Wednesday, October 26, 2022

Review - OMB Approves TSA Surface Cybersecurity ICR – 10-26-22

Yesterday, the OMB’s Office of Information and Regulatory Affairs (OIRA) announced that it had approved an extension without change for an information collection request in support of the TSA’s “Cybersecurity Measures for Surface Modes” program. This is the required six-month update for the emergency approval of a new ICR for this program. There is no change from the original burden estimate, but the TSA provides additional details about the information being collected, the collection process, and the basis for the burden estimate.

Interestingly, the TSA does not include the cybersecurity-incident reporting mandated by the Security Directive in this ICR. Instead, since they are using the CISA cybersecurity-incident reporting mechanism, they would have that reporting included in the CISA ICR (1670-0037) which was last updated in October of last year. They do estimate (pg 12) that the burden for that reporting requirement will be 96,163 hours in the first year and 50 hours in each subsequent year. It will be interesting to see if CISA modifies their burden estimate to include this new requirement when they next update that ICR.

For more details about the information that TSA provided to OIRA to support this ICR update, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/omb-approves-tsa-surface-cybersecurity - subscription required.


No comments:

 
/* Use this with templates/template-twocol.html */