[Federal Register Volume 89, Number 172 (Thursday, September 5, 2024)]
[Notices]
[Pages 72414-72415]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2024-19974]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF HOMELAND SECURITY

[Docket No. CISA-2024-0022]


Agency Information Collection Activities: Program Analysis and 
Evaluation (PA&E) Office, Stakeholder Engagement Division (SED) 
Convenings Evaluation

AGENCY: Cybersecurity and Infrastructure Security Agency (CISA), 
Department of Homeland Security (DHS).

ACTION: 60-Day notice and request for comments; New collection (request 
for a new OMB control number, 1670-NEW).

-----------------------------------------------------------------------

SUMMARY: The Office of the Chief Financial Officer (OCFO)/Program 
Analysis & Evaluation (PA&E) within Cybersecurity and Infrastructure 
Security Agency (CISA) submits the following Information Collection 
Request (ICR) to the Office of Management and Budget (OMB) for review 
and clearance.

DATES: Comments are encouraged and will be accepted until November 4, 
2024.

ADDRESSES: You may submit comments, identified by docket number Docket 
# CISA-2024-0022, by following the instructions below for submitting 
comment via the Federal eRulemaking Portal at http://www.regulations.gov.
    Instructions: All comments received must include the agency name 
and docket number Docket # CISA-2024-0022. All comments received will 
be posted without change to http://www.regulations.gov, including any 
personal information provided.
    Docket: For access to the docket to read background documents or 
comments received, go to http://www.regulations.gov.

FOR FURTHER INFORMATION CONTACT: Rebecca Buchanan, 202-765-9903, 
[email protected].

SUPPLEMENTARY INFORMATION: The Foundations for Evidence-Based 
Policymaking Act of 2018 (Pub. L. 115-435), or the Evidence Act, 
promotes the use of evidence to inform decision-making and requires 
federal agencies to undertake activities toward this end. Specifically, 
the Evidence Act requires agencies to develop Learning Agendas and 
Annual Evaluation Plans.
    The CISA's Learning Agenda questions are documented in the 
Department of Homeland Security FY 2022-2026 Learning Agenda. In 
addition, its evaluations are included in the Department's Annual 
Evaluation Plans, indicating that the Department has recognized those 
evaluations as ``significant.'' The Stakeholder Engagement Division 
(SED) Convenings Evaluation is one such significant evaluation and was 
included in the Department of Homeland Security FY 2023 Annual 
Evaluation Plan. CISA's PA&E Division and its evaluation services 
contractor, Guidehouse, are working together to conduct this study.

SED Convenings Evaluation

    Trusted, sustained, and effective partnerships between government 
and the private sector are the foundation of our collective effort to 
protect the Nation's critical infrastructure. Critical infrastructure 
are those assets, systems, and networks that provide functions 
necessary for our way of life. There are 16 critical infrastructure 
sectors that are part of a complex, interconnected ecosystem and any 
threat to these sectors could have potentially debilitating national 
security, economic, and public health or safety consequences. Securing 
the nation's cyber and physical infrastructure is a shared 
responsibility that requires a trusted partner relationship network and 
well-established communications mechanisms to rapidly synchronize 
activities to respond to, recover from, and mitigate real world threats 
and incidents.
    SED leads CISA's national and international voluntary partnerships 
and engagements with critical infrastructure stakeholders while serving 
as the agency's hub for the shared stakeholder information that unifies 
CISA's approach to whole-of-nation operational collaboration and 
information sharing. CISA's voluntary partnership model relies on 
constant feedback and collaboration with critical infrastructure 
partners. One mechanism to seek this input is through the various 
convening activities, including Councils, Boards, and Committees, that 
CISA manages through SED's Council Management subdivision. These 
convening mechanisms provide structure and an iterative process for 
bringing government, industry, and academic partners together to drive 
whole-of-nation operational collaboration. Other products and services 
offered to partners include analysis, reports, guidance, trainings, and 
scenario-based drills developed to help the entire community do their 
part to raise the security baseline of critical infrastructure's 
assets, systems, and networks.
    This SED Convenings Evaluation will assess the extent to which 
CISA's convening activities, products, and services (1) provide timely, 
accurate, and useful information about security and risk resilience, 
including opportunities for meaningful information exchange between 
CISA and sector stakeholders; and (2) are accessed and used by 
stakeholders to enhance their abilities to respond to critical threats 
and improve strategic decision-making and risk reduction. This study 
also aims to increase understanding of the best practices for getting 
stakeholders engaged and building trusted relationships.
    This is a new information collection. Information will be collected 
by CISA PA&E's evaluation services contractor, the Guidehouse team. The 
potential respondent universe for this evaluation includes individual 
representatives (approximately 1,000 cyber and physical security, 
emergency, and business continuity managers) of approximately 300 
member organizations from three critical infrastructure sectors 
[Critical Manufacturing, Commercial Facilities, and Nuclear Reactors, 
Materials, and Waste (herein referred to as ``Nuclear'')]. Those who 
have served as a representative for less than 3 months will be 
excluded.
    The burden for respondents will be minimized by restricting the 
survey and interview length, by conducting interviews at times 
convenient for respondents, and by not requiring record-keeping or 
written responses on the part of the respondents. Some member 
organizations may be small businesses. The evaluation team will only 
request information required for the purposes of the evaluation.
    Surveys. The survey will be created and sent using Qualtrics, a 
professional-grade survey software, in order to minimize burden. Using 
the email addresses of the representatives provided by the SED sector 
chiefs, the study team will send a link that participants can use to 
access and complete the survey using a tablet, smartphone, or laptop. 
Electronic submission will ensure the maximum response rate while also 
permitting respondents to complete the survey at a time of their own 
choosing.

[[Page 72415]]

    The survey will ask questions about the representatives' member 
organization (size and type); their satisfaction with CISA's convening 
activities, products, and services; the types of organizational changes 
made as a result of CISA's convening activities, products, and 
services; representatives' suggestions for improvement of CISA's 
convening activities, products, and services; and perceived quality of 
relationships and engagements with CISA. The survey is designed so that 
each sector has a customized link with specific questions for that 
sector to account for some minor differences in the convenings, 
products, and services that each sector provides. This will help ensure 
that the members of each sector are asked questions that are most 
relevant to them.
    Interviews. The study team will also conduct a series of virtual 
interviews with up to 75 participants who complete the online survey 
and agree to participate in the interview. The study team plans to 
conduct the in-depth interviews by telephone or via a web-based 
conference call platform, such as Microsoft Teams. This format should 
be less burdensome to study participants than in-person interviews 
since they do not have to host study team members.
    The interviews will ask more in-depth information about 
representatives' reasons for satisfaction or dissatisfaction with 
CISA's convening activities, products, and services; types of 
organizational changes made as a result of CISA's convening activities, 
products, and services; and the quality of relationships with CISA.
    Without collecting this information, CISA will not meet the 
requirements of the Evidence Act to conduct program evaluations--
particularly, this SED evaluation, which was included in the Department 
of Homeland Security FY 2023 Annual Evaluation Plan as a 
``significant'' evaluation. In addition, without collecting this 
information, SED, other CISA stakeholder engagement programs, and CISA-
at-large will not be able to understand whether and how CISA's 
convening activities, products, and services provide value and utility 
for stakeholders to enhance their decision-making and risk reduction. 
Thus, we will not have the information needed to learn how to improve 
the planning, execution, and delivery of the convenings, products, and 
services so that they are more meaningful, relevant, timely, and 
actionable for stakeholders. Without collecting this information, we 
will also not be able to assess how to best engage and build trusted 
relationships with stakeholders, which is needed to identify areas for 
improvement in how CISA collaborates and interacts with stakeholders to 
support information exchange within and across sectors.
    The Office of Management and Budget is particularly interested in 
comments which:
    1. Evaluate whether the proposed collection of information is 
necessary for the proper performance of the functions of the agency, 
including whether the information will have practical utility;
    2. Evaluate the accuracy of the agency's estimate of the burden of 
the proposed collection of information, including the validity of the 
methodology and assumptions used;
    3. Enhance the quality, utility, and clarity of the information to 
be collected; and
    4. Minimize the burden of the collection of information on those 
who are to respond, including through the use of appropriate automated, 
electronic, mechanical, or other technological collection techniques or 
other forms of information technology, e.g., permitting electronic 
submissions of responses.

Analysis

    Agency: Cybersecurity and Infrastructure Security Agency (CISA), 
Department of Homeland Security (DHS).
    Title: Program Analysis and Evaluation (PA&E) Office, Stakeholder 
Engagement Division (SED) Convenings Evaluation.
    OMB Number: 1670-NEW.
    Frequency: Once.
    Affected Public: General and operations managers of public and 
private sectors (e.g., cyber and physical security, emergency, and 
business continuity managers).
    Number of Respondents: 1,000.
    Estimated Time per Respondent: 0.17 hrs for 925 respondents (survey 
only); 1.17 hrs for 75 respondents (survey and interview).
    Total Burden Hours: 242.
    Annualized Respondent Cost: $21,858.07.
    Total Annualized Respondent Out-of-Pocket Cost: $0.
    Total Annualized Government Cost: $327,510.00.

Robert J. Costello,
Chief Information Officer, Department of Homeland Security, 
Cybersecurity and Infrastructure Security Agency.
[FR Doc. 2024-19974 Filed 9-4-24; 8:45 am]
BILLING CODE 9111-LF-P