Today the DHS S&T Directorate published another sloppy information collection request (ICR) notice in the Federal Register (78 FR 66949). This ICR renewal supports the relatively new (2011) CyberFETCH Program. CyberFETCH is a collaborative environment for cyber-forensics practitioners from law enforcement, private sector and academia.
Once again the S&T notice includes a wrong Docket #. The Docket # provided (DHS-2013-0021) is for a Customs and Border Patrol program (019 Air and Marine Operations Surveillance System (AMOSS) System of Records). The correct Docket # is DHS–2013–0047. The notice does not include the OMB Control # for the currently approved ICR (1640-0017), nor does it include a reference to the Federal Register page number for the 60-day ICR notice.
Oh, and this ICR renewal was already sent to OMB on September 30th. That submission says that the 30-day notice was published in the Federal Register on the same day as the 60-day notice.
Now none of these errors go to the substance of the ICR or the CyberFETCH program, but they do indicate a high degree of bureaucratic ineptitude. Some will argue that that is not necessarily a bad thing in a technology organization, but it certainly reflects poorly on the management skills in the Directorate.
The Collection Burden
This notice and the earlier 60-day notice report no changes in the burden estimates for the program. This seems a little bit odd since the currently approved ICR was prepared before the site was established and was a reasonable attempt to estimate the level of participation. Additionally, since this ICR is for the Registration Form, I would think that the rate of new registrations would start to fall off unless there was a new push to get people to participate.
In any case S&T estimates that there will be 1000 new registrants to the program every year for the next three years. It will take 15 minutes to fill out the registration form (it isn’t that complicated) for an estimated annual burden of 250 hours. This is certainly not an unreasonable burden for the potential information sharing and expansion that this program may engender.
The CyberFETCH Potential
I generally think that having a semi-secure environment were cybersecurity professionals can share information on cyber-forensics is certainly a good idea. Since the CyberFETCH activities go on behind semi-closed doors and I am not a member (since I am certainly not a cyber forensics practitioner) I am not able to report on how well this site is serving its intended purpose. I do hope that it includes some active discussions and information sharing on control system forensics as this is an area that needs whatever help it can get.