[Federal Register Volume 81, Number 242 (Friday, December 16, 2016)]
[Proposed Rules]
[Pages 91336-91401]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2016-28298]
[[Page 91335]]
Vol. 81
Friday,
No. 242
December 16, 2016
Part III
Book 2 of 2 Books
Pages 91335-91642
Department of Homeland Security
-----------------------------------------------------------------------
Transportation Security Administration
-----------------------------------------------------------------------
49 CFR Ch. XII and Parts 1500, 1520, et al.
Security Training for Surface Transportation Employees and Surface
Transportation Vulnerability Assessments and Security Plans (VASP);
Proposed Rules
��Federal Register / Vol. 81 , No. 242 / Friday, December 16, 2016 /
Proposed Rules��
[[Page 91336]]
-----------------------------------------------------------------------
DEPARTMENT OF HOMELAND SECURITY
Transportation Security Administration
49 CFR Parts 1500, 1520, 1570, 1580, 1582, and 1584
[Docket No. TSA-2015-0001]
RIN 1652-AA55
Security Training for Surface Transportation Employees
AGENCY: Transportation Security Administration, DHS.
ACTION: Notice of proposed rulemaking (NPRM).
-----------------------------------------------------------------------
SUMMARY: The Transportation Security Administration (TSA) is proposing
to require security training for employees of higher-risk freight
railroad carriers, public transportation agencies (including rail mass
transit and bus systems), passenger railroad carriers, and over-the-
road bus (OTRB) companies. Owner/operators of these higher-risk
railroads, systems, and companies would be required to train employees
performing security-sensitive functions, using a curriculum addressing
preparedness and how to observe, assess, and respond to terrorist-
related threats and/or incidents. As part of this rulemaking, TSA would
also expand its current requirements for rail security coordinators and
reporting of significant security concerns (currently limited to
freight railroads, passenger railroads, and the rail operations of
public transportation systems) to include the bus components of higher-
risk public transportation systems and higher-risk OTRB companies. TSA
also proposes to make the maritime and land transportation provisions
of TSA's regulations consistent with other TSA regulations by codifying
general responsibility to comply with security requirements;
compliance, inspection, and enforcement; and procedures to request
alternate measures for compliance. Finally, TSA is adding a definition
for Transportation Security-Sensitive Materials (TSSM). Other
provisions are being amended or added, as necessary, to implement these
additional requirements.
While TSA will review and consider all comments submitted, TSA
invites responses to a number of specific questions posed in the
preamble of the NPRM. See the Comments Invited section under
SUPPLEMENTARY INFORMATION that follows.
DATES: Submit comments by March 16, 2017.
ADDRESSES: You may submit comments, identified by the TSA docket number
to this rulemaking, to the Federal Docket Management System (FDMS), a
government-wide, electronic docket management system, using any one of
the following methods:
Electronically: You may submit comments through the Federal
eRulemaking portal at http://www.regulations.gov. Follow the online
instructions for submitting comments.
Mail, In Person, or Fax: Address, hand-deliver, or fax your written
comments to the Docket Management Facility, U.S. Department of
Transportation, 1200 New Jersey Avenue SE., West Building Ground Floor,
Room W12-140, Washington, DC 20590-0001; Fax 202-493-2251. The
Department of Transportation (DOT), which maintains and processes TSA's
official regulatory dockets, will scan the submission and post it to
FDMS.
See SUPPLEMENTARY INFORMATION for format and other information
about comment submissions.
FOR FURTHER INFORMATION CONTACT: Harry Schultz (TSA Office of Security
Policy and Industry Engagement) or Traci Klemm (TSA Office of the Chief
Counsel) at telephone (571) 227-5563 or email to
[email protected].
SUPPLEMENTARY INFORMATION:
Comments Invited
TSA invites interested persons to participate in this rulemaking by
submitting written comments, data, or views. We also invite comments
relating to the economic, environmental, energy, or federalism impacts
that might result from this rulemaking action. See ADDRESSES above for
information on where to submit comments.
With each comment, please identify the docket number at the
beginning of your comments. TSA encourages commenters to provide their
names and addresses. The most helpful comments reference a specific
portion of the rulemaking, explain the reason for any recommended
change, and include supporting data. You may submit comments and
material electronically, in person, by mail, or fax as provided under
ADDRESSES, but please submit your comments and material by only one
means. If you submit comments by mail or delivery, submit them in an
unbound format, no larger than 8.5 by 11 inches, suitable for copying
and electronic filing.
If you want TSA to acknowledge receipt of comments submitted by
mail, include with your comments a self-addressed, stamped postcard on
which the docket number appears. We will stamp the date on the postcard
and mail it to you.
TSA will file in the public docket all comments TSA receives,
except for comments containing confidential information and Sensitive
Security Information (SSI).\1\ TSA will consider all comments received
on or before the closing date for comments and will consider comments
filed late to the extent practicable. The docket is available for
public inspection before and after the comment closing date.
---------------------------------------------------------------------------
\1\ ``Sensitive Security Information'' or ``SSI'' is information
obtained or developed in the conduct of security activities, the
disclosure of which would constitute an unwarranted invasion of
privacy, reveal trade secrets or privileged or confidential
information, or be detrimental to the security of transportation.
The protection of SSI is governed by 49 CFR parts 15 and 1520.
---------------------------------------------------------------------------
NPRM Specific Questions
While TSA will review and consider all comments submitted, TSA
invites responses to the following five specific questions:
(1) The preferred avenue to submit security training programs to
TSA, such as through email, secure Web site, or mailing address.
(2) TSA is proposing to use accumulated days of employment as one
of the factors triggering whether an employee must be trained and
requests comment specifically on how to calculate accumulated days and
to ensure contractors are not used to avoid the requirements of this
proposed rule.
(3) The use of previous training to satisfy requirements in the
proposed rule.
(4) Options for harmonizing the proposed training schedule with
existing training schedules and for adding efficiencies with other
relevant regulatory requirements, including identification of any laws,
regulations, or orders not identified by TSA that commenters believe
would conflict with the provisions of the proposed rule.
(5) Options for ensuring training is effective in the absence of
proficiency standards. For example, the proposed rule does not
prescribe conditions for a pass/fail policy that may be associated with
post-training testing, nor recommending a specified maximum number of
times that an individual may take a test or evaluation to demonstrate
knowledge and competency.
Handling of Confidential or Proprietary Information and Sensitive
Security Information (SSI) Submitted in Public Comments
Do not submit comments that include trade secrets, confidential
commercial
[[Page 91337]]
or financial information, or SSI to the public regulatory docket.
Please submit such comments separately from other comments on the
rulemaking. Comments containing this type of information must be
appropriately marked as containing such information and submitted by
mail to the address listed in FOR FURTHER INFORMATION CONTACT section.
TSA will not place comments containing SSI in the public docket,
but will handle them in accordance with applicable safeguards and
restrictions on access. TSA will hold documents containing SSI,
confidential business information, or trade secrets in a separate file
to which the public does not have access, and place a note in the
public docket that TSA has received such materials from the commenter.
If TSA determines, however, that portions of these comments may be made
publicly available, TSA may include a redacted version of the comment
in the public docket. If TSA receives a request to examine or copy
information that is not in the public docket, TSA will treat it as any
other request under the Freedom of Information Act (FOIA) (5 U.S.C.
552) and FOIA regulation of the Department of Homeland Security (DHS)
found in 6 CFR part 5.
Reviewing Comments in the Docket
Please be aware that anyone is able to search the electronic form
of all comments in any of our dockets by the name of the individual who
submitted the comment (or signed the comment, if submitted on behalf of
an association, business, labor union, etc.). You may review the
applicable Privacy Act Statement published in the Federal Register on
April 11, 2000 (65 FR 19477) and modified on January 17, 2008 (73 FR
3316), or you may visit http://DocketsInfo.dot.gov.
You may review TSA's electronic public docket on the Internet at
http://www.regulations.gov. In addition, DOT's Docket Management
Facility provides a physical facility, staff, equipment, and assistance
to the public. To obtain assistance or to review comments in TSA's
public docket, you may visit this facility between 9:00 a.m. and 5:00
p.m., Monday through Friday, excluding legal holidays, or call (202)
366-9826. This docket operations facility is located in the West
Building Ground Floor, Room W12-140 at 1200 New Jersey Avenue SE.,
Washington, DC 20590.
Availability of Rulemaking Document
An electronic copy can be obtained using the Internet by--
(1) Searching the electronic Federal Docket Management System
(FDMS) Web page at http://www.regulations.gov;
(2) Accessing the Government Printing Office's Web page at http://www.gpo.gov/fdsys/browse/collection.action?collectionCode=FR to view
the daily published Federal Register edition; or accessing the ``Search
the Federal Register by Citation'' in the ``Related Resources'' column
on the left, if you need to do a Simple or Advanced search for
information, such as a type of document that crosses multiple agencies
or dates.
In addition, copies are available by writing or calling the
individual in the FOR FURTHER INFORMATION CONTACT section. Make sure to
identify the docket number of this rulemaking.
Abbreviations and Terms Used in This Document
AAR--Association of American Railroads
ABA--American Bus Association
Amtrak--National Railroad Passenger Corporation
APTA--American Public Transportation Association
CD--Compact Disc
CCTV--Closed-Circuit Television
CFATS--Chemical Facility Anti-Terrorism Standards
CFATS EAP--Expedited Approval Program for the CFATS program
CFATS RBPS--Risk-Based Performance Standards of the CFATS program
CFATS SSP--Site Specific Plans part of the CFATS program
DHS--Department of Homeland Security
DIF--Difficulty-Importance-Frequency
EOD--Explosives Ordinance Disposal
FMCSA--Federal Motor Carrier Safety Administration
FRA--Federal Railroad Administration
FTA--Federal Transit Administration
GAO--U.S. Government Accountability Office
GCC--Government Coordinating Council
HMR--Hazardous Materials Regulations
HSA--Homeland Security Act of 2002
HTUA--High Threat Urban Area
IED--Improvised Explosive Device
IFR--Interim Final Rule
IRFA--Initial Regulatory Flexibility Analysis
MOU--Memorandum of Understanding
NCTC--National Counterterrorism Center
NSI--Nationwide Suspicious Activity Reporting (SAR) Initiative
OAs--Oversight Agencies
OMB--Office of Management and Budget
OTRB--Over-the-Road Bus
PAG--Transit Policing and Security Peer Advisory Group
PHMSA--Pipeline and Hazardous Materials Safety Administration
PRA--Paperwork Reduction Act of 1995
PTPR--Public Transportation and Passenger Railroads
RFA--Regulatory Flexibility Act of 1980
RIA--Regulatory Impact Analysis
RSC--Rail Security Coordinator
RSSM--Rail Security-Sensitive Material
SBA--Small Business Administration
SCC--Sector Coordinating Council
SMS--Safety Management System
SSI--Sensitive Security Information
TIH--Toxic Inhalation Hazard
TSA--Transportation Security Administration
TSGP--Transit Security Grant Program
TSSM--Transportation Security Sensitive Material
UASI--Urban Area Security Initiative
UMRA--Unfunded Mandates Reform Act of 1995
VBIED--Vehicle-Borne Improvised Explosive Device
Table of Contents
I. Executive Summary
II. Background
A. Context and Purpose
B. Statutory Authorities
C. Rule Organization
III. Proposed Rule
A. Amendments to Part 1500
1. General Terms
2. Transportation Security-Sensitive Materials
B. Amendments to Part 1503
C. Amendments to Part 1520
D. Amendments to Part 1570
1. Overview of changes and structure
2. Subpart A--General
3. Subpart B--Security Programs
4. Subpart C--Operations
5. Subpart D--Security Threat Assessments
E. Security-Sensitive Employees (Sec. Sec. 1580.3, 1582.3, and
1584.3)
F. Security Programs--Applicability (Sec. Sec. 1580.301,
1582.301, and 1584.301)
1. Freight Railroads
2. Public Transportation and Passenger Railroads
3. Over-the-Road Buses
4. Foreign Owner/Operators
5. Preemption
G. Security Program General Requirements (Sec. Sec. 1580.113,
1582.113, and 1584.113)
1. Information About the Owner/Operator
2. Information on How Training Will Be Provided
3. Ensuring Supervision of Untrained Employees and Providing
Notice of Changes Affecting Training
4. Methods for Determining Effectiveness of Training
5. Relation to Other Training
H. Security Training and Knowledge for Security-Sensitive
Employees (Sec. Sec. 1580.115, 1582.115 and 1584.115)
1. Training Required for Security-Sensitive Employees
2. Limits on Use of Untrained Employees
3. Knowledge Required
I. Other Security Training Programs
1. Federal Railroad Administration Safety Training Requirements
2. Federal Transit Administration Safety Requirements
3. OTRB Safety Requirements
4. Hazardous Materials Regulations
a. Overlap With DOT Regulations Regarding Transportation of
Hazardous Materials
b. Inspections and Enforcement
c. Overlap With Other DHS Regulations
J. Training Resources
K. Programmatic Alternatives
[[Page 91338]]
IV. Stakeholder Consultations
A. Multi-Modal Outreach
B. Freight Rail
C. Public Transportation and Passenger Rail
D. Over-the-Road Buses
E. Labor Unions
V. Rulemaking Analyses and Notices
A. Paperwork Reduction Act
B. Economic Impact Analyses
1. Regulatory Impact Analysis Summary
2. Executive Orders 12866 and 13563 Assessments
3. OMB A-4 Statement
4. Alternatives Considered
5. Regulatory Flexibility Assessment
6. International Trade Impact Assessment
7. Unfunded Mandates Assessment
C. Executive Order 13132, Federalism
D. Environmental Analysis
E. Energy Impact Analysis
I. Executive Summary
Purpose of the Regulatory Action
The purpose of this proposed rule is to solidify the enhanced
baseline of security for higher-risk surface transportation operations
by improving and sustaining the capability of employees to observe,
assess, and respond to security risks and potential security breaches.
These critical capabilities include identifying, reporting, and
appropriately reacting to suspicious activity, suspicious items,
dangerous substances, and security incidents that may be associated
with terrorist reconnaissance, preparation, or action. The proposed
requirements specifically apply to training employees performing
security-sensitive job functions for higher-risk public transportation
systems, railroad carriers (passenger and freight), and OTRB owner/
operators. Preparing and training these employees to observe, assess,
and respond to anomalies, threats, and incidents within their unique
working environment may be the critical point for preventing a
terrorist act and mitigating the consequences.
Since its creation following the attacks of September 11, 2001, TSA
has had statutory authority to assess a security risk for any mode of
transportation, develop security measures for dealing with that risk,
and enforce compliance with those measures.\2\ This includes broad
regulatory authority, which enables TSA to issue, rescind, and revise
regulations as necessary to carry out its transportation security
functions.\3\ As part of the Implementing Recommendations of the 9/11
Commission Act of 2007 (9/11 Act),\4\ Congress mandated that DHS use
its authority to issue regulations and included in the statute minimum
requirements for employees to be trained, subjects of training, and
procedures for the submission and approval of training programs.\5\ As
part of this mandate, the 9/11 Act also requires higher-risk railroads
and OTRBs to appoint security coordinators.\6\ This NPRM would propose
to implement those provisions.
---------------------------------------------------------------------------
\2\ See Section 101 of the Aviation and Transportation Security
Act (ATSA), Public Law 107-71, 115 Stat. 597 (Nov. 19, 2001),
codified at 49 U.S.C. 114 (ATSA created TSA and established the
agency's primary federal role to enhance security for all modes of
transportation). Section 403(2) of the Homeland Security Act of 2002
(HSA), Public Law 107-296, 116 Stat. 2135 (Nov. 25, 2002),
transferred all functions related to transportation security,
including those of the Secretary of Transportation and the Under
Secretary of Transportation for Security, to the Secretary of
Homeland Security. Pursuant to DHS Delegation Number 7060.2, the
Secretary delegated to the Administrator, subject to the Secretary's
guidance and control, the authority vested in the Secretary with
respect to TSA, including that in sec. 403(2) of the HSA.
\3\ 49 U.S.C. 114(l)(1).
\4\ Public Law 110-53, 121 Stat. 266 (Aug. 3, 2007).
\5\ See secs. 1408, 1517, and 1534 of the 9/11 Act, codified at
6 U.S.C. 1137, 1167, and 1184, respectively. For the remainder of
this NPRM, TSA will refer to the codified section numbers.
\6\ See secs. 1512 and 1181 of the 9/11 Act, codified at 6
U.S.C. 1162 and 1181, respectively. TSA addresses 6 U.S.C
1162(e)(1)(A) and 1181(e)(1)(A) in this rulemaking. TSA intends to
address the other regulatory requirements of these provisions in
separate rulemakings.
---------------------------------------------------------------------------
Summary of the Major Provisions
As discussed in section III.F. of this NPRM, TSA is proposing to
apply the requirements to higher-risk operations, based on mode-
specific assessments of risk. Based on these assessments, the
requirements would apply to:
Class I freight railroad carriers, railroads transporting
Rail Security-Sensitive Materials (RSSMs) through identified High
Threat Urban Areas (HTUAs) (applying those terms as defined in current
49 CFR 1580.3), and railroads that host other higher-risk rail
operations. This would cover approximately 36 railroads.
Public transportation and passenger railroads (PTPRs)
operating in the eight regions with the highest transit-specific risk.
This would cover approximately 46 systems.
The National Railroad Passenger Corporation (Amtrak), an
intercity passenger railroad.
OTRB owner/operators providing fixed-route service (also
referred to as regular route or scheduled service) to/through/from the
highest-risk urban areas. This would cover approximately 202 OTRB
owner/operators.
This NPRM proposes requiring the entities listed above to:
Develop security training programs to enhance and sustain
the capability of their security-sensitive employees to observe,
assess, and respond to security incidents as well as to have the
training necessary to implement their specific responsibilities in the
event of a security incident.
Submit the required security training program to TSA for
review and approval.
Implement the security training program and ensure all
existing and new security-sensitive employees complete the required
security training within the specified timeframes for initial and
recurrent training.
Maintain records demonstrating compliance and make the
records available to TSA upon request for inspection and copying.
Appoint security coordinators and alternates-who will be
accessible to TSA 24 hours per day, 7 days per week-and transmit
contact information for those individuals to TSA (an extension of
current 49 CFR part 1580 requirements).
Report significant security incidents or concerns to TSA
(an extension of current 49 CFR part 1580 requirements).
Review and update security training programs as necessary
to address changing security measures or conditions.
The proposed rule would also amend 49 CFR part 1500 to streamline
definitions for TSA's regulation and would add a definition of
Transportation Security-Sensitive Materials (TSSMs). Proposed revisions
to 49 CFR parts 1503 and 1520 would conform references and provisions
related to enforcement and handling of SSI to the expanded scope of
security requirements in the proposed rule.
The most significant proposed revisions are found in subchapter D
of chapter XII of title 49. This subchapter would be retitled
``Maritime and Surface Transportation Security,'' reorganized, and
expanded to include the proposed security program requirements. The
general rules for subchapter D would continue to be in part 1570, but
reorganized and expanded to address the new requirements proposed in
this rule. This NPRM also proposes to add a new section (1570.7) to
make it clear that owner/operators, employees, contractors, and other
persons can be held liable for violating TSA's regulations. A similar
provision is part of TSA's aviation-related regulations and adding it
to subchapter D ensures consistency in enforcement across all modes of
transportation. This provision is further discussed in section III.D.2
of this NPRM.
Some provisions currently limited to railroads under part 1580
would be
[[Page 91339]]
moved and revised to address the additional modes, such as provisions
related to ``compliance, inspection, and enforcement.'' This
necessitates reorganization and minor revisions to current part 1580.
The impact of the proposed rule on the organization and scope of
current 49 CFR part 1580 is discussed in section II.C. of this NPRM.
The following table (Table 1) provides a summary of the requirements
and their applicability (distinguishing between current requirements/
applicability and proposed requirements/applicability).
Table 1--Summary of Proposed Requirements
[Current 49 CFR part 1580 requirements incorporated into this NPRM are indicated with an ``X''; proposed requirements are indicated with a ``P'']
--------------------------------------------------------------------------------------------------------------------------------------------------------
Protecting Reporting
Inspection sensitive Security security
authority (Sec. security coordinator incidents (Sec. Security
1570.9) information (Sec. 1570.203) training \1\
(part 1520) 1570.201)
--------------------------------------------------------------------------------------------------------------------------------------------------------
Freight railroad carriers.......................................... X X X X P
Rail hazardous materials shippers.................................. X X X X ...............
Rail hazardous materials receivers in HTUAs........................ X X X X ...............
Owner/operators of private rail cars............................... X X X X ...............
Host railroads of freight or PTPR rail operations within scope of X X X X P
rule..............................................................
PTPR operating rail transit systems on general railroad system, X X X X \2\ P
intercity passenger train service, and commuter train services....
PTPR operating rail transit systems not part of general railroad X X X X \2\ P
system............................................................
Tourist, scenic, historic, and excursion rail owner/operators...... X X X X ...............
PTPR operating bus transit or commuter bus systems in designated P P P P P
areas.............................................................
OTRB owner/operators providing fixed-route service in designated P P P P P
areas.............................................................
--------------------------------------------------------------------------------------------------------------------------------------------------------
\1\ 49 CFR part 1570, Subpart B (Security Programs); 49 CFR part 1580, Subpart B--Employee Security Training (freight railroads); 49 CFR part 1582,
Subpart B--Employee Security Training (PTPR); and 49 CFR part 1584, Subpart B--Employee Security Training (OTRBs).
\2\ If Amtrak, or listed in proposed part 1582, Appendix A (a public transportation system, or part of a public transportation system).
Costs and Benefits
TSA estimates the overall cost of this proposed rule is $157.27
million over 10 years discounted at 7 percent. TSA estimates the cost
of this proposed rule by the 4 affected parties (all costs are 10 years
at 7 percent): For freight railroads the rule would cost a total of
$90.74 million, for PTPR the cost is $53.14 million, for OTRB the cost
is $12.08 million, and for TSA the cost is $1.31 million.
The proposed rule, if finalized, would enhance surface
transportation security by reducing vulnerability to terrorist attacks
in four different ways. First, the surface transportation employees in
each of the three covered modes would be trained to identify security
vulnerabilities. Second, these surface transportation employees would
be better trained to recognize potentially threatening behavior and
properly report that information. Third, these surface employees would
be trained to respond to incidents, thereby mitigating the consequences
of an attack. Finally, the covered surface transportation owner/
operators would be required to report significant security concerns to
TSA so that TSA can analyze potential threats across all modes.
This analysis reflects information obtained through a Notice
published in the Federal Register in 2013 \7\ (2013 Notice). Through
that Notice, TSA requested data needed to provide a more accurate
understanding of the existing baseline and potential costs associated
with the proposed rule. In particular, TSA requested information
regarding programs currently implemented--whether as a result of
regulatory requirements, grant requirements, in anticipation of a rule,
voluntary, or otherwise--and the costs associated with those training
programs.
---------------------------------------------------------------------------
\7\ 78 FR 35945 (June 14, 2013).
---------------------------------------------------------------------------
II. Background
A. Context and Purpose
Surface transportation systems--including public transportation
systems, intercity and commuter passenger railroads, freight railroads,
intercity buses, and related infrastructure--are vital to our economy
and essential to national security.\8\ The potential for a terrorist
attack exists at each stage of moving people, goods, and services
throughout the Nation.
---------------------------------------------------------------------------
\8\ Surface Transportation and Rail Security Act of 2007, report
of the Senate Committee on Commerce, Science, and Transportation at
2 (S. Rept. 110-29, Mar. 1, 2007), quoting Executive Order (E.O.)
13416 (Dec. 5, 2006), published at 71 FR 71033 (Dec. 7, 2006).
---------------------------------------------------------------------------
Recent attacks indicate the risk of terrorist attack to surface
transportation. On August 21, 2015, there was an attempted mass
shooting on a packed high-speed train bound for Paris from
Amsterdam.\9\ Metropolitan Police treated a December 5, 2015, knife
attack in a London public transportation station as a terrorist
incident.\10\ There have been other documented terrorist attacks
targeting surface transportation, including the attack in Madrid,
Spain, on March 11, 2004, in which terrorists attacked four commuter
trains using 10 improvised explosive devices (IED) that exploded near-
simultaneously and resulted in the deaths of 191 people and injury to
more than 1,800 people.\11\ In July 2005, four coordinated suicide
bombings occurred, three on separate trains through London Underground
stations and the fourth on a double-
[[Page 91340]]
decker bus, killed 52 people.\12\ In July 2008, a group linked to
Lashkar-e-Tayyiba attacked Mumbai's Western Railway Line with seven
IEDs during evening commute hours, killing 183 people.\13\ In November
2008, this group committed another coordinated attack that included
shooting and bombing operations at several targets--including a train
station--and killed a total of 164 people.\14\ More recently, U.S. news
media reported that the Federal Bureau of Investigation (FBI) uncovered
a plot to attack the PATH commuter rail system serving New York and New
Jersey in mid-2006.\15\ These previous events highlight the magnitude
of the deadly consequences that an attack on surface transportation
could have.
---------------------------------------------------------------------------
\9\ See Michael Birnbaum, ``A change of seats for 3 Americans
led to saved lives on Paris-bound train,'' Washington Post (Aug. 24,
2015), available at https://www.washingtonpost.com/world/as-french-train-suspect-is-interrogated-questions-mount-on-europes-security/2015/08/23/088ff2fe-4923-11e5-9f53-d1e3ddfd0cda_story.html.
\10\ See BBC, ``Leytonstone Tube station stabbing a `terrorist
incident' '' (Dec. 6, 2015), available at http://www.bbc.com/news/uk-35018789.
\11\ Encyclopedia Britannica, ``Madrid train bombings of 2004''
(May 19, 2013), available at http://www.britannica.com/event/Madrid-train-bombings-of-2004.
\12\ CNN, ``July 7 2005 London Bombings Fast Facts'' (updated
June 29, 2016, 9:44 a.m.), available at http://www.cnn.com/2013/11/06/world/europe/july-7-2005-london-bombings-fast-facts/.
\13\ Bureau of Diplomatic Security, ``India 2013 Crime and
Safety Report: Mumbai'' (March 5, 2013), available at https://www.osac.gov/pages/ContentReportDetails.aspx?cid=13701.
\14\ CNN, ``Mumbai Terror Attacks Fast Facts'' (updated Nov. 4,
2015, 11:57 a.m.), available at http://www.cnn.com/2013/09/18/world/asia/mumbai-terror-attacks/.
\15\ Mary Frost, ``NYC subways targeted in ISIS terror plot--
NYPD, FBI evaluating threat level,'' Brooklyn Daily Eagle (Sept. 25,
2014), available at http://www.brooklyneagle.com/articles/2014/9/25/nyc-subways-targeted-isis-terror-plot-nypd-fbi-evaluating-threat-level.
---------------------------------------------------------------------------
As part of its ongoing communications with stakeholders, TSA has
alerted owner/operators affected by this proposed rule to
transportation-related threats and has worked with many of them to
review and recognize potential vulnerabilities to their operations. The
impact that security training can have on these operations was
recognized by Congress when it mandated, and provided detailed
requirements for, security training regulations as part of the 9/11
Act.\16\
---------------------------------------------------------------------------
\16\ Public Law 110-53, 121 Stat. 266 (Aug. 3, 2007).
---------------------------------------------------------------------------
TSA recognizes that the owner/operators of surface transportations
systems, both public and private, are principally responsible for the
safety and security of the people using their services. As noted in
Presidential Policy Directive/PPD-21, ``Critical Infrastructure
Security and Resilience:''
The Nation's critical infrastructure is diverse and complex. It
includes distributed networks, varied organizational structures and
operating models (including multinational ownership), interdependent
functions and systems in both the physical space and cyberspace, and
governance constructs that involve multi-level authorities,
responsibilities, and regulations. Critical infrastructure owners
and operators are uniquely positioned to manage risks to their
individual operations and assets, and to determine effective
strategies to make them more secure and resilient.\17\
---------------------------------------------------------------------------
\17\ PPD-21 (Feb. 12, 2013) (emphasis added).
Surface transportation employees--the people who provide and support
these services--are a critical resource for protecting passengers and
the transportation infrastructure.
As a result of TSA's programmatic efforts, as well as awareness of
the requirements of the 9/11 Act, many owner/operators of higher-risk
surface transportation operations have voluntarily implemented security
training programs that address some of the requirements of this
proposed rule. As noted in the economic analysis for this rulemaking,
however, the private market may not provide adequate incentives for
owner/operators to make a socially optimal investment in the full range
of measures that would reduce the probability of a successful terrorist
attack based on the economics of externalities. (Externalities are
costs or benefits from an economic transaction experienced by parties
``external'' to the transaction.) Specifically, for surface mode owner/
operators, the total consequences of an attack or other security
incident to society may be greater than what would be suffered by the
individual owner/operator of the infrastructure or facility.
Without ignoring the voluntary efforts of owner/operators to
increase the baseline of their security, including by providing
security training, TSA also recognizes a firm normally would not choose
to make an investment in security over its privately optimal amount in
a competitive market place, since such an investment would increase the
firm's cost of production, placing it at a disadvantage when competing
with companies that have not chosen to make a similar investment in
security.
Focusing on the higher-risk operations and frontline employees
(defined in the rule as those performing security-sensitive functions),
this proposed rule would close gaps in the scope or breadth of training
provided as part of voluntary efforts. To the extent resource and
economic considerations could cause this voluntary commitment to abate
in the future, this proposed rule, when finalized, should solidify
these efforts and commitment to security training.
Thus, the purpose of this proposed rule is to solidify a baseline
of security training for surface transportation by enhancing and
sustaining the capability of frontline employees for higher-risk public
transportation systems, railroad carriers (passenger and freight), and
OTRB owner/operators to observe, assess, and respond to security risks
and potential security breaches. These critical capabilities include
identifying, reporting, and appropriately reacting to suspicious
activity, suspicious items, dangerous substances, and security
incidents that may be associated with terrorist reconnaissance,
preparation, or action. An employee who is prepared and trained to
observe, assess, and respond may be the critical point for preventing a
terrorist act.
Security awareness training is an important and effective tool to
enhance an employee's ability to detect and deter attacks by terrorists
or others--particularly those with malicious intent to target surface
transportation or use vehicles as delivery systems for weapons of mass
destruction. Well-trained employees can serve as security force-
multipliers. Their familiarity with the facilities and operating
environments of their specific transportation systems makes them
especially effective at recognizing situations and conditions that may
pose a threat to the safety and security of passengers, cargo, and
transportation infrastructure.
Employees who are prepared to execute their security-related
responsibilities and trained to observe, assess, and respond bring an
informed vigilance to their daily responsibilities. They are more
capable of identifying and making timely reports to support inquiry by
law enforcement and security personnel, increasing the potential for
detection or disruption of terrorist planning, preparations, and
observations. In the event an incident does occur, employees who
understand their roles and responsibilities under the owner/operator's
security planning and response documents are better prepared to
initiate timely responsive actions to mitigate consequences and work
with first responders.
This rulemaking is part of TSA's commitment to risk-based security
and how it implicates policy decisions, resource commitments, and
expectations. Passengers traveling through a higher-risk area or system
(whether by bus or train) should be able to expect the same level of
security regardless of the carrier. Communities in HTUAs should expect
that the freight trains carrying RSSM \18\ are operated by employees
with a common baseline of security training, regardless of who owns or
operates the train. The result is
[[Page 91341]]
a proposed rule that bases applicability primarily on the location
where the transportation is operated (rather than constructs of
ownership) and scope of employees to be trained on the functions they
perform (rather than titles in position descriptions).
---------------------------------------------------------------------------
\18\ As previously noted, TSA is not proposing to modify these
terms as defined in current 49 CFR 1580.3.
---------------------------------------------------------------------------
For these reasons, TSA proposes this regulation requiring owner/
operators to implement employee security training programs for
employees serving in security-sensitive positions in higher-risk
operations. TSA explains aspects of the proposed rule more fully in
section III of this NPRM.
B. Statutory Authorities
The security of the Nation's transportation systems is vital to the
economic health and security of the United States. Ensuring
transportation security while promoting the movement of legitimate
travelers and commerce is a critical counter-terrorism mission assigned
to TSA.
Since its creation following the attacks of September 11, 2001, TSA
has had broad statutory authority to assess a security risk for any
mode of transportation, develop security measures for dealing with that
risk, and enforce compliance with those measures.\19\ This includes
broad regulatory authority, which enables TSA to issue, rescind, and
revise regulations as necessary to carry out its transportation
security functions.\20\
---------------------------------------------------------------------------
\19\ See supra, n. 2.
\20\ 49 U.S.C. 114(l)(1).
---------------------------------------------------------------------------
Congress has determined that a regulation is necessary for owner/
operators of public transportation systems, passenger railroads,
freight railroads, and OTRBs to provide security training to their
frontline employees. As part of the 9/11 Act,\21\ Congress mandated
that DHS use its authority to issue regulations and included in the
statute minimum requirements for employees to be trained, subjects of
training, and procedures for the submission and approval of training
programs.\22\ This NPRM proposes to implement these provisions.
---------------------------------------------------------------------------
\21\ Public Law 110-53, 121 Stat. 266 (Aug. 3, 2007).
\22\ See 6 U.S.C. 1137, 1167, and 1184.
---------------------------------------------------------------------------
The 9/11 Act includes a requirement to include ``[l]ive situational
training exercises'' as part of its security training regulations.\23\
As part of the Homeland Security Exercise and Evaluation Program
(HSEEP), DHS describes the benefit of exercises ``to test and validate
plans and capabilities.'' \24\ While testing the effectiveness of
training is important, the HSEEP focuses on the need to test
effectiveness of the overall plan--a process that reveals any
weaknesses in training. TSA has determined the intent of requiring
exercises would be better met if owner/operators were required to test
the effectiveness of their security plans--which would include testing
employee understanding and capabilities related to their roles,
responsibilities, protocols, and procedures. Therefore, TSA has decided
to address this element in a separate rulemaking that will meet related
9/11 Act provisions for security planning.\25\
---------------------------------------------------------------------------
\23\ See 6 U.S.C. 1137(c)(7), 1167(c)(8), and 1184(c)(8).
\24\ See DHS, ``Homeland Security Exercise and Evaluation
Program (HSEEP)'' (April 2013), available at https://www.fema.gov/media-library-data/20130726-1914-25045-8890/hseep_apr13_.pdf.
\25\ See requirements in 6 U.S.C. 1134 (public transportation),
1162 (railroads), and 1181 (OTRBs).
---------------------------------------------------------------------------
Finally, the 9/11 Act also requires DHS to define the term
``security-sensitive material'' as it relates to materials transported
in commerce that pose ``a significant risk to national security . . .
due to the potential use of the material in an act of terrorism.'' \26\
The 9/11 Act states that the term must include specific, identified
materials.\27\ TSA has previously identified ``security-sensitive
materials'' transported by freight railroad carriers as ``Rail
Security-Sensitive Materials'' (RSSM).\28\ As further discussed in
section III.A.2 of this NPRM, TSA is proposing materials to be
identified as ``Transportation Security-Sensitive Materials (TSSM).''
---------------------------------------------------------------------------
\26\ 6 U.S.C. 1151(13).
\27\ Materials to be included are Class 7 radioactive materials,
Division 1.1, 1.2, or 1.3 explosives, materials poisonous or toxic
by inhalation, including Division 2.3 gases and Division 6.1
materials, and select agents or toxins regulated by the Centers for
Disease Control and Prevention under 42 CFR part 73.
\28\ See 49 CFR 1580.3 and 1580.100(b).
---------------------------------------------------------------------------
C. Rule Organization
Implementing requirements in the 9/11 Act for surface
transportation regulations necessitates making other changes to TSA's
regulations found in title 49 of the CFR. Some of these changes are
technical revisions or additions, such as consolidating definitions
used in multiple parts of TSA's regulations into part 1500 and adding
cross-references to the new regulatory requirements as relevant for
investigations (part 1503) and protection of SSI (part 1520).
The most significant changes are to subchapter D, which TSA
proposes to rename ``Maritime and Surface Transportation Security.''
Subchapter D currently contains requirements related to security threat
assessments (STAs) (parts 1570 and 1572) and rail security (1580). TSA
is proposing to significantly reorganize and augment parts 1570 and
1580, and add parts 1582 (PTPR) and 1584 (Highway and Motor Carriers).
Many portions of the proposed rule are common to PTPR, freight, and
OTRB operations. These are included in 49 CFR part 1570. Eliminating
duplication of these requirements across multiple sections of TSA's
regulations reduces unintended inconsistencies, both now and over time
to the extent there are any amendments made to these regulations in the
future. Because of these modifications, other organizational changes
are being made to part 1570--including moving definitions that have
applicability across multiple parts of TSA's regulations to part 1500
(discussed more fully in part III.A of this NPRM) and consolidating
provisions related to security threat assessments into a new subpart D.
The STA provisions are being moved but are otherwise unmodified. As a
result, the substance of these provisions is not part of this notice
and comment rulemaking.
TSA includes proposed requirements adapted to reflect the unique
aspects of each mode in mode-specific parts of 49 CFR Chapter XII,
Subchapter D--Maritime and Surface Transportation Security. Part 1580
would be revised to focus on freight railroads. Sections in current
part 1580 applicable to PTPR systems would be moved to a new part 1582.
TSA also proposes creating a new part 1584, which would include the
requirements for OTRB.
With the exception of the following, provisions of current 49 CFR
part 1580, Rail Transportation Security, applicable to freight
railroads would be reorganized without substantive change. TSA proposes
to move some provisions to part 1570--this revision would include the
security coordinator and reporting requirements (which are being
updated and clarified, and extended to include higher-risk buses).\29\
Other provisions, such as ``chain of custody'' provisions for RSSMs,
would be reorganized within part 1580 because of this proposed rule.
Finally, current Appendix A to part 1580 would be modified to remove
outdated references. Table 2 provides a distribution table for changes
to current 49 CFR part 1580. To the extent sections are being moved,
but not revised, they are not part of this notice and comment
rulemaking.
---------------------------------------------------------------------------
\29\ These modifications are discussed in section III.C. of this
NPRM.
[[Page 91342]]
Table 2--49 CFR Part 1580 Distribution Table
------------------------------------------------------------------------
Former section New section(s)
------------------------------------------------------------------------
1580.1.................................... 1570.1, 1580.1, and 1582.1.
1580.3.................................... 1570.3, 1580.3, and 1582.3.
1580.5.................................... 1570.9.
1580.100.................................. 1500.3, 1580.101.
1580.101.................................. 1570.201.
1580.103.................................. 1580.203.
1580.105.................................. 1570.203.
1580.107.................................. 1580.205.
1580.109.................................. 1580.5 and 1582.5.
1580.111.................................. 1580.207.
1580.200.................................. 1582.101.
1580.201.................................. 1570.201.
1580.203.................................. 1570.203.
------------------------------------------------------------------------
III. Proposed Rule
A. Amendments to Part 1500
1. General Terms
Consistent with the proposed rule's organization, TSA includes
proposed definitions for terms relevant to several subchapters of TSA
regulations, beyond the requirements of subchapter D, in part 1500.
Terms relevant to several parts of subchapter D would be added to Sec.
1570.3. Terms uniquely relevant to each mode would be included in the
relevant parts (part 1580 (freight), part 1582 (PTPR), and part 1584
(OTRB)).
Many of the proposed definitions are identical, or nearly
identical, to definitions codified in current 49 CFR part 1580. Some
definitions are taken from the 9/11 Act. Other definitions are derived
from existing Federal regulatory programs, particularly programs
administered by DOT. A few definitions are based on industry sources.
TSA's purpose is to use existing definitions that regulated parties are
familiar with to the extent that the definitions are consistent with
the 9/11 Act and the purposes of this NPRM. Where no existing
definition is appropriate, TSA's subject matter experts developed the
definition based upon the generally accepted and known use of terms
within each of the modes subject to this proposed regulation. Table 3
provides additional information on the terms that would be added to
part 1500.
Table 3--Explanation of Proposed Terms and Definitions
------------------------------------------------------------------------
Summary of change Explanation
------------------------------------------------------------------------
Propose modifying definition of This term is used in proposed
``Administrator''. sections regarding procedures
for requesting alternative
measures or challenges to
required modifications. The
definition is being updated to
reflect TSA's transition to a
DHS component.
Propose adding a definition for This term is used in the
``Authorized representative''. definition of ``Employee.'' It
is intended to ensure that any
``authorized representatives''
performing security-sensitive
functions for an owner/
operator receives the required
security training, even if
they are not considered a
direct employee. More
information can be found in
the discussion of employees
required to be trained in
preamble section III.E.
Propose adding a definition for ``Bus'' This term is used in several
other terms defined in this
proposed rule. TSA's review of
DOT regulations identified
several definitions for this
term. The definition developed
by TSA for the purposes of
subchapter D is a composite of
DOT's definitions adopted for
TSA's purposes. While it is a
broad definition on its own,
the other terms in which it is
used limit its application.
Propose adding a definition of ``Bus This term is used as part of
transit system''. the scope of what is intended
by, and included within, the
definition of public
transportation. Consistent
with the scope of other
commuter transit systems, the
definition is based upon an
explanation of what
constitutes ``urban rapid
transit service'' in 49 CFR
part 209, Appendix A.
Propose adding a definition for This term is used as part of
``Commuter bus system''. the scope of what is intended
by, and included within, the
definition of public
transportation. Consistent
with the scope of other
commuter transit systems, the
definition is based upon the
Federal Railroad
Administration's (FRA's)
explanation of ``commuter
service'' for rail in 49 CFR
part 209, and the Federal
Motor Carrier Safety
Administration's (FMCSA's)
definition of ``commuter
service'' in 49 CFR
374.303(g).
As part of reorganization of current 49 This term is used as part of
CFR part 1580, propose moving the scope of what is intended
definition of ``Commuter passenger by, and included within, the
train service'' from 49 CFR 1580.3. definition of public
transportation.
Propose moving definition of ``DHS'' This term has general
from 49 CFR 1520.3. applicability to several parts
of TSA's regulations beyond
the provisions in 49 CFR part
1520.
Propose moving definition of ``DOT'' This term has general
from 49 CFR 1520.3. applicability to several parts
of TSA's regulations beyond
the provisions in 49 CFR part
1520.
Proposed adding definition for ``Fixed- Used within the scope of OTRB
route service''. owner/operators subject to the
proposed regulation (see
proposed 49 CFR 1570.101 and
1584.1), this term is based on
the definition of a fixed-
route system found in 49 CFR
37.3.
Propose moving definition of ``General Part of reorganization of
railroad system of transportation'' current 49 CFR part 1580. This
from 49 CFR 1580.3. proposed rule does not change
the definition.
Propose moving definition of Part of reorganization of
``Hazardous Material'' from 49 CFR current 49 CFR part 1580. This
1580.3. proposed rule does not change
the definition.
Propose moving definition of ``Heavy Part of reorganization of
rail transit'' from 49 CFR 1580.3. current 49 CFR part 1580. This
proposed rule does not change
the definition.
Propose adding a definition of ``Host This term, which is consistent
railroad''. with the definition in 49 CFR
236.1003, is used within the
scope of this proposed rule
relating to operations by
railroad carriers. More
information can be found in
the preamble discussion in
section III.F.1.
[[Page 91343]]
Propose moving definition of Part of reorganization of
``Improvised explosive device (IED)'' current 49 CFR part 1580. This
from 49 CFR 1580.3. proposed rule does not change
the definition.
Propose moving definition of Part of reorganization of
``Intercity passenger train service'' current 49 CFR part 1580. This
from 49 CFR 1580.3. proposed rule does not change
the definition.
Propose moving definition of ``Light Part of reorganization of
rail transit'' from 49 CFR 1580.3. current 49 CFR part 1580. This
proposed rule does not change
the definition.
Propose adding a definition of ``Motor Used throughout this proposed
vehicle''. rule, TSA has determined that
there is no consistent
definition of ``motor
vehicle'' within federal
regulations. TSA has reviewed
various DOT regulations and
relies primarily on 49 CFR
390.5 for this definition as
most applicable to this
proposed regulation, choosing
a definition that is inclusive
with limitations provided in
the relevant applicability
sections.
Propose adding a definition for ``Over- This term, the definition of
the-Road Bus (OTRB)''. which is consistent with 6
U.S.C. 1151(4), is used within
other definitions and the
scope of this proposed rule
relating to over-the-road bus
owners. More information can
be found in the preamble
discussion in section III.F.3.
Propose moving definition of ``owner/ Used in other definitions and
operator'' from 49 CFR 1570.3 and throughout the proposed rule,
modifying to eliminate cross-reference the definition of this term is
to title 33 of the CFR. a modification of the current
definition of ``owner/
operator'' that affects 49
CFR, subchapter D. The
modifications remove outdated
references to make it the term
appropriate for the broader
scope of transportation
regulated by TSA.
Propose moving definition of Part of reorganization of
``Passenger car'' from 49 CFR 1580.3 current 49 CFR part 1580. TSA
and adding ``rail'' to the term to is proposing to insert the
read, ``passenger rail car''. word ``rail'' between
``passenger'' and ``car'' to
avoid any confusion between
rail and motor vehicle
conveyances.
Propose adding a definition of Used both in the scope of
``Passenger railroad carrier''. proposed subpart B of 49 CFR
part 1570 (Security
Coordinator and Reporting
Requirements) and the scope of
the training rule (proposed 49
CFR part 1582), this term is
also used in the context of
host railroad operations. More
information can be found in
the discussion in III.F.2. The
definition is based on the
definition for this term found
in 49 CFR 239.7.
Propose moving definition of Part of reorganization of
``Passenger train'' from 49 CFR 1580.3. current 49 CFR part 1580. This
proposed rule does not change
the definition.
Propose moving definition of ``Private Part of reorganization of
rail car'' from 49 CFR 1580.3. current 49 CFR part 1580. This
proposed rule does not change
the definition.
Propose adding a definition of ``Public Used within other terms, this
transportation''. definition is based primarily
on 49 U.S.C. 5302(14). Where
the statute uses a definition
that is characterized by what
is excluded, TSA's definition
focuses on what is included.
Propose adding a definition of ``Public This term is used to define the
transportation agency''. scope of owner/operators
subject to the proposed rule.
See proposed subpart B to 49
CFR parts 1570 and 1582. See
also the preamble discussion
in section III.F.2 for more
information. (The 9/11 Act
defines a ``public
transportation agency'' as a
publicly owned operator of
public transportation eligible
to receive Federal assistance
under Chapter 53 of Title 49,
United States Code.''). TSA
reviewed the requirements of
that statute in developing
this definition. As noted
above, the definition of
``public transportation'' is
based on 49 U.S.C. 5302(14).
Propose moving definition of ``Rail Part of reorganization of
hazardous materials receiver'' from 49 current 49 CFR part 1580. This
CFR 1580.3. proposed rule does not change
the definition.
Propose moving definition of ``Rail Part of reorganization of
hazardous materials shipper'' from 49 current 49 CFR part 1580. As
CFR 1580.3, with a non-significant proposed, the definition of
amendment. ``offers or offeror'' in 49
CFR 1580.3 would be deleted
and a reference to the DOT
definition for ``person who
offers or offeror'' would be
incorporated into the
definition of ``rail security-
sensitive material.''
Propose moving definition of ``Rail Part of reorganization of
secure area'' from 49 CFR 1580.3. current 49 CFR part 1580. This
proposed rule does not change
the definition.
Propose moving definition of ``Rail This term has general
transit facility'' from 49 CFR 1520.3 applicability to several parts
and 1580.3. of TSA's regulations beyond
the provisions in 49 CFR part
1520.
Propose moving definition of ``Rail Part of reorganization of
transit system or `Rail Fixed Guideway current 49 CFR part 1580. This
System' '' from 49 CFR 1580.3 to proposed rule does not change
proposed 1570.3. the definition.
Propose moving definition of ``Railroad Part of reorganization of
carrier'' from 49 CFR 1580.3. current 49 CFR part 1580. This
proposed rule does not change
the definition.
Propose moving definition of Part of reorganization of
``Railroad'' from 49 CFR 1580.3 and current 49 CFR part 1580. This
modifying it to define ``Railroad proposed rule does not
transportation''. significantly change the
definition.
Propose moving definition of ``Record'' This term has general
from 49 CFR 1520.3. applicability to several parts
of TSA's regulations beyond
the provisions in 49 CFR part
1520.
Propose adding definition of This term has general
``Sensitive Security Information applicability to several parts
consistent with 49 CFR 1520.3 to of TSA's regulations beyond
1570.3. the provisions in 49 CFR parts
1520 and 1570.
Propose moving definition of ``State'' This term has general
from 49 CFR 1570.3. applicability to several parts
of TSA's regulations beyond
the provisions in 49 CFR parts
1520 and 1570.
[[Page 91344]]
Propose adding definition of The term is used in the context
``Transportation security equipment of the proposed requirement
and systems''. for security-sensitive
employees to be trained on use
of security equipment and
systems. See for example,
proposed 49 CFR
1580.155(c)(1). TSA's subject
matter experts have developed
this definition based on their
work with the modes in
conducting assessments and
developing voluntary security
action items.
Propose moving definition of ``Tourist, Part of the reorganization of
scenic, historic, or excursion current 49 CFR part 1580. This
operation'' from 49 CFR 1580.3. proposed rule does not change
the definition.
Propose moving definition of Part of the reorganization of
``Transit'' from 49 CFR 1580.3 with current 49 CFR part 1580. TSA
modifications to reflect broader scope proposes modifying this term
of this proposed rule. to reflect the multimodal
scope of the proposed training
rule and have the term apply
across all the modes.
Propose moving definition of Part of the reorganization of
``Transportation or transport'' from current 49 CFR part 1580. TSA
49 CFR 1580.3 with modifications to proposes modifying this term
reflect broader scope of this proposed to reflect the multimodal
rule. scope of the proposed training
rule and have the term apply
across all the modes.
Propose moving definition of Part of the reorganization of
``Transportation facility'' from 49 current 49 CFR part 1580. TSA
CFR 1580.3 with modifications to proposes modifying this term
reflect broader scope of this proposed to reflect the multimodal
rule. scope of the proposed training
rule and have the term apply
across all the modes.
Propose adding definition of The definition is included to
``Transportation Security-Sensitive satisfy 9/11 Act requirements.
Materials (TSSM)''. See 6 U.S.C. 1151(13). The
term is defined in proposed 49
CFR 1570.3. More information
can be found in the preamble
discussion of the TSSM list in
section III.A.2.
Propose moving definition of ``TSA'' This term has general
from 49 CFR 1520.3. applicability to several parts
of TSA's regulations beyond
the provisions in 49 CFR part
1520.
Propose moving definition of This term is being modified to
``vulnerability assessment'' from 49 streamline terminology rather
CFR 1520.3. than enumerating subcategories
within each mode. It is being
moved to 49 CFR part 1500 as
it has relevance beyond the
provisions in part 1520.
------------------------------------------------------------------------
2. Transportation Security-Sensitive Materials
The 9/11 Act included a requirement for DHS to define ``security-
sensitive material.'' ``Security-sensitive material'' is defined as ``a
material, or group or class of material, in a particular amount and
form that the Secretary [of Homeland Security], in consultation with
the Secretary of Transportation, determines, through rulemaking with
opportunity for public comment, poses a significant risk to national
security while being transported in commerce due to the potential use
of the material in an act of terrorism.'' \30\ TSA has met the
requirements of the 9/11 Act related to rail through its definition of
RSSMs under current 49 CFR part 1580.\31\
---------------------------------------------------------------------------
\30\ 6 U.S.C. 1151(13).
\31\ See 49 CFR 1580.3 and 1580.100(b). See also discussion in
73 FR 72130 at 72134 (Nov. 26, 2008).
---------------------------------------------------------------------------
In March of 2010, DOT's Pipeline and Hazardous Materials Safety
Administration (PHMSA) issued a final rule: ``Hazardous Materials:
Risk-Based Adjustment of Transportation Security Plan Requirements.''
\32\ This PHMSA final rule amended PHMSA's security requirements for
hazardous material (hazmat) transportation under 49 CFR part 172 of the
Hazardous Material Regulations (HMR),\33\ applicable to freight
railroad carriers, motor carriers, and shippers and receivers of
hazmat. In addition to amendments to security planning requirements,
the PHMSA final rule provided a revised list of hazardous materials for
which a security plan is required. DOT worked closely with TSA to align
the proposed lists of materials subject to their security programs with
ongoing efforts by TSA. The materials considered included certain
explosives, compressed gases and flammable liquids, poisonous gases and
materials, corrosive materials, radioactive materials, and chemicals
listed by the Chemical Weapons Convention. There were also requests to
PHMSA to harmonize the list of materials for which security plans are
required with the list of materials designated as high consequence
dangerous goods for which enhanced security measures are recommended in
the United Nations Model Regulations on the Transport of Dangerous
Goods (UN Recommendations). Discussions regarding the materials
identified in the PHMSA regulations can be found in the preambles to
their relevant rulemakings.\34\
---------------------------------------------------------------------------
\32\ 75 FR 10974 (Mar. 9, 2010). Additional information is
included in the preamble to the related NPRM. See 73 FR 52558 (Sept.
9, 2008).
\33\ These regulations are also referred to as HM-232.
\34\ See supra, n. 32.
---------------------------------------------------------------------------
TSA proposes to adopt the PHMSA list for purposes of defining TSSM.
This approach avoids unnecessary duplication and ensures consistent
alignment of the materials meeting this standard in Federal
regulations. A discussion regarding the materials in the list can be
found in the preamble to PHMSA's final rule.\35\
---------------------------------------------------------------------------
\35\ 75 FR at 10977.
---------------------------------------------------------------------------
B. Amendments to Part 1503
TSA is proposing minor amendments to part 1503 (Investigative and
Enforcement Procedures) as necessary to conform these regulations to
changes made by the proposed rule. In Sec. 1503.101(b), the scope of
statutory provisions is amended to add authorities in title 6 U.S.C.
that are administered by the TSA Administrator--which are relevant to
this proposed rule. These are conforming amendments with no cost
impact.
C. Amendments to Part 1520
TSA is also proposing to modify part 1520 (Protection of Sensitive
Security Information). TSA is required to promulgate regulations
governing the protection of information obtained or developed in
carrying out security under the authority of ATSA \36\ if public
disclosure of that information could be detrimental to transportation
security. TSA's current SSI regulation, 49 CFR part 1520, establishes
certain requirements for the recognition, identification, handling, and
dissemination of SSI, including restrictions on disclosure and civil
[[Page 91345]]
penalties for violations of those restrictions. DOT has nearly
identical SSI authority (49 U.S.C. 40119) and a nearly identical SSI
regulation (49 CFR part 15).\37\
---------------------------------------------------------------------------
\36\ See 49 U.S.C. 114(r).
\37\ For more information on these regulations, see 69 FR 28078
(May 18, 2004).
---------------------------------------------------------------------------
Because TSA is expanding the scope of its regulatory requirements
in order to fulfill the mandates of the 9/11 Act, it is necessary to
conform the SSI provisions to include these transportation security-
related requirements. The proposed amendments are limited to: (1)
Eliminating unnecessary terms from part 1520 that are added to part
1500 and (2) replacing the limiting term ``rail transportation security
requirement'' with ``surface transportation security requirement.'' In
some places, such as the definition of ``vulnerability assessment'' in
Sec. 1520.3, TSA is proposing to streamline a lengthy description of
types of transportation to simply state ``aviation, maritime, or
surface transportation.''
The impact of these minor revisions should also be minimal. Under
Sec. 1520.7(j), any person who has access to SSI is required to
protect it according to the requirements of the regulation. While some
of the proposed population that would be affected by this rule has not
previously been subject to TSA regulations, most of them have
previously received SSI information from TSA, as well as training on
the proper handling of SSI, and have procedures in place to ensure the
requirements of the regulation are met.\38\
---------------------------------------------------------------------------
\38\ Publicly available information on proper handling of SSI is
available on TSA's Web site at www.tsa.gov.
---------------------------------------------------------------------------
TSA's regulations for SSI have a counterpart in DOT regulations
under 49 CFR part 15. Any comments received on these proposed
amendments will be shared with DOT. As these are parallel rules,
assuming there are changes to part 1520 adopted as part of this notice
and comment rulemaking, DOT may subsequently make similar changes to
part 15. We invite comments on the proposed changes to part 1520, and
we will share with DOT any comments received on potential changes to
part 15. We also invite comments on this process for making changes to
both parts.
D. Amendments to Part 1570
1. Overview of Changes and Structure
TSA is proposing to divide part 1570 into four subparts: (1)
Subpart A would cover general requirements applicable to all aspects of
subchapter D to chapter XII of title 49; (2) subpart B provides the
general framework for security programs; (3) subpart C covers
operational requirements; and (4) subpart D would move and consolidate
general provisions related to security threat assessments (STAs) which
are more specifically addressed in part 1572. As previously discussed,
mode--specific requirements are contained in subsequent parts. Because
of the significant restructuring of part 1570, the proposed rule text
includes the entirety of the revision--not just the parts that would be
added because of this rulemaking. This includes terms applicable to the
STAs required by part 1572, as well as related STA provisions that TSA
proposes moving to new subpart D.
2. Subpart A--General
Terms and Definitions (Sec. 1570.3)
As previously indicated, TSA is proposing to move several terms
from Sec. 1570.3 to Sec. 1500.3 as part of a general effort to
streamline TSA's regulations by consolidating terms used in multiple
parts. In addition, TSA is proposing to add the terms identified in
Table 4 to Sec. 1570.3 as they are used in multiple sections of
subchapter D to chapter XII of title 49.
Table 4--Explanation of Proposed Terms and Definitions
------------------------------------------------------------------------
Summary of change Explanation
------------------------------------------------------------------------
Propose adding definition of This term is used in the
``Contractor''. definition of ``employee'' for
purposes of this subchapter
and is based on a definition
of contractor used in DOT
regulations, see, e.g., 49 CFR
655.4.
Propose adding definition for This term is used in several
``Employee''. definitions, most notably, the
definition of ``security-
sensitive employee,'' which is
the term used to define the
scope of individuals who must
be trained under the proposed
rule (see discussion in III.E)
and the requirements of the
training program. See proposed
definition of ``security-
sensitive employee'' in 49 CFR
1580.3, 1582.3, and 1584.3. It
is also used in sections
regarding responsibility for
compliance (proposed 49 CFR
1570.13), and terms used for
``chain of custody''
requirements in proposed 49
CFR 1580.3 (currently 49 CFR
1580.107).
Propose adding definition of This term is used in the
``Immediate supervisor''. definition of ``Employee.'' It
is intended to ensure that any
``immediate supervisors''
performing security-sensitive
functions for an owner/
operator receive the required
security training. It is also
intended to limit the layers
of management that must
receive security training to
those who have an actual nexus
to transportation security.
More information can be found
in the discussion of employees
required to be trained in
preamble section III.E.
Propose adding definition of ``Security- This term is used in provisions
sensitive employee''. of part 1570 as part of the
proposed security training
requirements. The definition
provides a signal to find the
appropriate mode-specific
definitions in 49 CFR parts
1580, 1582, and 1584.
Propose adding definition of ``Security- This term is used in provisions
sensitive job function''. of part 1570 as part of the
proposed security training
requirements. The definition
provides a signal to find the
appropriate mode-specific
definitions in 49 CFR parts
1580, 1582 and 1584.
------------------------------------------------------------------------
[[Page 91346]]
Security Responsibilities for Employees and Other Persons (Sec.
1570.7)
In proposed Sec. 1570.7, TSA is seeking to make its regulations
regarding the responsibility for compliance consistent for all modes.
Under 49 U.S.C. 114(f), TSA is required to enforce security related
regulations and requirements and oversee the implementation of security
measures for all modes of transportation.\39\ As with the similar
aviation regulation, the obligation for compliance is not limited to
owner/operators specifically referenced under applicability provisions.
Any person may be held to have violated these proposed rules, including
contractors who provide service to owner/operators and the employees of
such contractors. For example, a contractor who is authorized by an
owner/operator to provide security training to individuals performing
security-sensitive functions on the owner/operator's behalf would be
expected to fulfill all of the responsibilities under these three parts
with respect to such training. Similarly, contractors would also be
subject to inspection for compliance with this proposed rule and
enforcement actions when appropriate (see following discussion on
proposed Sec. 1570.9 for more information on TSA's investigatory and
enforcement authority).
---------------------------------------------------------------------------
\39\ See 49 U.S.C. 114(f)(7) and (11). A similar provision
applicable to aviation employees and other related persons is in 49
CFR 1540.105(a)(1) and (b).
---------------------------------------------------------------------------
Compliance, Inspection, and Enforcement (Sec. 1570.9)
TSA is mandated to: (1) Enforce its regulations and requirements;
(2) oversee the implementation and ensure the adequacy of security
measures; and (3) inspect, maintain, and test security facilities,
equipment, and systems for all modes of transportation.\40\ This
mandate applies even in the absence of regulations stating the
authority, but TSA has chosen to include a restatement of its authority
in its regulations. The statute specifically requires TSA to--
---------------------------------------------------------------------------
\40\ See 49 U.S.C. 114(f).
---------------------------------------------------------------------------
Assess threats to transportation;
Enforce security-related regulations and requirements;
Inspect, maintain, and test security of facilities,
equipment, and systems;
Ensure the adequacy of security measures for the
transportation of cargo;
Oversee the implementation, and ensure the adequacy, of
security measures at airports and other transportation facilities;
Require background checks for airport security screening
personnel, individuals with access to secure areas of airports, and
other transportation security personnel; and
Carry out such other duties, and exercise such other
powers, relating to transportation security as the Administrator
considers appropriate, to the extent authorized by law.
While current part 1570 includes a provision stating TSA's
compliance, inspection, and enforcement authority, it is not as
detailed as what TSA has promulgated in more recent regulations.\41\
Therefore, TSA is proposing to transfer the text of current Sec.
1580.5 to subpart A as proposed Sec. 1570.9, with minor modifications
to reflect the addition of certain bus operations that have previously
been unregulated by TSA.\42\
---------------------------------------------------------------------------
\41\ Compare current Sec. 1570.11 with current Sec. 1580.5.
The provision in part 1580 is also consistent with 49 CFR 1542.5,
1544.3. 1546.3, 1548.3, and 1549.3.
\42\ A more detailed discussion of current Sec. 1580.5, still
relevant to the proposed section, can be found in the preamble for
current part 1580. See 71 FR 76852 (Dec. 12, 2006) (NPRM) and 73 FR
72130 (Nov. 26, 2008) (Final Rule).
---------------------------------------------------------------------------
3. Subpart B--Security Programs
As previously noted, TSA intends to consolidate and avoid
duplication of requirements in its regulations by placing all of the
security program requirements that are consistent across all modes in
subpart B. These include: (1) Submission, review, and approval of the
program; (2) procedures for amending the program; (3) the training
schedule (including initial and recurrent training, previous training,
relation to other training, and failure to train); and (4)
recordkeeping. Proposed requirements for which employees must be
trained and content of the program are found in the proposed revisions
to part 1580 (freight rail) and new parts 1582 (PTPR) and 1584 (OTRB).
Program Content (Sec. 1570.103)
Under the statutory requirements, TSA must issue regulations
mandating security training for owner/operators of public
transportation agencies, railroads, and OTRBs.\43\ In proposing these
regulations, TSA assumes that Congress intended the requirement to
provide for the use of ``existing procedures, protocols, and standards
to satisfy the regulatory requirements'' for vulnerability assessments
and security plans apply equally to security training.\44\ Proposed
Sec. 1570.3 implements these requirements by stating that each owner/
operator required to have a security program under proposed parts 1580,
1582, and 1584 must address all of the identified requirements. In
addition, the proposed section implements the requirement to allow for
use of existing programs by allowing the owner/operators to include
these existing programs as an appendix. The owner/operators would be
required to cross-reference the relevant portions of the appendix or
TSA could assume it is all part of the security program and enforce it
as such.
---------------------------------------------------------------------------
\43\ See 6 U.S.C. 1137, 1167, and 1184.
\44\ See 6 U.S.C. 1162(j) and 1181(i) (use of existing
procedures, protocols, and standards to satisfy regulatory
requirements).
---------------------------------------------------------------------------
To minimize costs of compliance, TSA may identify pre-existing or
widely-available training programs that meet some or all of this
proposed rule's requirements. If owner/operators decide to use a
program already determined by TSA to meet the proposed rules
requirements, the owner/operator must notify TSA of the program name,
presenter, modifications made to the training material since the
program was approved by TSA, and the last date of modification. If TSA
has already determined the program meets some or all of the
requirements for the proposed rule and is applicable to the owner/
operator's operations, it would be unnecessary for the owner/operator
to submit a copy of the program to TSA for approval or include it in
the appendix.
Responsibility for Determinations (Sec. 1570.105)
As part of this rulemaking, TSA is proposing to apply the
requirements to the highest-risk operations within the three modes
identified by the 9/11 Act. As part of the surface security
requirements in the 9/11 Act, TSA is required to develop risk
tiers.\45\ The criteria used for determining the highest-risk tier for
each mode is discussed in more detail in section III.F of this NPRM.
The text of proposed Sec. 1570.105(a) informs owner/operators that TSA
has determined the applicability criteria, but it is the owner/
operator's responsibility to determine whether their operations meet
the criteria.
---------------------------------------------------------------------------
\45\ For public transportation, 6 U.S.C. 1137(e) states that any
public transportation agency that receives a grant under 6 U.S.C.
1135 shall be required to develop and implement a training program
pursuant to this section. The grant program implemented under sec.
1135 relies on high-risk determinations. See also 6 U.S.C. 1162(a)
and (h) and 1181(a) and (h) (Secretary shall identify risk tiers for
freight railroads and OTRB and apply regulatory requirements to
those at the highest-risk).
---------------------------------------------------------------------------
The proposed rule would require owner/operators to notify TSA
within 30 days of the effective date of the final rule if they meet the
criteria for applicability. In addition to publishing the regulatory
requirements in the Federal Register, TSA will work with
[[Page 91347]]
the relevant associations for each of the modes to ensure their
memberships are apprised of the requirements. TSA will identify the
form and manner of notification in the final rule consistent with cost-
effective methodologies at that time. Because the proposed rule would
require owner/operators to determine whether the criteria apply, TSA
could bring an enforcement action against an owner/operator that meets
the criteria, but has failed to comply with the requirements.
The obligation to self-determine applicability also applies to new
and existing operations (those commencing after publication of the
final rule). They would be required to notify TSA no later than 90
calendar days before commencing operations or implementing
modifications that would put them within the applicability of the
requirements.
Recognition of Previous Training (Sec. 1570.107)
As previously noted, TSA is required to allow use of existing
programs to satisfy the security program requirements implemented as a
result of 9/11 Act's provisions.\46\ Under proposed Sec. 1570.107, an
owner/operator could rely on previous training that occurred within the
identified periods for initial or recurrent training. In order to use
previous training, the owner/operator would need to validate the
training provided satisfies the requirements of this proposed rule--
including records of training, curriculum, and appropriateness for the
employee and owner/operator's operations.
---------------------------------------------------------------------------
\46\ See 6 U.S.C. 1162(j) and 1181(i) (use of existing
procedures, protocols, and standards to satisfy regulatory
requirements).
---------------------------------------------------------------------------
Security Training Program Submission, Review, and Approval (Sec.
1570.109)
The 9/11 Act's requirements include specific deadlines for
submission of programs and TSA's review.\47\ Proposed Sec. 1570.109
identifies the required deadlines for submitting security training
programs and TSA approval.
---------------------------------------------------------------------------
\47\ See 6 U.S.C. 1137(d)(1) and (2), 1167(d)(1) and (2), and
1184(d)(1) and (2) (must submit program 90 days from effective date,
TSA must approve within 60 days of receipt or notify of need for
revisions).
---------------------------------------------------------------------------
In general, not later than 90 days from the effective date of the
final rule, owner/operators would be required to submit programs to TSA
in a form and manner prescribed by TSA. Owner/operators commencing new
businesses or operations that would make them subject to this proposed
rule would be required to submit their security training programs to
TSA no less than 60 days before commencing operations. In the final
rule, TSA will provide details for submission (encouraging use of a
secure Web site or other electronic submissions). TSA assumes
submission would likely be by email or mail service, but requests
comments on preferences. Consistent with requirements of the 9/11 Act,
TSA would review the programs within 60 days of receipt and either
approve them or specify changes that would be needed for approval.\48\
If TSA requires changes, the owner/operator would be required to submit
a modified training program that meets TSA's specifications within 30
days of notification by TSA of the needed changes. The section includes
the availability to request reconsideration of any TSA-required
modifications. TSA provides an analysis of burden and estimated costs
associated with this information collection in section V.A. of this
preamble and the draft OMB 83-I Supporting Statement for its
information collection request, which is available in the docket for
this rulemaking.
---------------------------------------------------------------------------
\48\ See 6 U.S.C. 1137(d)(1) and (2), 1167(d)(1) and (2), and
1184(d)(1) and (2) (TSA must approve within 60 days of receipt or
notify of need for revisions).
---------------------------------------------------------------------------
Initial training (Sec. 1570.111(a))
Consistent with the 9/11 Act's requirements, TSA proposes that
existing employees must be trained within one year of TSA's approval of
the program.\49\ As further required by the 9/11 Act, initial training
for new employees or those transitioning to a covered job function (as
identified in proposed Appendix B to parts 1580 (freight rail), 1582
(PTPR), and 1584 (OTRB), must occur within the first 60 days of the
date an employee begins to perform a security-sensitive function.\50\
---------------------------------------------------------------------------
\49\ See 6 U.S.C. 1137(d)(3), 1167(d)(3), and 1184(d)(3) (no
later than 1 year after approval of security training program,
owner/operator must have trained all covered employees).
\50\ This is a mandatory requirement for railroads and OTRB
companies. See 6 U.S.C. 1167(d)(3) and 1184(d)(3) (New employees
must be trained within first 60 days of employment).
---------------------------------------------------------------------------
During the consultation process at the initial stages of this
rulemaking, some stakeholders objected to a one-year deadline for
completion of initial training. While the 9/11 Act does not provide for
flexibility on the initial training schedule, TSA has attempted to
address these concerns through provisions on recurrent and previous
training (as discussed in section III.D.3 of this NPRM). In addition,
TSA is proposing to include a section allowing regulated parties to
request an extension if they cannot meet the required training
schedule.\51\
---------------------------------------------------------------------------
\51\ See Sec. 1570.115(c) of this proposed rule.
---------------------------------------------------------------------------
Proposed Sec. 1570.111(a)(3) is included to address the situation
of non-permanent employees. TSA recognizes that some individuals may be
intermittently employed as contractors or representatives to perform
security-sensitive functions; they might not perform these functions
for 60 or more consecutive calendar days. For example, an employee may
function as a maintenance worker for a 30-day period and then, at a
later date, perform that function for another period of 30 days or
longer. This may also include individuals who are employed by multiple
owner/operators, such as multiple-employer drivers.\52\ The proposed
rule would require that such individuals receive training within 60
calendar days after employment that meets the definition of a security-
sensitive employee.\53\
---------------------------------------------------------------------------
\52\ Such as individuals meeting the definition of ``multiple-
employer driver'' in the Federal Motor Carrier Safety Administration
(FMCSA) regulations at 49 CFR 390.5.
\53\ See discussion of ``security-sensitive employees'' in
section III.E. of this NPRM.
---------------------------------------------------------------------------
In general, this means that an employee would need to be trained
within 60 days of beginning permanent employment in a position that may
perform a security-sensitive function, whether full or part-time. If,
however, an individual is employed on an intermittent or non-permanent
basis, such as a contractor who is employed in a position that may
perform a security-sensitive function for short durations, then the
training would need to take place before the individual's total time of
employment by the owner/operator equals sixty calendar days within a
consecutive twelve-month period. TSA recognizes that some owner/
operators may address this requirement by requiring training for all
regular contractors or other individuals employed for short, but
regular durations. TSA requests comments on other options for
determining accumulated days of employment and for ensuring owner/
operators do not engage in employment practices or use of contractors
to avoid the requirements of this proposed rule.
As previously noted, the proposed rule includes a provision
regarding use of previous training (see discussion on proposed Sec.
1570.107). TSA is aware of stakeholder concerns regarding the schedule
for initial training, but TSA is also aware that many of the affected
owner/operators have already implemented initial employee security
training--frequently through the use of
[[Page 91348]]
grant funds provided by DHS for that purpose.\54\ TSA invites comments
on these requirements as they appear in the proposed rule.
---------------------------------------------------------------------------
\54\ Congressional appropriations to FTA fund course offerings
to public transportation agencies that meet some of the requirements
in this proposed rule. Similarly, appropriations through DHS fund
the provision of courses in prevention and response that are
available to PTPR agencies. Further, FTA and FEMA courses that may
meet portions of this proposed rule are listed among the approved
vendors and programs for use of TSGP awards.
---------------------------------------------------------------------------
In meeting the initial training schedule, TSA expects that many
owner/operators will rely on the provisions in proposed Sec. 1570.107,
which provides standards for accepting previous training. Under this
section of the proposed rule, TSA would allow ``training credit'' to be
given for employees who received training that satisfies the
requirements of the proposed rule within one year before its effective
date.
This may include emergency preparedness plans that railroads
connected with the operation of passenger trains must implement to
address such subjects as communication, employee training and
qualification, joint operations, tunnel safety, liaison with emergency
responders, on-board emergency equipment, and passenger safety
information, as well as policies that transit agencies implement to
ensure safety promotion to support the execution of the Transit Agency
Safety Plan by all employees, agents, and contractors for the rail
fixed guideway public transportation system.\55\ See discussion of
these training programs in section III.I. of this NPRM. Similarly,
public transportation agencies may have been providing training through
funds granted under the TSGP.
---------------------------------------------------------------------------
\55\ Id.
---------------------------------------------------------------------------
The recordkeeping provisions of the proposed rule require an owner/
operator to provide current and former employees with documentation
upon request of any training completed to meet the requirements of this
rule.\56\ Options for compliance with this requirement could include
providing employees with certificates to validate completed training.
---------------------------------------------------------------------------
\56\ See Sec. 1570.121 of the proposed rule.
---------------------------------------------------------------------------
This proposed requirement anticipates situations where an employee
may have received training from a previous owner/operator, as well as
industry practices where employees may work for multiple owner/
operators (such as commercial drivers operating OTRBs). If an owner/
operator can validate that an employee has received the required
training within the specified timeframe, the training would not need to
be repeated. Because it would be the obligation of the current owner/
operator to ensure that all training requirements are met, that owner/
operator would be responsible for ensuring that any previous training
courses satisfy the proposed rule's requirements and documenting that
the training was received within the required timeframe.
Finally, there may be situations where ``dual-hatted'' or other
specific-function employees are required to receive security training
from other sources as part of their jobs, such as railroad police
officers employed by the owner/operator. As indicated above, it is the
obligation of the owner/operator to ensure and document the training,
including training received under these circumstances.
Recurrent Training (Sec. 1570.111(b))
Recurrent training is essential for maintaining a high level of
security awareness. The 9/11 Act recognizes this by requiring routine
and ongoing training for public transportation employees.\57\ Congress
has left it to the discretion of TSA to determine the appropriate
schedule for recurrent training and to require a similar schedule for
railroad and OTRB employees.\58\
---------------------------------------------------------------------------
\57\ See 6 U.S.C. 1137(f).
\58\ See 6 U.S.C. 1137(c)(11), 1167(c)(12), and 1184(c)(12).
---------------------------------------------------------------------------
TSA believes annual recurrent training is essential for
transportation employees to maintain a high level of awareness,
competency, and currency with overall changes in security posture
within the surface transportation environment. TSA's decision is
consistent with several key considerations, including: (1) Other TSA
regulations requiring training, as well as similar training required
for TSA employees; (2) the difficulty of learning, developing, and
demonstrating security awareness in the dynamic aspects of the surface
transportation environment, and (3) industry recommended guidelines for
security awareness training.
TSA requires annual training for aviation workers. For example,
regulations applicable to Ground Security Coordinators used by aircraft
operators specifically require annual training.\59\ Other aviation
workers are required to receive annual recurrent training as part of
the approved security program (including aircraft operators, indirect
air carriers, air cargo, etc.).\60\
---------------------------------------------------------------------------
\59\ See 49 CFR 1544.233.
\60\ The relevant security program requirements are under 49 CFR
1544.233, 1544.235, 1544.407, 1548.5, and 1549.103.
---------------------------------------------------------------------------
TSA's decision to require annual training is supported by the
Difficulty-Importance-Frequency (DIF) model \61\ that TSA uses for
determining training requirements for its own employees.\62\ The DIF
model uses three design criteria: Difficulty, importance, and
frequency.
---------------------------------------------------------------------------
\61\ Bill Melton & J. Bahlis, ``ADVISOR Enterprise Difficulty-
Importance-Frequency (DIF) Model Fact Sheet'', BNH Expert Software
Inc. (February 23, 2011), available at http://www.bnhexpertsoft.com/english/products/advent/ADVISOR_DIF_Model.pdf. DIF is a standard
instructional design tool used by a variety of users including the
Department of Defense (DOD), the Department of Energy (DOE), and
private sector education and healthcare providers, to determine
training priority and frequency of training.
\62\ The proposed schedule is consistent with TSA's security
awareness training for its own employees--including annual training
on operational security (OPSEC), responding to active shooter
incidents, and social engineering that could undermine security of
information systems.
---------------------------------------------------------------------------
TSA's subject matter experts responsible for TSA-related training
determined that measuring the proposed security training program
against these standards supports annual training as: (1) The difficulty
of learning surface transportation security awareness related
information is at the medium/moderately difficult range because it
requires decision making when applying what one has learned; (2) the
importance of conducting this security training is at the high/very
important range because the cost of failure is high and would cause
damage and losses in the event of an attack; and (3) the frequency of
how often the task would be performed is within medium range.
TSA's decision is also supported by the American Public
Transportation Association (APTA) and their recommendations for
security training: Security Awareness Training for Transit
Employees.\63\ Developed in collaboration and consultation with TSA and
transportation industry stakeholders, the recommended practice provides
minimum guidelines for security awareness training for all transit
employees to strengthen transit system security. APTA ``recommends that
all transit employees be refreshed on transit security awareness
objectives annually, in an abbreviated method at least . . . to reflect
advancements or modifications to criminal and terrorist activities and
reinforce the security awareness training that employees received
initially.''
---------------------------------------------------------------------------
\63\ APTA Security Risk Management Working Group., ``Security
Awareness Training for Transit Employees'' (March 2012), APTA-SS-
SRM-RP-005-12.
---------------------------------------------------------------------------
TSA does not find it necessary to include the ``abbreviated
method'' option used by APTA as part of the proposed rule for two
reasons. First, the
[[Page 91349]]
First ObserverTM program, discussed more fully in section
III.J. of this NPRM, will meet most of the training requirements in
approximately one hour. Having reviewed a wide variety of programs that
could be used to meet elements of the 9/11 Act's requirements, TSA is
not aware of any other existing material that could meet all of the
proposed requirements in such an abbreviated period.\64\ To the extent
owner/operators intend to continue to use their existing training
program to meet the regulatory requirements, they may want to consider
using First ObserverTM as an abbreviated form of recurrent
training.
---------------------------------------------------------------------------
\64\ As part of the 2013 Notice, TSA included a matrix in the
docket of training programs that meet elements of the 9/11 Act's
requirements. The matrix is available in the docket for the 2013
Notice at: https://www.regulations.gov/ (search for ''TSA-2013-0005-
0084''). Of the 20 programs listed, none of them addressed all of
the 9/11 Act requirements.
---------------------------------------------------------------------------
Second, owner/operators could request to use some other type of
abbreviated security training as an alternative measure for compliance.
Owner/operators may request to use alternative measures as part of the
interactive and iterative process TSA intends to use for approval and
review of required security programs, as detailed in proposed 49 CFR
1570.117. Under this proposed section, the owner/operator must
establish that the alternative is in the best interest of the public
and transportation security. When applied to recurrent training, TSA
may require validation that the expected baseline of security awareness
is reached and maintained with the abbreviated program. For example,
the owner/operator may propose abbreviated training for employees who
can pass a pre-test.
TSA is aware that an annual recurrent training requirement could
present challenges for owner/operators who must also meet other
regulatory training requirements. For example, FRA requires a two-year
recurrent training schedule for the emergency preparedness training
required under 49 CFR part 239 (emergency response and evacuation for
rail passengers). The security training required by PHMSA under 49 CFR
part 172 (securing transportation of hazardous materials) is on a
three-year recurrent training cycle. As TSA does not control these
training schedules, we cannot harmonize all of them through this
rulemaking. To the extent, however, that owner/operators must comply
with these other training requirements, they may be able to use them as
part of their program to meet the meet recurrent training requirements.
TSA is interested in comments regarding options for harmonizing
training schedules and for adding efficiencies with other relevant
regulatory requirements.
While TSA is proposing annual recurrent training, a three-year
recurrent cycle is included as a programmatic alternative. The results
of the cost analysis for this alternative can be found in chapter III
section K of the Regulatory Impact Analysis (RIA) for this rulemaking,
which is included in the public docket.
Amendments to the Security Program (Sec. Sec. 1570.113 and 1570.115)
Allowing owner/operators to revise or amend their programs, as
proposed in Sec. 1570.113, is a subset of addressing the 9/11 Act's
requirements for implementation and submission or programs.\65\ It is
also consistent with TSA's statutory authority to allow exemptions from
regulatory requirements.\66\ Proposed Sec. 1570.113 includes
procedures allowing an owner/operator to submit a request to TSA to
amend its program and the standard for TSA's approval of that request.
The proposed section identifies appropriate reasons for amending
programs, such as changes to an operating environment that could
include new equipment or changes in station construction. If the
operating environment changes, it is reasonable to expect that some
aspects of the security training program would also need to be revised.
TSA may approve an amendment if it is in the interest of public and
transportation security and meets the required security standards. TSA
could ask for additional information or time in order to makes its
determination.
---------------------------------------------------------------------------
\65\ See 6 U.S.C. 1137(d) (public transportation), 1167(d)
(railroads), and 1184(d) (OTRB).
\66\ See 49 U.S.C. 114(q) (Under Secretary may grant exemptions
from regulatory requirements).
---------------------------------------------------------------------------
Similarly, TSA may need to require amendments in the interest of
the public and transportation security. The 9/11 Act specifically
provides that TSA must update the requirements, as appropriate, ``to
reflect new or changing security threats'' and owner/operators shall
change their programs and retrain employees as necessary within a
reasonable time.\67\ As indicated in proposed Sec. 1570.115, TSA could
require owner/operators to revise their training based on emerging
threats or methods for addressing emerging threats. For example, the
curriculum requirements identified in the 9/11 Act do not address
training to respond to active shooter incidents. Following several
active shooter incidents, including one that resulted in the death of a
Transportation Security Officer in Los Angeles, Congress prioritized
the need for this type of training.\68\ As with other requirements
imposed by TSA, the owner/operator could request a petition for
reconsideration of TSA-required amendments.
---------------------------------------------------------------------------
\67\ See 6 U.S.C. 1137(d)(4) and 1167(d)(4) and 1184(d)(4).
\68\ See Gerardo Hernandez Airport Security Act of 2015, Public
Law 114-50, 159 Stat. 490 (Sept. 24, 2015).
---------------------------------------------------------------------------
Alternative Measures (Sec. 1570.117)
The proposed rule includes procedures allowing for an owner/
operator to submit a request to use alternative measures to satisfy all
of some of the requirements of subchapter D and the standard for TSA to
approve such a request. For example, the owner/operator could request
to extend the time periods for submitting its training program or for
training all of its security-sensitive employees. In reviewing such a
request, TSA would expect the owner/operator to demonstrate good cause
for the extension. Under this provision, an owner/operator could
request a waiver from some or all of the regulatory requirements. TSA
could grant such a request under the authority 49 U.S.C. 114(q), which
provides the TSA Administrator with authority to consider and grant
requests from an owner/operator for a waiver from all or some of the
regulatory requirements. For example, a freight railroad may meet the
criteria for applicability, but the operations that trigger
applicability may be a de minimis part of its overall business
operations. In such a situation, the owner/operator might consider
requesting either a complete waiver or an alternative that limits the
requirements to a more discrete part of its business. Proposed Sec.
1570.117 would include the procedures for requesting such a waiver,
procedures for requesting the use of alternative measures, and
identification of the types of information TSA would need in order to
make a decision to grant such requests. In general, TSA would need to
consider factors, such as risk associated with the type of operation,
any relevant threat information, and any other factors relevant to
potential risk to the public and transportation security.
Petitions for Reconsideration (Sec. 1570.119)
Proposed Sec. 1570.119 describes the review and petition process
for TSA's reconsideration when it denies a request for amendment,
waiver, or alternative measures--as well as a TSA requirement to modify
or amend a
[[Page 91350]]
program. If an owner/operator challenges the decision, the owner/
operator would be required to submit a written petition for
reconsideration within the time frame identified in the applicable
section.\69\ The petition would need to include a statement, with
supporting documentation, explaining why the owner/operator believes
the reason for the denial or for the amendment, as applicable, is
incorrect. If the owner/operator requested the amendment, the results
of the reconsideration could be confirmation of TSA's previous denial
or approval of the proposed amendment. If the issue involves a TSA
required amendment, the results of the reconsideration could be
withdrawal, affirmation, or modification of the amendment. TSA would
consider whether a disposition pursuant to proposed 49 CFR 1570.119
would constitute a final agency action for purposes of review under 49
U.S.C. 46110.
---------------------------------------------------------------------------
\69\ The proposed rule would require petitions for
reconsideration to be submitted no later than 30 days of a TSA
requirement to modify under Sec. 1570.109, denial of an owner/
operator-requested amendment under Sec. 1570.111, or denial of a
request for waiver or alternative measures under Sec. 1570.117;
submission would be required within 15 days for a TSA-required
amendment under Sec. 1570.113.
---------------------------------------------------------------------------
Recordkeeping Requirements (Sec. 1570.121)
TSA proposes that owner/operators create and maintain lists of
their security-sensitive employees and when they received training that
meets the requirements of the proposed rule. Specifically, records
would need to include each trained employee's name, job title or
function, date of hiring, and date and course information on the most
recent security training that each employee received. Records for
individual employees would need to reflect the training courses
completed and date of completion. Training records for each employee of
initial and recurrent training would need to be maintained by owner/
operators for no less than five years from the date of the training and
available at any location(s) specified in the security training program
approved by TSA.
The proposed rule provides flexibility to owner/operators to decide
whether to maintain the records in electronic format provided that (1)
any electronic records system used is designed to prevent tampering,
loss of data, or corruption of records, and (2) paper copies of
records, and any amendments to those records, would be made available
to TSA upon request for inspection or copying. Whether the records are
kept in electronic or other form, the employee must be provided with
proof of training upon request, at any time during the five-year
recordkeeping period without regard to the requestor's current status
as an employee of that entity. As discussed above in ``Initial training
(Sec. 1570.111(a)),'' owner/operators may meet this requirement to
provide proof of training by providing a certificate or other similar
documentation to the employee upon completion of training. In order for
TSA to allow any owner/operator to rely upon previous security training
to satisfy the requirements of this proposed rule, it is critical that
employees be able to validate whether they received previous training.
TSA assumes training records are unlikely to include SSI, but
nonetheless provides a reminder in the proposed section that any SSI
maintained as a result of these recordkeeping requirements must be
maintained consistent with the standards in 49 CFR part 1520. For
example, an owner/operator may decide to keep a copy of the content of
the training program with the employee files (which is not required by
the proposed rule), if the curriculum contains SSI information, any
file it is in would need to be stored as required by the SSI
regulations. Owner/operators needing additional information about
appropriately maintaining SSI may contact TSA for assistance and/or
find information on TSA's Web site.\70\
---------------------------------------------------------------------------
\70\ See https://www.tsa.gov/for-industry/sensitive-security-information.
---------------------------------------------------------------------------
4. Subpart C--Operations
Under current regulations (49 CFR part 1580), TSA requires freight
and passenger railroad carriers, rail transit systems, rail hazardous
materials shippers, and certain rail hazardous materials receivers to
appoint ``rail security coordinators'' \71\ (RSCs) and report
significant security concerns to TSA.\72\ The RSC, serve as the
security liaisons to TSA, providing a single point of contact for
receiving communications and inquiries from TSA concerning threat
information or security procedures, and coordinating responses with
appropriate law enforcement and emergency response agencies. The
information reported to TSA provides information from the frontline of
rail transportation that can be used to identify developing threats
based on consolidated reporting and trend analysis. Because of the
benefits of this requirement to transportation security, TSA is
proposing to extend these requirements to the modes of transportation
covered by this proposed rule that are not currently subject to the
requirements of 49 CFR part 1580.
---------------------------------------------------------------------------
\71\ See 49 CFR 1580.101 and 1580.201.
\72\ See 49 CFR 1580. 105 and 1580.203.
---------------------------------------------------------------------------
Security Coordinator Requirements (Sec. 1570.201)
As previously noted, TSA currently requires security coordinators
for rail operations including freight, passenger, and public
transportation. In addition to mandating security coordinators for
railroads, the 9/11 Act also requires security coordinators for OTRB
companies.\73\ Consistent with this mandate, TSA proposes to extend the
requirement to appoint a primary and at least one alternate security
coordinator for OTRB companies and the bus operations of PTPR owner/
operators (with a limited impact as most public transportation bus
agencies are part of a larger system that is required to have a
security coordinator under current 49 CFR part 1580). This would be
accomplished by moving the provision from part 1580 to subpart C of the
proposed rule and eliminating rail-specific terms from the text.
---------------------------------------------------------------------------
\73\ See 6 U.S.C. 1162(e)(1)(A) (``Identification of a security
coordinator having authority--(i) to implement security actions
under the plan; (ii) to coordinate security improvements; (iii) to
receive immediate communications from appropriate Federal officials
regarding railroad security'').
---------------------------------------------------------------------------
Security coordinators are a vital part of transportation security,
providing TSA and other government agencies with an identified point of
contact with access to company leadership and knowledge of the owner/
operators operations, in the event it is necessary to convey extremely
time-sensitive information about threats or security procedures to an
owner/operator, particularly in situations requiring frequent
information updates. The security coordinator and alternate provide TSA
with a contact in a position to understand security problems;
immediately raise issues with, or transmit information to, corporate or
system leadership; and recognize when emergency response action is
appropriate. The individuals must be accessible to TSA 24 hours per
day, 7 days per week.
The proposed rule does not change the expectation that the security
coordinator and alternate be appointed at the headquarters level. This
proposed rule does not require the security coordinator or alternate to
be a dedicated position staffed by an individual who has no other
primary or additional duties. This proposed rule, however, does require
that the owner/operator have a designated individual
[[Page 91351]]
that TSA may reach at all times. The proposed rule would require the
following information for both the security coordinator and alternate:
Name, title, telephone number(s), and email address. Any change in this
information would have to be provided to TSA within seven days of the
change taking effect.
As previously noted, this is not a new requirement for owner/
operators of railroads, including the rail transit operations of PTPR
owner/operators. If an owner/operator subject to this proposed rule has
provided the required information for primary and alternate RSCs to TSA
in the past, it would not have to take further action to meet the
requirement.\74\ This is the case for passenger rail carriers, freight
railroad carriers, and rail transit systems operated by public
transportation agencies.
---------------------------------------------------------------------------
\74\ The requirement to inform TSA of any changes is not
modified by this proposed rulemaking. Therefore, those currently
covered by the security coordinator and reporting requirements under
current 49 CFR part 1580 must report information regarding changes
to the names, titles, telephone numbers, and email addresses of the
RSCs and alternate RSCs to TSA within seven calendar days of the
change taking effect.
---------------------------------------------------------------------------
Extension and Modification of Requirement To Report Security Concerns
(Sec. 1570.203)
TSA is proposing to make two changes to its existing requirements
in part 1580 to report security concerns to TSA.\75\ As with the
security coordinator requirement, TSA proposes to move and consolidate
the requirement into proposed Sec. 1570.203 and extend it to bus
operations.\76\
---------------------------------------------------------------------------
\75\ See current 49 CFR 1580.105 and 1580.203.
\76\ This extension is within TSA's discretion to require other
actions or procedures determined to be appropriate to address the
security of public transportation and OTRB operations. See 6 U.S.C.
1134(c)(2)(I) and 1181(e)(1)(H).
---------------------------------------------------------------------------
TSA is also proposing to modify the security concerns to be
reported to address a need for clarification and align with other
relevant standards. Since publication of 49 CFR part 1580, some
stakeholders have asked TSA for clarification of the events they are
required to report pursuant to 49 CFR 1580.105 and 1580.203.
Additionally, in December 2012, the U.S. Government Accountability
Office (GAO) published a report on passenger rail security.\77\ In the
report, GAO stated that TSA has inconsistently overseen and enforced
its rail security incident reporting requirement because the agency
does not have guidance published, leading to considerable variation in
the types and number of incidents reported. The GAO recommended that
the agency develop guidance on the types of incidents that should be
reported and this guidance should be disseminated to TSA inspectors and
regulated entities, including rail and transit agencies. Pending this
rulemaking, TSA provided information to the railroads and transit
agencies subject to the requirements of part 1580 to provide more
examples about the types of incidents that should be reported.
---------------------------------------------------------------------------
\77\ See GAO, ``Passenger Rail Security, Consistent Incident
Reporting and Analysis Needed to Achieve Program Objectives,'' GAO-
13-20 (December 2012).
---------------------------------------------------------------------------
TSA is also modifying the list of reportable significant security
concerns to be more consistent with the Nationwide Suspicious Activity
Reporting (SAR) Initiative (NSI). The NSI is a partnership between
Federal, State, local, tribal, and territorial law enforcement that
``establishes a national capacity for gathering, documenting,
processing, analyzing and sharing SAR information . . . in a manner
that rigorously protects the privacy and civil liberties of
Americans.'' \78\ The NSI defines ``suspicious activity'' as ``observed
behavior reasonably indicative of pre-operational planning associated
with terrorism or other criminal activity.'' \79\
---------------------------------------------------------------------------
\78\ See Nationwide SAR Initiative (NSI), ``About the NSI''
(accessed Nov. 3, 2016), available at http://nsi.ncirc.gov/about_nsi.aspx.
\79\ Id.
---------------------------------------------------------------------------
The NSI implements a standardized, integrated approach to
gathering, documenting, processing, analyzing, and sharing information
about suspicious activity that is potentially terrorism-related. In
applying this approach, standards have been developed, setting criteria
for the types of activities that warrant reporting as suspicious and
potentially terrorism-related. These criteria recognize the capability
of law enforcement and security professionals to apply their experience
and expertise to identify significant security concerns by focusing on
the nature of the incidents and the context in which they occur. The
standardized approach among law enforcement officers and security
officials with surface transportation entities produces more
informative reports that can more effectively focus investigative
efforts and intelligence analysis for potential trends and indicators
of terrorism-related activity.
Thus, TSA intends to ensure clarity by incorporating the examples
previously provided to industry and consistency by aligning its
regulations with the concepts of the NSI. The proposed list of
reportable incidents can be found in proposed Appendix A to part 1570
and includes not only a list of incidents, but descriptions and
examples to assist regulated parties in making a determination of
whether an incident fits within the reporting requirements.
Finally, TSA is proposing to modify the schedule for reporting
incidents. Currently the regulation requires immediate reporting to
TSA. If, however, there is an immediate threat, the first priority is
to notify and work with first responders. Therefore, TSA is proposing
to remove the necessity for immediacy and, instead, require
notification within 24 hours of the incident (see proposed 49 CFR
1570.203(a)). This will enable TSA to obtain timely information without
undermining the ability of the owner/operator to appropriately handle a
situation requiring their full attention.
Examples for Reporting Information (Sec. 1570.203(b))
As previously noted, TSA has almost a decade of experience with
incidents reported by railroads under current 49 CFR part 1580. Based
on this experience, TSA recognizes that its ability to analyze the data
and improve the quality of information disseminated back to its
stakeholders is proportional to the quality of information it receives.
Proposed Sec. 1570.203(b) is consistent with the previous reporting
requirements, which reflected the need for detailed and verified
information from individual owner/operators to enhance TSA's ability to
provide timely and useful information products to all of the relevant
stakeholders. While not included in the rule text, Table 5 is being
provided to assist security coordinators and other responsible
officials to understand TSA's expectations for the types of information
that are needed in order to meet the standards of Sec. 1570.203(b).
[[Page 91352]]
Table 5--Examples of Reporting Information Required by Proposed Sec.
1570.203(c)
------------------------------------------------------------------------
Reporting requirements in proposed Sec.
1570.203(c) Examples
------------------------------------------------------------------------
(1) The name of the reporting Company
individual and contact information, Representative: Joe BLOGGS.
including a telephone number or e-mail Company: ABC Rail Road
address. Company.
Address: XXXXX, XX
(Street), XXXXX (City), XX
(State), XXXXX (ZIP).
Phone: (111) 123-1234.
POC Email:
[email protected].
(2) The affected freight or passenger Locomotive: ABCRR,
train, transit vehicle, motor vehicle, Reporting Marks.
station, terminal, rail hazardous Locomotive Number
materials facility, or other facility 1234.
or infrastructure, including Rail Car: ABCRR
identifying information and current Railcar Number XXXX 001234.
location. Train: ABCRR Train
Number XXX of XX, etc.
Facility: ABCRR (Rail
Yard, Subway Station,
Passenger Station, Storage
Yard, Repair Facility, etc.)
and facility physical address.
Right of Way: Mile
Post Marker, Sub-division, and
physical address (as much as
known).
(3) Scheduled origination and ABCRR, Northern
termination locations for the affected Corridor Express-Boston to New
freight or passenger train, transit York, XYZ Line, via X, Y and Z
vehicle, or motor vehicle, including Cities. Train Number XXX of XX
departure and designation city and is currently located at: MP
route. 123.12, XXX Sub-division, XXXX
(City), XX (State).
Transit Vehicle: ABCRR
LRV Number XXXXX etc. Route:
XXX North Corridor. Is
currently located at XXXX Line
Section or XXX Station,
Street, City, State, ZIP.
(4) Description of the threat, At XXXX hours, January
incident, or activity, including who 01, 2020.
has been notified and what action has ABCRR Police Sergeant,
been taken. Joe BLOGGS, badge number XXXX,
ABCRR Police Department
(ABCPD) reported the
following: At WWWW hours,
January 01, 2020, a suspicious
person (described as a white
male, approximately 6'0''
tall, 190 lbs., blonde hair,
approximately 35 to 40 years
of age, wearing a long black
knee[dash]length coat, blue
jeans, red sneakers, and a
XXXX ball club baseball hat)
was detected adjacent to the
ticket vending machine at the
street level entrance to the
XXst Street and YYYYY Avenue,
Station, XXXX (City), XX
(State). The person was deemed
suspicious because although
the temperature at the time
was 85 degrees, he was wearing
a knee[dash]length heavy black
coat. The individual was
sweating and exhibited
nervousness when security
officials were present (the
individual looked away every
time a security official
appeared, so as to not reveal
his face). The individual had
a black ``Traveler,''
``Expandable'' suitcase with
him (estimated measurements:
36'' W X 24''H X 12'' D) with
a red piece of ribbon tied to
the handle. At WWW5 hours, the
individual rapidly departed
the area when a security
official began to approach
him, leaving the black
suitcase behind. A review of
the Closed-circuit television
(CCTV) surveillance system
determined the individual had
arrived at the station at VV30
hours in a Red, 4-door, Land
Rover, VA License Plate
XX123XXXX, which was parked
adjacent to the XXXXX. Closed-
circuit television revealed
the vehicle was being driven
by a white female with
shoulder length blonde hair,
approximately 35 years of age.
A check of the VA DOT License
registry revealed the vehicle
is registered to Joe DOE, DOB:
XX/XX/XXXX, POB: XXXXX (City),
XX (State) and Jane (NEE:
SMITH) DOE, DOB: XX/XX/XXXX,
POB: XXXXX (City), XX (State)
of 1234 West Disobedience
Street, Anytown, VA 202XX,
Phone Number: (XXX) XXX-XXXX.
A check of the VA driver's
license registry revealed
similar/matching descriptions
of Joe and Jane DOE to those
persons identified during the
incident. At ZZZZ hours, a
XXXX City Police Explosive
Ordnance Demolition (EOD) team
conducted an examination of
the black suitcase with x-ray
equipment and determined the
suitcase contained an unknown
device comprised of wiring and
circuitry. Explosive Ordinance
Disposal (EOD) disrupted the
suitcase, which yielded
negative secondary results.
EOD's examination of the
suitcase's contents revealed
limited amounts of women's
clothing and what appeared to
be the inner workings of a
radio. At ZZZ1 hours, the
scene was cleared by XXXX City
Police EOD Sergeant Jeff
BOMBGARTEN, badge number XXXX
who secured the suitcase and
its contents and transported
them away from the facility.
(5) The names and other available Witness: Joe SMITH,
biographical data, and/or descriptions DOB: XX/XX/XXXX, POB: XXXX
(including vehicle or license plate City, XX State. Address:
information) of individuals or XXXXX, XX Street, XXXX City,
vehicles known or suspected to be XX State, Phone Number (XXX)
involved in the threat, incident, or XXX-XXXX, ABCRR, XXXX
activity. (Address), (XXX) XXX-XXXX.
Security: Fred
ARRESTER, Sergeant, XXXX
(City) Police Department,
Badge # XXXX, Phone Number:
(XXX) XXX-XXXX.
Suspected Associate:
Mrs. Jane DOE.
[[Page 91353]]
DOB: XX/XX/XXXX, POB:
XXXX City, XX State. Address:
XXXXX, XX (Street), XXXX
(City), XX (State), Phone
Number (XXX) XXX-XXXX, ABCRR,
XXXX (Address), (XXX) XXX-
XXXX.
(6) The source of any threat Jane DOE, DOB: XX/XX/
information. XXXX, POB: XXXX (City), XX
(State). Address: XXXXX, XX
(Street), XXXX (City), XX
(State), Phone Number (XXX)
XXX-XXXX, ABCRR, XXXX
(Address), (XXX) XXX-XXXX.
------------------------------------------------------------------------
5. Subpart D--Security Threat Assessments
As previously noted, TSA is including the full text of revised part
1570 as it would look with the proposed changes--including three
sections related to STAs generally unaffected by this rulemaking. As
part of this rulemaking, TSA would move all sections of current part
1570 limited to STAs to a new subpart D, to consist of Sec. Sec.
1570.301 (formerly Sec. 1570.7--fraudulent use or manufacture;
responsibilities of persons), 1570.303 (formerly Sec. 1570.9--
inspection of credential); and 1570.305 (formerly Sec. 1570.13--false
statements regarding security background checks by public
transportation agency or railroad carrier). Only the last provision
(Sec. 1570.305) has been revised, with revisions limited to removing
definitions for terms that have been added elsewhere as part of this
rulemaking.
E. Security-Sensitive Employees (Sec. Sec. 1580.3, 1582.3, and 1584.3)
As part of requiring security training for frontline employees of
railroads, PTPR, and OTRB owner/operators-the 9/11 Act provided
definitions for ``frontline employee'' within each mode of
transportation.\80\ For the reasons discussed below, TSA is proposing
to use the term ``security-sensitive employees,'' with specific
definitions of the term for freight rail, PTPR, and OTRB operations.
These proposed definitions, which would appear in Sec. Sec. 1580.3
(freight rail), 1582.3 (PTPR), and 1584.3 (OTRB), would need to be used
by owner/operators to determine which employees must receive security
training.
---------------------------------------------------------------------------
\80\ See 6 U.S.C. 1151(6) (railroads), 6 U.S.C. 1131(4) (public
transportation), and 6 U.S.C. 1151(5) (OTRB and railroad frontline
employees, respectively).
---------------------------------------------------------------------------
TSA's proposed definition began with an analysis of the employees
listed in the 9/11 Act's definitions of ``frontline employees'' and
whether there are any other employees who may be in a position to spot
suspicious activity because of where they work, their interaction with
the public, or their access to information (such as cleaning the
restrooms, selling tickets and providing assistance to passengers,
maintaining equipment and operations in vulnerable areas, or operating
a train or bus). TSA also considered who would need to know how to
report or respond to these potential threats. The only gap identified
between the employees stipulated in the 9/11 Act and those that would
fall under the discretionary category are those who have specific
responsibilities under any security plan the organization may have.
While most of these individuals are likely identified in other
categories, from a security perspective it is essential that there are
no gaps, particularly where individuals may have responsibility for
responding to a terrorist-related emergency.
As a result of this analysis, TSA proposes that employees who
perform functions with a direct nexus to, or impact on, transportation
security be designated as ``security-sensitive employees'' based on
their job functions. While TSA has proposed a specific list of job
functions relevant to the mode, these roughly fall into similar
categories. Table 6 aligns these categories with the definitions of
frontline employee in the 9/11 Act.
Table 6--Comparison of Security Training NPRM Proposed Categories for ``Security-Sensitive Employees'' to 9/11
Act Definitions of ``Frontline Employees'' Who Must Be Trained
----------------------------------------------------------------------------------------------------------------
9/11 Act--Definitions of frontline employees
--------------------------------------------------------------------------
Proposed rule--security-sensitive job 6 U.S.C. 1151(6) 6 U.S.C. 1131(4) Public
functions Railroad frontline transportation 6 U.S.C. 1151(5) OTRB
employees frontline employees * frontline employees
----------------------------------------------------------------------------------------------------------------
A. Operating a vehicle............... Locomotive engineers, Transit vehicle driver Drivers.
conductors, trainmen, or operator.
and other onboard
employees.
B. Inspecting and maintaining Maintenance and Maintenance and Maintenance and
vehicles. maintenance support maintenance support maintenance support
personnel, and bridge employee. personnel.
tenders.
C. Inspecting or maintaining building ....................... ....................... .......................
or transportation infrastructure.
D. Controlling dispatch or movement Dispatchers............ Dispatchers............ Dispatchers.
of a vehicle.
E. Providing security of the owner/ Security personnel..... Security employee, or Security personnel.
operator's equipment and property. transit police.
[[Page 91354]]
F. Loading or unloading cargo or Locomotive engineers, Station attendant, Ticket agents [and]
baggage and/or. conductors, and other customer service other terminal
G. Interacting with travelling public onboard employees. employee, and any employees.
(on board a vehicle or within a other employee who has
transportation facility). direct contact with
riders on a regular
basis.
H. Complying with security programs Any other employees of Any other employee of a Other employees of an
or measures, including those railroad carriers that public transportation over-the-road bus
required by federal law (a catch-all the Secretary agency that the operator or terminal
category that would include a small determines should Secretary determines owner or operator that
number of employees such as security receive security should receive the Secretary
coordinators and any other training. security training. determines should
individuals who may have receive security
responsibility for carrying out training.
aspects of the owner/operator's
security program or measures who are
not otherwise identified in the
previous categories).
----------------------------------------------------------------------------------------------------------------
* Definition of 1151(6) applies to passenger rail operations.
In general, TSA proposes to define mode-specific ``security-
sensitive employees'' as employees performing one of the security-
sensitive job functions identified in a proposed appendix for each
part. The definition of ``employee'' in proposed Sec. 1570.3 includes
immediate supervisors, contractors, and other authorized
representatives. The intent is that anyone who performs a security-
sensitive function must have the training, including managers,
supervisors, or others who perform the function or who so directly
supervise the performance of a function that their nexus to the job
function is equivalent to the employee. For example, a yardmaster in
freight railroad operations would be considered a security-sensitive
employee because he or she directs security-sensitive functions, even
if not in the direct management chain of all individuals performing
those functions. At the same time, individuals within a corporate
structure who neither perform a security-sensitive function nor have
direct management responsibilities over individuals who do are unlikely
to have a position within the corporation with a significant nexus to
transportation. To the extent there are such individuals in the
management structure, they would not be considered ``security-
sensitive'' employees.
In choosing the term ``security-sensitive employee,'' TSA
recognized the relationship of this proposed rule to other regulatory
requirements applicable to the population covered by this proposed
rule. The Department of Transportation uses the terms ``safety-
sensitive function'' and ``safety-sensitive employees'' in its
regulations to identify employees whose functions require special
measures to ensure (emphasis added) safety, such as drug and alcohol
testing and rules governing hours of service.\81\ TSA proposes using
the term ``security-sensitive'' to identify employees whose job
functions require special measures to enhance (emphasis added)
security.
---------------------------------------------------------------------------
\81\ See 49 CFR 40.1; see also 49 U.S.C. 20140, 21101-21108, 49
CFR parts 219 and 228, 49 CFR 382.107 (motor carriers), and 49 CFR
655.4 (public transportation).
---------------------------------------------------------------------------
The scope of security-sensitive employees is broader than safety-
sensitive employees. In other words, having analyzed the job functions
that are regulated as safety-sensitive, TSA has determined that while
there are some security-sensitive employees that may not be in safety-
sensitive employees, there are no safety-sensitive employees that are
not also security-sensitive employees. In the rail context, owner/
operators have already identified employees in safety-sensitive
positions because they are covered by the Federal hours of service laws
\82\ during a duty tour. Therefore, TSA proposes to include any rail
employee subject to the Federal hours of service laws (49 U.S.C. 211)
in the designation of security-sensitive employees to reduce the
regulatory impact of identifying these individuals. To further reduce
the impact of these proposed training requirements, TSA and DOT
anticipate that owner/operators will provide training sessions that
meet the requirements of DOT and the proposed requirements of TSA.
---------------------------------------------------------------------------
\82\ 49 U.S.C. 21101 et seq. The relevant definitions are
included in 49 U.S.C. 21101.
---------------------------------------------------------------------------
TSA also recognizes that each mode covered by the NPRM has unique
operating environments and functions. To address unique aspects of each
mode, the security-sensitive functions are identified in mode-specific
tables within the proposed rule.\83\ These tables provide general
categories and accompanying modal-specific security-sensitive
functions. All employees performing ``security-sensitive functions'' as
described in the appendices must be trained. The table in proposed part
1580 Appendix B is unique in that it includes examples of the job
titles related to these functions based on historic use of these terms
for railroads. The job titles, however, are provided solely as a
resource to help understand the functions described; whether an
employee must be trained is based upon the function, not the job title.
---------------------------------------------------------------------------
\83\ See proposed Appendices B to parts 1580 (freight railroad),
1582 (passenger railroad and public transportation), and 1584
(OTRB).
---------------------------------------------------------------------------
TSA encourages owner/operators to consider other employees within a
corporate structure who may not be performing a security-sensitive
function as identified in the proposed rule, but who could provide an
additional layer of security if they received security training.
Furthermore, if an owner/operator identifies positions or functions not
listed by TSA as security-sensitive, but which have the nexus to
transportation security that is intended to be covered by the proposed
rule, TSA would encourage the owner/operator to identify and include
those employees within its security training program.
Finally, TSA is aware that some freight rail employees identified
as
[[Page 91355]]
``security-sensitive'' may also be considered ``hazmat employees'' and,
therefore, subject to security training under 49 CFR 172.704 (these
provisions are part of the hazardous materials regulations promulgated
by PHMSA). It is not, however, a one-to-one correlation as determining
which employees should be identified as ``security-sensitive'' for
purposes of receiving training under this proposed rule is not the same
analysis as that conducted for determining if an individual meets the
definition of ``hazmat employees'' who must receive training under the
PHMSA rule. As a result, there may be some overlap, but the group of
individual employees that must be trained under the separate rules is
unlikely to be identical. The effect of the overlap on training
requirements is further discussed in section III.G of this NPRM.
F. Security Programs--Applicability (Sec. Sec. 1580.301, 1582.301, and
1584.301)
As previously noted, the 9/11 Act mandates regulations requiring
security training for frontline employees of public transportation
agencies (6 U.S.C. 1137); railroads (6 U.S.C. 1167); and OTRBs (6
U.S.C. 1184). In implementing these requirements, TSA considered the
operations and security risks associated with each mode identified in
the 9/11 Act. This analysis determined risk consistent with DHS's
official definition of risk as the ``potential for an adverse outcome
assessed as a function of threats, vulnerabilities, and consequences
associated with an incident, event, or occurrence.'' \84\ As TSA
focuses on the risk associated with acts of terrorism, this analysis
considers threat as informed by intelligence, potential consequences of
a terrorist attack, and inherent vulnerabilities in transportation
systems and operations.
---------------------------------------------------------------------------
\84\ DHS Risk Lexicon, 2010 Edition, at 27.
---------------------------------------------------------------------------
In general, the security training requirements of this proposed
rule would apply to owner/operators \85\ with operations that meet the
criteria identified in Sec. Sec. 1580.301, 1582.301, and 1584.301.
From a counter-terrorism perspective, TSA has determined that less than
300 out of approximately 10,000 surface transportation operations meet
this criteria. Consistent with its commitment to a risk-based approach
to transportation security, the proposed rule would only apply to these
higher-risk operations. Nonetheless, TSA also encourages lower-risk
operations to implement security training programs consistent with the
requirements in this proposed rule.
---------------------------------------------------------------------------
\85\ See proposed definition of ``owner/operator'' in Sec.
1500.3 and discussion of terms in section III.A.1, Table 3, of this
NPRM.
---------------------------------------------------------------------------
While the proposed criteria assume general similarities for
operations within each mode, TSA recognizes that not all owner/
operators have similar corporate structures and that there are many
considerations affecting organizational decisions. TSA considered an
applicability determination that would require a parent corporation to
provide security training to its employees if one subsidiary triggered
the requirements. But there may be some owner/operators that are
subsidiaries of subsidiaries to a parent company that have no other
transportation-related assets. Recognizing these variations in
corporate structure, TSA is proposing to limit the requirements to the
level of the subsidiary whose operations would trigger applicability.
During the review and approval process, TSA would work with owner/
operators in an effort to address any compliance issues based on
corporate structure. For example, owner/operator A may be organized to
make each regional area a separate subsidiary. As such, only the
subsidiary that meets the applicability requirements would be required
to develop a security training program. Owner/operator B may be a
single entity for purposes of corporate-legal structure, with branches
rather than subsidiaries providing service on specific routes. Under
the rule, the entire corporation would be subject to the requirements
based on the operations of one route. In this situation, owner/operator
A could choose to submit a proposed alternative that would apply the
requirements to branches and a handful of headquarters or other
regional employees that provide them operational support. The
submission requirements and procedures for requesting alternative
measures are discussed in section III.D.3 of this NPRM.
The following section describes how TSA considered each of these
risk elements in determining applicability for the proposed rule.
1. Freight Railroad
Approximately 574 freight railroads operate on the general railroad
system of transportation in the United States.\86\ The general railroad
system of transportation is a shared rail network in which multiple
railroad operators may use the same tracks for multiple purposes. Thus,
a very small railroad operator may be using the same tracks as a large
operator, and a freight railroad will often operate on the same tracks
as a passenger rail operator. The geographic scope of this mode
includes railroads operating on nearly 140,000 miles of track
throughout North America.\87\ The freight rail system transports 40
percent of intercity freight volume and approximately one-third of U.S.
exports to ports and other distribution centers.\88\ Commodities and
products include consumer goods, agriculture and food products, motor
vehicles, coal, chemicals, paper and lumber, and other commodities
including ores, petroleum, and minerals.\89\ In addition, freight rail
lines are used for the operation of most of the commuter and intercity
passenger railroads outside of the northeast corridor and freight rail
personnel are sometimes used, on a contractual basis, to operate
passenger trains.
---------------------------------------------------------------------------
\86\ Under 49 CFR part 209, Appendix A, the ``general railroad
system of transportation'' is defined as ``the network of standard
gage track over which goods may be transported throughout the nation
and passengers may travel between cities and within metropolitan and
suburban areas.''
\87\ Association of American Railroads (AAR), ``Railroad Facts,
2014 Edition'' at pgs. 3 and 5 (2014).
\88\ Id.
\89\ Id.
---------------------------------------------------------------------------
Class I railroads \90\ account for 69 percent of U.S. freight rail
mileage and 90 percent of the employees. They are the only providers of
intercity freight rail transportation, supporting major economic
sectors in 44 states. Outside of the Northeast Corridor, Amtrak is
dependent on Class I railroads for its operations--over 70 percent of
Amtrak's routes operate on track owned by other railroads.\91\
---------------------------------------------------------------------------
\90\ TSA is not modifying the definition of ``Class I'' in
current 49 CFR part 1580, which incorporates by reference the
Surface Transportation Board's classification of railroads based on
annual operating revenues. The following are currently designated as
Class I railroads: BNSF Railway, CSX Transportation, Grand Trunk
Corporation, Kansas City Southern Railway, Norfolk Southern Combined
Railroad Subsidiaries, Soo Line Corporation, and Union Pacific
Railroad.
\91\ See DeGood, Kevin, ``Understanding Amtrak and the
Importance of Passenger Rail in the United States'' (posted June 4,
2015), available at https://www.americanprogress.org/issues/economy/report/2015/06/04/114298/understanding-amtrak-and-the-importance-of-passenger-rail-in-the-united-states/. See also Amtrak, ``A Message
from Amtrak Regarding On-Time Performance'' (posted Feb. 8, 2015),
available at http://blog.amtrak.com/2015/02/message-amtrak-regarding-time-performance/.
---------------------------------------------------------------------------
Threat
Intelligence reviews of various attacks worldwide, as well as
analysis of seized documents and the interrogation of captured and
arrested suspects, reveal historic interest in carrying out attacks on
railroad systems. For freight rail, the threat is greatest for
shipments of RSSM, such as poison or toxic inhalation hazards (TIH),
which could be directly
[[Page 91356]]
targeted or used as a weapon of mass effect with devastating physical
and psychological consequences. Materials designated as RSSM are a
subset of hazardous materials designated by PHMSA under 49 CFR
172.800(b).\92\
---------------------------------------------------------------------------
\92\ TSA is proposing to adopt the list in 49 CFR 172.800(b) for
purposes of meeting the requirement in sec. 1501 of the 9/11 Act to
define transportation-related security-sensitive materials. This
definition is discussed in section III.A.2 of this NPRM.
---------------------------------------------------------------------------
Vulnerability
The diversity and expanse of the North American railroad system
presents a unique preparedness challenge related to preventing,
responding to, and recovering from potentially devastating effects. The
rail network is vast and the owner/operators vary in size and
communities served. Numerous passenger and commuter rail systems
throughout the country operate at least partially over tracks or
rights-of-way owned by freight railroads.
Consequences
The interdependency of the railroad infrastructure--bridges,
tunnels, dispatch and control centers, tracks, signals, and switches--
means that threats and incidents affecting one railroad could impact
many others on the general railroad system of transportation. A
successful terrorist attack on the U.S. rail system could affect the
functioning of private businesses and the government, and cause
cascading effects far beyond the targeted physical location. Such an
attack could result in significant losses in terms of human casualties,
property destruction, and economic effects, as well as damage to public
morale and confidence. Disruption or delay of rail service would also
have adverse impacts on other sectors. For example, freight railroads
have a critical role in the support of the energy sector and are
responsible for the transportation of more than 70 percent of all U.S.
coal shipments. They are also a critical part of the supply chain for
military weapons and supplies. While railroads have been able to
quickly respond to delays caused by natural disasters, such as the 2013
flooding in Colorado that washed-out tracks and delayed coal shipments
and Amtrak service, this requires rerouting and can cause significant
over-crowding and delays on lines used to move passengers and cargo
pending restoration of damaged infrastructure.\93\ Similarly, the
release of TIH or other materials designated as RSSM could be
catastrophic if it occurs in a metropolitan area or near critical
resources that could be contaminated by the release.
---------------------------------------------------------------------------
\93\ See ``Colorado floods wash out tracks, delay coal
shipments, Amtrak service,'' The Denver Post (Sept. 16, 2013),
available at http://www.denverpost.com/2013/09/16/colorado-floods-wash-out-tracks-delay-coal-shipments-amtrak-service/.
---------------------------------------------------------------------------
Risk Determination
TSA has determined that the highest-risk freight railroads are
those designated as Class I based on their revenue (over $72.9 billion
in 2013) and the Nation's dependence on these systems to move both
freight in support of critical sectors and passengers. Similarly, there
are other shortlines (also known as Class II or Class III railroads)
that are also higher-risk because they transport RSSM through HTUAs.
Finally, to the extent the preceding does not capture freight railroads
hosting higher-risk passenger railroads, the hosting relationship and
dual use of infrastructure puts such railroads into the higher-risk
category.
Proposed Applicability
Based on this risk determination, TSA is proposing to cover a
railroad if it is designated as Class I, transports RSSM in one or more
of the areas listed in current Appendix A to 49 CFR part 1580, or hosts
a higher-risk rail operation (including freight railroads and the
intercity or commuter systems identified in proposed Sec. 1582.101).
This would cover approximately 36 freight railroads.
In proposing this applicability, TSA recognizes that joint
operations are common within this industry and include agreements such
as allowing another railroad carrier to operate over track it does not
own.\94\ In these situations, the ``host railroad'' that owns the track
exercises operational control of the movement of trains of the other
railroads (the ``tenant'' railroads) while they are using that
track.\95\ Under the proposed rule, both the host and tenant railroads
would be required to have a training program that appropriately
addresses the ramifications of the hosting relationship. For example,
the host railroad's training program would need to address the
operational considerations of the hosting relationship, such as
training dispatchers on their role and responsibilities in halting the
tenant railroad's operations over a segment of track that has just been
destroyed by an IED. Similarly, a tenant railroad subject to the
security training requirements of proposed 49 CFR part 1582 (PTPR),
would need to address the operational considerations of the hosting
relationship, such as instructing its train and engine employees on the
proper communication procedures to follow when informing the host
railroad of a suspicious package blocking the track. Under either
example, the host and tenant railroad owner/operators would only be
responsible for training their own employees.
---------------------------------------------------------------------------
\94\ TSA's use of this term in this proposed rule is consistent
with industry's general understanding of its meaning and 49 CFR
239.7, which defines ``joint operations'' as ``rail operations
conducted by more than one railroad on the same track, except as
necessary for the purpose of interchange, regardless of whether such
operations are the result of: (1) Contractual arrangements between
the railroads; (2) Order of a government agency or a court of law:
or (3) Any other legally binding directive.''
\95\ In recognition of these situations, TSA is proposing to add
a definition of the term ``host railroad'' to 49 CFR 1500.3. The
term ``host railroad'' is defined to mean ``a railroad that has
effective control over a segment of track.''
---------------------------------------------------------------------------
TSA also understands that some commuter passenger train services
are owned by public transportation agencies, but operated by private
companies (such as freight railroad carriers). This is not a hosting
relationship. In this situation, TSA would consider the freight
railroad carrier (the private company) to be a contractor of the PTPR
owner/operator (the owner/operator of the passenger train service). TSA
would hold the PTPR owner/operator primarily responsible for compliance
and for ensuring that all security-sensitive employees receive the
required training, whether they are employed directly by the PTPR
owner/operator or contractor. In other words, the PTPR owner/operator
would have the obligation to train the freight railroad carrier's
employees that are performing security-sensitive functions related to
the passenger train service. To the extent the contract between the
PTPR owner/operator and the freight railroad includes a provision for
the freight railroad to train its own employees, such training would
need to be documented in the PTPR owner/operator's security training
program. TSA would expect the passenger operation to clearly state in
its security training program, as part of the submission process under
proposed 49 CFR 1570.109, that the freight railroad carrier would
conduct the training and provide the required information on that
training.
Alternative Considered
TSA considered expanding the applicability of the proposed rule to
a broader scope of owner/operators that would be responsible for
developing their own security training program. The parameters for this
alternative population include all freight railroad owner/operators
operating within, or through, any geographic areas
[[Page 91357]]
designated for purposes of the FY 2015 Urban Area Security Initiative
(UASI) Program regions. TSA estimates that this alternative would cover
a total of 69 freight railroads in 26 metropolitan areas. TSA estimates
that this alternative would have a cost of approximately $91.99 million
for freight railroad owner/operators over a 10-year period (at a 7
percent discount rate). The basis for the estimates of benefits and
costs are included in the RIA for this rulemaking, which is included in
the public docket.
TSA rejected this alternative because the agency has determined
that the proposed applicability aligns with its commitment to risk-
based security policy and outcomes-based regulation. TSA has
consistently recognized the security risks associated with transport of
RSSM through the areas identified in Appendix A to current 49 CFR part
1580. The security basis for identifying these areas has not changed.
Furthermore, expanding beyond the proposed applicability was
unnecessary to gain the intended security benefits as it would not
represent a corresponding expansion of employees trained since 90
percent of railroad employees would receive training as a result of the
proposed rule's applicability. Additionally, when compared to the ten-
year costs of the proposed applicability rule for freight railroad
owner/operators ($90.74 million at 7 percent), this alternative would
result in $1.25 million in additional costs.
2. Public Transportation and Passenger Railroads
There are more than 7,000 PTPR systems operating in the United
States.\96\ As part of an intermodal system of transportation, commuter
passenger railroads provide critical regional services, such as between
a central city and adjacent suburbs during morning and evening peak
periods, as well as connecting to other modes of transportation through
multimodal systems and within multimodal infrastructures. Since 1995,
public transit ridership is up 39 percent, outpacing population growth,
which is up 21 percent, and vehicle miles traveled (VMT), which is up
25 percent.\97\ While passenger railroads primarily operate on the same
track as freight railroads, they have many similarities to public
transportation because of the operational concerns related to
transporting people. Amtrak operates the Nation's primary intercity
passenger rail service over a 22,000-mile network (primarily over
leased, freight railroad tracks), serving more than 500 stations in 46
states and the District of Columbia. Many of these stations are
multimodal transportation facilities located in higher-risk areas.
---------------------------------------------------------------------------
\96\ APTA, ``2014 Public Transportation Fact Book,'' 65th
Edition, at 6, (Nov. 2014), available at http://www.apta.com/resources/statistics/Documents/FactBook/2014-APTA-Fact-Book.pdf.
\97\ See ``Quick Facts'' on APTA's Web site as of Jan. 27, 2016,
available at http://www.apta.com/mediacenter/ptbenefits/Pages/default.aspx.
---------------------------------------------------------------------------
Threat
Based on incidents in other countries, TSA assesses that terrorists
view PTPR systems as attractive targets because they carry large
numbers of people, are open and easily accessible to the public, are
critical to regional transportation systems, and are vital to local
economies. Terrorists have targeted rail and bus systems overseas.
Notable incidents include the sarin gas attacks on the Tokyo subway
system in April 1995; the multiple detonations of IEDs left on commuter
trains in Madrid in March 2004; the multiple suicide attacks employing
IEDs on the London Underground and a double-decker bus in London in
July 2005; the multiple detonations of IEDs on commuter trains in the
greater Mumbai area in July 2006; and, the double suicide attacks and
two incidents of IED detonations in Dagestan and Moscow, respectively,
in March, June, and August 2010.
TSA's Office of Intelligence and Analysis assesses with high
confidence that terrorists remain intent on perpetrating attacks
against this mode. In the period between January 1 and December 31,
2014, there were 144 reported attacks on mass transit systems overseas.
Of these attacks, 76 targeted buses and associated infrastructure and
68 targeted mass transit and passenger rail systems and associated
infrastructure.
Vulnerability
Attributes of PTPR systems essential to their efficiency also
create potential security vulnerabilities that terrorists seek to
exploit. Unlike strict access controls applicable to air transport, the
public transportation system's multiple stops and interchanges lead to
high passenger turnover, which is difficult to monitor effectively. In
addition, the broad geographical coverage of passenger rail networks
provides numerous options for access and getaway and affords the
ability to use the system itself as the means to reach the location to
conduct the attack.
Consequences
A potential terrorist attack on a public transportation center in a
major metropolitan area can result in a large number of victims, both
killed and wounded, as well as significant infrastructure damage. Rail
system bombings in Madrid, London, and Mumbai--all involving use of
multiple IEDs--are tragic reminders of this reality. Attacks could be
isolated, having minimal effect on the total operating system, or could
result in a major impact that has national implications: an attack on
an intercity passenger railroad operating on the general system of
transportation could potentially shut down railroad operation support
for specific sectors. The disruption of any portion of the operation
can confuse the public, directly affect businesses, and lead to panic.
Attacks on multiple portions of a PTPR system exacerbate these impacts.
Risk Determination
In the context of resource allocations under the Transit Security
Grant Program (TSGP), DHS has determined the highest transit-specific
risk areas and transit systems using a model approved by the Secretary
and vetted by Congress.\98\ DHS has consistently considered several
factors when determining risk for PTPR, including credible and specific
international and domestic terrorist threats based on information
provided by the intelligence community, system and infrastructure
vulnerabilities, and consequences primarily in terms of the impact on
the mission. As the mission of PTPR systems is to transport people, the
consequences include the potential for devastating casualties.\99\ TSA
believes this model is an appropriate method for determining
applicability for purposes of this rulemaking.
---------------------------------------------------------------------------
\98\ Federal Emergency Management Agency (FEMA) Grant Programs
Directorate, ``Risk Methodology, Fiscal Year 2015 Report to
Congress, Calculating Risk for the FY 2015 DHS Preparedness Grant
Programs'' (December 21, 2015).
\99\ Id. at 25-26.
---------------------------------------------------------------------------
An analysis of the transit-specific risk scores developed using the
DHS method indicates a natural and significant break in the risk curve
(delta between risk scores of one urban area to the next) between the
top eight regions with the highest transit-specific risk and the
others.\100\ When combined, these areas represent over 94 percent of
the total transit-specific risk to all urban areas across the Nation.
Within each of these areas, DHS has identified the systems with the
highest-risk based on considerations related to ridership, location of
services provided (use of the same stations and stops), and
[[Page 91358]]
relationship between feeder and primary systems.
---------------------------------------------------------------------------
\100\ This analysis is based on SSI and/or classified
intelligence information. As a result, TSA may not share details of
the information or the analysis.
---------------------------------------------------------------------------
Proposed Applicability
Using this criteria, TSA is proposing to apply the requirements of
this proposed rule to the systems identified in proposed 49 CFR part
1582, Appendix A. These 47 PTPR systems (46 PTPR plus Amtrak) are the
systems with the highest risk operating in the eight regions with the
highest transit-specific risk. Applying the rule's requirements to
these 47 PTPR systems, corresponds to enhanced security for more than
80 percent of all PTPR passengers.
TSA is also proposing to apply the requirements to any PTPR owner/
operator that hosts a high-risk freight railroad as identified in
proposed Sec. 1580.101. The reasons previously discussed for the
parallel applicability to freight railroads in a hosting relationship
with a high-risk passenger railroad apply equally to passenger
railroads hosting high-risk freight railroads.
Alternative Considered
TSA considered expanding the applicability of a security training
program to a broader scope of owner/operators. The parameters for this
alternative population include all PTPR operations within or through a
UASI region. TSA estimates that this alternative would cover a total of
253 PTPR owner/operators in 26 metropolitan areas. TSA estimates that
this alternative would have a cost of approximately $127.88 million for
PTPR owner/operators over a 10-year period (at a 7 percent discount
rate). The basis for the estimates of benefits and costs are included
in the RIA for this rulemaking, which is included in the public docket.
TSA rejected this alternative because the agency has determined
that the proposed applicability aligns with its commitment to risk-
based security policy and outcomes-based regulation. The risk analysis
used for developing the TSGP funding allocations begins with
identification of the UASI regions and then takes into consideration
unique aspects of PTPR operations within that UASI in light of known
risks. To adopt the UASI designations for applicability would ignore
the second, critical step of the analysis used for TSGP allocations. By
linking applicability to those agencies that have historically and
consistently been designated as highest-risk for purposes of TSGP
funding allocation, the proposed applicability links the greatest
regulatory burden to those systems that the Federal government has
determined merit the greatest funding allocations to address security.
The majority of the funding under the TSGP goes to the highest-risk
regions to ensure the greater risk is being addressed (94 percent in FY
15 and 95 percent in FY 14).
Based on these considerations, the negative impact of a broader
regulatory requirement would not have a corresponding benefit to
security--especially recognizing that the systems covered under the
proposed applicability transport 80 percent of the PTPR ridership.
Additionally, when compared to the ten-year costs of the proposed
applicability rule for PTPR owner/operators ($53.14 million at 7%),
this alternative would result in $74.74 million in additional costs.
3. Over-the-Road Buses
Highways are the largest and most prevalent component of the
Nation's transportation network. Virtually every location within the
continental United States is accessible by highway. The system today
encompasses more than four million miles of roadway on which more than
600,000 bridges and 650 tunnels offer possible chokepoints. Within that
system, commercial buses offer the most cost-effective intercity
transportation to thousands of communities. For many people, fixed-
route, intercity bus service is the only alternative to private
vehicles.
It is estimated that there are over 3,300 private OTRB owner/
operators operating approximately 29,000 buses and employing over
118,000 people in full and part-time jobs within the United
States.\101\ These owner/operators primarily conduct interstate
operations that include wholly-owned bus terminals, shared terminals
with other transportation modes (such as passenger rail), or pre-
determined pick-up and drop-off locations (which may not be on the
owner/operator's property).
---------------------------------------------------------------------------
\101\ For purposes of this discussion, an OTRB is considered the
same as a motorcoach, which is consistent with the industry's
interchangeable use of this term. For example, the Motorcoach Census
2015, commissioned by the American Bus Association (ABA), states:
``a motorcoach, or over-the-road bus (OTRB), is defined as a vehicle
designed for long-distance transportation of passengers,
characterized by integral construction with an elevated passenger
deck located over a baggage compartment. It is at least 35 feet in
length with a capacity of more than 30 passengers . . . . This
definition of a motorcoach excludes the typical city transit bus
city sightseeing buses, such as double-decker buses and trolleys.''
See ABA, ``Motorcoach Census 2015,'' at 7 (Feb. 11, 2016), available
at http://www.buses.org/assets/images/uploads/general/Motorcoach%20Census%202015.pdf.
---------------------------------------------------------------------------
In general, OTRBs have an average capacity of 55-60 passengers per
bus and carry approximately 751 million passengers annually to
thousands of destinations within the United States and to/from Canada
and Mexico. Destinations include urban areas and passenger transfer
points with close proximity to many of the most iconic and valuable
sites in the Nation.
Threat
According to TSA's intelligence analysts and subject matter
experts, buses represent attractive targets for terrorists, especially
as it relates to hijacking, because they can be used as a vehicle-borne
improvised explosive device (VBIED), provide the potential for large
numbers of casualties, or could serve as a source for hostages. While
there has not been a terrorist attack against a bus in the United
States, threats and terrorist actions against motor coaches have
occurred in other nations, including Israel, Spain, and the United
Kingdom. As the Volpe National Transportation Systems Center noted, the
industry provides terrorists with a ``physically dispersed, easily
accessed, high volume, target rich environment with potential for mass
casualties.'' \102\ Over-the-Road Buses ``serve all large metropolitan
areas and travel in close proximity to some of the nation's most
visible and populated sites, such as sporting events, major tourist
attractions, and national landmarks.'' \103\
---------------------------------------------------------------------------
\102\ Volpe National Transportation Systems Center, ``Security
Enhancement Study for the U.S. Motorcoach Industry,'' at vii (May
2003), available at http://ntl.bts.gov/lib/55000/55200/55204/Security_enhancement_motorcoach_industry_exec_summ.pdf.
\103\ Id.
---------------------------------------------------------------------------
TSA identifies that the most likely threat would be represented by
an IED brought aboard by a passenger or delivered by another vehicle in
close proximity to the OTRB. There is also the potential threat of an
attacker intent on capturing control of the bus and using it as a
delivery system for a weapon of mass destruction against a high-value
destination. Terrorists with access to this type of vehicle could use
its capacity to transport as much as 12 tons of explosives. Coupled
with the use of such vehicles in urban centers and in daily proximity
to high-value buildings or venues, an OTRB could serve as a VBIED.
Vulnerability
Over-the-Road Buses travel on open roads, often on scheduled and
predictable routes, with only a driver and passengers. While OTRBs are
used to transport large volumes of passengers and baggage (either in
the under-floor storage area or accessible to the
[[Page 91359]]
passenger), most owner/operators do not screen passengers and baggage
for threats. Furthermore, OTRBs generally have large cargo compartments
that can be reached without boarding the bus. As previously noted, a
high number of OTRBs operate in urban settings and have the ability to
gain close proximity to high-profile targets and highly-populated
areas. These operations are vulnerable to a potential terrorist--
providing frequent and predictable access to a vehicle that could
either be targeted or exploited by an individual with malicious intent:
It is relatively easy to perform reconnaissance, purchase a ticket, and
travel anonymously with baggage that does not undergo screening.
Consequences
The consequence of a successful attack on an individual OTRB in a
remote location is assumed to be the loss of the vehicle and many of
its passengers. The same vehicle as a VBIED aimed at a high-value
target is much greater. The National Counterterrorism Center (NCTC)
states that one VBIED containing 4,000 kg of homemade explosives is
equivalent to 200 pipe bombs or 20 suicide vests.\104\
---------------------------------------------------------------------------
\104\ See ``TNT EQUIVALENTS'' at https://www.nctc.gov/site/methods.html#sarin.
---------------------------------------------------------------------------
Risk Determination
While it is possible an OTRB could be the target of a terrorist
attack, it is more likely that an OTRB would be used to deliver an IED,
making the bus a VBIED that could be used to target an urban area. This
risk determination reflects that a terrorist could obtain access to a
large vehicle by simply purchasing a ticket for a fixed-route OTRB
travelling to the target region (with specific knowledge of where the
bus would transfer passengers and any close proximity that could
provide to other targets).
Because the risk involving an OTRB as a VBIED is primarily to the
targeted urban area, TSA relied on a risk model developed by DHS to
determine highest-risk urban areas for the UASI grant program.\105\
This model has been approved by the Secretary of Homeland Security and
vetted by Congress as an appropriate method to determine risk to an
individual city or urban area. As with PTPR, there is a natural and
significant break in the risk curve (delta of risk scores or one urban
area to the next).
---------------------------------------------------------------------------
\105\ The UASI program is intended to assist ``high-threat,
high-density Urban Areas in efforts to build and sustain the
capabilities necessary to prevent, protect against, mitigate,
respond to, and recover from acts of terrorism.'' See DHS, ``Notice
of Funding Opportunity: Fiscal Year 2015 Homeland Security Grant
Program,'' at 2 (FY 15 UASI Allocations), available at http://www.fema.gov/media-library-data/1429291822887-7f203c9296fde6160b727475532c7796/FY2015HSGP_NOFO_v3.pdf. See also
supra, at n. 98.
---------------------------------------------------------------------------
Proposed Applicability
TSA proposes to apply the requirements of this rule to owner/
operators providing fixed-route service in the 10 areas identified in
proposed 49 CFR part 1584, Appendix A.\106\ These 10 areas are those
that receive the highest funding allocation under the FY 2015 UASI
grant program. UASI funds are allocated based on a risk methodology
employed by DHS and Federal Emergency Management Agency (FEMA).
Together, these 10 urban areas were allocated 88 percent of total UASI
funds based on risk to these 10 regions.\107\
---------------------------------------------------------------------------
\106\ ``Fixed-route service'' is defined in proposed Sec.
1500.3 to mean, ``the provision of transportation service by private
entities operated a long a prescribed route according to a fixed
schedule.''
\107\ See FY 2015 UASI Allocations, supra n.105.
---------------------------------------------------------------------------
The determining factor for whether a fixed-route OTRB owner/
operator is within the scope of the proposed rule is not where they are
headquartered, but where they provide service. In proposing this
applicability, TSA considered factors that could make an OTRB a
potential target for a terrorist attack, including its visibility (the
size of its operations), the extent to which its schedule is publicly
available, whether or not it is relatively easy for unknown individuals
to board the bus, and whether the bus would have ease of access to
high-consequence locations.
TSA is aware that some private companies provide commuter services
that may trigger applicability of the proposed rule. Diagram A provides
a flowchart to assist with determining if the proposed rule would
apply.
[[Page 91360]]
[GRAPHIC] [TIFF OMITTED] TP16DE16.013
TSA estimates that the applicability of the proposed rule would apply
to approximately 202 OTRB owner/operators.
Alternative Considered
TSA considered expanding the applicability of a security training
program to OTRB owner/operators operating within or through one or more
of the UASI regions. TSA estimates that this alternative would cover a
total of 403 owner/operators in 26 metropolitan areas in year one of
the regulation. TSA estimates that this alternative would have a cost
of approximately $22.09 million for OTRB owner/operators over a 10-year
period (at a 7 percent discount rate). The basis for the estimates of
benefits and costs are included in the RIA for this rulemaking, which
is included in the public docket.
TSA rejected this alternative because the agency has determined
that the proposed rule better aligns with its commitment to risk-based
security policy and outcomes-based regulation. As previously noted,
while it is possible an OTRB could be the target of a terrorist attack,
it is more likely that an OTRB would be used to deliver an IED-making
the bus a VBIED that could be used to target an urban area. While there
are more UASI regions than those covered by the proposed rule, the
areas identified in proposed Appendix A to part 1584 represent those
with the highest-risk. Additionally, when compared to the ten-year
costs of the proposed applicability rule for OTRB owner/operators
($12.08 million at 7 percent), this alternative would result in $10.01
million in additional costs.
4. Foreign Owner/Operators
While the proposed applicability provisions for security training
do not specifically reference foreign owner/operators,\108\ the
employees who must be trained include any employee performing a
security-sensitive function ``in the United States or in direct support
of the common carriage of persons or property between a place in the
United States and any place outside the United States.'' \109\
Therefore, the training requirements of this proposed rule would apply
equally to domestic owner/operators and foreign owner/operators with
employees performing covered functions within the United States or in
support of operations within the United States. For example, if a
Canadian OTRB owner/operator has fixed-route service that begins at a
point in Canada and transits through an area identified in proposed
part 1584, Appendix A before concluding at a point in Mexico, any
employees operating that bus providing maintenance or inspection
services, providing dispatch information, or performing any other
security-sensitive function for that bus affecting its operations
within the United States would need to be trained and the owner/
operator would need to submit a training plan to TSA for approval.
Where the function is being performed, in essence whether the employee
is performing the security-sensitive function at a location in Canada
or along the route in the United States, is irrelevant.
---------------------------------------------------------------------------
\108\ See proposed Sec. Sec. 1580.101 (freight railroads),
1582.101 (PTPR), and 1584.101 (OTRBs).
\109\ See proposed Sec. Sec. 1580.3 (freight railroads), 1582.3
(PTPR), and 1584.3 (OTRBs).
---------------------------------------------------------------------------
In addition, while foreign owner/operators providing service in the
United States would be required to have a security coordinator and
alternate, foreign owner/operators would only be required to report
potential threats and significant security concerns for operations in
the United States or transportation to, from, or within the
[[Page 91361]]
United States. Foreign freight railroad owner/operators currently meet
this requirement under the requirements of current 49 CFR part 1580.
This approach is also consistent with that taken by the FRA.
5. Preemption
While current 49 CFR part 1580 includes a preemption provision,
which will be carried over to the proposed revisions of part 1580 and
addition of part 1582, that provision is based upon the specific
statutory preemption in 49 U.S.C. 20106. There is no similar statutory
provision for the other modes of transportation covered by this
proposed rule. Therefore, TSA has not included preemption provisions
for the other modes. Furthermore, based on TSA's experience with the
implementation of 49 CFR part 1580 since it was finalized in 2008, it
has not become aware of any State, local, or tribal laws, regulations,
or orders that would be inconsistent with the provisions of this NPRM
nor were any concerns raised during the consultations discussed in
section IV of this NPRM. TSA invites comments about specific laws,
regulations, or orders that commenters believe would conflict with the
provisions of the proposed rule.
G. Security Program General Requirements (Sec. Sec. 1580.113,
1582.113, and 1584.113)
Under proposed Sec. Sec. 1580.113, 1582.113, and 1584.113 owner/
operators identified in Sec. Sec. 1580.101, 1582.101, and 1584.101
would be required to adopt and implement a security training program
that meets the requirements of the relevant subparts. TSA is
deliberately proposing that owner/operators be required to ``adopt and
implement'' rather than ``develop and implement'' training programs
because TSA is aware that relevant training curriculum may already
exist that aligns with most, if not all, of the curriculum
requirements--including resources developed by TSA (which will be
further discussed in section III.I and J. of this NPRM).
1. Information About the Owner/Operator
This section includes proposed requirements for the content of the
program to be submitted to TSA, including information regarding the
owner/operator (paragraphs (b)(1) and (2)), scope of training (for
example, number of employees to be trained by job function) (paragraph
(b)(3)), implementation schedule for the training program (paragraph
(b)(4)) consistent with the requirements of proposed Sec. 1570.111,
and location of training records (paragraph (b)(5)) consistent with the
requirements in proposed Sec. 1570.121.
2. Information on How Training Will Be Provided
Proposed paragraphs (b)(6) through (9) require general information
on the curriculum to be used to meet the training requirements, such as
lesson plans, objectives, and modes of delivery. As previously noted,
TSA is aware that some owner/operators would seek approval to use
existing training programs, implemented to comply with other Federal
requirements or other standards, to satisfy some or all of the
requirements of this NPRM. Under proposed paragraph (b)(6), the
curriculum or lesson plan for that program would need to be included in
the training program submitted for TSA approval.
For example, an owner/operator may have provided training on topics
similar to those in the proposed rule to meet programs implemented to
fulfill the HMR, such as those in 49 CFR part 172, or FRA safety/
evacuation training.\110\ In the training program submitted to TSA for
approval, owner/operators using any of these training programs to meet
the requirements of the proposed rule would also need to explain how
the training programs selected meet TSA's requirements and are
appropriate for the particular owner/operator. During review, TSA may
need to request additional information from the owner/operator in order
to determine if the courses selected meet this rule's requirements.
---------------------------------------------------------------------------
\110\ See 49 CFR part 239.
---------------------------------------------------------------------------
3. Ensuring Supervision of Untrained Employees and Providing Notice of
Changes Affecting Training
Proposed paragraphs (b)(7) and (8) would require owner/operators to
provide information on their plans for addressing specific requirements
in Sec. Sec. 1580.115, 1582.115, and 1584.115. These include plans for
ensuring untrained employees are properly supervised (as required by
proposed Sec. Sec. 1580.115(a), 1582.115(a), and 1584.115(a)) and
notifying employees of any changes that affect their training. For
example, under proposed Sec. 1580.115(c) (similar provisions exist in
Sec. Sec. 1582.115(c) and 1584.115(c)), employees must be trained on
their responsibilities under the owner/operator's security plans and/or
programs. If the security plans and/or programs change, the employee
must be notified of how that change would affect the information they
were provided during previously provided training. This would not
affect the timing of recurrent training unless affected employees are
required to participate in training courses as part of updates to the
security program.
4. Methods for Determining Effectiveness of Training
Proposed paragraph (b)(9) would require owner/operators to include
in their training program a method for measuring the effectiveness of
their training program. TSA would afford flexibility to each individual
owner/operator to measure effectiveness of their security training
program using methods and criteria appropriate for their operations.
TSA does not prescribe the method in the proposed rule, but does
propose that every training program specify the manner and method by
which the effectiveness of the training program would be evaluated by
the owner/operator. For example, TSA expects that some owner/operators
would choose to administer a form of written test or evaluation to
gauge their employees' level of knowledge, while others may rely upon
operational tests conducted by supervisors to determine employees are
being trained effectively.
Similarly, TSA is not proposing to prescribe conditions for a pass/
fail policy that may be associated with post-training testing. While
individual companies may elect to enforce pass/fail criteria with
associated personnel actions, TSA is neither requiring this nor
recommending a specified maximum number of times that an individual may
take a test or evaluation to demonstrate knowledge and competency. As
previously noted, the standards proposed by an owner/operator for
determining training efficacy may affect TSA's approval of any
alternative measures for compliance. TSA requests comments on this
issue to further inform a final rule.
5. Relation to Other Training
TSA is proposing paragraph (c) in recognition that many owner/
operators covered by this proposed rule are subject to training
requirements under regulations of DOT that overlap with the training
content identified in the 9/11 Act's requirements. For example, an
owner/operator may have provided training on topics similar to those in
the proposed rule to meet programs implemented under DOT hazardous
material regulations,\111\ FRA safety/
[[Page 91362]]
evacuation training,\112\ or Federal Transit Administration (FTA)
Safety Management System training provided under a rail fixed guideway
public transportation system's Transit Agency Safety Plan.\113\ Other
training programs are addressed in section III.I of this NPRM.
---------------------------------------------------------------------------
\111\ See, e.g., 49 CFR part 172.
\112\ See 49 CFR part 239.
\113\ See 49 CFR 674.29 and Appendix A to part 674.
---------------------------------------------------------------------------
TSA does not expect owner/operators to duplicate training. If they
are already subject to requirements to provide similar training, they
can use that training to satisfy TSA's requirements. To the extent that
an owner/operator intends to use existing training programs implemented
to comply with other Federal requirements or other standards in order
to satisfy some or all of the requirements of this NPRM, the program
submitted to TSA for approval would need to identify how the other
training would be used to satisfy TSA's requirements, such as the
curriculum or lesson plan for that program.
Proposed paragraph (c)(2) requires an index to be provided if the
owner/operator chooses to submit all or part of an existing security
training program to TSA for approval. The index would need to be
organized in the same sequence as the content requirements in
Sec. Sec. 1580.115, 1582.115, and 1584.115. Indexing is a necessary
requirement if TSA is to provide flexibility for owner/operators to use
existing training programs to satisfy this proposed rule. TSA may
request additional information on the program through the review and
approval process.
H. Security Training and Knowledge for Security-Sensitive Employees
(Sec. Sec. 1580.115, 1582.115, and 1584.115)
1. Training Required for Security-Sensitive Employees
Any owner/operator required to have a security training program
under Sec. Sec. 1580.101, 1582.101, or 1584.101, must provide security
training to its security-sensitive employees. Consistent with the
definition of employee in Sec. 1570.3, this requirement applies to any
direct employee, contractor, employee of a contractor, or other
authorized person who is compensated for performing a security-
sensitive function on behalf of or for the benefit of the owner/
operator. For example, if an OTRB owner/operator does not employ any
drivers directly, but uses drivers under contract, those drivers would
need to be trained. Similarly, if an owner/operator has chosen to
combine dispatch services with two affiliates of its parent
corporation, the owner/operator required to provide security training
to its direct employees would also be required to provide security
training to any dispatchers providing services for its fleet.
In some circumstances, security-sensitive functions may be
performed by individuals not within the definition of ``employee'' for
purposes of this NPRM. For example, police officers employed by a local
law enforcement agency may be routinely patrolling the owner/operator's
premises and/or operations. They would not be subject to the proposed
rule unless there is a contractual relationship for the law enforcement
agency to provide that service and the law enforcement officer is
assigned to that location. In situations where the owner/operator has a
dedicated police or security force, the members of that force assigned
to work at the facility would need to have security training consistent
with that required for other employees. For those situations where
those personnel are not required to be trained, TSA would encourage law
enforcement personnel regularly assigned to patrols at that location to
receive the same training as the employees to enhance communication and
cooperation in response to potential threats.
2. Limits on Use of Untrained Employees
If a security-sensitive employee does not receive the required
security training, under the proposed rule, that employee would be
prohibited from performing a security-sensitive function unless he or
she is under the direct supervision of a security-sensitive employee
who has met the training requirements. While TSA is not defining the
word ``direct,'' TSA would expect the supervisor to be located in
reasonable proximity to the employee to supervise actions and provide
the necessary level of security awareness and response capabilities.
Further, even if an employee is directly supervised, TSA proposes to
impose a 60-day limit for the amount of time that an employee may
perform a security-sensitive function without receiving training. After
60 days, the proposed rule would require the owner/operator to remove
the employee from a security-sensitive function; the owner/operator
would, of course, retain the discretion to reassign the individual to
other non-security-sensitive job functions.
3. Knowledge Required
Consistent with other TSA regulations,\114\ TSA is proposing to
require a training program that focuses on the specific knowledge
provided to security-sensitive employees. The proposed rule affords
flexibility for owner/operators to develop and implement a program that
addresses the required components of the security training program in
the context of their operational environments.
---------------------------------------------------------------------------
\114\ See, e.g., 49 CFR 1548.11 (Training and knowledge for
individuals with security-related duties) applicable to indirect air
carriers).
---------------------------------------------------------------------------
In developing the requirements, TSA considered the specifically
enumerated subjects in the 9/11 Act, other Federal regulatory
requirements, and curriculum elements already being provided by owner/
operators (based on information obtained as part of TSA's ongoing
interaction with its stakeholders). TSA has organized these
requirements into four broad categories: prepare, observe, assess, and
respond. As noted in Diagram B below, all statutorily required program
elements are included within these broad categories. For purposes of
this discussion and Diagram B, the statutory requirements will be
referenced as PT # (``PT'' aligns to 6 U.S.C. 1137 and the # with the
relevant section in 1137(c)--for example, PT # 1 corresponds to 6
U.S.C. 1137(c)(1)); RR # (``RR'' aligns with requirements in 6 U.S.C.
1167 and the # with the relevant sections of 1167(c)); and OTRB #
(``OTRB'' aligns with requirements in 6 U.S.C. 1184 and the # with the
relevant section in 1184(c)). Other existing training that could be
relevant to each of the categories is also identified in Diagram B as
it could be useful to owner/operators in identifying existing training
that could be used to satisfy the proposed regulatory requirements.
The ``prepare'' category is intended to address training that may
be specifically relevant to a particular job function. For example, an
appropriate method for self-defense (as required by PT 3, RR 3, and
OTRB 3) could vary based upon an employee's job and extent to which he
or she interacts with the public. Similarly, an employee's role in
operating and maintaining security equipment (as required by PT 10, RR
11, and OTRB 11) varies based upon the responsibilities of the
employee.
The ``prepare'' category would also address training on discharging
any security responsibilities that security-sensitive employees may
have under a security plan or measure. This proposed rule does not
require any owner/operator to adopt or implement a
[[Page 91363]]
security plan or measures. TSA is aware, however, that many owner/
operators have security plans or measures that they developed
voluntarily, to comply with federal requirements, or to qualify for
Federal grants. To the extent these plans or procedures exist,
employees must be trained in order to ensure these plans or measures
are effective. Similar to the threat and incident prevention and
response training, this portion of the training program would need to
be tailored to the specific operation. TSA intends for training
provided under this category to satisfy requirements for in-depth
security training for ``hazmat employees'' as required by 49 CFR
172.704(a)(5). For freight railroads, the requirements in proposed
Sec. 1580.115(c) include providing training on chain of custody and
control requirements, as appropriate. This additional training is
relevant to ensuring appropriate procedures are followed to comply with
the security requirements in proposed subpart C to part 1580 (which
contains the requirements in current Sec. Sec. 1580.103 and 1580.107).
The ``observe'' category is intended to provide knowledge to
increase a security-sensitive employee's observational skills. This
category would address behavior recognition requirements of the 9/11
Act (PT 6, RR 6 and OTRB 6)--encompassing an understanding of unusual
or abnormal behavior that should trigger a response by employees
because of the potential that the behavior may indicate a threat to
transportation security. It also addresses a requirement to be able to
recognize dangerous or suspicious items, behavior, or situations
(required by PT 8, RR 9, and OTRB 9). In general, this training focuses
on recognizing the difference between what is normal for the
operational environment and abnormalities that could indicate terrorist
planning or imminent attack. Training delivered should teach the
employees that suspicious activity is a combination of actions and
individual behaviors that appear strange, inconsistent, or out of the
ordinary for the employee's work environment. In most instances, it
will not be a single factor, but a combination of factors taking place
at a particular time and place, that will accurately identify a
suspicious individual or act.
The ``assess'' category requires providing knowledge of how to
determine if what is observed requires a response and what those
appropriate responses may be. TSA is aware that some stakeholders
provide training that includes tools to help employees assess the
seriousness of a threat. This category addresses requirements in the 9/
11 Act (PT 1, RR1, and OTRB 1) as well as the security awareness
training required for ``hazmat employees'' under 49 CFR 172.704(e)(4).
The ``respond'' category includes training on security incident
responses--including how to appropriately report a security threat,
interact with the public and first responders at the scene of threat or
incident, applicable uses of self-defense devices or protective
equipment, and communication with passengers. This category addresses
several elements of the 9/11 Act relating to communication and
coordination (PT 2, RR 2, and OTRB 2), use of personal protective
devices or equipment (PT 4, RR 4, and OTRB 4), evacuation procedures
(PT 5, RR 5, and OTRB 5), responses to terrorist threats or incidents
(PT 6, RR 7, and OTRB 7), and understanding procedures for interacting
with responders (PT 9, RR 10, and OTRB 10). This category also
addresses elements of security awareness training required by 49 CFR
172.704(a)(4). To the extent owner/operators need to provide training
on specific self-defense devices or protective equipment, TSA has not
calculated these costs as it assumes this is a standard part of any
operation before providing such devices or equipment to individuals and
would not be a cost of this rule. Based on feedback received in
consultation with stakeholders, TSA considered whether to tailor
particular training requirements to specific job functions. It may be
argued, for example, that training elements relevant to employees who
encounter the public are not necessary for mechanics or other employees
performing non-public functions. TSA believes, however, that there
should be a common level of proficiency among security-sensitive
employees of the covered entities; training in security awareness and
behavior recognition is appropriate for all employees.
At the same time, security-sensitive employees must be aware of
their particular responsibility in preventing or responding to a threat
or incident prevention and response and adequately trained to fulfill
their roles. TSA recognizes that owner/operators may integrate into
their required security training programs varying levels of training
for particular categories of employees or job functions to meet the
objectives of their overall security strategy or plan. TSA encourages
continuation of these practices as long as the security training
program meets the core requirements proposed in this rulemaking.
Diagram B identifies the type of training covered within each of
these categories by reference to the considerations that led to their
development.
[[Page 91364]]
[GRAPHIC] [TIFF OMITTED] TP16DE16.014
I. Other Security Training Programs
The 9/11 Act includes requirements for TSA to consider ``any
current security training requirements or best practices'' before
issuing security training regulations.\115\ As discussed above and
indicated in Diagram B, TSA has taken current Federal regulations,
guidance, and other practices affecting transportation security into
consideration and has crafted this proposed rule to be consistent with
those regulations and practices where they meet the requirements of the
9/11 Act and the objectives of this rulemaking. In addition, TSA has
been consulting with DOT to avoid potential inconsistencies and
unnecessary duplication as a result of this proposed rule.
---------------------------------------------------------------------------
\115\ See 6 U.S.C. 1167(a) and 1184(a).
---------------------------------------------------------------------------
Many of the owner/operators required to provide security training
under this regulation have been providing security training either
under the requirements of training programs discussed in this section
or using materials developed and/or approved by TSA for other purposes.
A range of courses including those sponsored by TSA and other Federal
agencies, such as FTA, Federal Emergency Management Agency (FEMA), and
PHMSA, provide a means for covered entities to coordinate training for
their employees in many of the elements stipulated in the proposed
rule. For example, the training program this proposed rule would
require is consistent with, and builds upon, security training programs
that PTPR owner/operators have implemented through courses sponsored by
FTA, TSA, and FEMA, including guidance provided to PTPR owner/operators
to fast track grant applications for security training funding. In many
cases, agencies have secured third-party training through funds awarded
on projects approved under the TSGP administered by DHS. These
government-sponsored and third-party courses would remain as approved
options to the extent they adequately address the elements required in
the final rule. As in the past, TSA would provide lists of approved
courses to PTPR owner/operators subject to the regulatory requirements.
As discussed in section III.D.3 (recognition of previous training)
of this NPRM, an owner/operator may rely on this training to satisfy
the training requirements of the proposed rule to the extent the
training program they submit includes the curriculum and an explanation
of how the previous training meets TSA's requirements and is
appropriate for the particular owner/operator. TSA anticipates that for
many owner/operators, the training discussed above would meet most of
the requirements. It is likely, however, that additional training would
be needed for some of the knowledge required by the ``prepare''
category of training in proposed Sec. Sec. 1580.115(c), 1582.115(c),
and 1584.115(c). The following section discusses some of the programs
and requirements that are relevant to these considerations.
1. Federal Railroad Administration Safety Training Requirements
Passenger railroad employee training programs already comply with
FRA safety standards requiring the preparation, adoption, and
implementation of emergency preparedness plans by railroads connected
with the operation of passenger trains (including freight carriers
hosting passenger rail
[[Page 91365]]
operations).\116\ The FRA defines an ``emergency'' as an unexpected
event related to the operation of passenger train service involving a
significant threat to the safety or health of one or more persons
requiring immediate action, and includes a security situation.\117\
Under the regulations in 49 CFR part 239, each affected railroad is
required to instruct its employees on the provisions of its plan.
Emergency preparedness plans must address such subjects as
communication (including on-board crewmember notification of the
control center and passengers about the nature of the emergency and
control center personnel notification of outside emergency responders
and adjacent rail modes of transportation), passenger evacuation in
emergency situations, employee training and qualification, joint
operations, tunnel safety, liaison with emergency responders, on-board
emergency equipment, and passenger safety information. FRA also
requires full-scale emergency simulations for passenger trains. In
general, the FRA has found few failures to provide the required
training. In FY 2014, there was a single recommended violation for
failure to meet the requirements of 49 CFR 239.7.\118\
---------------------------------------------------------------------------
\116\ See 49 CFR part 239.
\117\ See 49 CFR 239.7.
\118\ See FRA, ``Fiscal Year 2014 Enforcement Report,'' at 3.
This is an annual report published by FRA summarizing settled claims
for civil penalty violations of Federal railroad safety and
hazardous materials statues, regulations and orders during Federal
Fiscal Year 2014 and is available is available under Enforcement &
Litigation on FRA's Web site at https://www.fra.dot.gov/eLib.
---------------------------------------------------------------------------
As stated in Sec. Sec. 1580.113(c) and 1582.113(c) of the proposed
rule, TSA recognizes that the training required by 49 CFR 239.7 may be
combined with other training to partially or fully meet or exceed
requirements under proposed Sec. Sec. 1580.115(f) or 1582.115(f) and
would not expect owner/operators to duplicate this training. TSA would
work in cooperation with the FRA to validate that the owner/operators
have provided the training as represented in any programs submitted to
TSA for approval. As previously noted, the training program required
under this proposed rule would need to clearly describe and identify
the training and how it is being used to satisfy the requirements of
the TSA regulation.
2. Federal Transit Administration Safety Requirements
Under 49 CFR part 659, the FTA manages State Safety Oversight for
Rail Fixed Guideway Systems.\119\ Currently, part 659 requires States
to oversee the safety and security of rail fixed guideway systems
operating in their jurisdictions through designated Oversight Agencies
(OAs). The OAs must require the operator of the rail fixed guideway
system to develop and implement a written system safety program plan
and a written system security plan as separate products. Each covered
system must base its Transit Agency Safety Plan on an adequate Safety
Management System (SMS), and include an adequate means of safety
promotion to support the execution of the plan by all employees,
agents, and contractors.\120\
---------------------------------------------------------------------------
\119\ On March 16, 2016, the FTA published a final rule for
State safety oversight of rail fixed guideway public transportation
systems not regulated by the FRA that replaces the current State
Safety Oversight (SSO) rule in 49 CFR part 659. See State Safety
Oversight; Final Rule, 81 FR 14229 (Mar. 16, 2016) (adding part 674
to title 49 of the CFR). The FTA will rescind the current SSO rule
no later than April 15, 2019. SSO Agencies and rail transit agencies
(RTAs) will continue to comply with the current SSO rule until they
come into compliance with the new regulations. The FTA omitted
System Security Plans from its final rule, noting, ``TSA . . . has
the prerogative and responsibility for all rulemakings on security
in public transportation.'' Id. at 14233.
\120\ See 49 CFR 674.29 and Appendix A to part 674.
---------------------------------------------------------------------------
The Safety Promotion component of the SMS includes safety
communication, which requires a combination of training and
communication of safety information to employees to heighten the
efficiency and effectiveness of the transit agency's SMS, and typically
includes training on the mechanism for employees to report safety
concerns.\121\ Safety communication is intended to ensure that
personnel are aware of the SMS and their role within it, and receive
safety-critical information in an effective and timely manner.\122\
---------------------------------------------------------------------------
\121\ Id.
\122\ Id.
---------------------------------------------------------------------------
Additionally, the OAs must require covered transit agencies to
conduct annual reviews of both their system safety program plans and
system security plans. Further, the OAs must require covered agencies
to develop and document a process for the performance of on-going
internal safety and security reviews in their system safety program
plans. Finally, the OAs themselves must conduct on-site reviews of
system safety program plan and system security plan implementation.
3. OTRB Safety Requirements
The FMCSA has not issued regulations regarding OTRB owner/operators
to provide training to their employees on evacuation procedures. In its
2012 update to the ``Motorcoach Safety Action Plan,'' FMCSA noted its
commitment to examining ``ways to convey safety information to
passengers and improve evacuation for a diverse population.'' It is
important to recognize that in the OTRB environment, the only employee
of the owner/operator on the bus may be the driver. Focusing on what
the driver can do, FMCSA published guidance in 2007 to the industry
recommending providing pre-trip safety information to passengers. FMCSA
also distributed safety brochures, posters, and an audio compact disc
(CD) based on the guidance that contains safety announcements regarding
emergency egress that can be broadcast. The original CD was in English
and FMCSA subsequently translated it in six other languages.\123\ To
the extent an owner/operator has provided training related to this
issue pursuant to FMCSA recommendations, they could provide information
on this training and their use of it to TSA as part its security
training program submission.
---------------------------------------------------------------------------
\123\ U.S. Department of Transportation, ``Motorcoach Safety
Action Plan:2012 Update,'' at 29 (Dec. 2012), FMCSA-ADO-13-001. See
id. at 42-43 for additional information on ongoing initiatives of
FMCSA on this issue.
---------------------------------------------------------------------------
4. Hazardous Materials Regulations
a. Overlap With DOT Regulations Regarding Transportation of Hazardous
Materials
Both DOT and DHS have responsibility regarding the transportation
of hazardous materials. TSA is the lead Federal entity for
transportation security, including hazardous materials and pipeline
security, while PHMSA has responsibility for promulgating and enforcing
regulations and administering a national program of safety, including
security, in multimodal hazmat transportation.\124\ As part of a
Memorandum of Understanding (MOU) between these agencies to coordinate
on activities related to their respective missions, TSA and PHMSA
agreed to coordinate in the development of standards, regulations,
guidelines, or directives and to build on existing standards when it is
determined that the adequacy of existing standards needs to be
addressed.\125\ Consistent with that agreement, TSA and PHMSA have
coordinated regarding PHMSA's security regulations and on this NPRM.
[[Page 91366]]
A copy of the MOU is available in the docket for this rulemaking.
---------------------------------------------------------------------------
\124\ See ``Annex to the Memorandum of Understanding Between the
Department of Homeland Security and the Department of Transportation
Concerning Transportation Security Administration and Pipeline and
Hazardous Materials Safety Administration Cooperation on Pipeline
and Hazardous Materials Transportation Security,'' at secs. III.b.
and III.c. (August 2006).
\125\ Id. at sec. II.
---------------------------------------------------------------------------
For the purposes of this rulemaking, it is important to recognize
that PHMSA's security requirements for hazmat transportation apply to
freight railroad carriers, motor carriers, and shippers and receivers
of hazmat. Within these populations, PHMSA regulations require all
individuals within the definition of ``hazmat employee'' to receive
training in security awareness.\126\ The HMR also requires hazmat
employers who offer for transportation or who transport a subset of
hazardous materials in specific quantities to develop security
plans.\127\ In addition, any hazmat employer required to have a
security plan must provide in-depth security training to its
employees.\128\
---------------------------------------------------------------------------
\126\ 49 CFR 172.704(a)(4). See 49 CFR 171.8 for definition of
``hazmat employee.''
\127\ 49 CFR 172.800 and 172.802.
\128\ Whether a hazmat employer is required to have a security
plan, and therefore provide in-depth security training, is
determined by whether they transport any of the materials identified
in 49 CFR 172.800.
---------------------------------------------------------------------------
Specifically, the HMR require training of hazmat employees in: (1)
Familiarity with the general provisions of the HMR and recognizing and
identifying hazardous materials; (2) knowledge of specific HMR
requirements applicable to functions performed; and (3) knowledge of
emergency response information, self-protection measures, and accident
prevention methods. The in-depth security training requirements include
training on: (1) Awareness of the security issues associated with
hazardous materials transportation and possible methods to enhance
transportation security; and (2) the owner/operator's security
objectives, specific security procedures, employee responsibilities,
actions to be taken in the event of a security breach, and the
organizational security structure.\129\
---------------------------------------------------------------------------
\129\ Id.
---------------------------------------------------------------------------
TSA's proposed rule would apply to a subset of those entities
required to have security training programs under the HMR. Within the
population subject to both the HMR and TSA's proposed rule, employees
to be trained also differs. PHMSA applies the definition of ``hazmat
employee'' used for their safety regulations,\130\ while TSA's proposed
rule applies to employees whose functions are determined by TSA to be
``security-sensitive.'' Data is not available to precisely determine
the extent of overlap. For the subset of the HMR population also within
the scope of TSA's proposed rule, TSA's proposed training requirements
go beyond the baseline required by PHMSA. Diagram B includes references
to the HMR requirements.
---------------------------------------------------------------------------
\130\ 49 CFR 171.8.
---------------------------------------------------------------------------
PHMSA has reviewed TSA's proposed requirements and agrees that
owner/operators subject to its rule who meet TSA's proposed
requirements would also satisfy the corresponding provisions in PHMSA's
security training requirements. PHMSA's regulations state that training
conducted by owner/operators to comply with security training programs
required by other Federal agencies may be used to satisfy their hazmat
employee training to the extent that such training addresses the
training components specified for hazmat employee training.\131\
---------------------------------------------------------------------------
\131\ 49 CFR 172.704(b).
---------------------------------------------------------------------------
b. Inspections and Enforcement
TSA recognizes that stakeholders may be concerned about the
potential overlap between PHMSA's regulations and TSA's proposed
regulations. For example, under its Secure Contact Review program, the
FRA audits railroads and evaluates their compliance with security plans
and security training as mandated by the PHMSA regulations. Federal
Railroad Administration inspectors are given authority to write
citations for an owner/operator's failure to properly comply with the
requirements. PHMSA also conducts periodic compliance investigations
and its inspectors are given authority to write citations for failure
to properly comply with the requirements.\132\
---------------------------------------------------------------------------
\132\ See 75 FR 10974 (Mar. 9, 2010). See also 49 CFR 107.301 et
seq.
---------------------------------------------------------------------------
PHMSA recognizes TSA's lead role and regulatory responsibilities in
the secure transport of hazmat. After summarizing TSA's authorities in
its preamble to the final rule amending the HMR, PHMSA stated:
When PHMSA adopted its security regulations, it was stated that these
regulations were `the first step in what may be a series of rulemakings
to address the security of hazardous materials shipments.' 68 FR 14511.
PHMSA noted in the NPRM that TSA `is developing regulations that are
likely to impose additional requirements beyond those established in
this final rule' and stated that it would `consult and coordinate with
TSA concerning security-related hazardous materials transportation
regulations . . . .TSA intends to promulgate additional
regulations for railroad carriers and other modes of surface
transportation that will require them to submit vulnerability
assessments and security plans to DHS for review and approval, as
well as to develop and implement security training programs for
employees performing security-sensitive functions to prepare for
potential security threats and conditions. The security plan
requirements established by the HMR are to be used as a baseline for
security planning. When TSA regulations are issued, the PHMSA
security plan and security training requirements for regulated
parties that will be subject to the TSA regulations will be
reevaluated and revised as appropriate.\133\
---------------------------------------------------------------------------
\133\ 75 FR at 10976.
DHS and DOT are committed to coordinating on the oversight of
security-related training for carriers of RSSM. Consistent with the MOU
previously discussed, PHMSA's Final Rule revising the HMR acknowledged
---------------------------------------------------------------------------
the agreement between the agencies:
If, in the course of an inspection of a railroad or motor
carrier or a rail or highway hazardous material shipper or receiver,
TSA identifies evidence of non-compliance with a DOT safety or
security regulation, TSA will provide the information to FRA (for
rail) or FMCSA (for motor carriers) and PHMSA for appropriate
action. Similarly, since DOT does not have the authority to enforce
TSA security requirements, if a DOT inspector identifies evidence of
non-compliance with a TSA security regulation or identifies other
security deficiencies, DOT will provide the information to TSA for
appropriate action.\134\
---------------------------------------------------------------------------
\134\ Id. at 10977.
TSA has committed to DOT to do the same.
c. Overlap With Other DHS Regulations
Parts of TSA's current regulations for rail security include
requirements applicable to certain shippers and receivers of hazardous
materials.\135\ While TSA is not modifying its existing requirements
for shippers and receivers as part of this proposed rule, it is also
not proposing to apply the security training requirements to shippers
and receivers.
---------------------------------------------------------------------------
\135\ See scope identified in current Sec. 1580.1.
---------------------------------------------------------------------------
This is consistent with TSA's intent to avoid any overlap with
regulations promulgated by the National Protection and Programs
Directorate (NPPD) of DHS for the security of certain high-risk
chemical facilities in the United States.\136\ NPPD has previously
recognized that certain aspects of its authorities \137\ are concurrent
and overlapping with TSA due to the transportation of these chemicals
by rail, but stated that it does not presently plan to screen railroad
facilities for inclusion in the CFATS program (although the Department
reserved the right to reevaluate possible scope at a
[[Page 91367]]
future date).\138\ TSA and NPPD, continue to work closely together to
ensure that the efforts directed at these facilities are coordinated
and consistent.
---------------------------------------------------------------------------
\136\ Promulgated under the authority of sec. 550 of the
Department of Homeland Security Appropriations Act, 2007 (2007 DHS
Appropriations Act), Public Law 109-295, 120 Stat. 1355 (Oct. 4,
2006).
\137\ See id.
\138\ See 72 FR 17729, 17698-17699 (Apr. 9, 2007) (IFR for
CFATS).
---------------------------------------------------------------------------
While facility security training and transportation security
training have unique differences and shall be considered as separate
issues, TSA's subject matter experts have reviewed the training
requirements of CFATS RBPS 11 and determined that they meet or exceed
the requirements considered necessary by TSA for secure transportation
of the identified chemicals. There would be no additional security
benefit from extending the training requirements of this proposed rule
to entities subject to CFATS. This determination was considered as part
of TSA's decision not to include shippers and receivers of hazardous
materials within the scope of this proposed rule.
J. Training Resources
As previously discussed, TSA is aware that many owner/operators
that would be subject to this proposed rule already provide security
training to their employees that may meet the proposed requirements. To
further reduce the burden to owner/operators who do not have an
existing training program or whose program does not include all of the
required content, TSA is expanding existing resources that will be made
available to owner/operators at no cost. Owner/operators would be able
to use these expanded resources, described below, to meet the content
requirements of Sec. Sec. 1580.115, 1582.115, and 1584.115 of the
proposed rule.
First ObserverTM
First ObserverTM is a national training program
initially created through a grant from DHS to raise security awareness
for highway modes.\139\ It was designed to provide transportation
professionals with information that will enable them to observe
effectively, assess and report suspicious individuals, vehicles,
packages, and/or objects. The program has been used to teach thousands
of highway transportation professionals to actively participate in
recognizing suspicious activities and reporting them through
appropriate mechanisms.
---------------------------------------------------------------------------
\139\ ``First ObserverTM'' refers to the current
program and any future expansion or changes to the program.
---------------------------------------------------------------------------
TSA is expanding the program to be relevant to other modes of
surface transportation, including freight railroads, passenger
railroads, and public transportation systems. The First
ObserverTM Program is undergoing extensive revision and TSA
is ensuring the content of all revised First ObserverTM
products will ultimately meet the security training requirements set
forth in a final rule. At this time, TSA does not anticipate that First
ObserverTM will satisfy the requirement to provide employer
specific training to security-sensitive employees with responsibility
under their employer's specific security programs or measures--
addressed under the ``Prepare'' component of training--as this is
company-specific training. TSA does, however, anticipate that the
SMARToolbox, discussed below, may provide resources needed to reduce
costs for this aspect of the proposed training.
To ensure the expanded program is relevant to all of the modes of
transportation covered by this proposed rule, TSA sought to obtain
input from its stakeholders and will continue with this effort. For
example, while this rulemaking was under development, a meeting of the
joint industry-government panel operating as the Transit Policing and
Security Peer Advisory Group (PAG) \140\ looked at available training
programs in light of what the 9/11 Act specified as required training
for public transportation.\141\ For purposes of the discussion on the
9/11 Act's requirements, the FTA's representatives included a course
curriculum developer. The group produced a comprehensive matrix that
included standards and criteria needed to meet the training elements
required by the 9/11 Act as well as suggested learning objectives to
assist in the creation of lesson plans. The intent was to provide a
resource that could be used by transit agencies to: (1) Review their
existing training programs and close any gaps; (2) develop new
programs; or (3) evaluate commercial courses. The panel also pre-
screened a selection of available courses that could be used for
training that met all of the elements identified in the 9/11 Act. The
standards and criteria developed by this group feeds into the
considerations identified in Diagram B. This exercise also supports
TSA's assumption that most of the owner/operators that would be
affected by this proposed rule already have training programs in place
that would substantially comply with the proposed rule's requirements.
---------------------------------------------------------------------------
\140\ The PAG shares expertise and guidance among TSA, transit
police chiefs, and security directors. The group meets by
teleconference with TSA at least once a month to discuss relevant
issues involving transit security and anti-terrorism approaches.
\141\ See 6 U.S.C. 1137(c).
---------------------------------------------------------------------------
SMARToolbox
As with the general security training content, TSA is aware that
many owner/operators already provide training to prepare security-
sensitive employees for their specific responsibilities under their
company's security plan as required by proposed Sec. Sec. 1580.115(c),
1582.115(c), and 1584.115(c). For example, any owner/operator subject
to the security training requirements of 49 CFR part 172 is required to
provide in-depth training on company-specific measures under 49 CFR
172.704(a)(5). This population overlaps with most of the freight
railroad population that would be subject to this proposed rule.
For those that do not currently provide this type of training, TSA
has resources available to reduce the burden. In particular, TSA
encourages owner/operators to use the SMARToolbox--an industry-led
initiative supported by TSA--as a resource presenting a broad range of
security measures that peer agencies have identified as valuable to
their organization. A searchable, modifiable database allows for
various specified searches--making it easy for the users to find
information relevant to their specific needs. SMARToolbox includes
measures gathered from publically available sources as well as from
discussions amongst industry representatives at a variety of
stakeholder events. As part of this rulemaking effort, TSA has ensured
the SMARToolbox includes information relevant to this training
requirement.
K. Programmatic Alternatives
In addition to the applicability alternatives discussed in section
III.F. of this NPRM, TSA has also considered other programmatic
alternatives. In general, these alternatives eliminated aspects of the
proposed rule that are within TSA's discretion, or even necessary parts
of implementing the statutory requirements, but not directly mandated
by the 9/11 Act.
Table 7 identifies these provisions relevant to each mode.
[[Page 91368]]
Table 7--Identification of Programmatic Requirements Eliminated or Modified in Alternative Analysis
----------------------------------------------------------------------------------------------------------------
Freight rail PTPR (Rail) PTPR (Bus) OTRB)
----------------------------------------------------------------------------------------------------------------
Recordkeeping............................... X X X X
Training on chain of custody requirements... X ............... ............... ...............
Security coordinators and alternates........ ............... ............... X ...............
Reporting security incidents................ ............... ............... X X
Annual recurrent training (replaced with 3 X X X X
year cycle)................................
----------------------------------------------------------------------------------------------------------------
In determining the implications of these alternatives, TSA
continues to assume that owner/operators would use First
ObserverTM to meet the requirements--or to fill any gaps in
their current training programs. In most cases, the programmatic
alternatives assume elimination of the requirement. For recurrent
training, the alternative assumes recurrent training would occur every
three years rather than annually (since there is not a statutory
requirement for how often covered security sensitive employees must be
trained, TSA sets the minimum interval of recurrent training to once
every three years as opposed to the annual training TSA is requiring in
the proposed rule). Based on these assumptions, these alternatives
would have an estimated cost of approximately--
$25.27 million for freight railroad owner/operators over a
10-year period (at a 7 percent discount rate).
$18.50 million for PTPR owner/operators over a 10-year
period (at a 7 percent discount rate).
$5.85 million for OTRB owner/operators over a 10-year
period (at a 7 percent discount rate).
The basis for the estimates of benefits and costs is set forth in the
RIA for this rulemaking, which is included in the public docket.
TSA rejected these alternatives because the agency has determined
that the proposed rule better aligns with its commitment to risk-based
security policy and outcomes-based regulation. While recordkeeping is
not specifically stated as a requirement in the 9/11 Act, it is a
necessary part of enforcing any regulatory requirement. TSA also
believes requiring owner/operators to maintain records of training and
provide proof of training to current and former employees upon request
can reduce costs of training based upon the recognition given to prior
training. Chain of custody is a critical requirement for freight
railroads to ensure security during the transportation of RSSM. TSA
believes it is essential for employees with responsibility to perform
requirements identified in part 1580 related to chain of custody be
trained on how to perform those requirements as part of their security
training curriculum. To inconsistently apply the requirement for
security coordinators and reporting of security incidents for high-risk
entities could create significant gaps in the information obtained and
shared--creating unnecessary security vulnerabilities. TSA discusses
its basis for requiring annual training in section III.D.3 of this
NPRM.
IV. Stakeholder Consultations
The 9/11 Act directed TSA to consult with major stakeholders during
the development of this NPRM.\142\ The categories of stakeholders to be
included in these consultations consist of industry representatives,
first responders, terrorism experts, and, nonprofit employee labor
organizations. As discussed below, TSA has complied with these
requirements through meetings with stakeholders before drafting of this
proposed rule began, requests for comments submitted through
associations, as well as a targeted request for additional input
through a Notice published in the Federal Register.
---------------------------------------------------------------------------
\142\ See 6 U.S.C. 1137(b), 1167(b), and 1184(b).
---------------------------------------------------------------------------
As noted, TSA published a notice in the Federal Register requesting
the public to provide comments and data on employee security training
programs and planned security training exercises currently provided by
owner/operators of freight railroads, passenger railroads, public
transportation systems (excluding ferries), and OTRBs.\143\ TSA
received a few responsive comments from trade associations, public
agencies, and private companies that helped TSA to understand the
current ``baseline'' training environment for freight rail, PTPR, and
OTRB employees. As the limited information received provided data
relevant to the economic impact of this proposed rule, it is discussed
more fully in the RIA for this rulemaking, which can be found in the
docket.
---------------------------------------------------------------------------
\143\ See 78 FR 35945 (June 14, 2013).
---------------------------------------------------------------------------
TSA has taken stakeholder comments into consideration in developing
the NPRM. The text below describes stakeholder outreach TSA has
conducted.
A. Multi-Modal Outreach
In September and October of 2009, TSA reached out to
representatives of the constituencies mandated by 6 U.S.C. 1137, 1167,
and 1184. These stakeholders included representatives of State, local,
and tribal governmental authorities; first responders; security and
terrorism experts; appropriate labor organizations; and organizations
representing the elderly and disabled.
On September 14, 2009, TSA reached out to representatives of the
following stakeholder groups by transmitting a letter and summary
document outlining the key statutory requirements of the NPRM and
requesting their comments: TSA/Office of Civil Rights and Liberties;
Homeland Security Institute; Mineta Transportation Institute; FEMA/
United States Fire Administration/National Fire Programs; International
Association of Chiefs of Police; National Sheriffs Association;
National Emergency Medical Services Association; Commercial Vehicle
Safety Alliance; State, Local, Tribal, and Territorial Government
Coordinating Council (GCC); and DHS/National Protection and Programs
Directorate/Intergovernmental Programs.
B. Freight Rail
TSA conducted meetings and conference calls with representatives of
the freight railroad industry, including trade associations
representing railroad carriers and shippers of hazardous materials.
Class I carriers as well as short line and regional railroads
participated in these consultations. TSA also met with representatives
from two rail labor organizations. In addition, TSA met with members of
the AAR in November 2009 to discuss the proposed security training.
The AAR has stated that ``TSA regulation of security training for
railroad employees is unnecessary'' \144\
[[Page 91369]]
because most freight rail hazmat employees already receive training in
compliance with the PHMSA, which requires freight rail employees who
perform HAZMAT functions to ``receive training that provides an
awareness of security risks associated with hazardous materials
transportation . . . this training must also include a component
covering how to recognize and respond to possible security threats.''
\145\ The AAR affirms this and explicitly states in its comments that
``railroads provide security awareness training to their front line
employees and have done so for many years'' and employees have to take
recurrent training every three years, at minimum.\146\ The American
Short Line and Regional Railroad Association also submitted comments
and stated that, with regards to its members, the current level of
``[t]raining involves looking for suspicious persons, items[, w]hat
IEDs may look like[, and h]ow to handle different situations . . . .''
\147\
---------------------------------------------------------------------------
\144\ ``Comments of the Association of American Railroads''
(Docket ID: TSA-2013-0005-0116), available at https://www.regulations.gov/. Input the Docket ID ``TSA-2013-0005-0116''
into the blue ``Search'' field.
\145\ 49 CFR 172.704(a)(4).
\146\ Id. (citing 49 CFR 172.704(a)(4)).
\147\ ``Comments of the American Short Line and Regional
Railroad Association'' (Docket ID: TSA-2013-0005-0124), available at
https://www.regulations.gov/. Input the Docket ID ``TSA-2013-0005-
0124'' into the blue ``Search'' field.
---------------------------------------------------------------------------
TSA's freight rail subject matter experts confirmed that higher-
risk freight railroad owner/operators currently provide training to
their security-sensitive employees on the procedures on chain of
custody control requirements-based on the compliance rates for current
49 CFR 1580.107. This information leads TSA to conclude that all
freight rail owner/operators affected by the proposed rule that
transport RSSM provide training to their employees on, at minimum,
security awareness; employee- and company-specific security program and
measures; and chain of custody and control requirements.
C. Public Transportation and Passenger Rail
TSA consulted with industry representatives, governmental
authorities, security experts, first responders, and employee
representatives through the Transit, Commuter and Long Distance Rail
GCC,\148\ the Mass Transit Sector Coordinating Council (SCC),\149\ and
PAG.\150\
---------------------------------------------------------------------------
\148\ The Commuter and Long Distance Rail GCC includes
representatives from TSA, other DHS components, the FTA, and the
FBI.
\149\ The Mass Transit SCC is a representative group for the
mass transit and passenger rail community formed in accordance with
the National Infrastructure Protection Plan to advance the public-
private partnership for mass transit and passenger rail security.
Its membership includes senior executives, law enforcement chiefs,
and security directors for mass transit and passenger rail agencies
of varying sizes, locations, and system types as well as
representatives of APTA, the Community Transportation Association of
America, and the Amalgamated Transit Union.
\150\ As previously noted, see supra, n. 140, the PAG brings
together the expertise of some 15 law enforcement chiefs and
security directors from mass transit and passenger rail systems
across the Nation of varying location, size, and system type as a
consultative forum with extensive experience to facilitate
development and implementation of effective security programs. To
advance these purposes, the Group, which formed in November 2006,
convenes with TSA officials in monthly teleconferences. Membership
in the PAG consists of the law enforcement chiefs or security
directors of public transportation agencies in large metropolitan
areas, as well as Amtrak. In addition to Amtrak, the following
agencies are members of the PAG: Metro Transit of Harris County,
Texas (Houston Area), Massachusetts Bay Transportation Authority;
New York Metropolitan Transportation Authority; New York Police
Department--Transit Bureau; New Jersey Transit; Southeast
Pennsylvania Transportation Authority; Washington Metropolitan Area
Transit Authority; Metropolitan Atlanta Rapid Transit Authority;
Chicago Transit Authority; Dallas Area Rapid Transit; Denver
Regional Transportation District; King County Metro Transit (Seattle
Area); Bay Area Rapid Transit; and Los Angeles County Sheriff's
Department.
---------------------------------------------------------------------------
TSA initiated consultations in October 2007 by explaining the
planned approach in a joint meeting with the SCC and via a
teleconference with the PAG. Participants at both forums were advised
that a summary of the developing concepts and considerations for the
security training program rulemaking would be prepared and provided to
them for review and feedback. In preparing the summary, TSA coordinated
with the membership of the GCC. The summary was completed in November
2007. Dissemination to the SCC and PAG for review and comment occurred
in December 2007 and January 2008. TSA received feedback in February
and March 2008.
A second round of consultations with the SCC and PAG occurred
during October and November 2009. At that time, the consultations
expanded to include additional law enforcement chiefs and security
directors, specifically those not previously consulted to participate
in the semi-annual Transit Safety and Security Roundtables.\151\
---------------------------------------------------------------------------
\151\ TSA, FTA, and FEMA host semi-annual Transit Safety and
Security Roundtables with the law enforcement chiefs and security
directors of the largest 50 mass transit and passenger rail systems
(by passenger volume) and Amtrak. These agencies account for more
than 80 percent of all users of public transportation services
nationally. The three-day sessions employ a workshop format to
address specific issues pertaining to terrorism prevention and
response. The collective expertise fosters the development of
collaborative security solutions, informs setting of priorities for
security programs, and advances the strategic priority of elevating
the baseline level of security throughout the mass transit and
passenger rail mode.
---------------------------------------------------------------------------
In its general comments in response to the 2013 Notice, APTA
asserted that ``the elements of the 9/11 Act are already addressed
within the scope of security training programs throughout the public
transportation industry.'' \152\ The American Public Transportation
Association cited training required by 49 CFR 239.101 as evidence that
they meet certain portions of the 9/11 Act. As noted in section III.G.1
of this NPRM, 49 CFR part 239 (also known as the ``Passenger Train
Emergency Preparedness Rule'') has a training requirement for rail
equipment familiarization, situational awareness, coordination of
functions, and `hands-on' instruction concerning the location,
function, and operation of on-board emergency equipment.\153\ These
requirements, which align with some of those in TSA's proposed rule,
apply to many of the public transportation modes affected by the
proposed rule (intercity passenger rail and commuter rail). Individual
public transportation agencies--including a few that would be affected
by the proposed rule-also provided comments on the type of training
they currently implement for frontline employees. This training
includes programs on security awareness and employee- and company-
specific training on their own security programs and measures (which
employees have to take every two years). All of this information has
led TSA to conclude that some PTPR owner/operators, either in
compliance with other security rules or because the owner/operator
makes security a priority, invest in security training for their
frontline employees and, at minimum, cover the topics of security
awareness, and employee- and company-specific security program and
measures.
---------------------------------------------------------------------------
\152\ APTA, ``RE: Docket No. TSA-2013-0005'' (Docket ID: TSA-
2013-0005-0114), available at https://www.regulations.gov/. Input
the Docket ID ``TSA-2013-0005-0114'' into the blue ``Search'' field.
\153\ Id.
---------------------------------------------------------------------------
D. Over-the-Road Buses
TSA conducted a meeting with industry stakeholders in November
2007. In July 2009, TSA met again with industry representatives. During
the 2007 consultations, industry stakeholders included large motorcoach
[[Page 91370]]
operators and trade associations representing both large and small
operators. In July 2009, TSA again met with representatives of the OTRB
community and presented a series of issues on which TSA sought their
individual opinions.
In its response to the 2013 Notice, the American Bus Association
(ABA) \154\ described the importance of the OTRB Security Grant Program
in providing financial assistance to the industry for implementing
security measures, such as equipment and training.\155\ According to
the ABA, nearly 10 percent of the funding from the OTRB Security Grant
Program went to security training. The OTRB Security Grant Program has
since been discontinued and the ABA states that some security upgrades
were not enacted because:
---------------------------------------------------------------------------
\154\ The ABA describes itself as a trade association that is
``home to some 850 bus operating companies and over 3,000 other
companies, organizations and partnerships involved in providing
transportation, tour and travel services to the traveling public.''
See ``Comments of the American Bus Association'' (Docket ID: TSA-
2013-0005-0119), available at https://www.regulations.gov/. Input
the Docket ID ``TSA-2013-0005-0119'' into the blue ``Search'' field.
\155\ Id.
[T]he private bus industry was largely unable to pay for such
upgrades. The inability to pay is a function of the small business
nature of the industry, the huge number of bus operators with few
resources and the inability of bus passengers to absorb any fare
increases that could be used to pay for security upgrades.\156\
---------------------------------------------------------------------------
\156\ Id.
The ABA states that despite this loss in funding, two of the major
private OTRB companies currently use ``Operation Secure Transport''--an
OTRB-specific version of First ObserverTM--to train their
``front line'' employees. This is validated by the comments provided by
the private companies themselves. Additionally, according to comments
from the OTRB Working Group of the Highway Motor Carrier SCC, ``all [of
its] PAG members have supplied training to front line employees using
Highway Watch, First ObserverTM, or Cat Eyes training.''
\157\ This group includes a third, major OTRB company. All of this
information has led TSA to conclude that, at minimum, three of the
larger OTRB companies currently use First ObserverTM to
train their ``front line'' employees.
---------------------------------------------------------------------------
\157\ Id.
---------------------------------------------------------------------------
E. Labor Unions
In addition to inviting participation of labor union
representatives in many of the mode-specific meetings, TSA also met
specifically with labor unions as part of its stakeholder consultation
process. In December 2007, TSA met with representatives of several
labor unions. On November 3, 2009, TSA met with representatives from
the Transportation Trades Department of the American Federation of
Labor and Congress of Industrial Organizations, the International
Brotherhood of Teamsters, the Brotherhood of Locomotive Engineers and
the Amalgamated Transit Union to discuss the surface training issues.
V. Rulemaking Analyses and Notices
A. Paperwork Reduction Act
The Paperwork Reduction Act of 1995 (PRA) \158\ requires that TSA
consider the impact of paperwork and other information collection
burdens imposed on the public and, under the provisions of PRA sec.
3507(d), obtain approval from the OMB for each collection of
information it conducts, sponsors, or requires through regulations.
---------------------------------------------------------------------------
\158\ 44 U.S.C. 3501 et seq.
---------------------------------------------------------------------------
Under OMB Control No. 1652-0051, OMB has approved a related
information collection request for contact information for RSCs and
alternate RSCs, as well as the reporting of significant security
concerns by freight railroad carriers, passenger rail road carriers,
and rail transit systems.
This proposed rule contains new information collection activities
subject to the PRA. Accordingly, TSA has submitted the following
information requirements to OMB for its review. The OMB 83-I Supporting
Statement for this information collection request is available in the
docket for this rulemaking.
Title: Security Training Programs for Surface Mode Employees.
Summary: This proposed rule would require the following information
collections:
First, owner/operators identified in 49 CFR 1580.101, 1582.101, and
1584.101 would be required to submit to TSA for approval a security
training program for security-sensitive employees that meets the
requirements of subpart B of 49 CFR part 1580, subpart B of 49 CFR part
1582, and subpart B of 49 CFR part 1584.
Second, respondents would be required to retain individual training
records on security-sensitive employees at the location(s) specified in
each respondent's respective security training program, and make such
records available to TSA upon request.
Third, the public transportation bus systems and OTRB owner/
operators to whom the proposed rule applies would be required to report
significant security concerns, which includes incidents, suspicious
activities, and/or threat information.
Finally, the owner/operators to whom the proposed rule applies
would be required to make their operations and records available for
announced or unannounced inspections that would assess compliance with
the NPRM.
Use of: This proposal would support the information needs to
evaluate security training programs against requirements set forth in
the NPRM. Recordkeeping requirements would be used to verify employee
training is in compliance with the proposed rule. Security coordinator
information would support respondent communications with TSA concerning
intelligence information, security related activities, and incident or
threat response with appropriate law enforcement and emergency response
agencies. The reporting of significant security concerns would support
the analysis of trends and indicators of developing threats and
potential terrorist activity. Finally, information collected through
inspections would be used to enforce compliance with the proposed
requirements.
Respondents (including number of): The likely respondents to this
information collection are the owners and/or operators of covered
surface modes, which are estimated to incur approximately 1,374,501
responses over the next 3 years (including 449,067 freight railroad
responses; 673,033 PTPR responses; and 252,401 OTRB company responses),
which amounts to an average annual cost of $657,370.
Frequency: TSA estimates that following initial submission,
security training programs would need to be periodically updated as
appropriate. Security training records would need to be updated after
each training occurrence. Security coordinator information would need
to be updated as appropriate. Significant security concerns would be
reported as they occur. TSA estimates inspections for compliance would
occur at a rate of one inspection per year per owner/operator.
Annual Burden Estimate: The average yearly burden for security
training program development and submission, security coordinator
submission, employee training documentation recordkeeping, and incident
reporting is estimated to be 1,518 hours for freight railroads; 2,147
hours for PTPRs; and 4,247 hours for OTRB companies. The total average
annual time burden estimate is approximately 7,912 hours. Table 8 shows
the information collections and corresponding hour
[[Page 91371]]
burdens for entities falling under the requirements of the proposed
rule.
Table 8--PRA Hours of Burden
--------------------------------------------------------------------------------------------------------------------------------------------------------
Time per Number of responses Average
Collection response ------------------------------------------------ 3-Year time annual time
(hours) Year 1 Year 2 Year 3 burden burden
--------------------------------------------------------------------------------------------------------------------------------------------------------
Initial Security Training Program Development and Submission
--------------------------------------------------------------------------------------------------------------------------------------------------------
Freight Rail............................................ 52 36 0 0 1,872 624
PTPR.................................................... 52 47 0 0 2,444 815
OTRB (Large to Medium).................................. 32 28 0 1 928 309
OTRB (Small)............................................ 16 174 3 3 2,883 961
--------------------------------------------------------------------------------------------------------------------------------------------------------
Modified Security Training Program Development and Submission
--------------------------------------------------------------------------------------------------------------------------------------------------------
Freight Rail............................................ 25 32 0 0 810 270
PTPR.................................................... 25 21 0 0 518 173
OTRB (Large to Medium).................................. 16 25 0 0 418 139
OTRB (Small)............................................ 8 157 3 3 1,297 432
--------------------------------------------------------------------------------------------------------------------------------------------------------
Security Coordinator Information Submission
--------------------------------------------------------------------------------------------------------------------------------------------------------
PTPR.................................................... 0.5 52 8 8 35 12
OTRB.................................................... 0.5 459 178 181 409 136
--------------------------------------------------------------------------------------------------------------------------------------------------------
Employee Training Documentation Recordkeeping
--------------------------------------------------------------------------------------------------------------------------------------------------------
Freight Rail............................................ 0.004 148,992 149,665 150,341 1,871 624
PTPR.................................................... 0.004 219,437 219,646 219,856 2,746 915
OTRB.................................................... 0.004 41,300 41,824 42,355 523 174
--------------------------------------------------------------------------------------------------------------------------------------------------------
Incident Reporting
--------------------------------------------------------------------------------------------------------------------------------------------------------
PTPR.................................................... 0.05 4,652 4,652 4,652 698 233
OTRB.................................................... 0.05 41,173 41,898 42,635 6,285 2,095
-----------------------------------------------------------------------------------------------
Total Burden (responses)............................ .............. .............. .............. .............. 1,374,501 ..............
-----------------------------------------------------------------------------------------------
Total Burden (hours)................................ .............. .............. .............. .............. 23,735 7,912
--------------------------------------------------------------------------------------------------------------------------------------------------------
TSA is soliciting comments to--
(1) Evaluate whether the proposed information requirement is
necessary for the proper performance of the functions of the agency,
including whether the information would have practical utility;
(2) Evaluate the accuracy of the agency's estimate of the burden;
(3) Enhance the quality, utility, and clarity of the information to
be collected; and
(4) Minimize the burden of the collection of information on those
who are to respond, including using appropriate automated, electronic,
mechanical, or other technological collection techniques or other forms
of information technology.
Individuals and organizations may submit comments on the
information collection requirements by February 14, 2017. Direct the
comments to the address listed in the ADDRESSES section of this
document, and email your comments to OMB using the following address:
[email protected]. A comment to OMB is most effective if OMB
receives it within 30 days of publication. TSA will publish the OMB
control number for this information collection in the Federal Register
after OMB approves it.
As provided by the PRA, as amended, an agency may not conduct or
sponsor, and a person is not required to respond to, a collection of
information unless it displays a currently valid OMB control number.
B. Economic Impact Analyses
1. Regulatory Impact Analysis Summary
Changes to Federal regulations must undergo several economic
analyses. First, Executive Order (E.O.) 12866, Regulatory Planning and
Review,\159\ as supplemented by E.O. 13563, Improving Regulation and
Regulatory Review,\160\ directs each Federal agency to propose or adopt
a regulation only upon a reasoned determination that the benefits of
the intended regulation justify its costs. Second, the Regulatory
Flexibility Act of 1980 (RFA) \161\ requires agencies to consider the
economic impact of regulatory changes on small entities. Third, the
Trade Agreement Act of 1979 \162\ prohibits agencies from setting
standards that create unnecessary obstacles to the foreign commerce of
the United States. Fourth, the Unfunded Mandates Reform Act of 1995
\163\ (UMRA) requires agencies to prepare a written assessment of the
costs, benefits, and other effects of proposed or final rules that
include a Federal mandate likely to result in the expenditure by State,
local, or tribal governments, in the aggregate, or by the private
sector, of $100 million or more annually (adjusted for inflation).
---------------------------------------------------------------------------
\159\ 58 FR 51735 (Oct. 4, 1993).
\160\ 76 FR 3821 (Jan. 21, 2011).
\161\ Public Law 96-354, 94 Stat. 1164 (Sept. 19, 1980)
(codified at 5 U.S.C. 601 et seq., as amended by the Small Business
Regulatory Enforcement Fairness Act of 1996 (SBREFA)).
\162\ Public Law 96-39, 93 Stat. 144 (July 26, 1979) (codified
at 19 U.S.C. 2531-2533).
\163\ Public Law 104-4, 109 Stat. 66 (Mar. 22, 1995) (codified
at 2 U.S.C. 1181-1538).
---------------------------------------------------------------------------
[[Page 91372]]
2. Executive Orders 12866 and 13563 Assessments
Executive Orders 12866 and 13563 direct agencies to assess the
costs and benefits of available regulatory alternatives and, if
regulation is necessary, to select regulatory approaches that maximize
net benefits (including potential economic, environmental, public
health and safety effects, distributive impacts, and equity). Executive
Order 13563 emphasizes the importance of quantifying both costs and
benefits, of reducing costs, of harmonizing rules, and of promoting
flexibility.
In conducting these analyses, TSA has determined:
1. This rulemaking is a ``significant regulatory action,'' although
not an economically significant regulatory action, under sec. 3(f) of
E.O. 12866. Accordingly, the Office of Management and Budget (OMB) has
reviewed this NPRM.
2. TSA has prepared an Initial Regulatory Flexibility Analysis
(IRFA), which suggests this rulemaking would have a significant impact
on a substantial number of small entities.
3. This rulemaking would not constitute a barrier to international
trade.
4. This rulemaking does not impose an unfunded mandate on State,
local, or tribal governments, or on the private sector under UMRA.
TSA has prepared an analysis of its estimated costs and benefits,
summarized in the following paragraphs. The OMB Circular A-4 Accounting
Statement for this proposed rule is in section V.C. When estimating the
cost of a rulemaking, agencies typically estimate future expected costs
imposed by a regulation over a period of analysis. For this rule's
period of analysis, TSA uses a 10-year period of analysis to estimate
the initial and recurring costs of the regulated surface mode owner/
operators and new owner/operators that are expected due to industry
growth.
TSA concluded the following about the current, or baseline,
training environment for freight rail, public transportation and
passenger railroad (PTPR), and OTRB employees (see section 1.9 of the
RIA placed in the docket for further detailed information on the
current baseline):
There are 574 U.S. freight rail owners/operators and are composed
of 7 Class I, 21 Class II, and 546 Class III railroads.\164\ A total of
36 (7 Class I, 8 Class II, and 21 Class III) out of the 574 U.S.
freight rail owner/operators carry RSSM through an HTUA and would be
affected by the proposed rule.\165\ These 36 freight rail owner/
operators provide security awareness \166\ and chain of custody and
control \167\ trainings to their employees. These trainings address two
of the required elements of security training required by the proposed
rule in Sec. 1580.115 (Security training and knowledge for security-
sensitive employees: Prepare and Assess). Additionally, freight rail
owner/operators are already required to comply with the requirements to
assign security coordinators and report significant security concerns
to TSA under current 49 CFR 1580. Table 9 below displays the
requirements of the proposed rule for freight rail. The check marked
items in the table represent existing requirements under PHMSA 49 CFR
172.704 and 1580.107, therefore do not represent additional burden to
the freight rail owners/operators.
---------------------------------------------------------------------------
\164\ AAR, ``Railroad Facts, 2015 Edition,'' at 3 (2015).
\165\ TSA used its railcar tracking system that monitors toxic
inhalant hazard cars, the Toxic Inhalation Hazard Risk Reduction
Verification System, (TIHRRVS) to identify freight rail owner/
operators.
\166\ As required by PHMSA 49 CFR 172.704.
\167\ In place because of the chain of custody requirement in 49
CFR 1580.107.
[GRAPHIC] [TIFF OMITTED] TP16DE16.015
There are more than 7,100 public transportation organizations.\168\
Of these, 47 PTPR owner/operators \169\ fall within the applicability
of the proposed rule. Twenty-four of these 47 PTPR owner/operators
effectively provide training to their employees on security awareness
and employee- and company-specific security programs and measures.\170\
These trainings address two of the required elements of security
training required by the proposed rule in Sec. 1582.115 (Security
training and knowledge for security-sensitive employees: Prepare and
Assess). Additionally, 23 PTPR owner/operators are already required to
comply with the requirements to assign security coordinators and report
significant security concerns to TSA under current 49 CFR 1580. Table
10 below displays the requirements of the proposed rule for PTPRs. The
check marked items in the table represent existing requirements under
49 CFR 1580 and, therefore do not represent additional burden to the
freight rail owners/operators.
---------------------------------------------------------------------------
\168\ APTA, ``2014 Public Transportation Fact Book'' (Nov.
2014), available at http://www.apta.com/resources/statistics/Documents/FactBook/2014-APTA-Fact-Book.pdf.
\169\ TSA elicited and used input from SMEs in its Surface
Division, combined with data from the Federal Transit
Administration's (FTA) National Transit Database (NTD) to identify
the 47 PTPR owner/operators.
\170\ Agencies identified using latest evaluation from TSA's
BASE assessment. Information on BASE assessment can be found here:
https://www.tsa.gov/news/top-stories/2015/09/21/transit-agencies-earn-high-ratings-through-base-program.
---------------------------------------------------------------------------
[[Page 91373]]
[GRAPHIC] [TIFF OMITTED] TP16DE16.016
There are 3,741 U.S. companies in the motorcoach industry.\171\ Of
these, 202 of them \172\ fall within the applicability of the proposed
rule. Three of the 202 are large OTRB companies that currently use the
TSA-supplied First ObserverTM program, which covers a
majority of the 9/11 Act security training requirements, to train their
employees. This training addresses three of the security training
elements of this proposed rule Sec. 1584.115 (Security training and
knowledge for security-sensitive employees: Observe, Assess, and
Respond). Table 11 displays the requirements of this proposed rule for
OTRB owner/operators. The check marked items in the table represent the
training components already covered by the First ObserverTM
program and, therefore do not represent additional burden to the ORTB
owners/operators currently using this program compared to the ``no-
action'' baseline.\173\ In Appendix A of the RIA, however, TSA has also
monetized the cost of their current participation in First
ObserverTM. TSA estimated this cost at $0.36 million to
these owner/operators over 10 years (discounted at 7 percent).\174\
---------------------------------------------------------------------------
\171\ American Bus Association Foundation, ``Motorcoach Census
2014'' (Mar. 12, 2015), available at http://www.buses.org/assets/images/uploads/general/Report%20-%20Census2013data.pdf.
\172\ TSA relied on a variety of sources to identify the 202
owner/operators: TSA Intercity Bus Security Grant Program (IBSGP)
applications, the American Intercity Bus Riders Association (AIBRA)
intercity bus service operator list, consultations with ABA, and
Internet research of Web sites like GotoBus.com and other publicly
available sources of information.
\173\ OMB, ``Circular A-4,'' at 2 (Sept. 17, 2003), available at
https://www.whitehouse.gov/sites/default/files/omb/assets/regulatory_matters_pdf/a-4.pdf (``Benefits and costs are defined in
comparison with a clearly stated alternative. This normally will be
a `no action' baseline: What the world will be like if the proposed
rule is not adopted.'').
\174\ OMB also requires TSA to consider a ``pre-statute''
baseline. Id. at 16. Costs of First ObserverTM have
accrued since passage of the 9/11 Act and are part of this ``pre-
statute'' baseline.
[GRAPHIC] [TIFF OMITTED] TP16DE16.017
TSA summarizes the costs of the proposed rule to be borne by four
affected parties: Freight railroad owner/operators, PTPR owner/
operators, OTRB owner/operators, and TSA. As displayed in Table 12, TSA
estimates
[[Page 91374]]
the 10-year total cost of this proposed rule to be $222.80 million
undiscounted, $190.45 million discounted at 3 percent, and $157.27
million discounted at 7 percent. The costs to industry (all three
surface modes) comprise approximately 99 percent of the total costs of
the rule; and the remaining costs are incurred by TSA.
Table 12--Total Cost of the Proposed Rule by Entity
[$ millions]
--------------------------------------------------------------------------------------------------------------------------------------------------------
Total proposed rule cost
-----------------------------------------------
Year Freight rail PTPR OTRB TSA Discounted at Discounted at
Undiscounted 3% 7%
--------------------------------------------------------------------------------------------------------------------------------------------------------
1....................................... $14.51 $9.29 $2.04 $0.52 $26.35 $25.59 $24.63
2....................................... 14.37 5.84 1.62 0.12 21.95 20.69 19.17
3....................................... 8.68 9.06 1.47 0.13 19.33 17.69 15.78
4....................................... 14.50 5.85 1.66 0.13 22.13 19.67 16.89
5....................................... 14.56 9.08 1.68 0.13 25.45 21.95 18.15
6....................................... 8.93 6.00 1.82 0.18 16.93 14.18 11.28
7....................................... 14.69 9.10 1.73 0.13 25.65 20.86 15.98
8....................................... 14.76 5.87 1.76 0.14 22.66 17.78 13.11
9....................................... 8.92 9.11 1.60 0.14 19.76 15.15 10.75
10...................................... 14.89 5.88 1.80 0.14 22.71 16.91 11.55
---------------------------------------------------------------------------------------------------------------
Total............................... 128.80 75.08 17.17 1.75 222.80 190.45 157.27
Annualized.......................... .............. .............. .............. .............. .............. 22.33 22.39
--------------------------------------------------------------------------------------------------------------------------------------------------------
Note: Totals may not add due to rounding.
TSA estimates the 10-year costs to the freight railroad industry to
be $128.80 million undiscounted, $110.00 million discounted at 3
percent, and $90.74 million discounted at 7 percent, as displayed by
cost categories in Table 13.
[GRAPHIC] [TIFF OMITTED] TP16DE16.018
TSA estimates the 10-year costs to the PTPR industry to be $75.08
million undiscounted, $64.26 million discounted at 3 percent, and
$53.14 million discounted at 7 percent, as displayed by cost categories
in Table 14.
[[Page 91375]]
[GRAPHIC] [TIFF OMITTED] TP16DE16.019
TSA estimates the 10-year costs to the OTRB industry to be $17.17
million undiscounted, $14.65 million discounted at 3 percent, and
$12.08 million discounted at 7 percent, as displayed by cost categories
in Table 15.
[GRAPHIC] [TIFF OMITTED] TP16DE16.020
TSA estimates the 10-year costs to TSA to be $1.75 million
undiscounted, $1.54 million discounted at 3 percent, and $1.31 million
discounted at 7 percent, as displayed by cost categories in Table 16.
[[Page 91376]]
[GRAPHIC] [TIFF OMITTED] TP16DE16.021
The proposed rule would enhance surface transportation security by
reducing vulnerability to terrorist attacks in four different ways.
First, the surface transportation employees in each of the three
covered modes would be trained to identify security vulnerabilities.
Second, these surface transportation employees would be better trained
to recognize potentially threatening behavior and properly report that
information. Third, these surface employees would be trained to respond
to incidents, thereby mitigating the consequences of an attack.
Finally, the covered surface transportation owner/operators would be
required to report significant security concerns to TSA so that TSA can
analyze potential threats across all modes.
While training is not an absolute deterrent for terrorists intent
on carrying out attacks on surface modes of transportation, TSA expects
the probability of success for such attacks to decrease if security-
sensitive employees within these transportation modes are trained in
the elements required under the proposed rule.
TSA uses a break-even analysis to frame the relationship between
the potential benefits of the proposed rule and the costs of
implementing the rule. When it is not possible to quantify or monetize
a majority of the incremental benefits of a regulation, OMB recommends
conducting a threshold, or ``break-even'' analysis. According to OMB
Circular No. A-4, ``Regulatory Analysis,'' such an analysis answers the
question ``How small could the value of the non-qualified benefits be
(or how large would the value of the non-quantified costs need to be)
before the rule would yield zero net benefits?'' \175\
---------------------------------------------------------------------------
\175\ See id.
---------------------------------------------------------------------------
To conduct the break-even analysis, TSA evaluates three composite
scenarios for each the three modes covered by the proposed rule. For
each scenario, TSA calculates a total monetary consequence from an
estimated statistical value of the human casualties and capital
replacement resulting from the attack (see Section 4.3 of the Surface
Training Program for Surface Mode Employees Regulatory Impact Analysis
for a more detailed description of these calculations however many
assumptions regarding specific terrorist attacks scenarios are SSI and
cannot be publically released).
Table 17 presents the composite or weighted average of direct
consequences from a successful attack on each mode.
[[Page 91377]]
[GRAPHIC] [TIFF OMITTED] TP16DE16.022
TSA compared the estimated direct monetary costs of an attack to
the annualized cost (discounted at 7 percent) to industry and TSA from
the proposed rule for each mode to estimate how often an attack of that
nature would need to be averted for the expected benefits to equal
estimated costs. Table 18 presents the results of the break-even
analysis for each mode. For example, Table 18 shows that if the freight
rail training requirements in this rule prevents one freight rail
terrorist attack every 96 years, this rule ``breaks-even'' (the
benefits equal the costs).
---------------------------------------------------------------------------
\176\ As explained in the RIA in the docket, to monetize
injuries, TSA used two approaches (depending on whether the injury
was due to exposure to hazardous chemicals). To monetize ``non-
chemical'' injuries, TSA uses guidance from the Department of
Transportation for valuing injuries based on the Abbreviated Injury
Scale. To monetize chemical-related injuries, TSA obtained
information on the cost of medical treatment for poisoning injuries.
\177\ Total Direct Consequences = (Deaths x $9.1 million VSL) +
(Severe injuries x $2.42 million) + (Moderate injuries x $0.43
million) + (Severe chemical injuries x $42,462) + (Moderate chemical
injuries x $1,563) + Public property loss + Private property loss +
Rescue and clean-up cost.
---------------------------------------------------------------------------
The break-even analysis does not include the difficult to quantify
indirect costs of an attack or the macroeconomic impacts that could
occur due to a major attack. In addition to the direct impacts of a
terrorist attack in terms of lost life and property, there are other
more indirect impacts that are difficult to measure. As noted by Cass
Sunstein in the Laws of Fear, ``. . . fear is a real social cost, and
it is likely to lead to other social costs.'' \178\ In addition,
Ackerman and Heinzerling state ``. . . terrorism `works' through the
fear and demoralization caused by uncontrollable uncertainty.'' \179\
As devastating as the direct impacts of a successful terrorist attack
can be in terms of the immediate loss of life and property, avoiding
the impacts of the more difficult to measure indirect effects are also
substantial benefits of preventing a terrorist attack.
---------------------------------------------------------------------------
\178\ Cass R. Sunstein, ``Laws of Fear,'' at 127 (2005).
\179\ Frank Ackerman and Lisa Heinzerling, ``Priceless On
Knowing the Price of Everything and the Value of Nothing,'' at 136
(2004).
Table 18--Break-Even Analysis Results
[$ millions]
----------------------------------------------------------------------------------------------------------------
Weighted
average direct Annualized
Modes costs of a cost of the Breakeven averted attack
successful proposed rule frequency c = a / b
attack a at 7% b
----------------------------------------------------------------------------------------------------------------
Freight Rail.................................. $1,218.92 $12.94 One attack every 94 years.
PTPR.......................................... 613.19 7.60 One attack every 81 years.
OTRB.......................................... 679.02 1.86 One attack every 365 years.
----------------------------------------------------------------------------------------------------------------
Note: Totals may not add due to rounding.
3. OMB A-4 Statement
The OMB A-4 Accounting Statement (in Table 19) presents annualized
costs and qualitative benefits of the proposed rule.
[[Page 91378]]
Table 19--OMB A-4 $ Accounting Statement
[in $ millions, 2015 dollars]
----------------------------------------------------------------------------------------------------------------
Source citation
Category Primary estimate Minimum estimate Maximum estimate (final RIA,
preamble, etc.)
----------------------------------------------------------------------------------------------------------------
Benefits ($ millions)
----------------------------------------------------------------------------------------------------------------
Annualized monetized benefits .................. .................. .................. NPRM RIA.
(discount rate in
parentheses).
------------------------------------------------------------
Unquantified benefits........ The requirements proposed in this rule, if finalized, NPRM RIA.
produce benefits by reducing security risks through
training security-sensitive surface mode employees to
identify and/or mitigate an attempted terrorist attack.
----------------------------------------------------------------------------------------------------------------
Costs ($ millions)
----------------------------------------------------------------------------------------------------------------
Annualized monetized costs (7%) $22.39 .................. .................. NPRM RIA.
(discount rate in (3%) $22.33
parentheses).
Annualized quantified, but 0 0 0 NPRM RIA.
unmonetized, costs.
------------------------------------------------------------
Qualitative costs N/A NPRM RIA.
(unquantified).
----------------------------------------------------------------------------------------------------------------
Transfers
----------------------------------------------------------------------------------------------------------------
Annualized monetized 0 0 0 NPRM RIA.
transfers: ``on budget''.
From whom to whom?........... N/A N/A N/A None.
Annualized monetized 0 0 0 NPRM RIA.
transfers: ``off-budget''.
From whom to whom?........... N/A N/A N/A None.
----------------------------------------------------------------------------------------------------------------
Miscellaneous Analyses/ Effects Source Citation (NPRM
Category RIA, preamble,
etc.).
----------------------------------------------------------------------------------------------------------------
Effects on State, local, and/ None NPRM RIA.
or tribal governments.
Effects on small businesses.. Prepared IRFA IRFA.
Effects on wages............. None None.
Effects on growth............ None None.
----------------------------------------------------------------------------------------------------------------
4. Alternatives Considered
In addition to the proposed rule, TSA also considered two
alternative policies. As discussed in section III.K of this NPRM, the
first alternative (Alternative 1) only includes requirements that are
statutory according to the 9/11 Act.\180\ The second alternative
(Alternative 2) expands the population of owners/operators to all who
operate within the UASI--which includes the entire metropolitan
statistical area--and requires them to develop their own training
program. This would be the case if First Observer PlusTM
were not made available to owner/operators or if the owners/operators
would not adopt First Observer PlusTM. This alternative was
considered in the early stages of this proposed rule when the First
ObserverTM program was still in development. Notionally, an
owner/operator-developed training program would provide a marginal
increase in effectiveness over a ``one size fits all'' training program
because it would be customized to the individual owner/operator and
take into account the unique security and structural characteristics
inherent in a large and complicated system like a transportation
network.
---------------------------------------------------------------------------
\180\ Table 59 in the RIA found in the docket provides a
section-by section analysis of which regulatory provisions are
statutorily required and which provisions are discretionary.
---------------------------------------------------------------------------
Though not the least costly option, TSA selects the proposed rule
as its preferred alternative because TSA recommends that all surface
mode employees be refreshed on their security training objectives
annually, in an abbreviated method at the very least. TSA recognizes
recurrent training as essential to maintaining a high level of security
awareness. The 9/11 Act recognizes this as well by requiring routine
and ongoing training for public transportation employees. Congress has
left it to the discretion of TSA to determine the appropriate schedule
for recurrent training. TSA believes that annual training is essential
for maintaining a high level of security awareness among surface
transportation employees. TSA's goal is to ensure the expected baseline
of security awareness is reached and maintained across the higher-risk
systems and will work with the owner/operators as necessary to ensure
that goal is accomplished.
Additionally, the affected population for the proposed rule (and
Alternative 1) is based on a risk assessment on these modes of
transportation (for more detail see preamble section III.B.). TSA
reviewed the scope of the relevant industries and the security risks
associated with each. This assessment considers not only threat (as
informed by intelligence), but also the potential consequences of a
terrorist attack on a system or vehicle(s) and the vulnerabilities
inherent in the design and/or operation of these systems and vehicles.
Both the proposed rule and Alternative 1 target higher-risk areas or
transportation systems as opposed to Alternative 2, which covers a
broader population and sets its parameters by other industry
characteristics. The reasons for rejecting Alternative 2 are discussed
in section III.D. of this NPRM. For these reasons, TSA has chosen the
proposed rule as its preferred alternative. Table 20 presents a
[[Page 91379]]
comparison of the costs by cost component for industry and TSA for the
proposed rule and both alternatives.
[GRAPHIC] [TIFF OMITTED] TP16DE16.023
[[Page 91380]]
[GRAPHIC] [TIFF OMITTED] TP16DE16.024
5. Regulatory Flexibility Assessment
The Regulatory Flexibility Act (RFA) of 1980 requires agencies to
consider the impacts of their rules on small entities. TSA performed an
Initial Regulatory Flexibility Analysis (IRFA) to analyze the impact to
small entities affected by the proposed rule. See the RIA in the docket
for the full IRFA. A summary of the RFA is below.
Under the RFA, the term ``small entities'' comprises small
businesses, not-for-profit organizations that are independently owned
and operated and are not dominant in their fields, and small
governmental jurisdictions with populations of less than 50,000.
Individuals and States are not considered ``small entities'' based on
the definitions in the RFA (5 U.S.C. 601).
The PTPR owner/operators affected by this proposed rule are not
considered small because they are either owned/operated by governmental
jurisdictions that exceed the RFA population threshold of 50,000 or a
business that exceeds the SBA size threshold. Only freight rail and
OTRB owner/operators have small entities that may be affected by the
proposed rule. TSA uses the Small Business Administration's (SBA) size
standards to identify that 13 freight rail owner/operators affected by
the proposed rule are considered a small business. TSA calculates that
proposed rule's requirements are estimated to cost $68.78 per employee
and $6,068.49 per entity to these freight rail owner/operators. Of
these 13 small freight rail owner/operators, TSA estimates that only
one of them would have an impact to revenue greater that 1 percent. For
OTRBs, TSA uses SBA's threshold to estimate that 174 OTRB owner/
operators affected by the proposed rule are considered a small
business. TSA calculates that the proposed rule's requirements are
estimated to cost $33.41 per employee and $3,347.67 per entity to these
OTRB owner/operators. Of these 174 small OTRB owner/operators, TSA
estimates that 20 of them would have an impact to revenue greater than
1 percent.
TSA considered two alternative policies in addition to the proposed
rule. As discussed in section III.K of this NPRM and section 5.1 of the
RIA, the first alternative (Alternative 1) only includes requirements
that are statutory according to the 9/11 Act. This alternative would
remain applicable to the same population of the proposed rule, but
would only require owner/operators to train security-sensitive
employees according to statutory guidelines set in the 9/11 Act. In
Alternative 1, recurrent training is required only once every three
years--similar to other training requirements of transportation modes--
because the 9/11 Act does not require annual recurrent training as TSA
does in the proposed rule.
As discussed in section III.F(1)(2)(3) of this NPRM (Alternatives
Considered) and section 5.2 of the RIA, the second alternative
(Alternative 2) expands the population of owners/operators to all who
operate within the UASI--which includes the entire metropolitan
statistical area-and requires them to develop their own training
program. TSA considered Alternative 2 while the First
ObserverTM program was still in development.
TSA chose the proposed rule as its preferred alternative, thus
rejecting Alternative 1, because TSA recommends that all surface mode
employees be refreshed on their security training objectives annually.
TSA recognizes recurrent training as essential to maintaining a high
level of security awareness. TSA's objective is to ensure the expected
baseline of security
[[Page 91381]]
awareness is reached and maintained across the higher-risk systems and
will work with the owner/operators as necessary to ensure that goal is
accomplished. TSA has met this objective by developing First Observer
PlusTM. TSA intends for the training content in First
Observer PlusTM to align with most of the regulatory
requirements in a final rule. This resource will be provided free to
owner/operators so that they may comply with the proposed rule at
minimized costs.
Additionally, the affected population for the proposed rule (and
Alternative 1) is based on a risk assessment on these modes of
transportation (for more detail see section III.B of this NPRM). TSA
reviewed the scope of the relevant industries and the security risks
associated with each. This assessment considers not only threat (as
informed by intelligence), but also the potential consequences of a
terrorist attack on a system or vehicle(s) and the vulnerabilities
inherent in the design and/or operation of these systems and vehicles.
Both the proposed rule and Alternative 1 target higher-risk areas or
transportation systems as opposed to Alternative 2, which covers a
broader population and sets its parameters by other industry
characteristics. Alternative 2 leads to higher costs to small entities
not necessarily considered higher-risk. TSA rejected Alternative 2
because the agency has determined that the proposed rule better aligns
with its commitment to risk-based security policy and outcomes-based
regulation and because it would impose a higher cost to small entities
outside the higher-risk profile.
TSA invites all interested parties to submit data and information
regarding the potential economic impact on small entities that would
result from the adoption of the proposed requirements in the proposed
rule.
6. International Trade Impact Assessment
The Trade Agreement Act of 1979 prohibits Federal agencies from
establishing any standards or engaging in related activities that
create unnecessary obstacles to the foreign commerce of the United
States. Legitimate domestic objectives, such as safety, are not
considered unnecessary obstacles. The statute also requires
consideration of international standards and, where appropriate, that
they be the basis for U.S. standards. TSA has assessed the potential
effect of this proposed rule and has determined that it would have only
a domestic impact and therefore no effect on any trade-sensitive
activity.
7. Unfunded Mandates Assessment
The Unfunded Mandates Reform Act of 1995 (UMRA) is intended, among
other things, to curb the practice of imposing unfunded Federal
mandates on State, local, and tribal governments. Title II of the UMRA
requires each Federal agency to prepare a written statement assessing
the effects of any Federal mandate in a proposed or final agency rule
that may result in a $100 million or more expenditure (adjusted
annually for inflation) in any one year by State, local, and tribal
governments, in the aggregate, or by the private sector; such a mandate
is deemed to be a ``significant regulatory action.''
This proposed rule does not contain such a mandate. The
requirements of Title II of the UMRA, therefore, do not apply and TSA
has not prepared a statement.
C. Executive Order 13132, Federalism
TSA has analyzed this rulemaking under the principles and criteria
of Executive Order 13132, Federalism. We determined that this action
would not have a substantial direct effect on the States, on the
relationship between the National Government and the States, or on the
distribution of power and responsibilities among the various levels of
government, and therefore would not have federalism implications.
D. Environmental Analysis
TSA has reviewed this rulemaking for purposes of the National
Environmental Policy Act of 1969 (NEPA) (42 U.S.C. 4321-4347) and has
determined that this action will not have a significant effect on the
human environment. This action is covered by categorical exclusion
(CATEX) number A3(b) in DHS Management Directive 023-01 (formerly
Management Directive 5100.1), Environmental Planning Program, which
guides TSA compliance with NEPA.
E. Energy Impact Analysis
The energy impact of this rulemaking has been assessed in
accordance with the Energy Policy and Conservation Act (EPCA), Public
Law 94-163, as amended (42 U.S.C. 6362). TSA has determined that this
rulemaking is not a major regulatory action under the provisions of the
EPCA.
List of Subjects
49 CFR Part 1500
Air carriers, Air transportation, Aircraft, Airports, Bus transit
systems, Commuter bus systems, Law enforcement officer, Maritime
carriers, Over-the-Road buses, Public transportation, Rail hazardous
materials receivers, Rail hazardous materials shippers, Rail transit
systems, Railroad carriers, Railroad safety, Railroads, Reporting and
recordkeeping requirements, Security measures, Transportation facility,
Vessels.
49 CFR Part 1520
Air carriers, Air transportation, Aircraft, Airports, Bus transit
systems, Commuter bus systems, Law enforcement officer, Maritime
carriers, Over-the-Road buses, Public transportation, Rail hazardous
materials receivers, Rail hazardous materials shippers, Rail transit
systems, Railroad carriers, Railroad safety, Railroads, Reporting and
recordkeeping requirements, Security measures, Transportation facility,
Vessels.
49 CFR Part 1570
Commuter bus systems, Crime, Fraud, Hazardous materials
transportation, Motor carriers, Over-the-Road bus safety, Over-the-Road
buses, Public transportation, Public transportation safety, Rail
hazardous materials receivers, Rail hazardous materials shippers, Rail
transit systems, Railroad carriers, Railroad safety, Railroads,
Reporting and recordkeeping requirements, Security measures,
Transportation facility, Transportation Security-Sensitive Materials.
49 CFR Part 1580
Hazardous materials transportation, Rail hazardous materials
receivers, Rail hazardous materials shippers, Railroad carriers,
Railroad safety, Railroads, Reporting and recordkeeping requirements,
Security measures.
49 CFR Part 1582
Public transportation, Public transportation safety, Railroad
carriers, Railroad safety, Railroads, Rail transit systems, Reporting
and recordkeeping requirements, Security measures.
49 CFR Part 1584
Over-the-Road bus safety, Over-the-Road buses, Reporting and
recordkeeping requirements, Security measures.
The Proposed Amendments
For the reasons set forth in the preamble, the Transportation
Security Administration proposes to amend Chapter XII, of Title 49,
Code of Federal Regulations to read as follows:
[[Page 91382]]
SUBCHAPTER A--ADMINISTRATIVE AND PROCEDURAL RULES
PART 1500--APPLICABILITY, TERMS, AND ABBREVIATIONS
0
1. The authority citation for part 1500 is revised to read as follows:
Authority: 6 U.S.C. 1137, 1151, 1167, and 1184; 49 U.S.C. 114,
5103, 40113, 44901-44907, 44913-44914, 44916-44918, 44935-44936,
44942, 46105.
0
2. Revise Sec. 1500.3 to read as follows:
Sec. 1500.3 Terms and abbreviations used in this chapter.
As used in this chapter:
Administrator means the Assistant Secretary for Homeland Security,
Transportation Security Administration (Assistant Secretary), who is
the highest-ranking TSA official, or his or her designee. Administrator
also means the Under Secretary of Transportation for Security
identified in 49 U.S.C. 114(b).
Authorized representative means any individual who is not a direct
employee of a person regulated under this title, but is authorized to
act on that person's behalf to perform measures required under the
Transportation Security Regulations, or a TSA security program. For
purposes of this subchapter, the term ``authorized representative''
includes agents, contractors, and subcontractors, and employees of the
same.
Bus means any of several types of motor vehicles used by public or
private entities to provide transportation service for passengers.
Bus transit system means a public transportation system providing
frequent transportation service (not limited to morning and evening
peak travel times) for the primary purpose of moving passengers between
bus stops, often through multiple connections (a bus transit system
does not become a commuter bus system even if its primary purpose is
the transportation of commuters). This term does not include tourist,
scenic, historic, or excursion operations.
Commuter bus system means a system providing passenger service
primarily during morning and evening peak periods, between an urban
area and more distant outlying communities in a greater metropolitan
area. This term does not include tourist, scenic, historic, or
excursion operations.
Commuter passenger train service means ``train, commuter'' as
defined in 49 CFR 238.5, and includes service provided by diesel or
electric powered locomotives and railroad passenger cars to serve an
urban area, its suburbs, and more distant outlying communities in the
greater metropolitan area. A commuter passenger train service is part
of the general railroad system of transportation regardless of whether
it is physically connected to other railroads.
DHS means the Department of Homeland Security and any directorate,
bureau, or other component within the Department of Homeland Security,
including the United States Coast Guard.
DOT means the Department of Transportation and any operating
administration, entity, or office within the Department of
Transportation.
Fixed-route service means the provision of transportation service
by private entities operated along a prescribed route according to a
fixed schedule.
General railroad system of transportation means ``the network of
standard gauge track over which goods may be transported throughout the
nation and passengers may travel between cities and within metropolitan
and suburban areas'' as defined in Appendix A to 49 CFR part 209.
Hazardous material means ``hazardous material'' as defined in 49
CFR 171.8.
Heavy rail transit means service provided by self-propelled
electric railcars, typically drawing power from a third rail, operating
in separate rights-of-way in multiple cars; also referred to as
subways, metros or regional rail.
Host railroad means a railroad that has effective control over a
segment of track.
Improvised explosive device (IED) means a device fabricated in an
improvised manner that incorporates explosives or destructive, lethal,
noxious, pyrotechnic, or incendiary chemicals in its design, and
generally includes a power supply, a switch or timer, and a detonator
or initiator.
Intercity passenger train service means both ``train, long-distance
intercity passenger'' and ``train, short-distance intercity passenger''
as defined in 49 CFR 238.5.
Light rail transit means service provided by self-propelled
electric railcars, typically drawing power from an overhead wire,
operating in either exclusive or non-exclusive rights-of-way in single
or multiple cars, with shorter distance trips, and frequent stops; also
referred to as streetcars, trolleys, and trams.
Motor vehicle means a vehicle, machine, tractor, trailer, or
semitrailer propelled or drawn by mechanical power and used upon the
highways in the transportation of passengers or property, or any
combination thereof, but does not include any vehicle, locomotive, or
car operated exclusively on a rail or rails, or a trolley bus operated
by electric power derived from a fixed overhead wire, furnishing local
passenger transportation similar to street-railway service.
Over-the-Road Bus (OTRB) means a bus characterized by an elevated
passenger deck located over a baggage compartment.
Owner/operator means any person that owns, or maintains operational
control over, any transportation infrastructure asset, facility, or
system regulated under this title, including airport operator, aircraft
operator, foreign air carrier, indirect air carrier, certified cargo
screening facility, flight school within the meaning of 49 CFR
1552.1(b), motor vehicle, public transportation agency, or railroad
carrier. For purposes of a maritime facility or a vessel, owner/
operator has the same meaning as defined in 33 CFR 101.105.
Passenger rail car means rail rolling equipment intended to provide
transportation for members of the general public and includes a self-
propelled rail car designed to carry passengers, baggage, mail, or
express. This term includes a rail passenger coach, cab car, and a
Multiple Unit (MU) locomotive. In the context of articulated equipment,
``passenger rail car'' means that segment of the rail rolling equipment
located between two trucks. This term does not include a private rail
car.
Passenger railroad carrier means a railroad carrier that provides
transportation to persons (other than employees, contractors, or
persons riding equipment to observe or monitor railroad operations) by
railroad in intercity passenger service or commuter or other short-haul
passenger service in a metropolitan or suburban area.
Passenger train means a train that transports or is available to
transport members of the general public.
Person means an individual, corporation, company, association,
firm, partnership, society, joint-stock company, or governmental
authority. It includes a trustee, receiver, assignee, successor, or
similar representative of any of them.
Private rail car means rail rolling equipment that is used only for
excursion, recreational, or private transportation purposes. A private
rail car is not a passenger rail car.
Public transportation means transportation provided to the general
public by a regular and continuing general or specific transportation
vehicle that is owned or operated by a
[[Page 91383]]
public transportation agency, including providing one or more of the
following types of passenger transportation:
(1) Intercity or commuter passenger train service or other short-
haul railroad passenger service in a metropolitan or suburban area (as
described by 49 U.S.C. 20102(1)).
(2) Heavy or light rail transit service, whether on or off the
general railroad system of transportation.
(3) An automated guideway, cable car, inclined plane, funicular, or
monorail system.
(4) Bus transit or commuter bus service.
Public transportation agency means any publicly-owned or operated
provider of regular and continuing public transportation.
Rail hazardous materials receiver means any owner/operator of a
fixed-site facility that has a physical connection to the general
railroad system of transportation and receives or unloads from
transportation in commerce by rail one or more of the categories and
quantities of rail security-sensitive materials identified in 49 CFR
1580.3, but does not include the owner/operator of a facility owned or
operated by a department, agency or instrumentality of the Federal
government.
Rail hazardous materials shipper means the owner/operator of any
fixed-site facility that has a physical connection to the general
railroad system of transportation and offers (as defined in the
definition of ``person who offers or offeror'' in 49 CFR 171.8),
prepares or loads for transportation by rail one or more of the
categories and quantities of rail security-sensitive materials as
identified in 49 CFR 1580.3, but does not include the owner/operator of
a facility owned or operated by a department, agency or instrumentality
of the Federal government.
Rail secure area means a secure location(s) identified by a rail
hazardous materials shipper or rail hazardous materials receiver where
security-related pre-transportation or transportation functions are
performed or rail cars containing the categories and quantities of rail
security-sensitive materials are prepared, loaded, stored, and/or
unloaded.
Rail transit facility means rail transit stations, terminals, and
locations at which rail transit infrastructure assets are stored,
command and control operations are performed, or maintenance is
performed. The term also includes rail yards, crew management centers,
dispatching centers, transportation terminals and stations, fueling
centers, and telecommunication centers.
Rail transit system or ``Rail Fixed Guideway System'' means any
light, heavy, or rapid rail system, monorail, inclined plane,
funicular, cable car, trolley, or automated guideway that traditionally
does not operate on track that is part of the general railroad system
of transportation.
Railroad carrier means an owner/operator providing railroad
transportation.
Railroad transportation means any form of non-highway ground
transportation that runs on rails or electromagnetic guideways,
including (1) commuter or other short-haul rail passenger service in a
metropolitan or suburban area and (2) high speed ground transportation
systems that connect metropolitan areas, without regard to whether
those systems use new technologies not associated with traditional
railroads. Such term includes rail transit service operating on track
that is part of the general railroad system of transportation but does
not include rapid transit operations in an urban area that are not
connected to the general railroad system of transportation.
Record includes any means by which information is preserved,
irrespective of format, including a book, paper, drawing, map,
recording, tape, film, photograph, machine-readable material, and any
information stored in an electronic format. The term record also
includes any draft, proposed, or recommended change to any record.
Sensitive security information (SSI) means information that is
described in and must be managed in accordance with 49 CFR part 1520.
State means a State of the United States and the District of
Columbia.
Tourist, scenic, historic, or excursion operation means a railroad
or bus operation that carries passengers, often using antiquated
equipment, with the conveyance of the passengers to a particular
destination not being the principal purpose. Train or bus movements of
new passenger equipment for demonstration purposes are not tourist,
scenic, historic, or excursion operations.
Transit means mass transportation by a conveyance that provides
regular and continuing general or special transportation to the public,
but does not include school bus, charter, or sightseeing
transportation. Rail transit may occur on or off the general railroad
system of transportation.
Transportation or transport means the movement of property
including loading, unloading, and storage. Transportation or transport
also includes the movement of people, boarding, and disembarking
incident to that movement.
Transportation facility means a location at which transportation
cargo, equipment or infrastructure assets are stored, equipment is
transferred between conveyances and/or modes of transportation,
transportation command and control operations are performed, or
maintenance operations are performed. The term also includes, but is
not limited to, passenger stations and terminals (including any fixed
facility at which passengers are picked-up or discharged), vehicle
storage buildings or yards, crew management centers, dispatching
centers, fueling centers, and telecommunication centers.
Transportation security equipment and systems means items, both
integrated into a system and stand-alone, used by owner/operators to
enhance capabilities to detect, deter, prevent, or respond to a threat
or incident, including, but not limited to, video surveillance,
explosives detection, radiological detection, intrusion detection,
motion detection, and security screening.
Transportation Security Regulations (TSR) means the regulations
issued by the Transportation Security Administration, in title 49 of
the Code of Federal Regulations, chapter XII, which includes parts 1500
through 1699.
Transportation Security-Sensitive Material (TSSM) means hazardous
materials identified in 49 CFR 172.800(b).
TSA means the Transportation Security Administration.
United States, in a geographical sense, means the States of the
United States, the District of Columbia, and territories and
possessions of the United States, including the territorial sea and the
overlying airspace.
Vulnerability assessment includes any review, audit, or other
examination of the security of a transportation system, infrastructure
asset, or a transportation-related automated system or network to
determine its vulnerability to unlawful interference, whether during
the conception, planning, design, construction, operation, or
decommissioning phase. A vulnerability assessment includes the
methodology for the assessment, the results of the assessment, and any
proposed, recommended, or directed actions or countermeasures to
address security concerns.
[[Page 91384]]
PART 1503--INVESTIGATIVE AND ENFORCEMENT PROCEDURES
0
3. The authority citation for part 1503 continues to read as follows:
Authority: 6 U.S.C. 1142; 18 U.S.C. 6002; 28 U.S.C. 2461 (note);
49 U.S.C. 114, 20109, 31105, 40113-40114, 40119, 44901-44907, 46101-
46107, 46109-46110, 46301, 46305, 46311, 46313-46314.
Subpart B--Scope of Investigative and Enforcement Procedures
0
4. In Sec. 1503.101 revise paragraphs (b)(1) and (b)(2), and add
paragraph (b)(3) to read as follows:
Sec. 1503.101 TSA requirements.
* * * * *
(b) * * *
(1) Those provisions of title 49 U.S.C. administered by the
Administrator;
(2) 46 U.S.C. chapter 701; and
(3) Those provisions of title 6 U.S.C. administered by the
Administrator.
SUBCHAPTER B--SECURITY RULES FOR ALL MODES OF TRANSPORTATION
PART 1520--PROTECTION OF SENSITIVE SECURITY INFORMATION
0
5. The authority citation for part 1520 continues to read as follows:
Authority: 46 U.S.C. 70102-70106, 70117; 49 U.S.C. 114, 40113,
44901-44907, 44913-44914, 44916-44918, 44935-44936, 44942, 46105.
Sec. 1520.3 [Amended]
0
6. In Sec. 1520.3 remove the definitions for ``DHS, ``DOT'', ``Rail
facility'', ``Rail hazardous materials receiver'', ``Rail hazardous
materials shipper, ``Rail transit facility'', ``Rail transit system or
Rail Fixed Guideway System'', ``Railroad'', ``Record'', and
``Vulnerability assessment''.
0
7. In Sec. 1520.5 revise paragraphs (b)(1), (b)(6)(i), (b)(8)
introductory text, (b)(10), (b)(12) introductory text, and (b)(15) to
read as follows:
Sec. 1520.5 Sensitive security information.
* * * * *
(b) * * *
(1) Security programs, security plans, and contingency plans. Any
security program, security plan, or security contingency plan issued,
established, required, received, or approved by DHS or DOT, including
any comments, instructions, or implementing guidance, including--
(i) Any aircraft operator, airport operator, fixed base operator,
or air cargo security program, or security contingency plan under this
chapter;
(ii) Any vessel, maritime facility, or port area security plan
required or directed under Federal law;
(iii) Any national or area security plan prepared under 46 U.S.C.
70103;
(iv) Any security incident response plan established under 46
U.S.C. 70104, and
(v) Any security program or plan required under subchapter D of
this title.
* * * * *
(6) * * *
(i) Details of any aviation, maritime, or surface transportation
inspection, or any investigation or an alleged violation of aviation,
maritime, or surface transportation security requirements of Federal
law, that could reveal a security vulnerability, including the identity
of the Federal special agent or other Federal employee who conducted
the inspection or investigation, and including any recommendations
concerning the inspection or investigation.
* * * * *
(8) Security measures. Specific details of aviation, maritime, or
surface transportation security measures, both operational and
technical, whether applied directly by the Federal government or
another person, including the following:
* * * * *
(10) Security training materials. Records created or obtained for
the purpose of training persons employed by, contracted with, or acting
for the Federal government or another person to carry out aviation,
maritime, or surface transportation security measures required or
recommended by DHS or DOT.
* * * * *
(12) Critical transportation infrastructure asset information. Any
list identifying systems or assets, whether physical or virtual, so
vital to the aviation, maritime, or surface transportation that the
incapacity or destruction of such assets would have a debilitating
impact on transportation security, if the list is--
* * * * *
(15) Research and development. Information obtained or developed in
the conduct of research related to aviation, maritime, or surface
transportation, where such research is approved, accepted, funded,
recommended, or directed by DHS or DOT, including research results.
* * * * *
0
8. In Sec. 1520.7 revise paragraph (n) to read as follows:
Sec. 1520.7 Covered persons.
* * * * *
(n) Each owner/operator of maritime or surface transportation
subject to the requirements of subchapter D of this chapter.
0
9. Revise the heading for subchapter D to read as follows:
SUBCHAPTER D--MARITIME AND SURFACE TRANSPORTATION SECURITY
0
10. Revise part 1570 to read as follows:
PART 1570--GENERAL RULES
Subpart A--General
Sec.
1570.1 Scope.
1570.3 Terms used in this subchapter.
1570.5 Fraud and intentional falsification of records.
1570.7 Security responsibilities of employees and other persons.
1570.9 Compliance, inspection, and enforcement.
Subpart B--Security Programs
Sec.
1570.101 Scope.
1570.103 Content.
1570.105 Responsibility for Determinations.
1570.107 Recognition of prior or established security measures or
programs.
1570.109 Submission and approval.
1570.111 Implementation schedules.
1570.113 Amendments requested by owner/operator.
1570.115 Amendments required by TSA.
1570.117 Alternative measures.
1572.119 Petitions for reconsideration.
1570.121 Recordkeeping and availability.
Subpart C--Operations
Sec.
1570.201 Security Coordinator.
1570.203 Reporting significant security concerns.
Subpart D--Security Threat Assessments
Sec.
1570.301 Fraudulent use or manufacture; responsibilities of persons.
1570.303 Inspection of credential.
1570.305 False statements regarding security background checks by
public transportation agency or railroad carrier.
Appendix A to Part 1570--Reporting Of Significant Security Concerns
Authority: 6 U.S.C. 469, 1134, 1137, 1143, 1151, 1162, 1167,
1170, 1181 and 1184; 18 U.S.C. 842, 845; 46 U.S.C. 70105; 49 U.S.C.
114, 5103a, 40113, and 46105.
Subpart A--General
Sec. 1570.1 Scope.
This part applies to any person involved in maritime or surface
transportation as specified in this subchapter.
Sec. 1570.3 Terms used in this subchapter.
In addition to the definitions in Sec. Sec. 1500.3, 1500.5, and
1503.202 of subchapter A, the following terms are used in this
subchapter:
[[Page 91385]]
Adjudicate means to make an administrative determination of whether
an applicant meets the standards in this subchapter, based on the
merits of the issues raised.
Alien means any person not a citizen or national of the United
States.
Alien registration number means the number issued by the U.S.
Department of Homeland Security (DHS) to an individual when he or she
becomes a lawful permanent resident of the United States or attains
other lawful, non-citizen status.
Applicant means a person who has applied for one of the security
threat assessments identified in this subchapter.
Commercial driver's license (CDL) is used as defined in 49 CFR
383.5.
Contractor means a person or organization that provides a service
for an owner/operator regulated under this subchapter consistent with a
specific understanding or arrangement. The understanding can be a
written contract or an informal arrangement that reflects an ongoing
relationship between the parties.
Convicted means any plea of guilty or nolo contendere, or any
finding of guilt, except when the finding of guilt is subsequently
overturned on appeal, pardoned, or expunged. For purposes of this
subchapter, a conviction is expunged when the conviction is removed
from the individual's criminal history record and there are no legal
disabilities or restrictions associated with the expunged conviction,
other than the fact that the conviction may be used for sentencing
purposes for subsequent convictions. In addition, where an individual
is allowed to withdraw an original plea of guilty or nolo contendere
and enter a plea of not guilty and the case is subsequently dismissed,
the individual is no longer considered to have a conviction for
purposes of this subchapter.
Determination of No Security Threat means an administrative
determination by TSA that an individual does not pose a security threat
warranting denial of an HME or a TWIC.
Employee means an individual who is engaged or compensated by an
owner/operator regulated under this subchapter, or by a contractor to
an owner/operator regulated under this subchapter. The term includes
direct employees, contractor employees, authorized representatives,
immediate supervisors, and individuals who are self-employed.
Federal Maritime Security Coordinator (FMSC) has the same meaning
as defined in 46 U.S.C. 70103(a)(2)(G); is the Captain of the Port
(COTP) exercising authority for the COTP zones described in 33 CFR part
3, and is the Port Facility Security Officer as described in the
International Ship and Port Facility Security (ISPS) Code, part A.
Final Determination of Threat Assessment means a final
administrative determination by TSA, including the resolution of
related appeals, that an individual poses a security threat warranting
denial of an HME or a TWIC.
Hazardous materials endorsement (HME) means the authorization for
an individual to transport hazardous materials in commerce, an
indication of which must be on the individual's commercial driver's
license, as provided in the Federal Motor Carrier Safety Administration
(FMCSA) regulations in 49 CFR part 383.
Immediate supervisor means a manager, supervisor, or agent of the
owner/operator to the extent the individual (a) performs the work of a
security-sensitive employee or (b) supervises and otherwise directs the
performance of a security-sensitive employee.
Imprisoned or imprisonment means confined to a prison, jail, or
institution for the criminally insane, on a full-time basis, pursuant
to a sentence imposed as the result of a criminal conviction or finding
of not guilty by reason of insanity. Time spent confined or restricted
to a half-way house, treatment facility, or similar institution,
pursuant to a sentence imposed as the result of a criminal conviction
or finding of not guilty by reason of insanity, does not constitute
imprisonment for purposes of this rule.
Incarceration means confined or otherwise restricted to a jail-type
institution, half-way house, treatment facility, or another institution
on a full or part-time basis, pursuant to a sentence imposed as the
result of a criminal conviction or finding of not guilty by reason of
insanity.
Initial Determination of Threat Assessment means an initial
administrative determination by TSA that an applicant poses a security
threat warranting denial of an HME or a TWIC.
Initial Determination of Threat Assessment and Immediate Revocation
means an initial administrative determination that an individual poses
a security threat that warrants immediate revocation of an HME or
invalidation of a TWIC. In the case of an HME, the State must
immediately revoke the HME if TSA issues an Initial Determination of
Threat Assessment and Immediate Revocation. In the case of a TWIC, TSA
invalidates the TWIC when TSA issues an Initial Determination of Threat
Assessment and Immediate Revocation.
Invalidate means the action TSA takes to make a credential
inoperative when it is reported as lost, stolen, damaged, no longer
needed, or when TSA determines an applicant does not meet the security
threat assessment standards of 49 CFR part 1572.
Lawful permanent resident means an alien lawfully admitted for
permanent residence, as defined in 8 U.S.C. 1101(a)(20).
Maritime facility has the same meaning as ``facility'' together
with ``OCS facility'' (Outer Continental Shelf facility), as defined in
33 CFR 101.105.
Mental health facility means a mental institution, mental hospital,
sanitarium, psychiatric facility, and any other facility that provides
diagnoses by licensed professionals of mental retardation or mental
illness, including a psychiatric ward in a general hospital.
National of the United States means a citizen of the United States,
or a person who, though not a citizen, owes permanent allegiance to the
United States, as defined in 8 U.S.C. 1101(a)(22), and includes
American Samoa and Swains Island.
Revocation means the termination, deactivation, rescission,
invalidation, cancellation, or withdrawal of the privileges and duties
conferred by an HME or TWIC, when TSA determines an applicant does not
meet the security threat assessment standards of 49 CFR part 1572.
Secure area means the area on board a vessel or at a facility or
outer continental shelf facility, over which the owner/operator has
implemented security measures for access control, as defined by a Coast
Guard approved security plan. It does not include passenger access
areas or public access areas, as those terms are defined in 33 CFR
104.106 and 105.106 respectively. Vessels operating under the waivers
provided for at 46 U.S.C. 8103(b)(3)(A) or (B) have no secure areas.
Facilities subject to 33 CFR chapter I, subchapter H, part 105 may,
with approval of the Coast Guard, designate only those portions of
their facility that are directly connected to maritime transportation
or are at risk of being involved in a transportation security incident
as their secure areas.
Security threat means an individual whom TSA determines or suspects
of posing a threat to national security; to transportation security; or
of terrorism.
Security-sensitive employee, for purposes of this part, means
``security sensitive employee'' as defined in Sec. Sec. 1580.3,
1582.3, or 1584.3 of this title.
[[Page 91386]]
Security-sensitive job function, for purposes of this part, means a
job function identified in Appendix B to part 1580, Appendix B to part
1582, and Appendix B to part 1584 of this title.
Transportation Worker Identification Credential (TWIC) means a
Federal biometric credential, issued to an individual, when TSA
determines that the individual does not pose a security threat.
Withdrawal of Initial Determination of Threat Assessment is the
document that TSA issues after issuing an Initial Determination of
Security Threat, when TSA determines that an individual does not pose a
security threat that warrants denial of an HME or TWIC.
Sec. 1570.5 Fraud and intentional falsification of records.
No person may make, cause to be made, attempt, or cause to attempt
any of the following:
(a) Any fraudulent or intentionally false statement in any record
or report that is kept, made, or used to show compliance with the
subchapter, or exercise any privileges under this subchapter.
(b) Any reproduction or alteration, for fraudulent purpose, of any
record, report, security program, access medium, or identification
medium issued under this subchapter or pursuant to standards in this
subchapter.
Sec. 1570.7 Security responsibilities of employees and other persons.
(a) No person may--
(1) Tamper or interfere with, compromise, modify, attempt to
circumvent, or cause another person to tamper or interfere with,
compromise, modify, or attempt to circumvent any security measure
implemented under this subchapter.
(2) Enter, or be present within, a secured or restricted area
without complying with the security measures applied as required under
this subchapter to control access to, or presence or movement in, such
areas.
(3) Use, allow to be used, or cause to be used, any approved access
medium or identification medium that authorizes the access, presence,
or movement of persons or vehicles in secured or restricted areas in
any other manner than that for which it was issued by the appropriate
authority to meet the requirements of this subchapter.
(b) The provisions of paragraph (a) of this section do not apply to
conducting inspections or tests to determine compliance with this
subchapter authorized by--
(1) TSA and DHS officials working with TSA; or
(2) The owner/operator when acting in accordance with the
procedures described in a security plan and/or program approved by TSA.
Sec. 1570.9 Compliance, inspection, and enforcement.
(a) Each person subject to any of the requirements of this
subchapter, must allow TSA and other authorized DHS officials, at any
time and in a reasonable manner, without advance notice, to enter,
assess, inspect, and test property, facilities, equipment, and
operations; and to view, inspect, and copy records, as necessary to
carry out TSA's security-related statutory or regulatory authorities,
including its authority to--
(1) Assess threats to transportation.
(2) Enforce security-related laws, regulations, directives, and
requirements.
(3) Inspect, maintain, and test the security of facilities,
equipment, and systems.
(4) Ensure the adequacy of security measures for the transportation
of passengers and cargo.
(5) Oversee the implementation, and ensure the adequacy, of
security measures for the owner/operator's conveyances and vehicles, at
transportation facilities and infrastructure and other assets related
to transportation.
(6) Review security plans and/or programs.
(7) Determine compliance with any requirements in this chapter.
(8) Carry out such other duties, and exercise such other powers,
relating to transportation security, as the Administrator for TSA
considers appropriate, to the extent authorized by law.
(b) At the request of TSA, each owner/operator subject to the
requirements of this subchapter must provide evidence of compliance
with this chapter, including copies of records.
(c) TSA and other authorized DHS officials, may enter, without
advance notice, and be present within any area or within any vehicle or
conveyance, terminal, or other facility covered by this chapter without
access media or identification media issued or approved by an owner/
operator covered by this chapter in order to inspect or test
compliance, or perform other such duties as TSA may direct.
(d) TSA inspectors and other authorized DHS officials working with
TSA will, on request, present their credentials for examination, but
the credentials may not be photocopied or otherwise reproduced.
Subpart B--Security Programs
Sec. 1570.101 Scope.
The requirements of this subpart address general security program
requirements applicable to each owner/operator required to have a
security program under subpart B to 49 CFR parts 1580, 1582, and 1584.
Sec. 1570.103 Content.
(a) Security program. Except as otherwise approved by TSA, each
owner/operator required to have a security program must address each of
the security program requirements identified in subpart B to 49 CFR
parts 1580, 1582, and 1584.
(b) Use of appendices. The owner/operator may comply with the
requirements referenced in paragraph (a) of this section by including
in its security program, as an appendix, any document that contains the
information required by the applicable subpart B, including procedures,
protocols or memorandums of understanding related to external agency
response to security incidents or events. The appendix must be
referenced in the corresponding section(s) of the security program.
Sec. 1570.105 Responsibility for Determinations.
(a) Higher-risk operations. While TSA has determined the criteria
for applicability of the requirements in subpart B to 49 CFR parts
1580, 1582, and 1584 based on risk-assessments for freight railroad,
public transportation system, passenger railroad, or over-the-road
(OTRB) owner/operators are required to determine if the applicability
requirements apply to them using the criteria identified in 49 CFR
1580.101, 1582.101, and 1584.101. Owner/operators are required to
notify TSA of applicability within 30 days of [Insert effective date of
final rule in the Federal Register].
(b) New or modified operations. If an owner/operator commences new
operations or modifies existing operations after [Insert date of
publication of final rule in the Federal Register], that person is
responsible for determining whether the new or modified operations
would meet the applicability determinations in subpart B to 49 CFR
parts 1580, 1582, or 1584 and must notify TSA no later than 90 calendar
days before commencing operations or implementing modifications.
Sec. 1570.107 Recognition of prior or established security measures
or programs.
Previously provided security training may be credited towards
satisfying the
[[Page 91387]]
requirements of this subchapter provided the owner/operator--
(a) Obtains a complete record of such training and validates the
training meets requirements of Sec. Sec. 1580.115, 1582.115, or
1584.115 of this subchapter as it relates to the function of the
individual security-sensitive employee and the training was provided
within the schedule required for recurrent training.
(b) Retains a record of such training in compliance with the
requirements of Sec. 1570.121 of this part.
Sec. 1570.109 Submission and approval.
(a) Submission of security program. Each owner/operator required
under parts 1580, 1582, or 1584 of this subchapter to adopt and carry
out a security program must submit it to TSA for approval in a form and
manner prescribed by TSA.
(b) Security training deadlines. Except as otherwise directed by
TSA, each owner/operator required under subpart B to parts 1580, 1582,
or 1584 of this subchapter to develop a security training program
must--
(1) Submit its program to TSA for approval no later than 90
calendar days after [insert effective date of final rule in the Federal
Register].
(2) If commencing or modifying operations so as to be subject to
the requirements of subpart B to 49 CFR parts 1580, 1582, or 1584 after
[Insert effective date of final rule in the Federal Register], submit a
training program to TSA no later than 90 calendar days before
commencing new or modified operations.
(c) TSA approval. (1) No later than 60 calendar days after
receiving the proposed security program required by subpart B to 49 CFR
parts 1580, 1582, and 1584, TSA will either approve the program or
provide the owner/operator with written notice to modify the program to
comply with the applicable requirements of this subchapter. TSA will
notify the owner/operator if it needs an extension of time to approve
the program or provide the owner/operator with written notice to modify
the program to comply with the applicable requirements of this
subchapter.
(2) Notice to modify. If TSA provides the owner/operator with
written notice to modify the security program to comply with the
applicable requirements of this subchapter, the owner/operator must
provide a modified security program to TSA for approval within the
timeframe specified by TSA.
(3) TSA may request additional information, and the owner/operator
must provide the information within the time period TSA prescribes. The
60-day period for TSA approval or modification will begin when the
owner/operator provides the additional information.
(g) Petition for reconsideration. Within 30 days of receiving the
notice to modify, the owner/operator may file a petition for
reconsideration under Sec. 1570.119 of this part.
Sec. 1570.111 Implementation schedules.
(a) Initial security training. (1) Once TSA approves an owner/
operator's security training program, the owner/operator must provide
initial security training to a security-sensitive employee--
(2) No later than one year after the date of approval if the
employee is employed to perform a security-sensitive function on the
date TSA approves the program.
(3) No later than 60 calendar days after the employee first
performs a security-sensitive job function if performance of a
security-sensitive job function is initiated after TSA approves the
program.
(4) No later than the 60th calendar day of employment performing a
security-sensitive function, aggregated over a consecutive 12-month
period, if the security-sensitive job function is performed
intermittently.
(b) Recurrent security training. Each owner/operator must provide
annual recurrent security training to each employee performing a
security-sensitive job function not later than the anniversary calendar
month of the employee's initial security training. If the owner/
operator provides the recurrent security training in the month of, the
month before, or the month after it is due, the employee is considered
to have taken the training in the month it is due. Recurrent training
must use the most recent iteration of any training materials submitted
to, and approved by, TSA.
(c) Extensions of time. TSA may grant an extension of time for
implementing a security program identified in subpart B to parts 1580,
1582, and 1584 of this subchapter upon a showing of good cause. The
owner/operator must request the extension of time in writing and TSA
must receive the request within a reasonable time before the due date
to be extended; an owner/operator may request an extension after the
expiration of a due date by sending a written request describing why
the failure to meet the due date was excusable. TSA will respond to the
request in writing.
Sec. 1570.113 Amendments requested by owner/operator.
(a) Requirement to request amendment. Each owner/operator required
under parts 1580, 1582, or 1584 of this subchapter to adopt and carry
out a security program must submit a request to amend its security
program if, after approval, changes expected to have a duration of 60
calendar days or more have occurred to the--
(1) Ownership or control of the operations; and/or
(2) Measures, training, or staffing described in the security
program.
(b) Schedule for requesting amendment. The owner/operator must file
the request for an amendment with TSA no later than 45 calendar days
before the proposed amendment takes effect, unless TSA allows a shorter
time period.
(c) TSA approval. (1) Within 30 calendar days after receiving a
proposed amendment, TSA will, in writing, either approve or deny the
request to amend. TSA will notify the owner/operator if it needs an
extension of time to consider the proposed amendment.
(2) TSA may approve an amendment to a security program if TSA
determines that it is in the interest of the public and transportation
security and the proposed amendment provides the level of security
required under this subchapter. TSA may request additional information
from the owner/operator before rendering a decision.
(d) No later than 30 calendar days after receiving a denial, the
owner/operator may file a petition for reconsideration under Sec.
1570.119 of this part.
Sec. 1570.115 Amendments required by TSA.
(a) Notification of requirement to amend. TSA may require
amendments to a security program in the interest of the public and
transportation security, including any new information about emerging
threats, or methods for addressing emerging threats, as follows:
(1) TSA will notify the owner/operator of the proposed amendment,
fixing a period of not less than 30 calendar days within which the
owner/operator may submit written information, views, and arguments on
the amendment.
(2) After TSA considers all relevant material received, TSA will
notify the owner/operator of any amendment adopted or rescind the
notice.
(b) Effective date of amendment. If TSA adopts the amendment, it
becomes effective not less than 30 calendar days after the owner/
operator receives the notice of amendment, unless the owner/
[[Page 91388]]
operator disagrees with the proposed amendment and files a petition for
reconsideration under Sec. 1570.119 of this part no later than 15
calendar days before the effective date of the amendment. A timely
petition for reconsideration stays the effective date of the amendment.
(c) Emergency amendments. If TSA determines that there is an
emergency requiring immediate action in the interest of the public or
transportation security, TSA may issue an amendment, without the prior
notice and comment procedures in paragraph (a) of this section,
effective without stay on the date the covered owner/operator receives
notice of it. In such a case, TSA will incorporate in the notice a
brief statement of the reasons and findings for the amendment to be
adopted. The owner/operator may file a petition for reconsideration
under Sec. 1570.119 of this part; however, this does not stay the
effective date of the emergency amendment.
Sec. 1570.117 Alternative measures.
(a) If in TSA's judgment, the overall security of transportation
provided by an owner/operator subject to the requirements of 49 CFR
parts 1580, 1582, or 1584 are not diminished, TSA may approve
alternative measures.
(b) Each owner/operator requesting alternative measures must file
the request for approval in a form and manner prescribed by TSA. The
filing of such a request does not affect the owner/operator's
responsibility for compliance while the request is being considered.
(c) TSA may request additional information, and the owner/operator
must provide the information within the time period TSA prescribes.
Within 30 calendar days after receiving a request for alternative
measures and all requested information, TSA will, in writing, either
approve or deny the request.
(d) If TSA finds that the use of the alternative measures is in the
interest of the public and transportation security, it may grant the
request subject to any conditions TSA deems necessary. In considering
the request for alternative measures, TSA will review all relevant
factors including--
(1) The risks associated with the type of operation, for example,
whether the owner/operator transports hazardous materials or passengers
within a high threat urban area, whether the owner/operator transports
passengers and the volume of passengers transported, or whether the
owner/operator hosts a passenger operation.
(2) Any relevant threat information.
(3) Other circumstances concerning potential risk to the public and
transportation security.
(e) No later than 30 calendar days after receiving a denial, the
owner/operator may petition for reconsideration under Sec. 1570.119 of
this part.
Sec. 1570.119 Petitions for reconsideration.
(1) If an owner/operator seeks to petition for reconsideration of a
determination, required modification, denial of a request for amendment
by the owner/operator, denial to rescind a TSA-required amendment, or
denial of an alternative measure, the owner/operator must submit a
written petition for reconsideration that includes a statement and any
supporting documentation explaining why the owner/operator believes
TSA's decision is incorrect.
(2) Upon review of the petition for reconsideration, the
Administrator or designee will dispose of the petition by affirming,
modifying, or rescinding its previous decision. This is considered a
final agency action.
Sec. 1570.121 Recordkeeping and availability.
(a) Retention. Each owner/operator required to have a security
program under subpart B to parts 1580, 1582, and 1584 of this
subchapter must--
(1) Retain security training records for each individual trained
for no less than five years from the date of training that, at a
minimum--
(i) Includes employee's full name, job title or function, date of
hire, and date of initial and recurrent security training; and
(ii) Identifies the date, course name, course length, and list of
topics addressed for the security training most recently provided in
each of the areas required under Sec. Sec. 1580.115, 1582.115, and
1584.115 of this subchapter.
(2) Retain records of initial and recurrent security training for
no less than five years from the date of training.
(3) Provide records to current and former employees upon request
and at no charge as necessary to provide proof of training.
(b) Electronic records. Each owner/operator required to retain
records under this section may keep them in electronic form. An owner/
operator may maintain and transfer records through electronic
transmission, storage, and retrieval provided that the electronic
system provides for the maintenance of records as originally submitted
without corruption, loss of data, or tampering.
(c) Protection of SSI. Each owner/operator must restrict the
distribution, disclosure, and availability of security sensitive
information, as identified in part 1520 of this chapter, to persons
with a need to know. The owner/operator must refer requests for such
information by other persons to TSA.
(d) Availability. Each owner/operator must make the records
available to TSA upon request for inspection and copying.
Subpart C--Operations
Sec. 1570.201 Security Coordinator.
(a) Except as provided in paragraph (b) of this section, each
owner/operator identified in Sec. Sec. 1580.1, 1582.1, and 1584.101 of
this subchapter must designate and use a primary and at least one
alternate Security Coordinator.
(b) An owner/operator described in Sec. 1580.101(a)(5) or Sec.
1582.101(a)(4) of this subchapter must designate and use a primary and
at least one alternate Security Coordinator, only if notified by TSA in
writing that a threat exists concerning that type of operation.
(c) The Security Coordinator and alternate(s) must be appointed at
the corporate level.
(d) Each owner/operator required to have a Security Coordinator
must provide in writing to TSA the names, U.S. citizenship status,
titles, phone number(s), and email address(es) of the Security
Coordinator and alternate Security Coordinator(s) within 7 calendar
days of the effective date of this rule, commencement of operations, or
change in any of the information required by this section.
(e) Each owner/operator required to have a Security Coordinator
must ensure that at least one Security Coordinator--
(1) Serves as the primary contact for intelligence information and
security-related activities and communications with TSA. Any individual
designated as a Security Coordinator may perform other duties in
addition to those described in this section.
(2) Is accessible to TSA on a 24-hours a day, 7 days a week basis.
(3) Coordinates security practices and procedures internally and
with appropriate law enforcement and emergency response agencies.
Sec. 1570.203 Reporting significant security concerns.
(a) Each owner/operator identified in Sec. Sec. 1580.1, 1582.1,
and 1584.101 of this subchapter must report, within 24 hours of initial
discovery, any potential threats and significant security concerns
involving transportation-related operations in the United States or
transportation to, from, or within the United States as soon as
possible by the methods prescribed by TSA.
[[Page 91389]]
(b) Potential threats or significant security concerns encompass
incidents, suspicious activities, and threat information including, but
not limited to, the categories of reportable events listed in Appendix
A to this part.
(c) Information reported must include the following, as available
and applicable:
(1) The name of the reporting individual and contact information,
including a telephone number or email address.
(2) The affected freight or passenger train, transit vehicle, motor
vehicle, station, terminal, rail hazardous materials facility, or other
facility or infrastructure, including identifying information and
current location.
(3) Scheduled origination and termination locations for the
affected freight or passenger train, transit vehicle, or motor
vehicle--including departure and destination city and route.
(4) Description of the threat, incident, or activity, including who
has been notified and what action has been taken.
(5) The names, other available biographical data, and/or
descriptions (including vehicle or license plate information) of
individuals or motor vehicles known or suspected to be involved in the
threat, incident, or activity.
(6) The source of any threat information.
Subpart D--Security Threat Assessments
Sec. 1570.301 Fraudulent use or manufacture; responsibilities of
persons.
(a) No person may use or attempt to use a credential, security
threat assessment, access control medium, or identification medium
issued or conducted under this subchapter that was issued or conducted
for another person.
(b) No person may make, produce, use or attempt to use a false or
fraudulently created access control medium, identification medium or
security threat assessment issued or conducted under this subchapter.
(c) No person may tamper or interfere with, compromise, modify,
attempt to circumvent, or circumvent TWIC access control procedures.
(d) No person may cause or attempt to cause another person to
violate paragraphs (a)-(c) of this section.
Sec. 1570.303 Inspection of credential.
(a) Each person who has been issued or possesses a TWIC must
present the TWIC for inspection upon a request from TSA, the Coast
Guard, or other authorized DHS representative; an authorized
representative of the National Transportation Safety Board; or a
Federal, State, or local law enforcement officer.
(b) Each person who has been issued or who possesses a TWIC must
allow his or her TWIC to be read by a reader and must submit his or her
reference biometric, such as a fingerprint, and any other required
information, such as a PIN, to the reader, upon a request from TSA, the
Coast Guard, other authorized DHS representative; or a Federal, State,
or local law enforcement officer.
Sec. 1570.305 False statements regarding security background checks
by public transportation agency or railroad carrier.
(a) Scope. This section implements sections 1414(e) (6 U.S.C. 1143)
and 1522(e) (6 U.S.C. 1170) of the ``Implementing Recommendations of
the 9/11 Commission Act of 2007,'' Public Law 110-53 (121 Stat. 266,
Aug. 3, 2007).
(b) Definitions. In addition to the terms in Sec. Sec. 1500.3,
1500.5, and 1503.202 of subchapter A and Sec. 1570.3 of subchapter D
of this chapter, the following terms apply to this part:
Covered individual means an employee of a public transportation
agency or a contractor or subcontractor of a public transportation
agency or an employee of a railroad carrier or a contractor or
subcontractor of a railroad carrier.
Security background check means reviewing the following for the
purpose of identifying individuals who may pose a threat to
transportation security, national security, or of terrorism:
(1) Relevant criminal history databases.
(2) In the case of an alien (as defined in sec. 101 of the
Immigration and Nationality Act (8 U.S.C. 1101(a)(3)), the relevant
databases to determine the status of the alien under the immigration
laws of the United States.
(3) Other relevant information or databases, as determined by the
Secretary of Homeland Security.
(c) Prohibitions. (1) A public transportation agency or a
contractor or subcontractor of a public transportation agency may not
knowingly misrepresent to an employee or other relevant person,
including an arbiter involved in a labor arbitration, the scope,
application, or meaning of any rules, regulations, directives, or
guidance issued by the Secretary of Homeland Security related to
security background check requirements for covered individuals when
conducting a security background check.
(2) A railroad carrier or a contractor or subcontractor of a
railroad carrier may not knowingly misrepresent to an employee or other
relevant person, including an arbiter involved in a labor arbitration,
the scope, application, or meaning of any rules, regulations,
directives, or guidance issued by the Secretary of Homeland Security
related to security background check requirements for covered
individuals when conducting a security background check.
Appendix A to Part 1570--Reporting of Significant Security Concerns
------------------------------------------------------------------------
Category Description
------------------------------------------------------------------------
Breach, Attempted Intrusion, Unauthorized personnel attempting to or
and/or Interference. actually entering a restricted area or
secure site relating to a transportation
facility or conveyance owned, operated,
or used by an owner/operator subject to
this part. This includes individuals
entering or attempting to enter by
impersonation of authorized personnel
(for example, police/security, janitor,
vehicle owner/operator). Activity that
could interfere with the ability of
employees to perform duties to the
extent that security is threatened.
Misrepresentation............ Presenting false, or misusing, insignia,
documents, and/or identification, to
misrepresent one's affiliation with an
owner/operator subject to this part to
cover possible illicit activity that may
pose a risk to transportation security.
Theft, Loss, and/or Diversion Stealing or diverting identification
media or badges, uniforms, vehicles,
keys, tools capable of compromising
track integrity, portable derails,
technology, or classified or sensitive
security information documents which are
proprietary to the facility or
conveyance owned, operated, or used by
an owner/operator subject to this part.
[[Page 91390]]
Sabotage, Tampering, and/or Damaging, manipulating, or defeating
Vandalism. safety and security appliances in
connection with a facility,
infrastructure, conveyance, or routing
mechanism, resulting in the compromised
use or the temporary or permanent loss
of use of the facility, infrastructure,
conveyance or routing mechanism. Placing
or attaching a foreign object to a rail
car(s).
Cyber Attack................. Compromising, or attempting to compromise
or disrupt the information/technology
infrastructure of an owner/operator
subject to this part.
Expressed or Implied Threat.. Communicating a spoken or written threat
to damage or compromise a facility/
infrastructure/conveyance owned,
operated, or used by an owner/operator
subject to this part (for example, a
bomb threat or active shooter).
Eliciting Information........ Questioning that may pose a risk to
transportation or national security,
such as asking one or more employees of
an owner/operator subject to this part
about particular facets of a facility's
conveyance's purpose, operations, or
security procedures.
Testing or Probing of Deliberate interactions with employees of
Security. an owner/operator subject to this part
or challenges to facilities or systems
owned, operated, or used by an owner/
operator subject to this part that
reveal physical, personnel, or cyber
security capabilities.
Photography.................. Taking photographs or video of
facilities, conveyances, or
infrastructure owned, operated, or used
by an owner/operator subject to this
part in a manner that may pose a risk to
transportation or national security.
Examples include taking photographs or
video of infrequently used access
points, personnel performing security
functions (for example, patrols, badge/
vehicle checking), or security-related
equipment (for example, perimeter
fencing, security cameras).
Observation or Surveillance.. Demonstrating unusual interest in
facilities or loitering near
conveyances, railcar routing appliances
or any potentially critical
infrastructure owned or operated by an
owner/operator subject to this part in a
manner that may pose a risk to
transportation or national security.
Examples include observation through
binoculars, taking notes, or attempting
to measure distances.
Materials Acquisition and/or Acquisition and/or storage by an employee
Storage. of an owner/operator subject to this
part of materials such as cell phones,
pagers, fuel, chemicals, toxic
materials, and/or timers that may pose a
risk to transportation or national
security (for example, storage of
chemicals not needed by an employee for
the performance of his or her job
duties).
Weapons Discovery, Discharge, Weapons or explosives in or around a
or Seizure. facility, conveyance, or infrastructure
of an owner/operator subject to this
part that may present a risk to
transportation or national security (for
example, discovery of weapons
inconsistent with the type or quantity
traditionally used by company security
personnel).
Suspicious Items or Activity. Discovery or observation of suspicious
items, activity or behavior in or around
a facility, conveyance, or
infrastructure of an owner/operator
subject to this part that results in the
disruption or termination of operations
(for example, halting the operation of a
conveyance while law enforcement
personnel investigate a suspicious bag,
briefcase, or package).
------------------------------------------------------------------------
0
11. Revise part 1580 to read as follows:
PART 1580--FREIGHT RAIL TRANSPORTATION SECURITY
Subpart A--General
Sec.
1580.1 Scope.
1580.3 Terms used in this part.
1580.5 Preemptive effect.
Subpart B--Security Programs
Sec.
1580.101 Applicability.
1580.103 [Reserved]
1580.105 [Reserved]
1580.107 [Reserved]
1580.109 [Reserved]
1580.111 [Reserved]
1580.113 Security training program general requirements.
1580.115 Security training and knowledge for security-sensitive
employees.
Subpart C--Operations
Sec.
1580.201 Applicability.
1580.203 Location and shipping information.
1580.205 Chain of custody and control requirements.
1580.207 Harmonization of federal regulation of nuclear facilities.
Subpart D [Reserved]
Appendix A to Part 1580--High Threat Urban Areas (HTUAs)
Appendix B to Part 1580--Security-Sensitive Job Functions For Freight
Rail
Authority: 6 U.S.C. 1162 and 1167; 49 U.S.C. 114.
Subpart A--General
Sec. 1580.1 Scope.
(a) Except as provided in paragraph (b) of this section, this part
includes requirements for the following persons. Specific sections in
this part provide detailed requirements.
(1) Each freight railroad carrier that operates rolling equipment
on track that is part of the general railroad system of transportation.
(2) Each rail hazardous materials shipper.
(3) Each rail hazardous materials receiver located within an HTUA.
(4) Each freight railroad carrier serving as a host railroad to a
freight railroad operation described in paragraph (a)(1) of this
section or a passenger operation described in Sec. 1582.1 of this
subchapter.
(5) Each owner/operator of private rail cars, including business/
office cars and circus trains, on or connected to the general railroad
system of transportation.
(b) This part does not apply to a freight railroad carrier that
operates rolling equipment only on track inside an installation that is
not part of the general railroad system of transportation.
Sec. 1580.3 Terms used in this part.
In addition to the terms in Sec. Sec. 1500.3, 1500.5, and 1503.202
of subchapter A and Sec. 1570.3 of subchapter D of this chapter, the
following terms apply to this part:
Class I means Class I as assigned by regulations of the Surface
Transportation Board (STB) (49 CFR part 1201; General Instructions 1-
1).
[[Page 91391]]
A rail car is attended if an employee--
(1) Is physically located on-site in reasonable proximity to the
rail car;
(2) Is capable of promptly responding to unauthorized access or
activity at or near the rail car, including immediately contacting law
enforcement or other authorities; and
(3) Immediately responds to any unauthorized access or activity at
or near the rail car either personally or by contacting law enforcement
or other authorities.
Document the transfer means documentation uniquely identifying that
the rail car was attended during the transfer of custody, including:
(1) Car initial and number.
(2) Identification of individuals who attended the transfer (names
or uniquely identifying employee number).
(3) Location of transfer.
(4) Date and time the transfer was completed.
High threat urban area (HTUA) means, for purposes of this part, an
area comprising one or more cities and surrounding areas including a
10-mile buffer zone, as listed in Appendix A to this part 1580.
Maintains positive control means that the rail hazardous materials
receiver and the railroad carrier communicate and cooperate with each
other to provide for the security of the rail car during the physical
transfer of custody. Attending the rail car is a component of
maintaining positive control.
Rail security-sensitive materials (RSSM) means--
(1) A rail car containing more than 2,268 kg (5,000 lbs.) of a
Division 1.1, 1.2, or 1.3 (explosive) material, as defined in 49 CFR
173.50;
(2) A tank car containing a material poisonous by inhalation as
defined in 49 CFR 171.8, including anhydrous ammonia, Division 2.3
gases poisonous by inhalation as set forth in 49 CFR 173.115(c), and
Division 6.1 liquids meeting the defining criteria in 49 CFR
173.132(a)(1)(iii) and assigned to hazard zone A or hazard zone B in
accordance with 49 CFR 173.133(a), excluding residue quantities of
these materials; and
(3) A rail car containing a highway route-controlled quantity of a
Class 7 (radioactive) material, as defined in 49 CFR 173.403.
Residue means the hazardous material remaining in a packaging,
including a tank car, after its contents have been unloaded to the
maximum extent practicable and before the packaging is either refilled
or cleaned of hazardous material and purged to remove any hazardous
vapors.
Security-sensitive employee means an employee who performs--
(1) Service subject to the Federal hours of service laws (49 U.S.C.
chapter 211), regardless of whether the employee actually performs such
service during a particular duty tour; or
(2) One or more of the security-sensitive job functions identified
in Appendix B to this part where the security-sensitive function is
performed in the United States or in direct support of the common
carriage of persons or property between a place in the United States
and any place outside of the United States.
Sec. 1580.5 Preemptive effect.
Under 49 U.S.C. 20106, issuance of the regulations in this
subchapter preempts any State law, regulation, or order covering the
same subject matter, except an additional or more stringent law,
regulation, or order that is necessary to eliminate or reduce an
essentially local security hazard; that is not incompatible with a law,
regulation, or order of the U.S. Government; and that does not
unreasonably burden interstate commerce. For example, under 49 U.S.C.
20106, issuance of 49 CFR 1580.205 preempts any State or tribal law,
rule, regulation, order or common law requirement covering the same
subject matter.
Subpart B--Security Programs
Sec. 1580.101 Applicability.
This subpart applies to each of the following owner/operators:
(a) Described in Sec. 1580.1(a)(1) of this part that is a Class I
freight railroad.
(b) Described in Sec. 1580.1(a)(1) of this part that transports
one or more of the categories and quantities of RSSM in an HTUA.
(c) Described in Sec. 1580.1(a)(4) of this part that serves as a
host railroad to a freight railroad described in paragraph (a) of (b)
of this section or a passenger operation described in Sec. 1582.101 of
this subchapter.
Sec. 1580.103 [Reserved]
Sec. 1580.105 [Reserved]
Sec. 1580.107 [Reserved]
Sec. 1580.109 [Reserved]
Sec. 1580.111 [Reserved]
Sec. 1580.113 Security training program general requirements.
(a) Security training program required. Each owner/operator
identified in Sec. 1580.101 of this part is required to adopt and
carry out a security training program under this subpart.
(b) General requirements. The security training program must
include the following information:
(1) Name of owner/operator.
(2) Name, title, telephone number, and email address of the primary
individual to be contacted with regard to review of the security
training program.
(3) Number, by specific job function category identified in
Appendix B to this part, of security-sensitive employees trained or to
be trained.
(4) Implementation schedule that identifies a specific date by
which initial and recurrent security training required by Sec.
1570.111 of this part will be completed.
(5) Location where training program records will be maintained.
(6) Curriculum or lesson plan, learning objectives, and method of
delivery (such as instructor-led or computer-based training) for each
course used to meet the requirements of Sec. 1580.115 of this part.
TSA may request additional information regarding the curriculum during
the review and approval process.
(7) Plan for ensuring supervision of untrained security-sensitive
employees performing functions identified in Appendix B to this part.
(8) Plan for notifying employees of changes to security measures
that could change information provided in previously provided training.
(9) Method(s) for evaluating the effectiveness of the security
training program in each area required by Sec. 1580.115 of this part.
(c) Relation to other training. (1) Training conducted by owner/
operators to comply other requirements or standards, such as emergency
preparedness training required by the Department of Transportation
(DOT) (49 CFR part 239) or other training for communicating with
emergency responders to arrange the evacuation of passengers, may be
combined with and used to satisfy elements of the training requirements
in this subpart.
(2) If the owner/operator submits a security training program that
relies on pre-existing or previous training materials to meet the
requirements of subpart B, the program submitted for approval must
include an index, organized in the same sequence as the requirements in
this subpart.
(d) Submission and Implementation. The owner/operator must submit
and implement the security training program in accordance with the
schedules identified in Sec. Sec. 1570.109 and 1570.111 of this
subchapter.
[[Page 91392]]
Sec. 1580.115 Security training and knowledge for security-sensitive
employees.
(a) Training required for security-sensitive employees. No owner/
operator required to have a security training program under Sec.
1580.101 of this part may use a security-sensitive employee to perform
a function identified in Appendix B to this part, unless that
individual has received training as part of a security training program
approved by TSA under 49 CFR part 1570, subpart B, or is under the
direct supervision of a security-sensitive employee who has received
the training required by this section.
(b) Limits on use of untrained employees. Notwithstanding paragraph
(a) of this section, a security-sensitive employee may not perform a
security-sensitive function for more than sixty (60) calendar days
without receiving security training.
(c) Prepare. (1) Each owner/operator must ensure that each of its
security-sensitive employees with position- or function-specific
responsibilities under the owner/operator's security program has
knowledge of how to fulfill those responsibilities in the event of a
security threat, breach, or incident to ensure--
(i) Employees with responsibility for transportation security
equipment and systems are aware of their responsibilities and can
verify the equipment and systems are operating and properly maintained;
and
(ii) Employees with other duties and responsibilities under the
company's security plans and/or programs, including those required by
Federal law, know their assignments and the steps or resources needed
to fulfill them.
(2) Each employee who performs any security-related functions under
Sec. 1580.205 of this subpart must be provided training specifically
applicable to the functions the employee performs. As applicable, this
training must address--
(i) Inspecting rail cars for signs of tampering or compromise,
IEDs, suspicious items, and items that do not belong;
(ii) Identification of rail cars that contain rail security-
sensitive materials, including the owner/operator's procedures for
identifying rail security-sensitive material cars on train documents,
shipping papers, and in computer train/car management systems; and
(iii) Procedures for completing transfer of custody documentation.
(d) Observe. Each owner/operator must ensure that each of its
security-sensitive employees has knowledge of the observational skills
necessary to recognize--
(1) Suspicious and/or dangerous items (such as substances,
packages, or conditions (for example, characteristics of an IED and
signs of equipment tampering or sabotage);
(2) Combinations of actions and individual behaviors that appear
suspicious and/or dangerous, inappropriate, inconsistent, or out of the
ordinary for the employee's work environment which could indicate a
threat to transportation security; and
(3) How a terrorist or someone with malicious intent may attempt to
gain sensitive information or take advantage of vulnerabilities.
(e) Assess. Each owner/operator must ensure that each of its
security-sensitive employees has knowledge necessary to--
(1) Determine whether the item, individual, behavior, or situation
requires a response as a potential terrorist threat based on the
respective transportation environment; and
(2) Identify appropriate responses based on observations and
context.
(f) Respond. Each owner/operator must ensure that each of its
security-sensitive employees has knowledge of how to--
(1) Appropriately report a security threat, including knowing how
and when to report internally to other employees, supervisors, or
management, and externally to local, state, or federal agencies
according to the owner/operator's security procedures or other relevant
plans;
(2) Interact with the public and first responders at the scene of
the threat or incident, including communication with passengers on
evacuation and any specific procedures for individuals with
disabilities and the elderly; and
(3) Use any applicable self-defense devices or other protective
equipment provided to employees by the owner/operator.
Subpart C--Operations
Sec. 1580.201 Applicability.
This subpart applies to the following:
(1) Each owner/operator described in paragraph (a)(1) of Sec.
1580.1 of this part that transports one or more of the categories and
quantities of rail security-sensitive materials.
(2) Each owner/operator described in paragraphs (a)(2) and (3) of
Sec. 1580.1 of this part.
Sec. 1580.203 Location and shipping information.
(a) General Requirement. Each owner/operator described in Sec.
1580.201 of this part must have procedures in place to determine the
location and shipping information for each rail car under its physical
custody and control that contains one or more of the categories and
quantities of rail security-sensitive materials.
(b) Required Information. The location and shipping information
must include the following:
(1) The rail car's current location by city, county, and state,
including, for freight railroad carriers, the railroad milepost, track
designation, and the time that the rail car's location was determined.
(2) The rail car's routing, if a freight railroad carrier.
(3) A list of the total number of rail cars containing rail
security-sensitive materials, broken down by--
(i) The shipping name prescribed for the material in column 2 of
the table in 49 CFR 172.101;
(ii) The hazard class or division number prescribed for the
material in column 3 of the table in 49 CFR 172.101; and
(iii) The identification number prescribed for the material in
column 4 of the table in 49 CFR 172.101.
(4) Each rail car's initial and number.
(5) Whether the rail car is in a train, rail yard, siding, rail
spur, or rail hazardous materials shipper or receiver facility,
including the name of the rail yard or siding designation.
(c) Timing-Class I Freight Railroad Carriers. Upon request by TSA,
each Class I freight railroad carrier described in paragraph (a) of
this section must provide the location and shipping information to TSA
no later than--
(1) Five minutes if the request applies to a single (one) rail car;
and
(2) Thirty minutes if the request concerns multiple rail cars or a
geographic region.
(d) Timing-Other than Class I Freight Railroad Carriers. Upon
request by TSA, all owner/operators described in paragraph (a) of this
section, other than Class I freight railroad carriers, must provide the
location and shipping information to TSA no later than 30 minutes,
regardless of the number of cars covered by the request.
(e) Method. All owner/operators described in paragraph (a) of this
section must provide the requested location and shipping information to
TSA by one of the following methods:
(1) Electronic data transmission in spreadsheet format.
(2) Electronic data transmission in Hyper Text Markup Language
(HTML) format.
(3) Electronic data transmission in Extensible Markup Language
(XML).
[[Page 91393]]
(4) Facsimile transmission of a hard copy spreadsheet in tabular
format.
(5) Posting the information to a secure Web site address approved
by TSA.
(6) Another format approved by TSA.
(f) Telephone Number. Each owner/operator described in Sec.
1580.201 of this part must provide a telephone number for use by TSA to
request the information required in paragraph (b) of this section.
(1) The telephone number must be monitored at all times.
(2) A telephone number that requires a call back (such as an
answering service, answering machine, or beeper device) does not meet
the requirements of this paragraph.
Sec. 1580.205 Chain of custody and control requirements.
(a) Within or outside of an HTUA, rail hazardous materials shipper
transferring to carrier. Except as provided in paragraph (g) of this
section, at each location within or outside of an HTUA, a rail
hazardous materials shipper transferring custody of a rail car
containing one or more of the categories and quantities of rail
security-sensitive materials to a freight railroad carrier must do the
following:
(1) Physically inspect the rail car before loading for signs of
tampering, including closures and seals; other signs that the security
of the car may have been compromised; and suspicious items or items
that do not belong, including the presence of an improvised explosive
device.
(2) Keep the rail car in a rail secure area from the time the
security inspection required by paragraph (a)(1) of this section or by
49 CFR 173.31(d), whichever occurs first, until the freight railroad
carrier takes physical custody of the rail car.
(3) Document the transfer of custody to the railroad carrier in
hard copy or electronically.
(b) Within or outside of an HTUA, carrier receiving from a rail
hazardous materials shipper. At each location within or outside of an
HTUA where a freight railroad carrier receives from a rail hazardous
materials shipper custody of a rail car containing one or more of the
categories and quantities of rail security-sensitive materials, the
freight railroad carrier must document the transfer in hard copy or
electronically and perform the required security inspection in
accordance with 49 CFR 174.9.
(c) Within an HTUA, carrier transferring to carrier. Within an
HTUA, whenever a freight railroad carrier transfers a rail car
containing one or more of the categories and quantities of rail
security-sensitive materials to another freight railroad carrier, each
freight railroad carrier must adopt and carry out procedures to ensure
that the rail car is not left unattended at any time during the
physical transfer of custody. These procedures must include the
receiving freight railroad carrier performing the required security
inspection in accordance with 49 CFR 174.9. Both the transferring and
the receiving railroad carrier must document the transfer of custody in
hard copy or electronically.
(d) Outside of an HTUA, carrier transferring to carrier. Outside an
HTUA, whenever a freight railroad carrier transfers a rail car
containing one or more of the categories and quantities of rail
security-sensitive materials to another freight railroad carrier, and
the rail car containing this hazardous material may subsequently enter
an HTUA, each freight railroad carrier must adopt and carry out
procedures to ensure that the rail car is not left unattended at any
time during the physical transfer of custody. These procedures must
include the receiving railroad carrier performing the required security
inspection in accordance with 49 CFR 174.9. Both the transferring and
the receiving railroad carrier must document the transfer of custody in
hard copy or electronically.
(e) Within an HTUA, carrier transferring to rail hazardous
materials receiver. A freight railroad carrier delivering a rail car
containing one or more of the categories and quantities of rail
security-sensitive materials to a rail hazardous materials receiver
located within an HTUA must not leave the rail car unattended in a non-
secure area until the rail hazardous materials receiver accepts custody
of the rail car. Both the railroad carrier and the rail hazardous
materials receiver must document the transfer of custody in hard copy
or electronically.
(f) Within an HTUA, rail hazardous materials receiver receiving
from carrier. Except as provided in paragraph (j) of this section, a
rail hazardous materials receiver located within an HTUA that receives
a rail car containing one or more of the categories and quantities of
rail security-sensitive materials from a freight railroad carrier
must--
(1) Ensure that the rail hazardous materials receiver or railroad
carrier maintains positive control of the rail car during the physical
transfer of custody of the rail car;
(2) Keep the rail car in a rail secure area until the car is
unloaded; and
(3) Document the transfer of custody from the railroad carrier in
hard copy or electronically.
(g) Within or outside of an HTUA, rail hazardous materials receiver
rejecting car. This section does not apply to a rail hazardous
materials receiver that does not routinely offer, prepare, or load for
transportation by rail one or more of the categories and quantities of
rail security-sensitive materials. If such a receiver rejects and
returns a rail car containing one or more of the categories and
quantities of rail security-sensitive materials to the originating
offeror or shipper, the requirements of this section do not apply to
the receiver. The requirements of this section do apply to any railroad
carrier to which the receiver transfers custody of the rail car.
(h) Document retention. Covered entities must maintain the
documents required under this section for at least 60 calendar days and
make them available to TSA upon request.
(i) Rail secure area. The rail hazardous materials shipper and the
rail hazardous materials receiver must use physical security measures
to ensure that no unauthorized individual gains access to the rail
secure area.
(j) Exemption for rail hazardous materials receivers. A rail
hazardous materials receiver located within an HTUA may request from
TSA an exemption from some or all of the requirements of this section
if the receiver demonstrates that the potential risk from its
activities is insufficient to warrant compliance with this section. TSA
will consider all relevant circumstances, including the following:
(1) The amounts and types of all hazardous materials received.
(2) The geography of the area surrounding the receiver's facility.
(3) Proximity to entities that may be attractive targets, including
other businesses, housing, schools, and hospitals.
(4) Any information regarding threats to the facility.
(5) Other circumstances that indicate the potential risk of the
receiver's facility does not warrant compliance with this section.
Sec. 1580.207 Harmonization of federal regulation of nuclear
facilities.
TSA will coordinate activities under this subpart with the Nuclear
Regulatory Commission (NRC) and the Department of Energy (DOE) with
respect to regulation of rail hazardous materials shippers and
receivers that are also licensed or regulated by the NRC or DOE under
the Atomic Energy Act of 1954, as amended, to maintain consistency with
the requirements imposed by the NRC and DOE.
Appendix A to Part 1580--High Threat Urban Areas (HTUAs)
[[Page 91394]]
----------------------------------------------------------------------------------------------------------------
State Urban area Geographic areas
----------------------------------------------------------------------------------------------------------------
AZ................................... Phoenix Area........... Chandler, Gilbert, Glendale, Mesa, Peoria,
Phoenix, Scottsdale, Tempe, and a 10-mile
buffer extending from the border of the
combined area.
CA................................... Anaheim/Santa Ana Area. Anaheim, Costa Mesa, Garden Grove, Fullerton,
Huntington Beach, Irvine, Orange, Santa Ana,
and a 10-mile buffer extending from the border
of the combined area.
Bay Area............... Berkeley, Daly City, Fremont, Hayward, Oakland,
Palo Alto, Richmond, San Francisco, San Jose,
Santa Clara, Sunnyvale, Vallejo, and a 10-mile
buffer extending from the border of the
combined area.
Los Angeles/Long Beach Burbank, Glendale, Inglewood, Long Beach, Los
Area. Angeles, Pasadena, Santa Monica, Santa Clarita,
Torrance, Simi Valley, Thousand Oaks, and a 10-
mile buffer extending from the border of the
combined area.
Sacramento Area........ Elk Grove, Sacramento, and a 10-mile buffer
extending from the border of the combined area.
San Diego Area......... Chula Vista, Escondido, and San Diego, and a 10-
mile buffer extending from the border of the
combined area.
CO................................... Denver Area............ Arvada, Aurora, Denver, Lakewood, Westminster,
Thornton, and a 10-mile buffer extending from
the border of the combined area.
DC................................... National Capital Region National Capital Region and a 10-mile buffer
extending from the border of the combined area.
FL................................... Fort Lauderdale Area... Fort Lauderdale, Hollywood, Miami Gardens,
Miramar, Pembroke Pines, and a 10-mile buffer
extending from the border of the combined area.
Jacksonville Area...... Jacksonville and a 10-mile buffer extending from
the city border.
Miami Area............. Hialeah, Miami, and a 10-mile buffer extending
from the border of the combined area.
Orlando Area........... Orlando and a 10-mile buffer extending from the
city border.
Tampa Area............. Clearwater, St. Petersburg, Tampa, and a 10-mile
buffer extending from the border of the
combined area.
GA................................... Atlanta Area........... Atlanta and a 10-mile buffer extending from the
city border.
HI................................... Honolulu Area.......... Honolulu and a 10-mile buffer extending from the
city border.
IL................................... Chicago Area........... Chicago and a 10-mile buffer extending from the
city border.
IN................................... Indianapolis Area...... Indianapolis and a 10-mile buffer extending from
the city border.
KY................................... Louisville Area........ Louisville and a 10-mile buffer extending from
the city border.
LA................................... Baton Rouge Area....... Baton Rouge and a 10-mile buffer extending from
the city border.
New Orleans Area....... New Orleans and a 10-mile buffer extending from
the city border.
MA................................... Boston Area............ Boston, Cambridge, and a 10-mile buffer
extending from the border of the combined area.
MD................................... Baltimore Area......... Baltimore and a 10-mile buffer extending from
the city border.
MI................................... Detroit Area........... Detroit, Sterling Heights, Warren, and a 10-mile
buffer extending from the border of the
combined area.
MN................................... Twin Cities Area....... Minneapolis, St. Paul, and a 10-mile buffer
extending from the border of the combined
entity.
MO................................... Kansas City Area....... Independence, Kansas City (MO), Kansas City
(KS), Olathe, Overland Park, and a 10-mile
buffer extending from the border of the
combined area.
St. Louis Area......... St. Louis and a 10-mile buffer extending from
the city border.
NC................................... Charlotte.............. Charlotte and a 10-mile buffer extending from
Area................... the city border.
NE................................... Omaha Area............. Omaha and a 10-mile buffer extending from the
city border.
NJ................................... Jersey City/Newark Area Elizabeth, Jersey City, Newark, and a 10-mile
buffer extending from the border of the
combined area.
NV................................... Las Vegas Area......... Las Vegas, North Las Vegas, and a 10-mile buffer
extending from the border of the combined
entity.
NY................................... Buffalo Area........... Buffalo and a 10-mile buffer extending from the
city border.
New York City Area..... New York City, Yonkers, and a 10-mile buffer
extending from the border of the combined area.
OH................................... Cincinnati Area........ Cincinnati and a 10-mile buffer extending from
the city border.
Cleveland Area......... Cleveland and a 10-mile buffer extending from
the city border.
Columbus Area.......... Columbus and a 10-mile buffer extending from the
city border.
Toledo Area............ Oregon, Toledo, and a 10-mile buffer extending
from the border of the combined area.
OK................................... Oklahoma City Area..... Norman, Oklahoma and a 10-mile buffer extending
from the border of the combined area.
OR................................... Portland Area.......... Portland, Vancouver, and a 10-mile buffer
extending from the border of the combined area.
PA................................... Philadelphia Area...... Philadelphia and a 10-mile buffer extending from
the city border.
Pittsburgh Area........ Pittsburgh and a 10-mile buffer extending from
the city border.
TN................................... Memphis Area........... Memphis and a 10-mile buffer extending from the
city border.
TX................................... Dallas/Fort Worth/ Arlington, Carrollton, Dallas, Fort Worth,
Arlington Area. Garland, Grand Prairie, Irving, Mesquite,
Plano, and a 10-mile buffer extending from the
border of the combined area.
Houston Area........... Houston, Pasadena, and a 10-mile buffer
extending from the border of the combined
entity.
San Antonio Area....... San Antonio and a 10-mile buffer extending from
the city border.
WA................................... Seattle Area........... Seattle, Bellevue, and a 10-mile buffer
extending from the border of the combined area.
WI................................... Milwaukee Area......... Milwaukee and a 10-mile buffer extending from
the city border.
----------------------------------------------------------------------------------------------------------------
Appendix B to Part 1580--Security-Sensitive Functions for Freight Rail
This table identifies security-sensitive job functions for owner/
operators regulated under this part. All employees performing security-
sensitive functions are ``security-sensitive employees'' for purposes
of this rule and must be trained.
[[Page 91395]]
------------------------------------------------------------------------
Examples of job
Security-sensitive job titles
Categories functions for freight applicable to
rail these functions*
------------------------------------------------------------------------
A. Operating a vehicle........ 1. Employees who
operate or directly
control the movements
of locomotives or
other self-powered
rail vehicles.
2. Train conductor,
trainman, brakeman,
or utility employee
or performs
acceptance
inspections, couples
and uncouples rail
cars, applies
handbrakes, or
similar functions.
3. Employees covered Engineer,
under the Federal conductor.
hours of service laws
as ``train
employees.'' See 49
U.S.C. 21101(5) and
21103.
B. Inspecting and maintaining Employees who inspect Carman, car
vehicles. or repair rail cars repairman, car
and locomotives. inspector,
engineer,
conductor.
C. Inspecting or maintaining 1. Employees who--.... Signalman,
building or transportation a. Maintain, install, signal
infrastructure. or inspect maintainer,
communications and trackman, gang
signal equipment. foreman, bridge
and building
laborer,
roadmaster,
bridge, and
building
inspector/
operator.
b. Maintain, install,
or inspect track and
structures,
including, but not
limited to, bridges,
trestles, and tunnels.
2. Employees covered
under the Federal
hours of service laws
as ``signal
employees.'' See 49
U.S.C. 21101(3) and
21104.
D. Controlling dispatch or 1. Employees who--.... Yardmaster,
movement of a vehicle. a. Dispatch, direct, dispatcher,
or control the block operator,
movement of trains.. bridge
operator.
b. Operate or
supervise the
operations of
moveable bridges..
c. Supervise the
activities of train
crews, car movements,
and switching
operations in a yard
or terminal..
2. Employees covered
under the Federal
hours of service laws
as ``dispatching
service employees.''
See 49 U.S.C.
21101(2) and 21105.
E. Providing security of the Employees who provide Police officer,
owner/operator's equipment for the security of special agent;
and property. the railroad patrolman;
carrier's equipment watchman;
and property, guard.
including acting as a
railroad police
officer (as that term
is defined in 49 CFR
207.2)..
F. Loading or unloading cargo Includes, but is not Service track
or baggage. limited to, employees employee.
that load or unload
hazardous materials.
G. Interacting with travelling Employees of a freight Conductor,
public (on board a vehicle or railroad operating in engineer,
within a transportation passenger service. agent.
facility).
H. Complying with security 1. Employees who serve Security
programs or measures, as security coordinator,
including those required by coordinators train master,
federal law. designated in Sec. assistant train
1570.201 of this master,
subchapter, as well roadmaster,
as any designated division
alternates or roadmaster.
secondary security
coordinators.
2. Employees who--....
a. Conduct training
and testing of
employees when the
training or testing
is required by TSA's
security regulations..
b. Perform inspections
or operations
required by Sec.
1580.205 of this
subchapter..
c. Manage or direct
implementation of
security plan
requirements.
------------------------------------------------------------------------
* These job titles are provided solely as a resource to help understand
the functions described; whether an employee must be trained is based
upon the function, not the job title.
0
12. Add part 1582 to read as follows:
PART 1582--PUBLIC TRANSPORTATION AND PASSENGER RAILROAD SECURITY
Subpart A--General
Sec.
1582.1 Scope.
1582.3 Terms used in this part.
1582.5 Preemptive effect.
Subpart B--Security Programs
1582.101 Applicability.
1582.103 [Reserved]
1582.105 [Reserved]
1582.107 [Reserved]
1582.109 [Reserved]
1582.111 [Reserved]
1582.113 Security training program general requirements.
1582.115 Security training and knowledge for security-sensitive
employees.
Subpart C--[Reserved]
Appendix A to Part 1582--Public Transportation Agencies
Appendix B to Part 1582--Security-Sensitive Job Functions For Public
Transportation and Passenger Railroads
Authority: 6 U.S.C. 1134 and 1137; 49 U.S.C. 114.
Subpart A--General
Sec. 1582.1 Scope.
(a) Except as provided in paragraph (b) of this section, this part
includes requirements for the following persons. Specific sections in
this part provide detailed requirements.
(1) Each passenger railroad carrier.
(2) Each public transportation agency.
(3) Each operator of a rail transit system that is not operating on
track that is part of the general railroad system of transportation,
including heavy rail transit, light rail transit, automated guideway,
cable car, inclined plane, funicular, and monorail systems.
(4) Each tourist, scenic, historic, and excursion rail owner/
operator, whether operating on or off the general railroad system of
transportation.
(b) This part does not apply to a ferry system required to conduct
training pursuant to 46 U.S.C. 70103.
Sec. 1582.3 Terms used in this part.
In addition to the terms in Sec. Sec. 1500.3, 1500.5, and 1503.202
of subchapter A and Sec. 1570.3 of subchapter D of this chapter, the
following term applies to this part.
Security-sensitive employee means an employee whose
responsibilities for the owner/operator include one or more of the
security-sensitive job functions identified in Appendix B to this part
if
[[Page 91396]]
the security-sensitive function is performed in the United States or in
direct support of the common carriage of persons or property between a
place in the United States and any place outside of the United States.
Sec. 1582.5 Preemptive effect.
Under 49 U.S.C. 20106, issuance of the passenger railroad and
public transportation regulations in this subchapter preempts any State
law, regulation, or order covering the same subject matter, except an
additional or more stringent law, regulation, or order that is
necessary to eliminate or reduce an essentially local security hazard;
that is not incompatible with a law, regulation, or order of the U.S.
Government; and that does not unreasonably burden interstate commerce.
Subpart B--Security Programs
Sec. 1582.101 Applicability.
The requirements of this subpart apply to the following:
(1) Amtrak (also known as the National Railroad Passenger
Corporation).
(2) Each owner/operator identified in Appendix A to this part.
(3) Each owner/operator described in Sec. 1582.1(a)(1) through (3)
of this part that serves as a host railroad to a freight operation
described in Sec. 1580.301 of this subchapter or to a passenger train
operation described in paragraph (a)(1) or (a)(2) of this section.
Sec. 1582.103 [Reserved]
Sec. 1582.105 [Reserved]
Sec. 1582.107 [Reserved]
Sec. 1582.109 [Reserved]
Sec. 1582.111 [Reserved]
Sec. 1582.113 Security training program general requirements.
(a) Security training program required. Each owner/operator
identified in Sec. 1582.101 of this part is required to adopt and
carry out a security training program under this subpart.
(b) General requirements. The security training program must
include the following information:
(1) Name of owner/operator.
(2) Name, title, telephone number, and email address of the primary
individual to be contacted with regard to review of the security
training program.
(3) Number, by specific job function category identified in
Appendix B to this part, of security-sensitive employees trained or to
be trained.
(4) Implementation schedule that identifies a specific date by
which initial and recurrent security training required by Sec.
1570.111 of this subchapter will be completed.
(5) Location where training program records will be maintained.
(6) Curriculum or lesson plan, learning objectives, and method of
delivery (such as instructor-led or computer-based training) for each
course used to meet the requirements of Sec. 1582.115 of this part.
TSA may request additional information regarding the curriculum during
the review and approval process.
(7) Plan for ensuring supervision of untrained security-sensitive
employees performing functions identified in Appendix B to this part.
(8) Plan for notifying employees of changes to security measures
that could change information provided in previously provided training.
(9) Method(s) for evaluating the effectiveness of the security
training program in each area required by Sec. 1582.115 of this part.
(c) Relation to other training. (1) Training conducted by owner/
operators to comply other requirements or standards, such as emergency
preparedness training required by the Department of Transportation
(DOT) (49 CFR part 239) or other training for communicating with
emergency responders to arrange the evacuation of passengers, may be
combined with and used to satisfy elements of the training requirements
in this subpart.
(2) If the owner/operator submits a security training program that
relies on pre-existing or previous training materials to meet the
requirements of subpart B, the program submitted for approval must
include an index, organized in the same sequence as the requirements in
this subpart.
(d) Submission and Implementation. The owner/operator must submit
and implement the security training program in accordance with the
schedules identified in Sec. Sec. 1570.109 and 1570.111 of this
subchapter.
Sec. 1582.115 Security training and knowledge for security-sensitive
employees.
(a) Training required for security-sensitive employees. No owner/
operator required to have a security training program under Sec.
1582.101 of this part may use a security-sensitive employee to perform
a function identified in Appendix B to this part unless that individual
has received training as part of a security training program approved
by TSA under 49 CFR part 1570, subpart B, or is under the direct
supervision of a security-sensitive employee who has received the
training required by this section.
(b) Limits on use of untrained employees. Notwithstanding paragraph
(a) of this section, a security-sensitive employee may not perform a
security-sensitive function for more than sixty (60) calendar days
without receiving security training.
(c) Prepare. Each owner/operator must ensure that each of its
security-sensitive employees with position- or function-specific
responsibilities under the owner/operator's security program have
knowledge of how to fulfill those responsibilities in the event of a
security threat, breach, or incident to ensure--
(1) Employees with responsibility for transportation security
equipment and systems are aware of their responsibilities and can
verify the equipment and systems are operating and properly maintained;
and
(2) Employees with other duties and responsibilities under the
company's security plans and/or programs, including those required by
Federal law, know their assignments and the steps or resources needed
to fulfill them.
(d) Observe. Each owner/operator must ensure that each of its
security-sensitive employees has knowledge of the observational skills
necessary to recognize--
(1) Suspicious and/or dangerous items (such as substances,
packages, or conditions (for example, characteristics of an IED and
signs of equipment tampering or sabotage);
(2) Combinations of actions and individual behaviors that appear
suspicious and/or dangerous, inappropriate, inconsistent, or out of the
ordinary for the employee's work environment which could indicate a
threat to transportation security; and
(3) How a terrorist or someone with malicious intent may attempt to
gain sensitive information or take advantage of vulnerabilities.
(e) Assess. Each owner/operator must ensure that each of its
security-sensitive employees has knowledge necessary to--
(1) Determine whether the item, individual, behavior, or situation
requires a response as a potential terrorist threat based on the
respective transportation environment; and
(2) Identify appropriate responses based on observations and
context.
(f) Respond. Each owner/operator must ensure that each of its
security-sensitive employees has knowledge of how to--
(1) Appropriately report a security threat, including knowing how
and when to report internally to other
[[Page 91397]]
employees, supervisors, or management, and externally to local, state,
or federal agencies according to the owner/operator's security
procedures or other relevant plans;
(2) Interact with the public and first responders at the scene of
the threat or incident, including communication with passengers on
evacuation and any specific procedures for individuals with
disabilities and the elderly; and
(3) Use any applicable self-defense devices or other protective
equipment provided to employees by the owner/operator.
Subpart C [Reserved]
Appendix A to Part 1582--Determinations for Public Transportation and
Passenger Railroads
------------------------------------------------------------------------
State Urban area Systems
------------------------------------------------------------------------
CA............................ Bay Area......... Alameda-Contra Costa
Transit District (AC
Transit).
Altamont Commuter
Express (ACE).
................. San Francisco Bay
Area Rapid Transit
District (BART).
................. Central Contra Costa
Transit Authority.
................. Golden Gate Bridge,
Highway and
Transportation
District (GGBHTD).
................. Peninsula Corridor
Joint Powers Board
(PCJPB) (Caltrain).
................. San Francisco
Municipal Railway
(MUNI) (San
Francisco Municipal
Transportation
Agency).
................. San Mateo County
Transit Authority
(SamTrans).
................. Santa Clara Valley
Transportation
Authority (VTA).
................. Transbay Joint Powers
Authority.
Greater Los City of Los Angeles
Angeles Area Department of
(Los Angeles/ Transportation
Long Beach and (LADOT).
Anaheim/Santa Foothill Transit.
Ana UASI Areas). Long Beach Transit
(LBT).
................. Los Angeles County
Metropolitan
Transportation
Authority (LACMTA).
................. Montebello Bus Lines
(MBL).
................. Omnitrans (OMNI).
................. Orange County
Transportation
Authority (OCTA).
................. Santa Monica's Big
Blue Bus (Big Blue
Bus).
................. Southern California
Regional Rail
Authority
(Metrolink).
DC/MD/VA...................... Greater National Arlington Rapid
Capital Region Transit.
(National City of Alexandria
Capital Region (Alexandria Transit
and Baltimore Company) (Dash).
UASI Areas).
................. Fairfax County
Department of
Transportation--Fair
fax Connector Bus
System.
................. Maryland Transit
Administration
(MTA).
................. Montgomery County
Department of
Transportation (Ride-
On Montgomery County
Transit).
................. Potomac and
Rappahannock
Transportation
Commission.
................. Prince George's
County Department of
Public Works and
Transportation (The
Bus).
................. Virginia Railway
Express (VRE).
................. Washington
Metropolitan Area
Transit Authority
(WMATA).
GA............................ Atlanta Area..... Georgia Regional
Transportation
Authority (GRTA).
Metropolitan Atlanta
Rapid Transit
Authority (MARTA).
IL/IN......................... Chicago Area..... Chicago Transit
Authority (CTA).
................. Northeast Illinois
Commuter Railroad
Corporation (Metra/
NIRCRC).
................. Northern Indiana
Commuter
Transportation
District (NICTD).
................. PACE Suburban Bus
Company.
MA............................ Boston Area...... Massachusetts Bay
Transportation
Authority (MBTA).
NY/NJ/CT...................... New York City/ Connecticut
Northern New Department of
Jersey Area (New Transportation
York City and (CDOT).
Jersey City/
Newark UASI
Areas).
................. Connecticut Transit
(Hartford Division
and New Haven
Divisions of
CTTransit).
................. Metropolitan
Transportation
Authority (All
Agencies).
................. New Jersey Transit
Corp. (NJT).
................. New York City
Department of
Transportation.
................. Port Authority of New
York and New Jersey
(PANYNJ) (excluding
ferry).
................. Westchester County
Department of
Transportation Bee-
Line System (The Bee-
Line System).
PA/NJ......................... Philadelphia Area Delaware River Port
Authority (DRPA)--
Port Authority
Transit Corporation
(PATCO).
................. Delaware Transit
Corporation (DTC).
................. New Jersey Transit
Corp. (NJT) (covered
under NY).
................. Pennsylvania
Department of
Transportation.
................. Southeastern
Pennsylvania
Transportation
Authority (SEPTA).
------------------------------------------------------------------------
[[Page 91398]]
Appendix B to Part 1582--Security-Sensitive Job Functions For Public
Transportation and Passenger Railroads
This table identifies security-sensitive job functions for owner/
operators regulated under this part. All employees performing security-
sensitive functions are ``security-sensitive employees'' for purposes
of this rule and must be trained.
------------------------------------------------------------------------
Security-sensitive job functions for
Categories public transportation and passenger
railroads (PTPR)
------------------------------------------------------------------------
A. Operating a vehicle....... 1. Employees who--
a. Operate or control the movements of
trains, other rail vehicles, or transit
buses.
b. Act as train conductor, trainman,
brakeman, or utility employee or
performs acceptance inspections, couples
and uncouples rail cars, applies
handbrakes, or similar functions.
2. Employees covered under the Federal
hours of service laws as ``train
employees.'' See 49 U.S.C. 21101(5) and
21103.
B. Inspecting and maintaining Employees who--
vehicles. 1. Perform activities related to the
diagnosis, inspection, maintenance,
adjustment, repair, or overhaul of
electrical or mechanical equipment
relating to vehicles, including
functions performed by mechanics and
automotive technicians.
2. Provide cleaning services to vehicles
owned, operated, or controlled by an
owner/operator regulated under this
subchapter.
C. Inspecting or maintaining Employees who--
building or transportation 1. Maintain, install, or inspect
infrastructure. communication systems and signal
equipment related to the delivery of
transportation services.
2. Maintain, install, or inspect track
and structures, including, but not
limited to, bridges, trestles, and
tunnels.
3. Provide cleaning services to stations
and terminals owned, operated, or
controlled by an owner/operator
regulated under this subchapter that are
accessible to the general public or
passengers.
4. Provide maintenance services to
stations, terminals, yards, tunnels,
bridges, and operation control centers
owned, operated, or controlled by an
owner/operator regulated under this
subchapter.
5. Employees covered under the Federal
hours of service laws as ``signal
employees.'' See 49 U.S.C. 21101(4) and
21104.
D. Controlling dispatch or Employees who--
movement of a vehicle. 1. Dispatch, report, transport, receive
or deliver orders pertaining to specific
vehicles, coordination of transportation
schedules, tracking of vehicles and
equipment.
2. Manage day-to-day management delivery
of transportation services and the
prevention of, response to, and redress
of service disruptions.
3. Supervise the activities of train
crews, car movements, and switching
operations in a yard or terminal.
4. Dispatch, direct, or control the
movement of trains or buses.
5. Operate or supervise the operations of
moveable bridges.
6. Employees covered under the Federal
hours of service laws as ``dispatching
service employees.'' See 49 U.S.C.
21101(2) and 21105.
E. Providing security of the Employees who--
owner/operator's equipment 1. Provide for the security of PTPR
and property. equipment and property, including acting
as a police officer.
2. Patrol and inspect property of an
owner/operator regulated under this
subchapter to protect the property,
personnel, passengers and/or cargo.
F. Loading or unloading cargo Employees who load, or oversee loading
or baggage. of, property tendered by or on behalf of
a passenger on or off of a portion of a
train that will be inaccessible to the
passenger while the train is in
operation.
G. Interacting with Employees who provide services to
travelling public (on board passengers on-board a train or bus,
a vehicle or within a including collecting tickets or cash for
transportation facility). fares, providing information, and other
similar services. Including:
1. On-board food or beverage employees.
2. Functions on behalf of an owner/
operator regulated under this subchapter
that require regular interaction with
travelling public within a
transportation facility, such as ticket
agents.
H. Complying with security 1. Employees who serve as security
programs or measures, coordinators designated in Sec.
including those required by 1570.201 of this subchapter, as well as
federal law. any designated alternates or secondary
security coordinators.
2. Employees who--
a. Conduct training and testing of
employees when the training or testing
is required by TSA's security
regulations.
b. Manage or direct implementation of
security plan requirements.
------------------------------------------------------------------------
0
13. Add part 1584 to read as follows:
PART 1584--HIGHWAY AND MOTOR CARRIERS
Subpart A--General
Sec.
1584.1 Scope.
1584.3 Terms used in this part.
Subpart B--Security Programs
1584.101 Applicability.
1584.103 [Reserved]
1584.105 [Reserved]
1584.107 [Reserved]
[[Page 91399]]
1584.109 [Reserved]
1584.111 [Reserved]
1584.113 Security training program general requirements.
1584.115 Security training and knowledge for security-sensitive
employees.
Subpart C [Reserved]
Appendix A to Part 1584--Urban Area Determinations for Over-The-Road
Buses
Appendix B to Part 1584--Security-Sensitive Job Functions For Over-the-
Road Buses
Authority: 6 U.S.C. 1181 and 1184; 49 U.S.C. 114.
Subpart A--General
Sec. 1584.1 Scope.
This part includes requirements for persons providing
transportation by an over-the-road bus (OTRB). Specific sections in
this part provide detailed requirements.
Sec. 1584.3 Terms used in this part.
In addition to the terms in Sec. Sec. 1500.3, 1500.5, and 1503.202
of subchapter A and Sec. 1570.3 of subchapter D of this chapter, the
following term applies to this part.
Security-sensitive employee means an employee whose
responsibilities for the owner/operator include one or more of the
security-sensitive job functions identified in Appendix B to this part
where the security-sensitive function is performed in the United States
or in direct support of the common carriage of persons or property
between a place in the United States and any place outside of the
United States.
Subpart B--Security Programs
Sec. 1584.101 Applicability.
The requirements of this subpart apply to each OTRB owner/operator
providing fixed-route service that originates, travels through, or ends
in a geographic location identified in Appendix A to this part.
Sec. 1584.103 [Reserved]
Sec. 1584.105 [Reserved]
Sec. 1584.107 [Reserved]
Sec. 1584.109 [Reserved]
Sec. 1584.111 [Reserved]
Sec. 1584.113 Security training program general requirements.
(a) Security training program required. Each owner/operator
identified in Sec. 1584.101 of this part is required to adopt and
carry out a security training program under this subpart.
(b) General requirements. The security training program must
include the following information:
(1) Name of owner/operator.
(2) Name, title, telephone number, and email address of the primary
individual to be contacted with regard to review of the security
training program.
(3) Number, by specific job function category identified in
Appendix B to this part, of security-sensitive employees trained or to
be trained.
(4) Implementation schedule that identifies a specific date by
which initial and recurrent security training required by Sec.
1570.111 of this subchapter will be completed.
(5) Location where training program records will be maintained.
(6) Curriculum or lesson plan, learning objectives, and method of
delivery (such as instructor-led or computer-based training) for each
course used to meet the requirements of Sec. 1584.115 of this part.
TSA may request additional information regarding the curriculum during
the review and approval process.
(7) Plan for ensuring supervision of untrained security-sensitive
employees performing functions identified in Appendix B to this part.
(8) Plan for notifying employees of changes to security measures
that could change information provided in previously provided training.
(9) Method(s) for evaluating the effectiveness of the security
training program in each area required by Sec. 1584.115 of this part.
(c) Relation to other training. (1) Training conducted by owner/
operators to comply other requirements or standards may be combined
with and used to satisfy elements of the training requirements in this
subpart.
(2) If the owner/operator submits a security training program that
relies on pre-existing or previous training materials to meet the
requirements of subpart B, the program submitted for approval must
include an index, organized in the same sequence as the requirements in
this subpart.
(d) Submission and Implementation. The owner/operator must submit
and implement the security training program in accordance with the
schedules identified in Sec. Sec. 1570.109 and 1570.111 of this
subchapter.
Sec. 1584.115 Security training and knowledge for security-sensitive
employees.
(a) Training required for security-sensitive employees. No owner/
operator required to have a security training program under Sec.
1584.101 of this part may use a security-sensitive employee to perform
a function identified in Appendix B to this part unless that individual
has received training as part of a security training program approved
by TSA under 49 CFR part 1570, subpart B, or is under the direct
supervision of a security-sensitive employee who has received the
training required by this section.
(b) Limits on use of untrained employees. Notwithstanding paragraph
(a) of this section, a security-sensitive employee may not perform a
security-sensitive function for more than sixty (60) calendar days
without receiving security training.
(c) Prepare. Each owner/operator must ensure that each of its
security-sensitive employees with position- or function-specific
responsibilities under the owner/operator's security program have
knowledge of how to fulfill those responsibilities in the event of a
security threat, breach, or incident to ensure--
(1) Employees with responsibility for transportation security
equipment and systems are aware of their responsibilities and can
verify the equipment and systems are operating and properly maintained;
and
(2) Employees with other duties and responsibilities under the
company's security plans and/or programs, including those required by
Federal law, know their assignments and the steps or resources needed
to fulfill them.
(d) Observe. Each owner/operator must ensure that each of its
security-sensitive employees has knowledge of the observational skills
necessary to recognize--
(1) Suspicious and/or dangerous items (such as substances,
packages, or conditions (for example, characteristics of an IED and
signs of equipment tampering or sabotage);
(2) Combinations of actions and individual behaviors that appear
suspicious and/or dangerous, inappropriate, inconsistent, or out of the
ordinary for the employee's work environment which could indicate a
threat to transportation security; and
(3) How a terrorist or someone with malicious intent may attempt to
gain sensitive information or take advantage of vulnerabilities.
(e) Assess. Each owner/operator must ensure that each of its
security-sensitive employees has knowledge necessary to--
(1) Determine whether the item, individual, behavior, or situation
requires a response as a potential terrorist threat based on the
respective transportation environment; and
(2) Identify appropriate responses based on observations and
context.
(f) Respond. Each owner/operator must ensure that each of its
security-
[[Page 91400]]
sensitive employees has knowledge of how to--
(1) Appropriately report a security threat, including knowing how
and when to report internally to other employees, supervisors, or
management, and externally to local, state, or federal agencies
according to the owner/operator's security procedures or other relevant
plans;
(2) Interact with the public and first responders at the scene of
the threat or incident, including communication with passengers on
evacuation and any specific procedures for individuals with
disabilities and the elderly; and
(3) Use any applicable self-defense devices or other protective
equipment provided to employees by the owner/operator.
Subpart C [Reserved]
Appendix A to Part 1584--Urban Area Determinations for Over-the-Road
Buses
----------------------------------------------------------------------------------------------------------------
State Urban area Geographic areas
----------------------------------------------------------------------------------------------------------------
CA...................................... Anaheim/Los Angeles/Long Los Angeles and Orange Counties.
Beach/Santa Ana Areas.
San Diego Area............. San Diego County.
San Francisco Bay Area..... Alameda, Contra Costa, Marin, San
Francisco, and San Mateo Counties.
DC (VA, MD, and WV)..................... National Capital Region.... District of Columbia; Counties of
Calvert, Charles, Frederick, Montgomery,
and Prince George's, MD; Counties of
Arlington, Clarke, Fairfax, Fauquier,
Loudoun, Prince William, Spotsylvania,
Stafford, and Warren County, VA; Cities
of Alexandria, Fairfax, Falls Church,
Fredericksburg, Manassas, and Manassas
Park City, VA; Jefferson County, WV.
IL/IN................................... Chicago.................... Counties of Cook, DeKalb, DuPage, Grundy,
Area....................... Kane, Kendall, Lake, McHenry, and Will,
IL; Counties of Jasper, Lake, Newton,
and Porter, IN; Kenosha County, WI.
MA...................................... Boston..................... Counties of Essex, Norfolk, Plymouth,
Area....................... Suffolk, Middlesex, MA; Counties of
Rockingham and Strafford, NH.
NY (NJ and PA).......................... New York City/Jersey City/ Counties of Bronx, Kings, Nassau, New
Newark Area. York, Putnam, Queens, Richmond,
Rockland, Suffolk, and Westchester, NY;
Counties of Bergen, Essex, Hudson,
Hunterdon, Ocean, Middlesex, Monmouth,
Morris, Passaic, Somerset, Sussex, and
Union, NJ; Pike County, PA.
PA (DE and NJ).......................... Philadelphia Area/Southern Counties of Burlington, Camden, and
New Jersey. Gloucester, NJ; Counties of Bucks,
Area....................... Chester, Delaware, Montgomery, and
Philadelphia, PA; New Castle County, DE;
Cecil County, MD; Salem County, NJ.
TX...................................... Dallas Fort Worth/Arlington Collin, Dallas, Delta, Denton, Ellis,
Area. Hunt, Kaufman, Rockwall, Johnson,
Parker, Tarrant, and Wise Counties, TX.
Houston Area............... Austin, Brazoria, Chambers, Fort Bend,
Galveston, Harris, Liberty, Montgomery,
San Jacinto, and Waller Counties, TX.
----------------------------------------------------------------------------------------------------------------
Appendix B to Part 1584--Security-Sensitive Job Functions For Over-the-
Road Buses
This table identifies security-sensitive job functions for owner/
operators regulated under this part. All employees performing security-
sensitive functions are ``security-sensitive employees'' for purposes
of this rule and must be trained.
------------------------------------------------------------------------
Security-sensitive job functions for over-
Categories the-road buses
------------------------------------------------------------------------
A. Operating a vehicle....... Employees who have a commercial driver's
license (CDL) and operate an OTRB.
B. Inspecting and maintaining Employees who--
vehicles. 1. Perform activities related to the
diagnosis, inspection, maintenance,
adjustment, repair, or overhaul of
electrical or mechanical equipment
relating to vehicles, including
functions performed by mechanics and
automotive technicians.
2. Does not include cleaning or
janitorial activities.
C. Inspecting or maintaining Employees who--
building or transportation 1. Provide cleaning services to areas of
infrastructure. facilities owned, operated, or
controlled by an owner/operator
regulated under this subchapter that are
accessible to the general public or
passengers.
2. Provide cleaning services to vehicles
owned, operated, or controlled by an
owner/operator regulated under this part
(does not include vehicle maintenance).
3. Provide general building maintenance
services to buildings owned, operated,
or controlled by an owner/operator
regulated under this part.
D. Controlling dispatch or Employees who--
movement of a vehicle. 1. Dispatch, report, transport, receive
or deliver orders pertaining to specific
vehicles, coordination of transportation
schedules, tracking of vehicles and
equipment.
2. Manage day-to-day delivery of
transportation services and the
prevention of, response to, and redress
of disruptions to those services.
3. Perform tasks requiring access to or
knowledge of specific route information.
E. Providing security of the Employees who patrol and inspect property
owner/operator's equipment of an owner/operator regulated under
and property. this part to protect the property,
personnel, passengers and/or cargo.
F. Loading or unloading cargo Employees who load, or oversee loading
or baggage. of, property tendered by or on behalf of
a passenger on or off of a portion of a
bus that will be inaccessible to the
passenger while the vehicle is in
operation.
[[Page 91401]]
G. Interacting with Employees who--
travelling public (on board 1. Provide services to passengers on-
a vehicle or within a board a bus, including collecting
transportation facility). tickets or cash for fares, providing
information, and other similar services.
2. Includes food or beverage employees,
tour guides, and functions on behalf of
an owner/operator regulated under this
part that require regular interaction
with travelling public within a
transportation facility, such as ticket
agents.
H. Complying with security 1. Employees who serve as security
programs or measures, coordinators designated in Sec.
including those required by 1570.201 of this subchapter, as well as
federal law. any designated alternates or secondary
security coordinators.
2. Employees who--
a. Conduct training and testing of
employees when the training or testing
is required by TSA's security
regulations.
b. Manage or direct implementation of
security plan requirements.
------------------------------------------------------------------------
Dated: November 18, 2016.
Huban A. Gowadia,
Deputy Administrator.
[FR Doc. 2016-28298 Filed 12-15-16; 8:45 am]
BILLING CODE 9110-05-P