Friday, August 16, 2013

TSA ICR Renewal 60-Day Notice – Pipeline Operator Security Information

Today the Transportation Security Administration published a 60-day information collection request (ICR) renewal notice in the Federal Register (78 FR 50077-50078) supporting the information reporting guidelines outlined in the Pipeline Security Guidelines. The information collections supported here are all voluntary in nature.

There are two specific types of information requests covered in this ICR renewal; security manager contact information and incident reporting information. TSA is requesting the contact information so that they might be able to contact the security manager in a timely manner if they develop security information that might be of interest to the pipeline owner/operator. The ICR notice does not explain why TSA wants to be notified of pipeline security incidents, but it is presumably so that they  may share incident information with other owner/operators as necessary to prevent attacks on other pipelines.

Incident Reporting

The types of incident information that TSA suggest should be reported to the Transportation Security Operation Center (TSOC; 866-615-5150 or TSOC.ST@dhs.govincludes:

• Explosions or fires of a suspicious nature affecting pipeline systems, facilities, or assets;
• Actual or suspected attacks on pipeline systems, facilities, or assets;
• Bomb threats or weapons of mass destruction (WMD) threats to pipeline systems, facilities, or assets;
• Theft of pipeline company vehicles, uniforms, or employee credentials;
• Suspicious persons or vehicles around pipeline systems, facilities, assets, or right-of-way;
• Suspicious photography or possible surveillance of pipeline systems, facilities, or assets;
• Suspicious phone calls from people asking about the vulnerabilities or security practices of a pipeline system, facility, or asset operation;
• Suspicious individuals applying for security-sensitive positions in the pipeline company;
• Theft or loss of Sensitive Security Information (SSI) (detailed pipeline maps, security plans, etc.); andShow citation box
• Actual or suspected cyber-attacks that could impact pipeline Supervisory Control and Data Acquisition (SCADA) or enterprise associated IT systems.

Burden Estimate

The table below shows the burden estimate for this renewal notice and the previously approved ICR.

This Notice
Burden Hours
Burden Cost

The changes in burden reporting reflects a change in the number of estimated incidents, 140 incidents were estimated in the earlier ICR Notice  but only 40 incidents in this notice. I would assume that the change is based on the actual number of incidents reported to date to TSA, but that is not specifically stated in this notice.

Public Comments

The TSA is soliciting public comments on this ICR renewal. They request that such comments be sent to the TSA PRA Officer ( There is no explanation given as to why TSA is not using the Federal eRulemaking Portal for taking these comment submissions. It will certainly make it more difficult to determine if the TSA has responded to any such comments when they submit the 30-day notice sometime in the indeterminate future.

No comments:

/* Use this with templates/template-twocol.html */