Bureau of Economic Analysis, Department of Commerce.
Notice; request for comments.
The Department of Commerce (DOC) is announcing a revision to the confidentiality pledge it provides to its survey respondents under the International Investment and Trade in Services Survey Act. This revision is required by the enactment and implementation of provisions of the Cybersecurity Enhancement Act of 2015, which permit and require the Secretary of Homeland Security to provide Federal civilian agencies' information technology systems with cybersecurity protection for their Internet traffic, with the result of enhancing the protection of confidential data. DOC also invites the general public and other Federal agencies to comment on this revision to the confidentiality pledge.
Effective Date: February 13, 2017.
Comment Date: Written comments must be submitted on or before April 14, 2017.
You may submit comments to:
Start Further Info
Mail: Jennifer Jessup, Departmental Paperwork Clearance Officer, Department of Commerce, Room 6616, 14th and Constitution Avenue NW., Washington, DC 20230.
FOR FURTHER INFORMATION CONTACT:
Patricia Abaroa, Chief, Direct Investment Division (BE-50), Bureau of Economic Analysis, Department of Commerce, 4600 Silver Hill Road. Washington, DC 20233; phone: (301) 278-9591 or via email at firstname.lastname@example.org.
End Further Info
Start Supplemental Information
Federal statistics provide key information that the Nation uses to measure its performance and make informed choices about budgets, employment, health, investments, taxes, and a host of other significant topics. Many of the most valuable Federal statistics, including those of the Bureau of Economic Analysis (BEA), come from surveys that ask for highly sensitive information such as proprietary business data. Strong and trusted Start Printed Page 10456confidentiality and exclusively statistical use pledges are effective and necessary in honoring the trust that businesses, individuals, and institutions, by their responses, place in the BEA.
Under the International Investment and Trade in Services Survey Act (22 U.S.C. 3101-3108, as amended), BEA makes statutory pledges that the information respondents provide will be seen only by statistical agency personnel or their sworn agents, and will be used only for statistical purposes. This statute protects the confidentiality of information that BEA collects solely for statistical purposes and under a pledge of confidentiality; this information is protected from administrative, law enforcement, taxation, regulatory, or any other non-statistical use. Moreover, this statute carries criminal penalties for conviction of a knowing and willful unauthorized disclosure of covered information.
As part of the Consolidated Appropriations Act for Fiscal Year 2016, signed on December 18, 2015, the Congress included the Federal Cybersecurity Enhancement Act of 2015 (Pub. L. 114-113, Division N, Title II, Subtitle B, Sec. 223). This Act requires the Secretary of Homeland Security to provide Federal civilian agencies' information technology systems with cybersecurity protection for their Internet traffic. The technology currently used to provide this protection is known as Einstein 3A; it electronically searches Internet traffic in and out of Federal civilian agencies in real time for cyber threat indicators.
When such a signature is found, the Internet packets that contain the malware signature are segregated for further inspection by Department of Homeland Security (DHS) personnel. Because it is possible that such packets entering or leaving BEA's information system may contain a small portion of confidential statistical data, it can no longer promise its respondents that their responses will be seen only by BEA personnel or its sworn agents. However, BEA can promise, in accordance with provisions of the Federal Cybersecurity Enhancement Act of 2015, that such information can be used only to protect information and information systems from cybersecurity risks.
Consequently, with enactment and implementation of the Federal Cybersecurity Enhancement Act of 2015 has provided the Federal statistical community with an opportunity to obtain the further protection of its confidential data that is offered by DHS' Einstein 3A cybersecurity protection program. The DHS cybersecurity program's objective is to provide a common baseline of security across the federal civilian executive branch and to help agencies manage their cyber risk. The Federal statistical system's objective is to ensure that the DHS Secretary performs those essential duties in a manner that honors the Government's statutory promises to the public to protect their confidential data. Given that DHS is not a Federal statistical agency, both DHS and the Federal statistical system have been successfully working to find a way to balance both objectives.
Accordingly, DHS and DOC have developed a Memorandum of Agreement for the deployment of Einstein 3A cybersecurity protection technology to monitor DOC's Internet traffic and have incorporated an associated Addendum on Highly Sensitive Agency Information that provides additional protection and enhanced security handling of confidential statistical data provided to BEA.
Since it is possible that DHS personnel could see some portion of those confidential data in the course of examining the suspicious Internet packets identified by Einstein 3A sensors, statistical agencies need to revise their confidentiality pledges to reflect this process change. Therefore, DOC is providing this notice to alert the public to the confidentiality pledge revision for BEA surveys. Below is a listing of the current information collection numbers and titles for those BEA surveys with confidentiality pledges that will change to reflect the implementation of DHS' Einstein 3A monitoring for cybersecurity protection purposes in accordance with the requirements of the Federal Cybersecurity Enhancement Act of 2015. The BEA statistical confidentiality pledge for these surveys will be modified to include the following sentence: “ Per the Cybersecurity Enhancement Act of 2015, your data are protected from cybersecurity risks through security monitoring of the BEA information systems. ”
- 0608-0004: BE-577 Quarterly Survey of U.S. Direct Investment Abroad
- 0608-0009: BE-605 Quarterly Survey of Foreign Direct Investment in the United States
- 0608-0011: BE-30 Quarterly Survey of Ocean Freight Revenues and Foreign Expenses of U.S. Carriers
- 0608-0011: BE-37 Quarterly Survey of U.S. Airline Operators' Foreign Revenues and Expenses
- 0608-0012: BE-29 Foreign Ocean Carriers' Expenses in the United States
- 0608-0034: BE-15 Annual Survey of Foreign Direct Investment in the United States
- 0608-0035: BE-13 Survey of New Foreign Direct Investment in the United States
- 0608-0042: BE-12 Benchmark Survey of Foreign Direct Investment in the United States
- 0608-0049: BE-10 Benchmark Survey of U.S. Direct Investment Abroad
- 0608-0053: BE-11 Annual Survey of U.S. Direct Investment Abroad
- 0608-0058: BE-120 Benchmark Survey of Transactions in Selected Services and Intellectual Property with Foreign Persons
- 0608-0068: BE-9 Quarterly Survey of Foreign Airline Operators' Revenues and Expenses in the United States
- 0608-0062: BE-180 Benchmark Survey of Financial Services Transactions Between U.S. Financial Services Providers and Foreign Persons
- 0608-0065: BE-185 Quarterly Survey of Financial Services Transactions Between U.S. Financial Services Providers and Foreign Persons
- 0608-0066: BE-45 Quarterly Survey of Insurance Transactions by U.S. Insurance Companies with Foreign Persons
- 0608-0067: BE-125 Quarterly Survey of Transactions in Selected Services and Intellectual Property with Foreign Persons
- 0608-0072: BE-150 Quarterly Survey of Payment Card and Bank Card Transactions Related to International Travel
- 0608-0073: BE-140 Benchmark Survey of Insurance Transactions by U.S. Insurance Companies with Foreign Persons
DOC invites the general public and other Federal agencies to provide comments on the revision to the confidentiality pledge as described above. Comments submitted in response to this notice will be summarized and/or included in the request for OMB approval of this information collection; they also will become a matter of public record.
End Supplemental Information
PRA Departmental Lead, Office of the Chief Information Officer.
[FR Doc. 2017-02821 Filed 2-10-17; 8:45 am]
BILLING CODE 3510-06-P