[Federal Register Volume 87, Number 67 (Thursday, April 7, 2022)]
[Notices]
[Pages 20453-20454]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2022-07370]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF HOMELAND SECURITY

Transportation Security Administration


Extension of Agency Information Collection Activity Under OMB 
Review: Cybersecurity Measures for Surface Modes

AGENCY: Transportation Security Administration, DHS.

ACTION: 30-Day notice.

-----------------------------------------------------------------------

SUMMARY: This notice announces that the Transportation Security 
Administration (TSA) has forwarded the Information Collection Request 
(ICR), Office of Management and Budget (OMB) control number 1652-0074, 
abstracted below, to OMB for an extension of the currently approved 
collection under the Paperwork Reduction Act (PRA). The ICR describes 
the nature of the information collection and its expected burden. 
Specifically, the collection involves the submission of data concerning 
the designation of a Cybersecurity Coordinator; the reporting of 
cybersecurity incidents to the Cybersecurity and Infrastructure 
Security Agency (CISA); the development of a cybersecurity contingency/
recovery plan to address cybersecurity gaps; and the completion of a 
cybersecurity assessment.

DATES: Send your comments by May 9, 2022. A comment to OMB is most 
effective if OMB receives it within 30 days of publication.

ADDRESSES: Written comments and recommendations for the proposed 
information collection should be sent within 30 days of publication of 
this notice to www.reginfo.gov/public/do/PRAMain. Find this particular 
information collection by selecting ``Currently under Review--Open for 
Public Comments'' and by using the find function.

FOR FURTHER INFORMATION CONTACT: Christina A. Walsh, TSA PRA Officer, 
Information Technology, TSA-11, Transportation Security Administration, 
6595 Springfield Center Drive, Springfield, VA 20598-6011; telephone 
(571) 227-2062; email [email protected].

SUPPLEMENTARY INFORMATION: TSA published a Federal Register notice, 
with a 60-day comment period soliciting comments, of the following 
collection of information on December 23, 2021, 86 FR 72988.

Comments Invited

    In accordance with the Paperwork Reduction Act of 1995 (44 U.S.C. 
3501 et seq.), an agency may not conduct or sponsor, and a person is 
not required to respond to, a collection of information unless it 
displays a valid OMB control number. The ICR documentation will be 
available at http://www.reginfo.gov upon its submission to OMB. 
Therefore, in preparation for OMB review and approval of the following 
information collection, TSA is soliciting comments to--
    (1) Evaluate whether the proposed information requirement is 
necessary for the proper performance of the functions of the agency, 
including whether the information will have practical utility;
    (2) Evaluate the accuracy of the agency's estimate of the burden;
    (3) Enhance the quality, utility, and clarity of the information to 
be collected; and
    (4) Minimize the burden of the collection of information on those 
who are to respond, including using appropriate automated, electronic, 
mechanical, or other technological collection techniques or other forms 
of information technology.

Information Collection Requirement

    Title: Cybersecurity Measures for Surface Modes.
    Type of Request: Extension.
    OMB Control Number: 1652-0074.
    Form(s): TSA Optional Forms. TSA Surface Cybersecurity 
Vulnerability Assessment Form.
    Affected Public: Owner/Operators with operations that identified in 
49 CFR part 1580 (Freight Rail), 49 CFR part 1582 (Mass Transit and 
Passenger Rail), and 49 CFR part 1584 (Over-the-Road Bus).
    Abstract: Under the authorities of 49 U.S.C. 114, TSA may take 
immediate action to impose measures to protect transportation security 
without providing notice or an opportunity for comment.\1\ On November 
30, 2021, OMB approved TSA's request for emergency approval of the 
collections of information within Security Directive (SD) 1580-21-01, 
SD 1582-21-02, and an ``information circular'' (IC) all issued on 
December 2, 2021. The OMB approval allowed for the institution of 
mandatory reporting requirements under the SDs and collection of 
information voluntarily submitted under the IC. As OMB emergency 
approval is only valid for six months, TSA is now seeking renewal of 
this information collection for the maximum three-year approval period.
---------------------------------------------------------------------------

    \1\ TSA issues security directives (SDs) for surface 
transportation operators under the statutory authority of 49 U.S.C. 
114(l)(2)(A). This provision, from section 101 of the Aviation and 
Transportation Security Act (ATSA), Public Law 107-71 (115 Stat. 
597; Nov. 19, 2001), states: ``Notwithstanding any other provision 
of law or executive order (including an executive order requiring a 
cost-benefit analysis), if the Administrator determines that a 
regulation or security directive must be issued immediately in order 
to protect transportation security, the Administrator shall issue 
the regulation or security directive without providing notice or an 
opportunity for comment and without prior approval of the 
Secretary.''
---------------------------------------------------------------------------

    The cybersecurity threats to surface transportation infrastructure 
that necessitate these collections are consistent with TSA's mission, 
as well as TSA's responsibility and authority for ``security in all 
modes of transportation

[[Page 20454]]

. . . including security responsibilities . . . over modes of 
transportation that are exercised by the Department of 
Transportation.'' See 49 U.S.C. 114(d). The SDs require, and the IC 
recommends, the following security measures:
    1. Designate a Cybersecurity Coordinator and alternate 
Cybersecurity Coordinator and provide contact information to TSA; these 
individuals are to be available to TSA 24/7 to coordinate cybersecurity 
practices, address any incidents that arise, and serve as a principal 
point of contact with TSA and CISA for cybersecurity-related matters;
    2. Report cybersecurity incidents to CISA;
    3. Develop a cybersecurity incident response plan to reduce the 
risk of operational disruption should an owner/operator's Information 
and/or Operational Technology systems be affected by a cybersecurity 
incident; and
    4. Complete a cybersecurity vulnerability assessment to address 
cybersecurity gaps using the form provided by TSA and submit the form 
to TSA.
    Number of Respondents: 781.
    Estimated Annual Burden Hours: An estimated 96,163 hours annually.

    Dated: April 4, 2022.
Christina A. Walsh,
TSA Paperwork Reduction Act Officer, Information Technology.
[FR Doc. 2022-07370 Filed 4-6-22; 8:45 am]
BILLING CODE 9110-05-P