This PDF is the current document as it appeared on Public Inspection on 04/30/2014 at 08:45 am.
Transportation Security Administration, DHS.
The Transportation Security Administration (TSA) invites public comment on one currently approved Information Collection Request (ICR), Office of Management and Budget (OMB) control number 1652-0057, abstracted below that we will submit to the Office of Management and Budget (OMB) for renewal in compliance with the Paperwork Reduction Act (PRA). The ICR describes the nature of the information collection and its expected burden for the TSA Exercise Information System (EXIS). EXIS is a web portal designed to serve stakeholders in the transportation industry in regard to security training exercises. EXIS provides stakeholders with transportation security exercise scenarios and objectives, best practices and lessons learned, and a repository of the user's own historical exercise data for use in future exercises. It also allows stakeholders to design their own security exercises based on the unique needs of their specific transportation mode or method of operation. Utilizing and inputting information into EXIS is completely voluntary.
Send your comments by June 30, 2014.
Comments may be emailed to TSAPRA@dhs.gov or delivered to the TSA PRA Officer, Office of Information Technology (OIT), TSA-11, Transportation Security Administration, 601 South 12th Street, Arlington, VA 20598-6011.Start Further Info
FOR FURTHER INFORMATION CONTACT:
Christina Walsh at the above address, or by telephone 571-227-2062.End Further Info End Preamble Start Supplemental Information
In accordance with the Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et seq.), an agency may not conduct or sponsor, and a person is not required to respond to, a collection of information unless it displays a valid OMB control number. The ICR documentation is available at www.reginfo.gov. Therefore, in preparation for OMB review and approval of the following information collection, TSA is soliciting comments to—
(1) Evaluate whether the proposed information requirement is necessary for the proper performance of the functions of the agency, including whether the information will have practical utility;
(2) Evaluate the accuracy of the agency's estimate of the burden;
(3) Enhance the quality, utility, and clarity of the information to be collected; and
(4) Minimize the burden of the collection of information on those who are to respond, including using appropriate automated, electronic, mechanical, or other technological collection techniques or other forms of information technology.
Information Collection Requirement
Purpose of Data Collection
The Exercise Information System (EXIS) is an Internet-accessible knowledge-management system developed by TSA to serve its relevant stakeholders (such as members of the transportation industry, port authorities, Federal agencies, and state and local governments). EXIS integrates security-related training and exercise components constituting Sensitive Security Information. It gives Start Printed Page 24743stakeholders valuable security exercise scenarios and objectives, best practices and lessons learned, and a repository of the users' own historical exercise data for use in future exercises. Transportation industry stakeholders can choose scenarios and objectives based on their vulnerabilities, mode of transportation, and the size of their operation.
As a knowledge management system, EXIS provides end-to-end security exercise support from the initial planning meeting through exercise design, implementation, evaluation, and reporting. Working in a secure online environment, with a username and password, EXIS users can easily:
- Customize exercise design: Develop objectives, scenarios, contingency injects, evaluation metrics, and other data sets.
- Conduct robust analyses: Sort evaluation data by exercise objectives, transportation modes, scenario types, or functional areas.
- Create analytical reports: Identify and sort lessons learned, corrective actions, and best practices from past exercises or from those of other jurisdictions.
- Collaborate and share information: Build relationships with partners.
EXIS was developed by TSA as part of its broad responsibilities and authorities under the Aviation and Transportation Security Act (ATSA), and delegated authority from the Secretary of Homeland Security, for “security in all modes of transportation . . . including security responsibilities . . . over modes of transportation that are exercised by the Department of Transportation.”  EXIS is a component of TSA's Intermodal Security Training Exercise Program (I-STEP), which works with surface transportation stakeholders in developing and conducting security exercises. I-STEP also fulfills requirements of the Implementing Recommendations of the 9/11 Commission Act of 2007 (9/11 Act)  regarding the establishment of security training exercises for surface modes of transportation that can assess and improve the capabilities of these modes in preventing, preparing for, mitigating against, responding to, and recovering from acts of terrorism.
EXIS helps users design an exercise through the use of a “wizard” (an interface that leads the user through a series of steps to help them work through an otherwise potentially complex process). The EXIS wizard walks the user through a step-by-step process allowing them to build a profile for their exercise. EXIS provides users with suggested scenarios based on the area of focus and objectives selected by the user. Users also have the ability to create custom injects or modify a Generic EXIS Community Scenario. Exercise Administrators, who are TSA employees within the Program Office, may suggest modified scenarios and custom injects for use in exercise design.
Once the user has worked through all the steps guided by the wizard, EXIS generates a collaborative workspace for exercise team members to work within. All exercise elements can be customized and saved. Lessons learned, best management practices, and corrective actions are pre-populated into the workspace based on the scenario and objectives of the exercise determined during its creation. EXIS is adaptable to changing exercise, tracking, and reporting needs as they mature and can support the addition of future exercise elements.
By linking “exercise communities,” users can also tackle cross-jurisdictional issues, such as interoperability. Users are able to focus on the underlying issues of transportation security and preparedness, and avoid repeating costly mistakes. Finally, users can also provide feedback on the usefulness of EXIS itself so that TSA may improve this system to better suit the stakeholders' future security needs.
TSA intends EXIS to be used primarily by individuals with security responsibilities, such as heads of security, for public and private owner/operators in the surface transportation community, including mass transit systems, freight/rail operators, highway/trucking companies, school bus operators, and pipeline systems. These individuals, and other stakeholders, can voluntarily contact TSA to request access to EXIS; TSA does not require participation in EXIS. Those seeking access or desiring more information about I-STEP products and services can contact a TSA modal representative or send their request by email to ISTEP@dhs.gov.
Description of Data Collection
TSA will collect five types of information through EXIS. The collection is voluntary. EXIS users are not required to provide all information requested—however, if users choose to withhold information, they will not receive the benefits of EXIS associated with that information collection.
1. User registration information. Because EXIS includes SSI information, TSA must collect information upon registration to ensure only those members of the transportation community with a relevant interest in conducting security training exercises and with an appropriate level of need to access security training information are provided access to EXIS. Such registration information will include the user's name, professional contact information, agency/company, job title, employer, and employment verification contact information.
2. Desired nature and scope of the exercise. TSA will collect this information to generate an EXIS training exercise appropriate for the particular user. Users are asked to submit their desired transportation mode, exercise properties, objectives, scenario events, and participating agencies.
3. Corrective actions/lessons learned/best practices. TSA collects this information to document and share the users' ideas and methods for improving transportation security with other transportation stakeholders. The user has the option to suggest that their lesson(s) learned, best practice(s), or corrective action(s) be published to the wider EXIS user base. The I-STEP team sends the item to Subject Matter Experts within TSA for vetting and validation. Once the information is validated, any company or user identifying information is removed and the content is published to the site for all users to access.
4. Evaluation feedback. TSA collects this information for the purpose of evaluating the usefulness of EXIS in facilitating security training exercises for the users. TSA can then modify EXIS to better suit its users' needs.
5. After-Action Reports. The EXIS automatically summarizes information from items (2) and (3) mentioned above in order to create formal After-Action Reports (AAR) for users. These AARs include an exercise overview, goals and objectives, scenario event synopsis, analysis of critical issues, exercise design characteristics, conclusions, and the executive summary. The AAR is the output of the exercise process. Stakeholders use the report to identify areas in which they can assign resources to mitigate risk and enhance the security posture within their organization.
Use of Results
TSA will use this information to assess and improve the capabilities of Start Printed Page 24744all surface transportation modes to prevent, prepare for, mitigate against, respond to, and recover from transportation security incidents. A failure to collect this information will limit TSA's ability to effectively test security countermeasures, security plans, and the ability of a modal operator to respond to and quickly recover after a transportation security incident. Insufficient awareness, prevention, response, and recovery to a transportation security incident will result in increased vulnerability of the U.S. transportation network and a reduced ability of DHS to assess system readiness.
Based on industry population estimates and growth rates, and interest generated amongst the surface transportation modes during the first three years following EXIS' release to the public, TSA estimates that there will be approximately 12,998 users for the next three years (4,034 users in Year 1, 4,278 users in Year 2, and 4,686 users in Year 3.) This was calculated by first estimating the future EXIS population using the current number of users (364) and its rate of growth per year (67 percent), in addition to the number of annual users added through outreach events (3,670). To determine the exercise response rate, the average number of exercises conducted annually was calculated based on the number of exercises built per user (roughly one in three users conducted an exercise). TSA calculated that 35 percent of users conduct one exercise per year. Thus, the estimated average number of exercises conducted per year totals 1,517 (12,998 users *.35)/3 years)). TSA estimates users will spend approximately 4 hours per EXIS exercise inputting the information. Finally, the average number of annual exercises conducted was multiplied by four hours (the amount of time users spent building each exercise) to determine the average annual hourly burden. Given this information, the total annual hourly burden for EXIS's collection of information is 6,068 hours (1,517 users * 4 hours). There are no fees to use EXIS. The total annual cost burden to respondents is $0.00.Start Signature
Dated: April 25, 2014.
TSA Paperwork Reduction Act Officer, Office of Information Technology.
5. 9/11 Act secs. 1407 (codified at 6 U.S.C. 1136(a)), 1516 (codified at 6 U.S.C. 1166), and 1533 (codified at 6 U.S.C. 1183). See also the Security and Accountability For Every Port Act of 2006 (SAFE Port Act), Public Law 109-347 (120 Stat. 1884, Oct. 13, 2006) (codified at 6 U.S.C. 911 (a)).Back to Citation
[FR Doc. 2014-09992 Filed 4-30-14; 8:45 am]
BILLING CODE 9110-05-P