                    Divisions of
                                                    CTTransit).
                                .................  Metropolitan
                                                    Transportation
                                                    Authority (All
                                                    Agencies).
                                .................  New Jersey Transit
                                                    Corp. (NJT).
                                .................  New York City
                                                    Department of
                                                    Transportation.
                                .................  Port Authority of New
                                                    York and New Jersey
                                                    (PANYNJ) (excluding
                                                    ferry).
                                .................  Westchester County
                                                    Department of
                                                    Transportation Bee-
                                                    Line System (The Bee-
                                                    Line System).
PA/NJ.........................  Philadelphia Area  Delaware River Port
                                                    Authority (DRPA)--
                                                    Port Authority
                                                    Transit Corporation
                                                    (PATCO).
                                .................  Delaware Transit
                                                    Corporation (DTC).
                                .................  New Jersey Transit
                                                    Corp. (NJT) (covered
                                                    under NY).
                                .................  Pennsylvania
                                                    Department of
                                                    Transportation.
                                .................  Southeastern
                                                    Pennsylvania
                                                    Transportation
                                                    Authority (SEPTA).
------------------------------------------------------------------------


[[Page 91398]]

Appendix B to Part 1582--Security-Sensitive Job Functions For Public 
Transportation and Passenger Railroads

    This table identifies security-sensitive job functions for owner/
operators regulated under this part. All employees performing security-
sensitive functions are ``security-sensitive employees'' for purposes 
of this rule and must be trained.

------------------------------------------------------------------------
                                  Security-sensitive job functions for
          Categories              public transportation and passenger
                                            railroads (PTPR)
------------------------------------------------------------------------
A. Operating a vehicle.......  1. Employees who--
                               a. Operate or control the movements of
                                trains, other rail vehicles, or transit
                                buses.
                               b. Act as train conductor, trainman,
                                brakeman, or utility employee or
                                performs acceptance inspections, couples
                                and uncouples rail cars, applies
                                handbrakes, or similar functions.
                               2. Employees covered under the Federal
                                hours of service laws as ``train
                                employees.'' See 49 U.S.C. 21101(5) and
                                21103.
B. Inspecting and maintaining  Employees who--
 vehicles.                     1. Perform activities related to the
                                diagnosis, inspection, maintenance,
                                adjustment, repair, or overhaul of
                                electrical or mechanical equipment
                                relating to vehicles, including
                                functions performed by mechanics and
                                automotive technicians.
                               2. Provide cleaning services to vehicles
                                owned, operated, or controlled by an
                                owner/operator regulated under this
                                subchapter.
C. Inspecting or maintaining   Employees who--
 building or transportation    1. Maintain, install, or inspect
 infrastructure.                communication systems and signal
                                equipment related to the delivery of
                                transportation services.
                               2. Maintain, install, or inspect track
                                and structures, including, but not
                                limited to, bridges, trestles, and
                                tunnels.
                               3. Provide cleaning services to stations
                                and terminals owned, operated, or
                                controlled by an owner/operator
                                regulated under this subchapter that are
                                accessible to the general public or
                                passengers.
                               4. Provide maintenance services to
                                stations, terminals, yards, tunnels,
                                bridges, and operation control centers
                                owned, operated, or controlled by an
                                owner/operator regulated under this
                                subchapter.
                               5. Employees covered under the Federal
                                hours of service laws as ``signal
                                employees.'' See 49 U.S.C. 21101(4) and
                                21104.
D. Controlling dispatch or     Employees who--
 movement of a vehicle.        1. Dispatch, report, transport, receive
                                or deliver orders pertaining to specific
                                vehicles, coordination of transportation
                                schedules, tracking of vehicles and
                                equipment.
                               2. Manage day-to-day management delivery
                                of transportation services and the
                                prevention of, response to, and redress
                                of service disruptions.
                               3. Supervise the activities of train
                                crews, car movements, and switching
                                operations in a yard or terminal.
                               4. Dispatch, direct, or control the
                                movement of trains or buses.
                               5. Operate or supervise the operations of
                                moveable bridges.
                               6. Employees covered under the Federal
                                hours of service laws as ``dispatching
                                service employees.'' See 49 U.S.C.
                                21101(2) and 21105.
E. Providing security of the   Employees who--
 owner/operator's equipment    1. Provide for the security of PTPR
 and property.                  equipment and property, including acting
                                as a police officer.
                               2. Patrol and inspect property of an
                                owner/operator regulated under this
                                subchapter to protect the property,
                                personnel, passengers and/or cargo.
F. Loading or unloading cargo  Employees who load, or oversee loading
 or baggage.                    of, property tendered by or on behalf of
                                a passenger on or off of a portion of a
                                train that will be inaccessible to the
                                passenger while the train is in
                                operation.
G. Interacting with            Employees who provide services to
 travelling public (on board    passengers on-board a train or bus,
 a vehicle or within a          including collecting tickets or cash for
 transportation facility).      fares, providing information, and other
                                similar services. Including:
                               1. On-board food or beverage employees.
                               2. Functions on behalf of an owner/
                                operator regulated under this subchapter
                                that require regular interaction with
                                travelling public within a
                                transportation facility, such as ticket
                                agents.
H. Complying with security     1. Employees who serve as security
 programs or measures,          coordinators designated in Sec.
 including those required by    1570.201 of this subchapter, as well as
 federal law.                   any designated alternates or secondary
                                security coordinators.
                               2. Employees who--
                               a. Conduct training and testing of
                                employees when the training or testing
                                is required by TSA's security
                                regulations.
                               b. Manage or direct implementation of
                                security plan requirements.
------------------------------------------------------------------------

0
13. Add part 1584 to read as follows:

PART 1584--HIGHWAY AND MOTOR CARRIERS

Subpart A--General
Sec.
1584.1 Scope.
1584.3 Terms used in this part.
Subpart B--Security Programs
1584.101 Applicability.
1584.103 [Reserved]
1584.105 [Reserved]
1584.107 [Reserved]

[[Page 91399]]

1584.109 [Reserved]
1584.111 [Reserved]
1584.113 Security training program general requirements.
1584.115 Security training and knowledge for security-sensitive 
employees.
Subpart C [Reserved]

Appendix A to Part 1584--Urban Area Determinations for Over-The-Road 
Buses

Appendix B to Part 1584--Security-Sensitive Job Functions For Over-the-
Road Buses

    Authority:  6 U.S.C. 1181 and 1184; 49 U.S.C. 114.

Subpart A--General


Sec.  1584.1  Scope.

    This part includes requirements for persons providing 
transportation by an over-the-road bus (OTRB). Specific sections in 
this part provide detailed requirements.


Sec.  1584.3  Terms used in this part.

    In addition to the terms in Sec. Sec.  1500.3, 1500.5, and 1503.202 
of subchapter A and Sec.  1570.3 of subchapter D of this chapter, the 
following term applies to this part.
    Security-sensitive employee means an employee whose 
responsibilities for the owner/operator include one or more of the 
security-sensitive job functions identified in Appendix B to this part 
where the security-sensitive function is performed in the United States 
or in direct support of the common carriage of persons or property 
between a place in the United States and any place outside of the 
United States.

Subpart B--Security Programs


Sec.  1584.101   Applicability.

    The requirements of this subpart apply to each OTRB owner/operator 
providing fixed-route service that originates, travels through, or ends 
in a geographic location identified in Appendix A to this part.


Sec.  1584.103   [Reserved]


Sec.  1584.105   [Reserved]


Sec.  1584.107   [Reserved]


Sec.  1584.109   [Reserved]


Sec.  1584.111   [Reserved]


Sec.  1584.113  Security training program general requirements.

    (a) Security training program required. Each owner/operator 
identified in Sec.  1584.101 of this part is required to adopt and 
carry out a security training program under this subpart.
    (b) General requirements. The security training program must 
include the following information:
    (1) Name of owner/operator.
    (2) Name, title, telephone number, and email address of the primary 
individual to be contacted with regard to review of the security 
training program.
    (3) Number, by specific job function category identified in 
Appendix B to this part, of security-sensitive employees trained or to 
be trained.
    (4) Implementation schedule that identifies a specific date by 
which initial and recurrent security training required by Sec.  
1570.111 of this subchapter will be completed.
    (5) Location where training program records will be maintained.
    (6) Curriculum or lesson plan, learning objectives, and method of 
delivery (such as instructor-led or computer-based training) for each 
course used to meet the requirements of Sec.  1584.115 of this part. 
TSA may request additional information regarding the curriculum during 
the review and approval process.
    (7) Plan for ensuring supervision of untrained security-sensitive 
employees performing functions identified in Appendix B to this part.
    (8) Plan for notifying employees of changes to security measures 
that could change information provided in previously provided training.
    (9) Method(s) for evaluating the effectiveness of the security 
training program in each area required by Sec.  1584.115 of this part.
    (c) Relation to other training. (1) Training conducted by owner/
operators to comply other requirements or standards may be combined 
with and used to satisfy elements of the training requirements in this 
subpart.
    (2) If the owner/operator submits a security training program that 
relies on pre-existing or previous training materials to meet the 
requirements of subpart B, the program submitted for approval must 
include an index, organized in the same sequence as the requirements in 
this subpart.
    (d) Submission and Implementation. The owner/operator must submit 
and implement the security training program in accordance with the 
schedules identified in Sec. Sec.  1570.109 and 1570.111 of this 
subchapter.


Sec.  1584.115   Security training and knowledge for security-sensitive 
employees.

    (a) Training required for security-sensitive employees. No owner/
operator required to have a security training program under Sec.  
1584.101 of this part may use a security-sensitive employee to perform 
a function identified in Appendix B to this part unless that individual 
has received training as part of a security training program approved 
by TSA under 49 CFR part 1570, subpart B, or is under the direct 
supervision of a security-sensitive employee who has received the 
training required by this section.
    (b) Limits on use of untrained employees. Notwithstanding paragraph 
(a) of this section, a security-sensitive employee may not perform a 
security-sensitive function for more than sixty (60) calendar days 
without receiving security training.
    (c) Prepare. Each owner/operator must ensure that each of its 
security-sensitive employees with position- or function-specific 
responsibilities under the owner/operator's security program have 
knowledge of how to fulfill those responsibilities in the event of a 
security threat, breach, or incident to ensure--
    (1) Employees with responsibility for transportation security 
equipment and systems are aware of their responsibilities and can 
verify the equipment and systems are operating and properly maintained; 
and
    (2) Employees with other duties and responsibilities under the 
company's security plans and/or programs, including those required by 
Federal law, know their assignments and the steps or resources needed 
to fulfill them.
    (d) Observe. Each owner/operator must ensure that each of its 
security-sensitive employees has knowledge of the observational skills 
necessary to recognize--
    (1) Suspicious and/or dangerous items (such as substances, 
packages, or conditions (for example, characteristics of an IED and 
signs of equipment tampering or sabotage);
    (2) Combinations of actions and individual behaviors that appear 
suspicious and/or dangerous, inappropriate, inconsistent, or out of the 
ordinary for the employee's work environment which could indicate a 
threat to transportation security; and
    (3) How a terrorist or someone with malicious intent may attempt to 
gain sensitive information or take advantage of vulnerabilities.
    (e) Assess. Each owner/operator must ensure that each of its 
security-sensitive employees has knowledge necessary to--
    (1) Determine whether the item, individual, behavior, or situation 
requires a response as a potential terrorist threat based on the 
respective transportation environment; and
    (2) Identify appropriate responses based on observations and 
context.
    (f) Respond. Each owner/operator must ensure that each of its 
security-

[[Page 91400]]

sensitive employees has knowledge of how to--
    (1) Appropriately report a security threat, including knowing how 
and when to report internally to other employees, supervisors, or 
management, and externally to local, state, or federal agencies 
according to the owner/operator's security procedures or other relevant 
plans;
    (2) Interact with the public and first responders at the scene of 
the threat or incident, including communication with passengers on 
evacuation and any specific procedures for individuals with 
disabilities and the elderly; and
    (3) Use any applicable self-defense devices or other protective 
equipment provided to employees by the owner/operator.

Subpart C [Reserved]

Appendix A to Part 1584--Urban Area Determinations for Over-the-Road 
Buses

----------------------------------------------------------------------------------------------------------------
                  State                            Urban area                       Geographic areas
----------------------------------------------------------------------------------------------------------------
CA......................................  Anaheim/Los Angeles/Long     Los Angeles and Orange Counties.
                                           Beach/Santa Ana Areas.
                                          San Diego Area.............  San Diego County.
                                          San Francisco Bay Area.....  Alameda, Contra Costa, Marin, San
                                                                        Francisco, and San Mateo Counties.
DC (VA, MD, and WV).....................  National Capital Region....  District of Columbia; Counties of
                                                                        Calvert, Charles, Frederick, Montgomery,
                                                                        and Prince George's, MD; Counties of
                                                                        Arlington, Clarke, Fairfax, Fauquier,
                                                                        Loudoun, Prince William, Spotsylvania,
                                                                        Stafford, and Warren County, VA; Cities
                                                                        of Alexandria, Fairfax, Falls Church,
                                                                        Fredericksburg, Manassas, and Manassas
                                                                        Park City, VA; Jefferson County, WV.
IL/IN...................................  Chicago....................  Counties of Cook, DeKalb, DuPage, Grundy,
                                          Area.......................   Kane, Kendall, Lake, McHenry, and Will,
                                                                        IL; Counties of Jasper, Lake, Newton,
                                                                        and Porter, IN; Kenosha County, WI.
MA......................................  Boston.....................  Counties of Essex, Norfolk, Plymouth,
                                          Area.......................   Suffolk, Middlesex, MA; Counties of
                                                                        Rockingham and Strafford, NH.
NY (NJ and PA)..........................  New York City/Jersey City/   Counties of Bronx, Kings, Nassau, New
                                           Newark Area.                 York, Putnam, Queens, Richmond,
                                                                        Rockland, Suffolk, and Westchester, NY;
                                                                        Counties of Bergen, Essex, Hudson,
                                                                        Hunterdon, Ocean, Middlesex, Monmouth,
                                                                        Morris, Passaic, Somerset, Sussex, and
                                                                        Union, NJ; Pike County, PA.
PA (DE and NJ)..........................  Philadelphia Area/Southern   Counties of Burlington, Camden, and
                                           New Jersey.                  Gloucester, NJ; Counties of Bucks,
                                          Area.......................   Chester, Delaware, Montgomery, and
                                                                        Philadelphia, PA; New Castle County, DE;
                                                                        Cecil County, MD; Salem County, NJ.
TX......................................  Dallas Fort Worth/Arlington  Collin, Dallas, Delta, Denton, Ellis,
                                           Area.                        Hunt, Kaufman, Rockwall, Johnson,
                                                                        Parker, Tarrant, and Wise Counties, TX.
                                          Houston Area...............  Austin, Brazoria, Chambers, Fort Bend,
                                                                        Galveston, Harris, Liberty, Montgomery,
                                                                        San Jacinto, and Waller Counties, TX.
----------------------------------------------------------------------------------------------------------------

Appendix B to Part 1584--Security-Sensitive Job Functions For Over-the-
Road Buses

    This table identifies security-sensitive job functions for owner/
operators regulated under this part. All employees performing security-
sensitive functions are ``security-sensitive employees'' for purposes 
of this rule and must be trained.

------------------------------------------------------------------------
                               Security-sensitive job functions for over-
          Categories                         the-road buses
------------------------------------------------------------------------
A. Operating a vehicle.......  Employees who have a commercial driver's
                                license (CDL) and operate an OTRB.
B. Inspecting and maintaining  Employees who--
 vehicles.                     1. Perform activities related to the
                                diagnosis, inspection, maintenance,
                                adjustment, repair, or overhaul of
                                electrical or mechanical equipment
                                relating to vehicles, including
                                functions performed by mechanics and
                                automotive technicians.
                               2. Does not include cleaning or
                                janitorial activities.
C. Inspecting or maintaining   Employees who--
 building or transportation    1. Provide cleaning services to areas of
 infrastructure.                facilities owned, operated, or
                                controlled by an owner/operator
                                regulated under this subchapter that are
                                accessible to the general public or
                                passengers.
                               2. Provide cleaning services to vehicles
                                owned, operated, or controlled by an
                                owner/operator regulated under this part
                                (does not include vehicle maintenance).
                               3. Provide general building maintenance
                                services to buildings owned, operated,
                                or controlled by an owner/operator
                                regulated under this part.
D. Controlling dispatch or     Employees who--
 movement of a vehicle.        1. Dispatch, report, transport, receive
                                or deliver orders pertaining to specific
                                vehicles, coordination of transportation
                                schedules, tracking of vehicles and
                                equipment.
                               2. Manage day-to-day delivery of
                                transportation services and the
                                prevention of, response to, and redress
                                of disruptions to those services.
                               3. Perform tasks requiring access to or
                                knowledge of specific route information.
E. Providing security of the   Employees who patrol and inspect property
 owner/operator's equipment     of an owner/operator regulated under
 and property.                  this part to protect the property,
                                personnel, passengers and/or cargo.
F. Loading or unloading cargo  Employees who load, or oversee loading
 or baggage.                    of, property tendered by or on behalf of
                                a passenger on or off of a portion of a
                                bus that will be inaccessible to the
                                passenger while the vehicle is in
                                operation.

[[Page 91401]]

 
G. Interacting with            Employees who--
 travelling public (on board   1. Provide services to passengers on-
 a vehicle or within a          board a bus, including collecting
 transportation facility).      tickets or cash for fares, providing
                                information, and other similar services.
                               2. Includes food or beverage employees,
                                tour guides, and functions on behalf of
                                an owner/operator regulated under this
                                part that require regular interaction
                                with travelling public within a
                                transportation facility, such as ticket
                                agents.
H. Complying with security     1. Employees who serve as security
 programs or measures,          coordinators designated in Sec.
 including those required by    1570.201 of this subchapter, as well as
 federal law.                   any designated alternates or secondary
                                security coordinators.
                               2. Employees who--
                               a. Conduct training and testing of
                                employees when the training or testing
                                is required by TSA's security
                                regulations.
                               b. Manage or direct implementation of
                                security plan requirements.
------------------------------------------------------------------------


    Dated: November 18, 2016.
Huban A. Gowadia,
Deputy Administrator.
[FR Doc. 2016-28298 Filed 12-15-16; 8:45 am]
 BILLING CODE 9110-05-P