Updates to Protected Critical Infrastructure Information Program, 29799-29800 [2016-11338]

Agencies

• DEPARTMENT OF HOMELAND SECURITY
• Office of the Secretary

[Federal Register Volume 81, Number 93 (Friday, May 13, 2016)]
[Proposed Rules]
[Pages 29799-29800]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2016-11338]


========================================================================
Proposed Rules
                                                Federal Register
________________________________________________________________________

This section of the FEDERAL REGISTER contains notices to the public of 
the proposed issuance of rules and regulations. The purpose of these 
notices is to give interested persons an opportunity to participate in 
the rule making prior to the adoption of the final rules.

========================================================================


Federal Register / Vol. 81, No. 93 / Friday, May 13, 2016 / Proposed 
Rules

[[Page 29799]]



DEPARTMENT OF HOMELAND SECURITY

Office of the Secretary

6 CFR Part 29

[DHS-2016-0032]
RIN 1601-AA77


Updates to Protected Critical Infrastructure Information Program

AGENCY: National Protection and Programs Directorate, DHS.

ACTION: Notice of public meeting.

-----------------------------------------------------------------------

SUMMARY: The Department of Homeland Security (DHS) invites public 
comment on the Advanced Notice of Proposed Rulemaking (ANPRM) to update 
its regulation ``Procedures for Handling Critical Infrastructure 
Information''. These comments may be used for potential revisions to 
the current regulation to strengthen and align the language to support 
the evolving needs of the critical infrastructure community and the 
cyber landscape.

DATES: A series of listening sessions will be held on:

1. May 12, 2016 10:00 a.m. to 12:30 p.m. EST and 2:00 p.m. to 4:30 p.m. 
EST
2. May 17, 2016 10:00 a.m. to 12:30 p.m. EST and 2:00 p.m. to 4:30 p.m. 
EST
3. May 19, 2016 10:00 a.m. to 12:30 p.m. EST and 2:00 p.m. to 4:30 p.m. 
EST

    Written comments must be submitted on or before Wednesday, July 20, 
2016.

ADDRESSES: The listening sessions will be held at:
     1310 North Courthouse Road, 6th Floor, Arlington, VA 
22201.
    You may submit comments, identified by docket number DHS-2016-0032. 
To avoid duplication, please use only one of the following methods:
     Federal eRulemaking Portal: https://www.regulations.gov. 
Follow the instructions for submitting comments.
     Mail: U.S. Department of Homeland Security, National 
Protection and Progra.m.s Directorate, Office of Infrastructure 
Protection, Infrastructure Information Collection Division, 245 Murray 
Lane SW., Mail Stop 0602, Washington, DC 20528-0602.
     In person: Verbal comments are acceptable in person at the 
public listening sessions.

FOR FURTHER INFORMATION CONTACT: Emily R. Hickey, Deputy Progra.m. 
Manager, by phone at (703) 235-9522 or by mail at Protected Critical 
Infrastructure Information Program, Office of Infrastructure 
Protection, Infrastructure Information Collection Division, 245 Murray 
Lane SW., Mail Stop 0602, Washington, DC 20528-0602.

SUPPLEMENTARY INFORMATION:

Abbreviations and Terms Used in This Document

ANPRM--Advance Notice of Proposed Rulemaking
CFR--Code of Federal Regulations
CII--Critical Infrastructure Information
CII Act of 2002--Critical Infrastructure Information Act of 2002
DHS--Department of Homeland Security
PCII--Protected Critical Infrastructure Information

I. Background

    DHS receives sensitive information about the nation's critical 
infrastructure through its congressionally-mandated PCII Program. The 
PCII Program provides a secure environment for the private sector, 
government analysts, and other subject matter experts to share 
information that is vital to addressing concerns across all critical 
infrastructure sectors. The Critical Infrastructure Information Act of 
2002 (Secs. 211-215, Title II, Subtitle B of the Homeland Security Act 
of 2002, Pub. L. 107-296) (CII Act of 2002) established the PCII 
Program, which assures owners and operators that the information they 
voluntarily submit is protected from public disclosure. In accordance 
with the CII Act of 2002, on September 1, 2006, DHS issued the PCII 
Program Final Rule (71 FR 52271, codified at 6 CFR part 29). This rule 
established procedures that govern the receipt, validation, handling, 
storage, marking, and use of critical infrastructure information 
voluntarily submitted to DHS. The procedures are applicable to all 
Federal, State, local, tribal, and territorial government agencies and 
contractors that have access to, handle, use, or store critical 
infrastructure information that enjoy protection under the CII Act of 
2002. After 10 years of operation, changes are needed to transition the 
managing of submissions, access, use, dissemination and safeguarding of 
PCII to state of the art technology that operates within an electronic 
environment.

II. Scope of Listening Sessions

    DHS is interested in obtaining recommendations for program 
modifications, particularly in subject matter areas that have developed 
significantly since the issuance of the initial rule; however, DHS has 
particular interest in hearing comments regarding: (1) Automated 
submissions and an expansion of categorical inclusions, (2) marking 
PCII, (3) sharing PCII with foreign governments, (4) regulatory access, 
(5) safeguarding, (6) oversight and compliance, (7) alignment with 
other information protection programs, and (8) the administration of 
PCII at the State, local, tribal, and territorial level.
    Additionally, DHS seeks comment on the economic impact of 
transitioning the PCII Program to a preferred electronic environment 
that: (1) Enhances the submission and validation process for critical 
infrastructure information, (2) uses state of the art technology for an 
automated interface for quicker access and dissemination of PCII, (3) 
modifies requirements for the express and certification statements; (4) 
expands the use of categorical inclusions; (5) requires portion marking 
of PCII; and (6) implements specific methods to capture and deliver 
metadata to the PCII Program.

III. Written Comments

A. In General

    DHS invites all interested persons, even those who are unable to 
attend the listening sessions, to submit written comments, data, or 
views on how the current PCII Program regulations, codified at 6 CFR 
part 29, ``Procedures for Handling Critical Infrastructure 
Information,'' might be improved. Comments that would be most helpful 
to DHS include the questions and answers identified in Part II of this 
document. Please explain the reason for any comments with available 
data, and include other information or authority that supports such 
comments. DHS encourages interested parties to provide specific data 
that documents the potential costs of modifying the existing

[[Page 29800]]

rule requirements pursuant to the commenter's suggestions; the 
potential quantifiable benefits including security and societal 
benefits of modifying the existing regulatory requirements; and the 
potential impacts on small entities of modifying the existing 
regulatory requirements.
    Written comments may be submitted electronically or by mail, as 
explained previously in the ADDRESSES section of this ANPRM. To avoid 
duplication, please use only one of these methods to submit written 
comments.
    Except as provided below, all comments received, as well as 
pertinent background documents, will be posted without change to https://www.regulations.gov, including any personal information provided.

B. Handling of Proprietary or Business Sensitive Information

    Interested parties are encouraged to submit comments in a manner 
that avoids discussion of trade secrets, confidential commercial or 
financial information, CII or PCII, or any other category of sensitive 
information that should not be disclosed to the general public. If it 
is not possible to avoid such discussion, however, please specifically 
identify any confidential or sensitive information contained in the 
comments with appropriate warning language (e.g., any PCII must be 
marked and handled in accordance with the requirements of 6 CFR part 29 
Sec. Sec.  29.5-29.7) and submit them by mail to the PCII Program 
Manager listed in the FOR FURTHER INFORMATION CONTACT section.
    DHS will not place any confidential or sensitive comments in the 
public docket; rather, DHS will handle them in accordance with 
applicable safeguards and restrictions on access. See, e.g., 6 CFR part 
29 Sec. Sec.  29.5-29.7. See also the DHS PCII Procedures Manual 
(``Protected Critical Infrastructure Information Program,'' April 2009, 
located on the DHS Web site at www.dhs.gov/protected-critical-infrastructure-information-pcii-program). DHS will hold any such 
comments in a separate file to which the public does not have access, 
and place a note in the public docket that DHS has received such 
materials from the commenter. DHS will provide appropriate access to 
such comments upon request to individuals who meet the applicable legal 
requirements for access of such information.

IV. Listening Sessions

A. Purpose

    DHS will hold listening sessions on how the current PCII Program 
regulations, codified at 6 CFR part 29, ``Procedures for Handling 
Critical Infrastructure Information,'' might be improved.

B. Procedures and Participation

    These meetings are open to the public. The listening sessions will 
be made available online via webinar and can be accessed through the 
following link, https://share.dhs.gov/pcii-training/, at the beginning 
of each listening session. Additionally, there will be a conference 
bridge made available so members of the public can dial into the 
listening sessions for audio. The conference bridge phone number for 
all the 10:00 a.m. to 12:30 p.m. EST listening sessions is 1-800-369-
1912 followed by entering the participant passcode: 3922843. The 
conference bridge phone number for all the 2:00 p.m. to 4:30 p.m. EST 
listening sessions is 1-888-790-1952 followed by entering the 
participant passcode: 1933978. There are no fees to attend any of the 
listening sessions. DHS will do its best to accommodate all persons who 
wish to make a comment during the listening sessions. DHS encourages 
persons and groups having similar interests to consolidate their 
information for presentation through a single representative.
    The listening sessions are intended for technical experts, who have 
a cyber, security, regulatory or other background to discuss the 
proposed topics regarding updates to the PCII Program at an expert 
level. However, individuals who are not technical experts (or who do 
not meet the other criteria) may still attend and participate in the 
meeting. The listening sessions are intended to afford the public an 
opportunity to provide comments to DHS concerning the PCII Program and 
updating its current regulation. For the listening sessions, comments 
are requested not to exceed four minutes at a time to enable all 
interested attendees an opportunity to provide comment. Should time 
permit, commenters who need additional time may be invited to complete 
their comments. The listening sessions may adjourn early if all 
commenters present have had the opportunity to speak prior to the 
scheduled conclusion of the session. Participants who speak will be 
asked to provide their name, title, company and stakeholder segment. 
The listening sessions will be recorded to support the note-taking 
effort. Notes from the listening sessions, including the webinar 
materials, will be posted at https://www.regulations.gov. DHS will place 
a transcript of the listening sessions in the docket for this 
rulemaking.

Tammy Barbour,
Protected Critical Infrastructure Information, (PCII) Program Manager, 
Infrastructure, Information Collection Division.
[FR Doc. 2016-11338 Filed 5-10-16; 4:15 pm]
 BILLING CODE 9110-9P-P