[Federal Register Volume 89, Number 172 (Thursday, September 5, 2024)]
[Notices]
[Pages 72414-72415]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2024-19974]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF HOMELAND SECURITY
[Docket No. CISA-2024-0022]
Agency Information Collection Activities: Program Analysis and
Evaluation (PA&E) Office, Stakeholder Engagement Division (SED)
Convenings Evaluation
AGENCY: Cybersecurity and Infrastructure Security Agency (CISA),
Department of Homeland Security (DHS).
ACTION: 60-Day notice and request for comments; New collection (request
for a new OMB control number, 1670-NEW).
-----------------------------------------------------------------------
SUMMARY: The Office of the Chief Financial Officer (OCFO)/Program
Analysis & Evaluation (PA&E) within Cybersecurity and Infrastructure
Security Agency (CISA) submits the following Information Collection
Request (ICR) to the Office of Management and Budget (OMB) for review
and clearance.
DATES: Comments are encouraged and will be accepted until November 4,
2024.
ADDRESSES: You may submit comments, identified by docket number Docket
# CISA-2024-0022, by following the instructions below for submitting
comment via the Federal eRulemaking Portal at http://www.regulations.gov.
Instructions: All comments received must include the agency name
and docket number Docket # CISA-2024-0022. All comments received will
be posted without change to http://www.regulations.gov, including any
personal information provided.
Docket: For access to the docket to read background documents or
comments received, go to http://www.regulations.gov.
FOR FURTHER INFORMATION CONTACT: Rebecca Buchanan, 202-765-9903,
[email protected].
SUPPLEMENTARY INFORMATION: The Foundations for Evidence-Based
Policymaking Act of 2018 (Pub. L. 115-435), or the Evidence Act,
promotes the use of evidence to inform decision-making and requires
federal agencies to undertake activities toward this end. Specifically,
the Evidence Act requires agencies to develop Learning Agendas and
Annual Evaluation Plans.
The CISA's Learning Agenda questions are documented in the
Department of Homeland Security FY 2022-2026 Learning Agenda. In
addition, its evaluations are included in the Department's Annual
Evaluation Plans, indicating that the Department has recognized those
evaluations as ``significant.'' The Stakeholder Engagement Division
(SED) Convenings Evaluation is one such significant evaluation and was
included in the Department of Homeland Security FY 2023 Annual
Evaluation Plan. CISA's PA&E Division and its evaluation services
contractor, Guidehouse, are working together to conduct this study.
SED Convenings Evaluation
Trusted, sustained, and effective partnerships between government
and the private sector are the foundation of our collective effort to
protect the Nation's critical infrastructure. Critical infrastructure
are those assets, systems, and networks that provide functions
necessary for our way of life. There are 16 critical infrastructure
sectors that are part of a complex, interconnected ecosystem and any
threat to these sectors could have potentially debilitating national
security, economic, and public health or safety consequences. Securing
the nation's cyber and physical infrastructure is a shared
responsibility that requires a trusted partner relationship network and
well-established communications mechanisms to rapidly synchronize
activities to respond to, recover from, and mitigate real world threats
and incidents.
SED leads CISA's national and international voluntary partnerships
and engagements with critical infrastructure stakeholders while serving
as the agency's hub for the shared stakeholder information that unifies
CISA's approach to whole-of-nation operational collaboration and
information sharing. CISA's voluntary partnership model relies on
constant feedback and collaboration with critical infrastructure
partners. One mechanism to seek this input is through the various
convening activities, including Councils, Boards, and Committees, that
CISA manages through SED's Council Management subdivision. These
convening mechanisms provide structure and an iterative process for
bringing government, industry, and academic partners together to drive
whole-of-nation operational collaboration. Other products and services
offered to partners include analysis, reports, guidance, trainings, and
scenario-based drills developed to help the entire community do their
part to raise the security baseline of critical infrastructure's
assets, systems, and networks.
This SED Convenings Evaluation will assess the extent to which
CISA's convening activities, products, and services (1) provide timely,
accurate, and useful information about security and risk resilience,
including opportunities for meaningful information exchange between
CISA and sector stakeholders; and (2) are accessed and used by
stakeholders to enhance their abilities to respond to critical threats
and improve strategic decision-making and risk reduction. This study
also aims to increase understanding of the best practices for getting
stakeholders engaged and building trusted relationships.
This is a new information collection. Information will be collected
by CISA PA&E's evaluation services contractor, the Guidehouse team. The
potential respondent universe for this evaluation includes individual
representatives (approximately 1,000 cyber and physical security,
emergency, and business continuity managers) of approximately 300
member organizations from three critical infrastructure sectors
[Critical Manufacturing, Commercial Facilities, and Nuclear Reactors,
Materials, and Waste (herein referred to as ``Nuclear'')]. Those who
have served as a representative for less than 3 months will be
excluded.
The burden for respondents will be minimized by restricting the
survey and interview length, by conducting interviews at times
convenient for respondents, and by not requiring record-keeping or
written responses on the part of the respondents. Some member
organizations may be small businesses. The evaluation team will only
request information required for the purposes of the evaluation.
Surveys. The survey will be created and sent using Qualtrics, a
professional-grade survey software, in order to minimize burden. Using
the email addresses of the representatives provided by the SED sector
chiefs, the study team will send a link that participants can use to
access and complete the survey using a tablet, smartphone, or laptop.
Electronic submission will ensure the maximum response rate while also
permitting respondents to complete the survey at a time of their own
choosing.
[[Page 72415]]
The survey will ask questions about the representatives' member
organization (size and type); their satisfaction with CISA's convening
activities, products, and services; the types of organizational changes
made as a result of CISA's convening activities, products, and
services; representatives' suggestions for improvement of CISA's
convening activities, products, and services; and perceived quality of
relationships and engagements with CISA. The survey is designed so that
each sector has a customized link with specific questions for that
sector to account for some minor differences in the convenings,
products, and services that each sector provides. This will help ensure
that the members of each sector are asked questions that are most
relevant to them.
Interviews. The study team will also conduct a series of virtual
interviews with up to 75 participants who complete the online survey
and agree to participate in the interview. The study team plans to
conduct the in-depth interviews by telephone or via a web-based
conference call platform, such as Microsoft Teams. This format should
be less burdensome to study participants than in-person interviews
since they do not have to host study team members.
The interviews will ask more in-depth information about
representatives' reasons for satisfaction or dissatisfaction with
CISA's convening activities, products, and services; types of
organizational changes made as a result of CISA's convening activities,
products, and services; and the quality of relationships with CISA.
Without collecting this information, CISA will not meet the
requirements of the Evidence Act to conduct program evaluations--
particularly, this SED evaluation, which was included in the Department
of Homeland Security FY 2023 Annual Evaluation Plan as a
``significant'' evaluation. In addition, without collecting this
information, SED, other CISA stakeholder engagement programs, and CISA-
at-large will not be able to understand whether and how CISA's
convening activities, products, and services provide value and utility
for stakeholders to enhance their decision-making and risk reduction.
Thus, we will not have the information needed to learn how to improve
the planning, execution, and delivery of the convenings, products, and
services so that they are more meaningful, relevant, timely, and
actionable for stakeholders. Without collecting this information, we
will also not be able to assess how to best engage and build trusted
relationships with stakeholders, which is needed to identify areas for
improvement in how CISA collaborates and interacts with stakeholders to
support information exchange within and across sectors.
The Office of Management and Budget is particularly interested in
comments which:
1. Evaluate whether the proposed collection of information is
necessary for the proper performance of the functions of the agency,
including whether the information will have practical utility;
2. Evaluate the accuracy of the agency's estimate of the burden of
the proposed collection of information, including the validity of the
methodology and assumptions used;
3. Enhance the quality, utility, and clarity of the information to
be collected; and
4. Minimize the burden of the collection of information on those
who are to respond, including through the use of appropriate automated,
electronic, mechanical, or other technological collection techniques or
other forms of information technology, e.g., permitting electronic
submissions of responses.
Analysis
Agency: Cybersecurity and Infrastructure Security Agency (CISA),
Department of Homeland Security (DHS).
Title: Program Analysis and Evaluation (PA&E) Office, Stakeholder
Engagement Division (SED) Convenings Evaluation.
OMB Number: 1670-NEW.
Frequency: Once.
Affected Public: General and operations managers of public and
private sectors (e.g., cyber and physical security, emergency, and
business continuity managers).
Number of Respondents: 1,000.
Estimated Time per Respondent: 0.17 hrs for 925 respondents (survey
only); 1.17 hrs for 75 respondents (survey and interview).
Total Burden Hours: 242.
Annualized Respondent Cost: $21,858.07.
Total Annualized Respondent Out-of-Pocket Cost: $0.
Total Annualized Government Cost: $327,510.00.
Robert J. Costello,
Chief Information Officer, Department of Homeland Security,
Cybersecurity and Infrastructure Security Agency.
[FR Doc. 2024-19974 Filed 9-4-24; 8:45 am]
BILLING CODE 9111-LF-P