FR 2021-03104

The document from the Federal Register discusses a proposal by the Cybersecurity and Infrastructure Security Agency (CISA), a division of the Department of Homeland Security (DHS). CISA seeks public input regarding the continuation of its Visitor Request Form, an information collection initiative initially established to screen individuals visiting CISA facilities. This proposition includes updating the burden estimates associated with the form and extending the information collection period for another three years. The deadline for public comments is set for April 19, 2021.

General Summary

The primary goal of the Visitor Request Form is to gather data on potential visitors to CISA facilities to conduct risk assessments for security purposes. The collected information intends to support CISA's mission of maintaining robust security measures for critical infrastructure and ensuring that visitor access is tightly managed. The agency encourages public feedback on various aspects of this initiative, such as its necessity, practicality, and the potential to reduce the respondent's burden.

Significant Issues and Concerns

A few concerns arise from the document. Firstly, there's a noted lack of clarity on how personal or proprietary information submitted through the Visitor Request Form will be kept confidential and protected against unauthorized public disclosure. The lack of specific details might lead to unease among potential respondents about the safety of their information.

Another area of concern involves the "Total Government Cost" section, which lacks transparency. Without detailed explanations of how these costs are allocated, the public may worry about potential inefficiencies or wasteful spending within the program.

Additionally, the document does not mention any security protocols or measures in place to protect the data collected through electronic means. Given the nature of cybersecurity work, this omission may raise alarms about data security and privacy of the submissions.

Furthermore, the public comment process outlined permits potentially confidential information to be included and published online inadvertently. There's a need for clearer guidelines to help respondents protect sensitive information.

Finally, although the agency's goal is to minimize the burden on respondents, there is an absence of detailed strategies or innovative approaches planned to achieve this beyond allowing electronic submissions.

Impact on the Public

More broadly, this document could impact the general public by influencing how federal agencies collect and handle sensitive visitor data, which directly or indirectly affects all who interact with CISA facilities. By seeking comments, the agency demonstrates a commitment to transparency and public participation, yet the concerns about data protection and budget clarity could inadvertently dampen public trust.

Impact on Specific Stakeholders

For government employees and frequent visitors to CISA facilities, the proposal's outcome will directly affect how their information is submitted, handled, and protected. The private sector may also feel the impact, especially businesses involved with infrastructure collaboration, as this form plays a part in inter-agency visits and coordination.

For civil liberties groups and privacy advocates, this proposal presents a dual challenge: ensuring visitor information is effectively used for security without compromising individuals' privacy and ensuring public disclosure processes do not inadvertently compromise confidentiality.

Overall, the document presents a necessary programmatic update but highlights areas where DHS and CISA could improve in addressing data security and transparency concerns, as well as engaging the public constructively on privacy matters.

The document outlines a proposed extension of an information collection initiative managed by the Cybersecurity and Infrastructure Security Agency (CISA), part of the Department of Homeland Security (DHS). A key component of this proposal involves the mention of various costs related to this data collection process.

Summary of Financial References

The document includes several specific financial figures associated with the information collection process. These are:

• Total Respondent Opportunity Cost: This figure is listed as $125,144. This cost likely represents the value of time respondents will spend completing the visitor request forms. Calculating a per-respondent cost, based on 20,000 respondents each taking approximately 10 minutes, can provide insight into how this total was derived.

• Total Respondent Out-of-Pocket Cost: Here, the document states this value as $0, indicating that no direct financial expenditure is required from the respondents apart from the opportunity cost mentioned above. This implies that respondents will not incur expenses such as fees during this process.

• Total Government Cost: This is reported as $250,473. This figure reflects the cost the federal government will incur to administer this information collection activity for the specified period. However, the document stops short of detailing how this sum is derived or specific areas where they will allocate these funds.

Relation to Identified Issues

The financial references tie into several identified issues in the document, predominantly concerning clarity and allocation of costs:

1. Lack of Detailed Cost Allocation: The document notes a lack of specificity regarding the breakdown of the Total Government Cost of $250,473. Given that this sum represents public expenditure, more detailed information on what this cost covers would benefit public understanding. It could help address potential concerns about misallocation or inefficiency in government spending.

2. Cost-Efficiency Considerations: An issue raised concerns whether proper methods, especially technological solutions, are employed to minimize respondent burden. While electronic submissions are mentioned, the document does not provide specific details or strategies on how the agency achieves cost savings with technology, which could be vital in justifying the expenditure and respondent opportunity cost.

3. Confidentiality and Security Concerns: In terms of the $0 Total Respondent Out-of-Pocket Cost, while this might indicate no direct charges for respondents, potential indirect costs could emerge if there are issues with data security or confidentiality protection. The absence of detailed protocols might inadvertently lead to cost implications related to data breaches or privacy concerns.

In summary, while the document explicitly states certain costs involved in this information collection process, the lack of detailed breakdowns and assurance of efficient resource use invites further scrutiny, particularly regarding how funds are managed and how they align with best practices for data collection and security. Improved transparency in these areas would ensure that both public funds and respondent time are utilized effectively and responsibly.