Security Training for Surface Transportation Employees, 91336-91401 [2016-28298]

Download as PDF 91336 Federal Register / Vol. 81, No. 242 / Friday, December 16, 2016 / Proposed Rules Transportation Security Administration 49 CFR Parts 1500, 1520, 1570, 1580, 1582, and 1584 [Docket No. TSA–2015–0001] RIN 1652–AA55 Security Training for Surface Transportation Employees Transportation Security Administration, DHS. ACTION: Notice of proposed rulemaking (NPRM). AGENCY: The Transportation Security Administration (TSA) is proposing to require security training for employees of higher-risk freight railroad carriers, public transportation agencies (including rail mass transit and bus systems), passenger railroad carriers, and over-the-road bus (OTRB) companies. Owner/operators of these higher-risk railroads, systems, and companies would be required to train employees performing security-sensitive functions, using a curriculum addressing preparedness and how to observe, assess, and respond to terroristrelated threats and/or incidents. As part of this rulemaking, TSA would also expand its current requirements for rail security coordinators and reporting of significant security concerns (currently limited to freight railroads, passenger railroads, and the rail operations of public transportation systems) to include the bus components of higherrisk public transportation systems and higher-risk OTRB companies. TSA also proposes to make the maritime and land transportation provisions of TSA’s regulations consistent with other TSA regulations by codifying general responsibility to comply with security requirements; compliance, inspection, and enforcement; and procedures to request alternate measures for compliance. Finally, TSA is adding a definition for Transportation SecuritySensitive Materials (TSSM). Other provisions are being amended or added, as necessary, to implement these additional requirements. While TSA will review and consider all comments submitted, TSA invites responses to a number of specific questions posed in the preamble of the NPRM. See the Comments Invited section under SUPPLEMENTARY INFORMATION that follows. DATES: Submit comments by March 16, 2017. mstockstill on DSK3G9T082PROD with PROPOSALS3 SUMMARY: VerDate Sep<11>2014 20:02 Dec 15, 2016 Jkt 241001 You may submit comments, identified by the TSA docket number to this rulemaking, to the Federal Docket Management System (FDMS), a government-wide, electronic docket management system, using any one of the following methods: Electronically: You may submit comments through the Federal eRulemaking portal at https:// www.regulations.gov. Follow the online instructions for submitting comments. Mail, In Person, or Fax: Address, hand-deliver, or fax your written comments to the Docket Management Facility, U.S. Department of Transportation, 1200 New Jersey Avenue SE., West Building Ground Floor, Room W12–140, Washington, DC 20590–0001; Fax 202–493–2251. The Department of Transportation (DOT), which maintains and processes TSA’s official regulatory dockets, will scan the submission and post it to FDMS. See SUPPLEMENTARY INFORMATION for format and other information about comment submissions. FOR FURTHER INFORMATION CONTACT: Harry Schultz (TSA Office of Security Policy and Industry Engagement) or Traci Klemm (TSA Office of the Chief Counsel) at telephone (571) 227–5563 or email to SecurityTrainingPolicy@ tsa.dhs.gov. ADDRESSES: DEPARTMENT OF HOMELAND SECURITY SUPPLEMENTARY INFORMATION: Comments Invited TSA invites interested persons to participate in this rulemaking by submitting written comments, data, or views. We also invite comments relating to the economic, environmental, energy, or federalism impacts that might result from this rulemaking action. See ADDRESSES above for information on where to submit comments. With each comment, please identify the docket number at the beginning of your comments. TSA encourages commenters to provide their names and addresses. The most helpful comments reference a specific portion of the rulemaking, explain the reason for any recommended change, and include supporting data. You may submit comments and material electronically, in person, by mail, or fax as provided under ADDRESSES, but please submit your comments and material by only one means. If you submit comments by mail or delivery, submit them in an unbound format, no larger than 8.5 by 11 inches, suitable for copying and electronic filing. If you want TSA to acknowledge receipt of comments submitted by mail, include with your comments a selfaddressed, stamped postcard on which PO 00000 Frm 00002 Fmt 4701 Sfmt 4702 the docket number appears. We will stamp the date on the postcard and mail it to you. TSA will file in the public docket all comments TSA receives, except for comments containing confidential information and Sensitive Security Information (SSI).1 TSA will consider all comments received on or before the closing date for comments and will consider comments filed late to the extent practicable. The docket is available for public inspection before and after the comment closing date. NPRM Specific Questions While TSA will review and consider all comments submitted, TSA invites responses to the following five specific questions: (1) The preferred avenue to submit security training programs to TSA, such as through email, secure Web site, or mailing address. (2) TSA is proposing to use accumulated days of employment as one of the factors triggering whether an employee must be trained and requests comment specifically on how to calculate accumulated days and to ensure contractors are not used to avoid the requirements of this proposed rule. (3) The use of previous training to satisfy requirements in the proposed rule. (4) Options for harmonizing the proposed training schedule with existing training schedules and for adding efficiencies with other relevant regulatory requirements, including identification of any laws, regulations, or orders not identified by TSA that commenters believe would conflict with the provisions of the proposed rule. (5) Options for ensuring training is effective in the absence of proficiency standards. For example, the proposed rule does not prescribe conditions for a pass/fail policy that may be associated with post-training testing, nor recommending a specified maximum number of times that an individual may take a test or evaluation to demonstrate knowledge and competency. Handling of Confidential or Proprietary Information and Sensitive Security Information (SSI) Submitted in Public Comments Do not submit comments that include trade secrets, confidential commercial 1 ‘‘Sensitive Security Information’’ or ‘‘SSI’’ is information obtained or developed in the conduct of security activities, the disclosure of which would constitute an unwarranted invasion of privacy, reveal trade secrets or privileged or confidential information, or be detrimental to the security of transportation. The protection of SSI is governed by 49 CFR parts 15 and 1520. E:\FR\FM\16DEP3.SGM 16DEP3 Federal Register / Vol. 81, No. 242 / Friday, December 16, 2016 / Proposed Rules or financial information, or SSI to the public regulatory docket. Please submit such comments separately from other comments on the rulemaking. Comments containing this type of information must be appropriately marked as containing such information and submitted by mail to the address listed in FOR FURTHER INFORMATION CONTACT section. TSA will not place comments containing SSI in the public docket, but will handle them in accordance with applicable safeguards and restrictions on access. TSA will hold documents containing SSI, confidential business information, or trade secrets in a separate file to which the public does not have access, and place a note in the public docket that TSA has received such materials from the commenter. If TSA determines, however, that portions of these comments may be made publicly available, TSA may include a redacted version of the comment in the public docket. If TSA receives a request to examine or copy information that is not in the public docket, TSA will treat it as any other request under the Freedom of Information Act (FOIA) (5 U.S.C. 552) and FOIA regulation of the Department of Homeland Security (DHS) found in 6 CFR part 5. mstockstill on DSK3G9T082PROD with PROPOSALS3 Reviewing Comments in the Docket Please be aware that anyone is able to search the electronic form of all comments in any of our dockets by the name of the individual who submitted the comment (or signed the comment, if submitted on behalf of an association, business, labor union, etc.). You may review the applicable Privacy Act Statement published in the Federal Register on April 11, 2000 (65 FR 19477) and modified on January 17, 2008 (73 FR 3316), or you may visit https://DocketsInfo.dot.gov. You may review TSA’s electronic public docket on the Internet at https:// www.regulations.gov. In addition, DOT’s Docket Management Facility provides a physical facility, staff, equipment, and assistance to the public. To obtain assistance or to review comments in TSA’s public docket, you may visit this facility between 9:00 a.m. and 5:00 p.m., Monday through Friday, excluding legal holidays, or call (202) 366–9826. This docket operations facility is located in the West Building Ground Floor, Room W12–140 at 1200 New Jersey Avenue SE., Washington, DC 20590. Availability of Rulemaking Document An electronic copy can be obtained using the Internet by— VerDate Sep<11>2014 20:02 Dec 15, 2016 Jkt 241001 (1) Searching the electronic Federal Docket Management System (FDMS) Web page at https://www.regulations.gov; (2) Accessing the Government Printing Office’s Web page at https:// www.gpo.gov/fdsys/browse/ collection.action?collectionCode=FR to view the daily published Federal Register edition; or accessing the ‘‘Search the Federal Register by Citation’’ in the ‘‘Related Resources’’ column on the left, if you need to do a Simple or Advanced search for information, such as a type of document that crosses multiple agencies or dates. In addition, copies are available by writing or calling the individual in the FOR FURTHER INFORMATION CONTACT section. Make sure to identify the docket number of this rulemaking. Abbreviations and Terms Used in This Document AAR—Association of American Railroads ABA—American Bus Association Amtrak—National Railroad Passenger Corporation APTA—American Public Transportation Association CD—Compact Disc CCTV—Closed-Circuit Television CFATS—Chemical Facility Anti-Terrorism Standards CFATS EAP—Expedited Approval Program for the CFATS program CFATS RBPS—Risk-Based Performance Standards of the CFATS program CFATS SSP—Site Specific Plans part of the CFATS program DHS—Department of Homeland Security DIF—Difficulty-Importance-Frequency EOD—Explosives Ordinance Disposal FMCSA—Federal Motor Carrier Safety Administration FRA—Federal Railroad Administration FTA—Federal Transit Administration GAO—U.S. Government Accountability Office GCC—Government Coordinating Council HMR—Hazardous Materials Regulations HSA—Homeland Security Act of 2002 HTUA—High Threat Urban Area IED—Improvised Explosive Device IFR—Interim Final Rule IRFA—Initial Regulatory Flexibility Analysis MOU—Memorandum of Understanding NCTC—National Counterterrorism Center NSI—Nationwide Suspicious Activity Reporting (SAR) Initiative OAs—Oversight Agencies OMB—Office of Management and Budget OTRB—Over-the-Road Bus PAG—Transit Policing and Security Peer Advisory Group PHMSA—Pipeline and Hazardous Materials Safety Administration PRA—Paperwork Reduction Act of 1995 PTPR—Public Transportation and Passenger Railroads RFA—Regulatory Flexibility Act of 1980 RIA—Regulatory Impact Analysis RSC—Rail Security Coordinator RSSM—Rail Security-Sensitive Material SBA—Small Business Administration PO 00000 Frm 00003 Fmt 4701 Sfmt 4702 91337 SCC—Sector Coordinating Council SMS—Safety Management System SSI—Sensitive Security Information TIH—Toxic Inhalation Hazard TSA—Transportation Security Administration TSGP—Transit Security Grant Program TSSM—Transportation Security Sensitive Material UASI—Urban Area Security Initiative UMRA—Unfunded Mandates Reform Act of 1995 VBIED—Vehicle-Borne Improvised Explosive Device Table of Contents I. Executive Summary II. Background A. Context and Purpose B. Statutory Authorities C. Rule Organization III. Proposed Rule A. Amendments to Part 1500 1. General Terms 2. Transportation Security-Sensitive Materials B. Amendments to Part 1503 C. Amendments to Part 1520 D. Amendments to Part 1570 1. Overview of changes and structure 2. Subpart A—General 3. Subpart B—Security Programs 4. Subpart C—Operations 5. Subpart D—Security Threat Assessments E. Security-Sensitive Employees (§§ 1580.3, 1582.3, and 1584.3) F. Security Programs—Applicability (§§ 1580.301, 1582.301, and 1584.301) 1. Freight Railroads 2. Public Transportation and Passenger Railroads 3. Over-the-Road Buses 4. Foreign Owner/Operators 5. Preemption G. Security Program General Requirements (§§ 1580.113, 1582.113, and 1584.113) 1. Information About the Owner/Operator 2. Information on How Training Will Be Provided 3. Ensuring Supervision of Untrained Employees and Providing Notice of Changes Affecting Training 4. Methods for Determining Effectiveness of Training 5. Relation to Other Training H. Security Training and Knowledge for Security-Sensitive Employees (§§ 1580.115, 1582.115 and 1584.115) 1. Training Required for Security-Sensitive Employees 2. Limits on Use of Untrained Employees 3. Knowledge Required I. Other Security Training Programs 1. Federal Railroad Administration Safety Training Requirements 2. Federal Transit Administration Safety Requirements 3. OTRB Safety Requirements 4. Hazardous Materials Regulations a. Overlap With DOT Regulations Regarding Transportation of Hazardous Materials b. Inspections and Enforcement c. Overlap With Other DHS Regulations J. Training Resources K. Programmatic Alternatives E:\FR\FM\16DEP3.SGM 16DEP3 91338 Federal Register / Vol. 81, No. 242 / Friday, December 16, 2016 / Proposed Rules IV. Stakeholder Consultations A. Multi-Modal Outreach B. Freight Rail C. Public Transportation and Passenger Rail D. Over-the-Road Buses E. Labor Unions V. Rulemaking Analyses and Notices A. Paperwork Reduction Act B. Economic Impact Analyses 1. Regulatory Impact Analysis Summary 2. Executive Orders 12866 and 13563 Assessments 3. OMB A–4 Statement 4. Alternatives Considered 5. Regulatory Flexibility Assessment 6. International Trade Impact Assessment 7. Unfunded Mandates Assessment C. Executive Order 13132, Federalism D. Environmental Analysis E. Energy Impact Analysis regulatory authority, which enables TSA to issue, rescind, and revise regulations as necessary to carry out its transportation security functions.3 As part of the Implementing Recommendations of the 9/11 Commission Act of 2007 (9/11 Act),4 Congress mandated that DHS use its authority to issue regulations and included in the statute minimum requirements for employees to be trained, subjects of training, and procedures for the submission and approval of training programs.5 As part of this mandate, the 9/11 Act also requires higher-risk railroads and OTRBs to appoint security coordinators.6 This NPRM would propose to implement those provisions. I. Executive Summary Summary of the Major Provisions As discussed in section III.F. of this NPRM, TSA is proposing to apply the requirements to higher-risk operations, based on mode-specific assessments of risk. Based on these assessments, the requirements would apply to: • Class I freight railroad carriers, railroads transporting Rail SecuritySensitive Materials (RSSMs) through identified High Threat Urban Areas (HTUAs) (applying those terms as defined in current 49 CFR 1580.3), and railroads that host other higher-risk rail operations. This would cover approximately 36 railroads. • Public transportation and passenger railroads (PTPRs) operating in the eight regions with the highest transit-specific risk. This would cover approximately 46 systems. • The National Railroad Passenger Corporation (Amtrak), an intercity passenger railroad. • OTRB owner/operators providing fixed-route service (also referred to as regular route or scheduled service) to/ through/from the highest-risk urban areas. This would cover approximately 202 OTRB owner/operators. This NPRM proposes requiring the entities listed above to: • Develop security training programs to enhance and sustain the capability of mstockstill on DSK3G9T082PROD with PROPOSALS3 Purpose of the Regulatory Action The purpose of this proposed rule is to solidify the enhanced baseline of security for higher-risk surface transportation operations by improving and sustaining the capability of employees to observe, assess, and respond to security risks and potential security breaches. These critical capabilities include identifying, reporting, and appropriately reacting to suspicious activity, suspicious items, dangerous substances, and security incidents that may be associated with terrorist reconnaissance, preparation, or action. The proposed requirements specifically apply to training employees performing security-sensitive job functions for higher-risk public transportation systems, railroad carriers (passenger and freight), and OTRB owner/operators. Preparing and training these employees to observe, assess, and respond to anomalies, threats, and incidents within their unique working environment may be the critical point for preventing a terrorist act and mitigating the consequences. Since its creation following the attacks of September 11, 2001, TSA has had statutory authority to assess a security risk for any mode of transportation, develop security measures for dealing with that risk, and enforce compliance with those measures.2 This includes broad 2 See Section 101 of the Aviation and Transportation Security Act (ATSA), Public Law 107–71, 115 Stat. 597 (Nov. 19, 2001), codified at 49 U.S.C. 114 (ATSA created TSA and established the agency’s primary federal role to enhance security for all modes of transportation). Section 403(2) of the Homeland Security Act of 2002 (HSA), Public Law 107–296, 116 Stat. 2135 (Nov. 25, 2002), transferred all functions related to transportation security, including those of the Secretary of Transportation and the Under Secretary of Transportation for Security, to the Secretary of Homeland Security. Pursuant to DHS Delegation VerDate Sep<11>2014 20:02 Dec 15, 2016 Jkt 241001 Number 7060.2, the Secretary delegated to the Administrator, subject to the Secretary’s guidance and control, the authority vested in the Secretary with respect to TSA, including that in sec. 403(2) of the HSA. 3 49 U.S.C. 114(l)(1). 4 Public Law 110–53, 121 Stat. 266 (Aug. 3, 2007). 5 See secs. 1408, 1517, and 1534 of the 9/11 Act, codified at 6 U.S.C. 1137, 1167, and 1184, respectively. For the remainder of this NPRM, TSA will refer to the codified section numbers. 6 See secs. 1512 and 1181 of the 9/11 Act, codified at 6 U.S.C. 1162 and 1181, respectively. TSA addresses 6 U.S.C 1162(e)(1)(A) and 1181(e)(1)(A) in this rulemaking. TSA intends to address the other regulatory requirements of these provisions in separate rulemakings. PO 00000 Frm 00004 Fmt 4701 Sfmt 4702 their security-sensitive employees to observe, assess, and respond to security incidents as well as to have the training necessary to implement their specific responsibilities in the event of a security incident. • Submit the required security training program to TSA for review and approval. • Implement the security training program and ensure all existing and new security-sensitive employees complete the required security training within the specified timeframes for initial and recurrent training. • Maintain records demonstrating compliance and make the records available to TSA upon request for inspection and copying. • Appoint security coordinators and alternates–who will be accessible to TSA 24 hours per day, 7 days per week– and transmit contact information for those individuals to TSA (an extension of current 49 CFR part 1580 requirements). • Report significant security incidents or concerns to TSA (an extension of current 49 CFR part 1580 requirements). • Review and update security training programs as necessary to address changing security measures or conditions. The proposed rule would also amend 49 CFR part 1500 to streamline definitions for TSA’s regulation and would add a definition of Transportation Security-Sensitive Materials (TSSMs). Proposed revisions to 49 CFR parts 1503 and 1520 would conform references and provisions related to enforcement and handling of SSI to the expanded scope of security requirements in the proposed rule. The most significant proposed revisions are found in subchapter D of chapter XII of title 49. This subchapter would be retitled ‘‘Maritime and Surface Transportation Security,’’ reorganized, and expanded to include the proposed security program requirements. The general rules for subchapter D would continue to be in part 1570, but reorganized and expanded to address the new requirements proposed in this rule. This NPRM also proposes to add a new section (1570.7) to make it clear that owner/operators, employees, contractors, and other persons can be held liable for violating TSA’s regulations. A similar provision is part of TSA’s aviation-related regulations and adding it to subchapter D ensures consistency in enforcement across all modes of transportation. This provision is further discussed in section III.D.2 of this NPRM. Some provisions currently limited to railroads under part 1580 would be E:\FR\FM\16DEP3.SGM 16DEP3 Federal Register / Vol. 81, No. 242 / Friday, December 16, 2016 / Proposed Rules moved and revised to address the additional modes, such as provisions related to ‘‘compliance, inspection, and enforcement.’’ This necessitates reorganization and minor revisions to current part 1580. The impact of the proposed rule on the organization and scope of current 49 CFR part 1580 is discussed in section II.C. of this NPRM. The following table (Table 1) provides a 91339 summary of the requirements and their applicability (distinguishing between current requirements/applicability and proposed requirements/applicability). TABLE 1—SUMMARY OF PROPOSED REQUIREMENTS [Current 49 CFR part 1580 requirements incorporated into this NPRM are indicated with an ‘‘X’’; proposed requirements are indicated with a ‘‘P’’] Inspection authority (§ 1570.9) Protecting sensitive security information (part 1520) Security coordinator (§ 1570.201) Reporting security incidents (§ 1570.203) Security training 1 X X X X X X X X X X X X X X X X P ........................ ........................ ........................ X X X X P X X X X 2P X X X X 2P X X X X ........................ P P P P P P P P P P Freight railroad carriers ........................................................ Rail hazardous materials shippers ...................................... Rail hazardous materials receivers in HTUAs ..................... Owner/operators of private rail cars .................................... Host railroads of freight or PTPR rail operations within scope of rule ..................................................................... PTPR operating rail transit systems on general railroad system, intercity passenger train service, and commuter train services .................................................................... PTPR operating rail transit systems not part of general railroad system ................................................................. Tourist, scenic, historic, and excursion rail owner/operators .................................................................................... PTPR operating bus transit or commuter bus systems in designated areas .............................................................. OTRB owner/operators providing fixed-route service in designated areas .............................................................. 1 49 mstockstill on DSK3G9T082PROD with PROPOSALS3 CFR part 1570, Subpart B (Security Programs); 49 CFR part 1580, Subpart B—Employee Security Training (freight railroads); 49 CFR part 1582, Subpart B—Employee Security Training (PTPR); and 49 CFR part 1584, Subpart B—Employee Security Training (OTRBs). 2 If Amtrak, or listed in proposed part 1582, Appendix A (a public transportation system, or part of a public transportation system). Costs and Benefits TSA estimates the overall cost of this proposed rule is $157.27 million over 10 years discounted at 7 percent. TSA estimates the cost of this proposed rule by the 4 affected parties (all costs are 10 years at 7 percent): For freight railroads the rule would cost a total of $90.74 million, for PTPR the cost is $53.14 million, for OTRB the cost is $12.08 million, and for TSA the cost is $1.31 million. The proposed rule, if finalized, would enhance surface transportation security by reducing vulnerability to terrorist attacks in four different ways. First, the surface transportation employees in each of the three covered modes would be trained to identify security vulnerabilities. Second, these surface transportation employees would be better trained to recognize potentially threatening behavior and properly report that information. Third, these surface employees would be trained to respond to incidents, thereby mitigating the consequences of an attack. Finally, the covered surface transportation owner/operators would be required to report significant security concerns to TSA so that TSA can analyze potential threats across all modes. This analysis reflects information obtained through a Notice published in VerDate Sep<11>2014 20:02 Dec 15, 2016 Jkt 241001 the Federal Register in 2013 7 (2013 Notice). Through that Notice, TSA requested data needed to provide a more accurate understanding of the existing baseline and potential costs associated with the proposed rule. In particular, TSA requested information regarding programs currently implemented— whether as a result of regulatory requirements, grant requirements, in anticipation of a rule, voluntary, or otherwise—and the costs associated with those training programs. II. Background A. Context and Purpose Surface transportation systems— including public transportation systems, intercity and commuter passenger railroads, freight railroads, intercity buses, and related infrastructure—are vital to our economy and essential to national security.8 The potential for a terrorist attack exists at each stage of moving people, goods, and services throughout the Nation. 7 78 FR 35945 (June 14, 2013). Transportation and Rail Security Act of 2007, report of the Senate Committee on Commerce, Science, and Transportation at 2 (S. Rept. 110–29, Mar. 1, 2007), quoting Executive Order (E.O.) 13416 (Dec. 5, 2006), published at 71 FR 71033 (Dec. 7, 2006). 8 Surface PO 00000 Frm 00005 Fmt 4701 Sfmt 4702 Recent attacks indicate the risk of terrorist attack to surface transportation. On August 21, 2015, there was an attempted mass shooting on a packed high-speed train bound for Paris from Amsterdam.9 Metropolitan Police treated a December 5, 2015, knife attack in a London public transportation station as a terrorist incident.10 There have been other documented terrorist attacks targeting surface transportation, including the attack in Madrid, Spain, on March 11, 2004, in which terrorists attacked four commuter trains using 10 improvised explosive devices (IED) that exploded near-simultaneously and resulted in the deaths of 191 people and injury to more than 1,800 people.11 In July 2005, four coordinated suicide bombings occurred, three on separate trains through London Underground stations and the fourth on a double9 See Michael Birnbaum, ‘‘A change of seats for 3 Americans led to saved lives on Paris-bound train,’’ Washington Post (Aug. 24, 2015), available at https://www.washingtonpost.com/world/asfrench-train-suspect-is-interrogated-questionsmount-on-europes-security/2015/08/23/088ff2fe4923-11e5-9f53-d1e3ddfd0cda_story.html. 10 See BBC, ‘‘Leytonstone Tube station stabbing a ‘terrorist incident’ ’’ (Dec. 6, 2015), available at https://www.bbc.com/news/uk-35018789. 11 Encyclopedia Britannica, ‘‘Madrid train bombings of 2004’’ (May 19, 2013), available at https://www.britannica.com/event/Madrid-trainbombings-of-2004. E:\FR\FM\16DEP3.SGM 16DEP3 91340 Federal Register / Vol. 81, No. 242 / Friday, December 16, 2016 / Proposed Rules decker bus, killed 52 people.12 In July 2008, a group linked to Lashkar-eTayyiba attacked Mumbai’s Western Railway Line with seven IEDs during evening commute hours, killing 183 people.13 In November 2008, this group committed another coordinated attack that included shooting and bombing operations at several targets—including a train station—and killed a total of 164 people.14 More recently, U.S. news media reported that the Federal Bureau of Investigation (FBI) uncovered a plot to attack the PATH commuter rail system serving New York and New Jersey in mid-2006.15 These previous events highlight the magnitude of the deadly consequences that an attack on surface transportation could have. As part of its ongoing communications with stakeholders, TSA has alerted owner/operators affected by this proposed rule to transportation-related threats and has worked with many of them to review and recognize potential vulnerabilities to their operations. The impact that security training can have on these operations was recognized by Congress when it mandated, and provided detailed requirements for, security training regulations as part of the 9/11 Act.16 TSA recognizes that the owner/ operators of surface transportations systems, both public and private, are principally responsible for the safety and security of the people using their services. As noted in Presidential Policy Directive/PPD–21, ‘‘Critical Infrastructure Security and Resilience:’’ mstockstill on DSK3G9T082PROD with PROPOSALS3 The Nation’s critical infrastructure is diverse and complex. It includes distributed networks, varied organizational structures and operating models (including multinational ownership), interdependent functions and systems in both the physical space and cyberspace, and governance constructs that involve multi-level authorities, responsibilities, and regulations. Critical infrastructure owners and operators are uniquely positioned to manage risks to 12 CNN, ‘‘July 7 2005 London Bombings Fast Facts’’ (updated June 29, 2016, 9:44 a.m.), available at https://www.cnn.com/2013/11/06/world/europe/ july-7-2005-london-bombings-fast-facts/. 13 Bureau of Diplomatic Security, ‘‘India 2013 Crime and Safety Report: Mumbai’’ (March 5, 2013), available at https://www.osac.gov/pages/ ContentReportDetails.aspx?cid=13701. 14 CNN, ‘‘Mumbai Terror Attacks Fast Facts’’ (updated Nov. 4, 2015, 11:57 a.m.), available at https://www.cnn.com/2013/09/18/world/asia/ mumbai-terror-attacks/. 15 Mary Frost, ‘‘NYC subways targeted in ISIS terror plot—NYPD, FBI evaluating threat level,’’ Brooklyn Daily Eagle (Sept. 25, 2014), available at https://www.brooklyneagle.com/articles/2014/9/25/ nyc-subways-targeted-isis-terror-plot-nypd-fbievaluating-threat-level. 16 Public Law 110–53, 121 Stat. 266 (Aug. 3, 2007). VerDate Sep<11>2014 20:02 Dec 15, 2016 Jkt 241001 their individual operations and assets, and to determine effective strategies to make them more secure and resilient.17 Surface transportation employees—the people who provide and support these services—are a critical resource for protecting passengers and the transportation infrastructure. As a result of TSA’s programmatic efforts, as well as awareness of the requirements of the 9/11 Act, many owner/operators of higher-risk surface transportation operations have voluntarily implemented security training programs that address some of the requirements of this proposed rule. As noted in the economic analysis for this rulemaking, however, the private market may not provide adequate incentives for owner/operators to make a socially optimal investment in the full range of measures that would reduce the probability of a successful terrorist attack based on the economics of externalities. (Externalities are costs or benefits from an economic transaction experienced by parties ‘‘external’’ to the transaction.) Specifically, for surface mode owner/operators, the total consequences of an attack or other security incident to society may be greater than what would be suffered by the individual owner/operator of the infrastructure or facility. Without ignoring the voluntary efforts of owner/operators to increase the baseline of their security, including by providing security training, TSA also recognizes a firm normally would not choose to make an investment in security over its privately optimal amount in a competitive market place, since such an investment would increase the firm’s cost of production, placing it at a disadvantage when competing with companies that have not chosen to make a similar investment in security. Focusing on the higher-risk operations and frontline employees (defined in the rule as those performing security-sensitive functions), this proposed rule would close gaps in the scope or breadth of training provided as part of voluntary efforts. To the extent resource and economic considerations could cause this voluntary commitment to abate in the future, this proposed rule, when finalized, should solidify these efforts and commitment to security training. Thus, the purpose of this proposed rule is to solidify a baseline of security training for surface transportation by enhancing and sustaining the capability of frontline employees for higher-risk public transportation systems, railroad 17 PPD–21 PO 00000 (Feb. 12, 2013) (emphasis added). Frm 00006 Fmt 4701 Sfmt 4702 carriers (passenger and freight), and OTRB owner/operators to observe, assess, and respond to security risks and potential security breaches. These critical capabilities include identifying, reporting, and appropriately reacting to suspicious activity, suspicious items, dangerous substances, and security incidents that may be associated with terrorist reconnaissance, preparation, or action. An employee who is prepared and trained to observe, assess, and respond may be the critical point for preventing a terrorist act. Security awareness training is an important and effective tool to enhance an employee’s ability to detect and deter attacks by terrorists or others— particularly those with malicious intent to target surface transportation or use vehicles as delivery systems for weapons of mass destruction. Welltrained employees can serve as security force-multipliers. Their familiarity with the facilities and operating environments of their specific transportation systems makes them especially effective at recognizing situations and conditions that may pose a threat to the safety and security of passengers, cargo, and transportation infrastructure. Employees who are prepared to execute their security-related responsibilities and trained to observe, assess, and respond bring an informed vigilance to their daily responsibilities. They are more capable of identifying and making timely reports to support inquiry by law enforcement and security personnel, increasing the potential for detection or disruption of terrorist planning, preparations, and observations. In the event an incident does occur, employees who understand their roles and responsibilities under the owner/operator’s security planning and response documents are better prepared to initiate timely responsive actions to mitigate consequences and work with first responders. This rulemaking is part of TSA’s commitment to risk-based security and how it implicates policy decisions, resource commitments, and expectations. Passengers traveling through a higher-risk area or system (whether by bus or train) should be able to expect the same level of security regardless of the carrier. Communities in HTUAs should expect that the freight trains carrying RSSM 18 are operated by employees with a common baseline of security training, regardless of who owns or operates the train. The result is 18 As previously noted, TSA is not proposing to modify these terms as defined in current 49 CFR 1580.3. E:\FR\FM\16DEP3.SGM 16DEP3 Federal Register / Vol. 81, No. 242 / Friday, December 16, 2016 / Proposed Rules a proposed rule that bases applicability primarily on the location where the transportation is operated (rather than constructs of ownership) and scope of employees to be trained on the functions they perform (rather than titles in position descriptions). For these reasons, TSA proposes this regulation requiring owner/operators to implement employee security training programs for employees serving in security-sensitive positions in higherrisk operations. TSA explains aspects of the proposed rule more fully in section III of this NPRM. mstockstill on DSK3G9T082PROD with PROPOSALS3 B. Statutory Authorities The security of the Nation’s transportation systems is vital to the economic health and security of the United States. Ensuring transportation security while promoting the movement of legitimate travelers and commerce is a critical counter-terrorism mission assigned to TSA. Since its creation following the attacks of September 11, 2001, TSA has had broad statutory authority to assess a security risk for any mode of transportation, develop security measures for dealing with that risk, and enforce compliance with those measures.19 This includes broad regulatory authority, which enables TSA to issue, rescind, and revise regulations as necessary to carry out its transportation security functions.20 Congress has determined that a regulation is necessary for owner/ operators of public transportation systems, passenger railroads, freight railroads, and OTRBs to provide security training to their frontline employees. As part of the 9/11 Act,21 Congress mandated that DHS use its authority to issue regulations and included in the statute minimum requirements for employees to be trained, subjects of training, and procedures for the submission and approval of training programs.22 This NPRM proposes to implement these provisions. The 9/11 Act includes a requirement to include ‘‘[l]ive situational training exercises’’ as part of its security training regulations.23 As part of the Homeland Security Exercise and Evaluation Program (HSEEP), DHS describes the benefit of exercises ‘‘to test and validate 19 See supra, n. 2. U.S.C. 114(l)(1). 21 Public Law 110–53, 121 Stat. 266 (Aug. 3, 2007). 22 See 6 U.S.C. 1137, 1167, and 1184. 23 See 6 U.S.C. 1137(c)(7), 1167(c)(8), and 1184(c)(8). 20 49 VerDate Sep<11>2014 20:02 Dec 15, 2016 Jkt 241001 plans and capabilities.’’ 24 While testing the effectiveness of training is important, the HSEEP focuses on the need to test effectiveness of the overall plan—a process that reveals any weaknesses in training. TSA has determined the intent of requiring exercises would be better met if owner/ operators were required to test the effectiveness of their security plans— which would include testing employee understanding and capabilities related to their roles, responsibilities, protocols, and procedures. Therefore, TSA has decided to address this element in a separate rulemaking that will meet related 9/11 Act provisions for security planning.25 Finally, the 9/11 Act also requires DHS to define the term ‘‘securitysensitive material’’ as it relates to materials transported in commerce that pose ‘‘a significant risk to national security . . . due to the potential use of the material in an act of terrorism.’’ 26 The 9/11 Act states that the term must include specific, identified materials.27 TSA has previously identified ‘‘securitysensitive materials’’ transported by freight railroad carriers as ‘‘Rail Security-Sensitive Materials’’ (RSSM).28 As further discussed in section III.A.2 of this NPRM, TSA is proposing materials to be identified as ‘‘Transportation Security-Sensitive Materials (TSSM).’’ C. Rule Organization Implementing requirements in the 9/ 11 Act for surface transportation regulations necessitates making other changes to TSA’s regulations found in title 49 of the CFR. Some of these changes are technical revisions or additions, such as consolidating definitions used in multiple parts of TSA’s regulations into part 1500 and adding cross-references to the new regulatory requirements as relevant for investigations (part 1503) and protection of SSI (part 1520). The most significant changes are to subchapter D, which TSA proposes to rename ‘‘Maritime and Surface Transportation Security.’’ Subchapter D currently contains requirements related 24 See DHS, ‘‘Homeland Security Exercise and Evaluation Program (HSEEP)’’ (April 2013), available at https://www.fema.gov/media-librarydata/20130726-1914-25045-8890/hseep_apr13_.pdf. 25 See requirements in 6 U.S.C. 1134 (public transportation), 1162 (railroads), and 1181 (OTRBs). 26 6 U.S.C. 1151(13). 27 Materials to be included are Class 7 radioactive materials, Division 1.1, 1.2, or 1.3 explosives, materials poisonous or toxic by inhalation, including Division 2.3 gases and Division 6.1 materials, and select agents or toxins regulated by the Centers for Disease Control and Prevention under 42 CFR part 73. 28 See 49 CFR 1580.3 and 1580.100(b). PO 00000 Frm 00007 Fmt 4701 Sfmt 4702 91341 to security threat assessments (STAs) (parts 1570 and 1572) and rail security (1580). TSA is proposing to significantly reorganize and augment parts 1570 and 1580, and add parts 1582 (PTPR) and 1584 (Highway and Motor Carriers). Many portions of the proposed rule are common to PTPR, freight, and OTRB operations. These are included in 49 CFR part 1570. Eliminating duplication of these requirements across multiple sections of TSA’s regulations reduces unintended inconsistencies, both now and over time to the extent there are any amendments made to these regulations in the future. Because of these modifications, other organizational changes are being made to part 1570— including moving definitions that have applicability across multiple parts of TSA’s regulations to part 1500 (discussed more fully in part III.A of this NPRM) and consolidating provisions related to security threat assessments into a new subpart D. The STA provisions are being moved but are otherwise unmodified. As a result, the substance of these provisions is not part of this notice and comment rulemaking. TSA includes proposed requirements adapted to reflect the unique aspects of each mode in mode-specific parts of 49 CFR Chapter XII, Subchapter D— Maritime and Surface Transportation Security. Part 1580 would be revised to focus on freight railroads. Sections in current part 1580 applicable to PTPR systems would be moved to a new part 1582. TSA also proposes creating a new part 1584, which would include the requirements for OTRB. With the exception of the following, provisions of current 49 CFR part 1580, Rail Transportation Security, applicable to freight railroads would be reorganized without substantive change. TSA proposes to move some provisions to part 1570—this revision would include the security coordinator and reporting requirements (which are being updated and clarified, and extended to include higher-risk buses).29 Other provisions, such as ‘‘chain of custody’’ provisions for RSSMs, would be reorganized within part 1580 because of this proposed rule. Finally, current Appendix A to part 1580 would be modified to remove outdated references. Table 2 provides a distribution table for changes to current 49 CFR part 1580. To the extent sections are being moved, but not revised, they are not part of this notice and comment rulemaking. 29 These modifications are discussed in section III.C. of this NPRM. E:\FR\FM\16DEP3.SGM 16DEP3 91342 Federal Register / Vol. 81, No. 242 / Friday, December 16, 2016 / Proposed Rules III. Proposed Rule TABLE 2—49 CFR PART 1580 DISTRIBUTION TABLE Former section 1580.1 .................... 1580.3 .................... 1580.5 .................... 1580.100 ................ 1580.101 ................ 1580.103 ................ 1580.105 ................ 1580.107 ................ 1580.109 ................ 1580.111 ................ 1580.200 ................ 1580.201 ................ 1580.203 ................ A. Amendments to Part 1500 1. General Terms New section(s) Consistent with the proposed rule’s organization, TSA includes proposed definitions for terms relevant to several subchapters of TSA regulations, beyond the requirements of subchapter D, in part 1500. Terms relevant to several parts of subchapter D would be added to § 1570.3. Terms uniquely relevant to each mode would be included in the relevant parts (part 1580 (freight), part 1582 (PTPR), and part 1584 (OTRB)). Many of the proposed definitions are identical, or nearly identical, to definitions codified in current 49 CFR 1570.1, 1580.1, and 1582.1. 1570.3, 1580.3, and 1582.3. 1570.9. 1500.3, 1580.101. 1570.201. 1580.203. 1570.203. 1580.205. 1580.5 and 1582.5. 1580.207. 1582.101. 1570.201. 1570.203. part 1580. Some definitions are taken from the 9/11 Act. Other definitions are derived from existing Federal regulatory programs, particularly programs administered by DOT. A few definitions are based on industry sources. TSA’s purpose is to use existing definitions that regulated parties are familiar with to the extent that the definitions are consistent with the 9/11 Act and the purposes of this NPRM. Where no existing definition is appropriate, TSA’s subject matter experts developed the definition based upon the generally accepted and known use of terms within each of the modes subject to this proposed regulation. Table 3 provides additional information on the terms that would be added to part 1500. TABLE 3—EXPLANATION OF PROPOSED TERMS AND DEFINITIONS Summary of change Explanation Propose modifying definition of ‘‘Administrator’’ ...................................... This term is used in proposed sections regarding procedures for requesting alternative measures or challenges to required modifications. The definition is being updated to reflect TSA’s transition to a DHS component. This term is used in the definition of ‘‘Employee.’’ It is intended to ensure that any ‘‘authorized representatives’’ performing security-sensitive functions for an owner/operator receives the required security training, even if they are not considered a direct employee. More information can be found in the discussion of employees required to be trained in preamble section III.E. This term is used in several other terms defined in this proposed rule. TSA’s review of DOT regulations identified several definitions for this term. The definition developed by TSA for the purposes of subchapter D is a composite of DOT’s definitions adopted for TSA’s purposes. While it is a broad definition on its own, the other terms in which it is used limit its application. This term is used as part of the scope of what is intended by, and included within, the definition of public transportation. Consistent with the scope of other commuter transit systems, the definition is based upon an explanation of what constitutes ‘‘urban rapid transit service’’ in 49 CFR part 209, Appendix A. This term is used as part of the scope of what is intended by, and included within, the definition of public transportation. Consistent with the scope of other commuter transit systems, the definition is based upon the Federal Railroad Administration’s (FRA’s) explanation of ‘‘commuter service’’ for rail in 49 CFR part 209, and the Federal Motor Carrier Safety Administration’s (FMCSA’s) definition of ‘‘commuter service’’ in 49 CFR 374.303(g). This term is used as part of the scope of what is intended by, and included within, the definition of public transportation. Propose adding a definition for ‘‘Authorized representative’’ ................... Propose adding a definition for ‘‘Bus’’ ...................................................... Propose adding a definition of ‘‘Bus transit system’’ ............................... Propose adding a definition for ‘‘Commuter bus system’’ ....................... As part of reorganization of current 49 CFR part 1580, propose moving definition of ‘‘Commuter passenger train service’’ from 49 CFR 1580.3. Propose moving definition of ‘‘DHS’’ from 49 CFR 1520.3 ..................... Propose moving definition of ‘‘DOT’’ from 49 CFR 1520.3 ..................... mstockstill on DSK3G9T082PROD with PROPOSALS3 Proposed adding definition for ‘‘Fixed-route service’’ .............................. Propose moving definition of ‘‘General railroad system of transportation’’ from 49 CFR 1580.3. Propose moving definition of ‘‘Hazardous Material’’ from 49 CFR 1580.3. Propose moving definition of ‘‘Heavy rail transit’’ from 49 CFR 1580.3 .. Propose adding a definition of ‘‘Host railroad’’ ........................................ VerDate Sep<11>2014 20:02 Dec 15, 2016 Jkt 241001 PO 00000 Frm 00008 Fmt 4701 This term has general applicability to several parts of TSA’s regulations beyond the provisions in 49 CFR part 1520. This term has general applicability to several parts of TSA’s regulations beyond the provisions in 49 CFR part 1520. Used within the scope of OTRB owner/operators subject to the proposed regulation (see proposed 49 CFR 1570.101 and 1584.1), this term is based on the definition of a fixed-route system found in 49 CFR 37.3. Part of reorganization of current 49 CFR part 1580. This proposed rule does not change the definition. Part of reorganization of current 49 CFR part 1580. This proposed rule does not change the definition. Part of reorganization of current 49 CFR part 1580. This proposed rule does not change the definition. This term, which is consistent with the definition in 49 CFR 236.1003, is used within the scope of this proposed rule relating to operations by railroad carriers. More information can be found in the preamble discussion in section III.F.1. Sfmt 4702 E:\FR\FM\16DEP3.SGM 16DEP3 Federal Register / Vol. 81, No. 242 / Friday, December 16, 2016 / Proposed Rules 91343 TABLE 3—EXPLANATION OF PROPOSED TERMS AND DEFINITIONS—Continued Summary of change Explanation Propose moving definition of ‘‘Improvised explosive device (IED)’’ from 49 CFR 1580.3. Propose moving definition of ‘‘Intercity passenger train service’’ from 49 CFR 1580.3. Propose moving definition of ‘‘Light rail transit’’ from 49 CFR 1580.3 .... Part of reorganization of current 49 CFR part 1580. This proposed rule does not change the definition. Part of reorganization of current 49 CFR part 1580. This proposed rule does not change the definition. Part of reorganization of current 49 CFR part 1580. This proposed rule does not change the definition. Used throughout this proposed rule, TSA has determined that there is no consistent definition of ‘‘motor vehicle’’ within federal regulations. TSA has reviewed various DOT regulations and relies primarily on 49 CFR 390.5 for this definition as most applicable to this proposed regulation, choosing a definition that is inclusive with limitations provided in the relevant applicability sections. This term, the definition of which is consistent with 6 U.S.C. 1151(4), is used within other definitions and the scope of this proposed rule relating to over-the-road bus owners. More information can be found in the preamble discussion in section III.F.3. Used in other definitions and throughout the proposed rule, the definition of this term is a modification of the current definition of ‘‘owner/ operator’’ that affects 49 CFR, subchapter D. The modifications remove outdated references to make it the term appropriate for the broader scope of transportation regulated by TSA. Part of reorganization of current 49 CFR part 1580. TSA is proposing to insert the word ‘‘rail’’ between ‘‘passenger’’ and ‘‘car’’ to avoid any confusion between rail and motor vehicle conveyances. Used both in the scope of proposed subpart B of 49 CFR part 1570 (Security Coordinator and Reporting Requirements) and the scope of the training rule (proposed 49 CFR part 1582), this term is also used in the context of host railroad operations. More information can be found in the discussion in III.F.2. The definition is based on the definition for this term found in 49 CFR 239.7. Part of reorganization of current 49 CFR part 1580. This proposed rule does not change the definition. Part of reorganization of current 49 CFR part 1580. This proposed rule does not change the definition. Used within other terms, this definition is based primarily on 49 U.S.C. 5302(14). Where the statute uses a definition that is characterized by what is excluded, TSA’s definition focuses on what is included. This term is used to define the scope of owner/operators subject to the proposed rule. See proposed subpart B to 49 CFR parts 1570 and 1582. See also the preamble discussion in section III.F.2 for more information. (The 9/11 Act defines a ‘‘public transportation agency’’ as a publicly owned operator of public transportation eligible to receive Federal assistance under Chapter 53 of Title 49, United States Code.’’). TSA reviewed the requirements of that statute in developing this definition. As noted above, the definition of ‘‘public transportation’’ is based on 49 U.S.C. 5302(14). Part of reorganization of current 49 CFR part 1580. This proposed rule does not change the definition. Part of reorganization of current 49 CFR part 1580. As proposed, the definition of ‘‘offers or offeror’’ in 49 CFR 1580.3 would be deleted and a reference to the DOT definition for ‘‘person who offers or offeror’’ would be incorporated into the definition of ‘‘rail security-sensitive material.’’ Part of reorganization of current 49 CFR part 1580. This proposed rule does not change the definition. This term has general applicability to several parts of TSA’s regulations beyond the provisions in 49 CFR part 1520. Part of reorganization of current 49 CFR part 1580. This proposed rule does not change the definition. Part of reorganization of current 49 CFR part 1580. This proposed rule does not change the definition. Part of reorganization of current 49 CFR part 1580. This proposed rule does not significantly change the definition. This term has general applicability to several parts of TSA’s regulations beyond the provisions in 49 CFR part 1520. This term has general applicability to several parts of TSA’s regulations beyond the provisions in 49 CFR parts 1520 and 1570. This term has general applicability to several parts of TSA’s regulations beyond the provisions in 49 CFR parts 1520 and 1570. Propose adding a definition of ‘‘Motor vehicle’’ ....................................... Propose adding a definition for ‘‘Over-the-Road Bus (OTRB)’’ ............... Propose moving definition of ‘‘owner/operator’’ from 49 CFR 1570.3 and modifying to eliminate cross-reference to title 33 of the CFR. Propose moving definition of ‘‘Passenger car’’ from 49 CFR 1580.3 and adding ‘‘rail’’ to the term to read, ‘‘passenger rail car’’. Propose adding a definition of ‘‘Passenger railroad carrier’’ ................... Propose moving definition of ‘‘Passenger train’’ from 49 CFR 1580.3 .... Propose moving definition of ‘‘Private rail car’’ from 49 CFR 1580.3 ...... Propose adding a definition of ‘‘Public transportation’’ ............................ Propose adding a definition of ‘‘Public transportation agency’’ ............... Propose moving definition of ‘‘Rail hazardous materials receiver’’ from 49 CFR 1580.3. Propose moving definition of ‘‘Rail hazardous materials shipper’’ from 49 CFR 1580.3, with a non-significant amendment. Propose moving definition of ‘‘Rail secure area’’ from 49 CFR 1580.3 .. mstockstill on DSK3G9T082PROD with PROPOSALS3 Propose moving definition of ‘‘Rail transit facility’’ from 49 CFR 1520.3 and 1580.3. Propose moving definition of ‘‘Rail transit system or ‘Rail Fixed Guideway System’ ’’ from 49 CFR 1580.3 to proposed 1570.3. Propose moving definition of ‘‘Railroad carrier’’ from 49 CFR 1580.3 .... Propose moving definition of ‘‘Railroad’’ from 49 CFR 1580.3 and modifying it to define ‘‘Railroad transportation’’. Propose moving definition of ‘‘Record’’ from 49 CFR 1520.3 ................. Propose adding definition of ‘‘Sensitive Security Information consistent with 49 CFR 1520.3 to 1570.3. Propose moving definition of ‘‘State’’ from 49 CFR 1570.3 ..................... VerDate Sep<11>2014 20:02 Dec 15, 2016 Jkt 241001 PO 00000 Frm 00009 Fmt 4701 Sfmt 4702 E:\FR\FM\16DEP3.SGM 16DEP3 91344 Federal Register / Vol. 81, No. 242 / Friday, December 16, 2016 / Proposed Rules TABLE 3—EXPLANATION OF PROPOSED TERMS AND DEFINITIONS—Continued Summary of change Explanation Propose adding definition of ‘‘Transportation security equipment and systems’’. The term is used in the context of the proposed requirement for security-sensitive employees to be trained on use of security equipment and systems. See for example, proposed 49 CFR 1580.155(c)(1). TSA’s subject matter experts have developed this definition based on their work with the modes in conducting assessments and developing voluntary security action items. Part of the reorganization of current 49 CFR part 1580. This proposed rule does not change the definition. Part of the reorganization of current 49 CFR part 1580. TSA proposes modifying this term to reflect the multimodal scope of the proposed training rule and have the term apply across all the modes. Part of the reorganization of current 49 CFR part 1580. TSA proposes modifying this term to reflect the multimodal scope of the proposed training rule and have the term apply across all the modes. Part of the reorganization of current 49 CFR part 1580. TSA proposes modifying this term to reflect the multimodal scope of the proposed training rule and have the term apply across all the modes. The definition is included to satisfy 9/11 Act requirements. See 6 U.S.C. 1151(13). The term is defined in proposed 49 CFR 1570.3. More information can be found in the preamble discussion of the TSSM list in section III.A.2. This term has general applicability to several parts of TSA’s regulations beyond the provisions in 49 CFR part 1520. This term is being modified to streamline terminology rather than enumerating subcategories within each mode. It is being moved to 49 CFR part 1500 as it has relevance beyond the provisions in part 1520. Propose moving definition of ‘‘Tourist, scenic, historic, or excursion operation’’ from 49 CFR 1580.3. Propose moving definition of ‘‘Transit’’ from 49 CFR 1580.3 with modifications to reflect broader scope of this proposed rule. Propose moving definition of ‘‘Transportation or transport’’ from 49 CFR 1580.3 with modifications to reflect broader scope of this proposed rule. Propose moving definition of ‘‘Transportation facility’’ from 49 CFR 1580.3 with modifications to reflect broader scope of this proposed rule. Propose adding definition of ‘‘Transportation Security-Sensitive Materials (TSSM)’’. Propose moving definition of ‘‘TSA’’ from 49 CFR 1520.3 ...................... mstockstill on DSK3G9T082PROD with PROPOSALS3 Propose moving definition of ‘‘vulnerability assessment’’ from 49 CFR 1520.3. 2. Transportation Security-Sensitive Materials The 9/11 Act included a requirement for DHS to define ‘‘security-sensitive material.’’ ‘‘Security-sensitive material’’ is defined as ‘‘a material, or group or class of material, in a particular amount and form that the Secretary [of Homeland Security], in consultation with the Secretary of Transportation, determines, through rulemaking with opportunity for public comment, poses a significant risk to national security while being transported in commerce due to the potential use of the material in an act of terrorism.’’ 30 TSA has met the requirements of the 9/11 Act related to rail through its definition of RSSMs under current 49 CFR part 1580.31 In March of 2010, DOT’s Pipeline and Hazardous Materials Safety Administration (PHMSA) issued a final rule: ‘‘Hazardous Materials: Risk-Based Adjustment of Transportation Security Plan Requirements.’’ 32 This PHMSA final rule amended PHMSA’s security requirements for hazardous material (hazmat) transportation under 49 CFR part 172 of the Hazardous Material Regulations (HMR),33 applicable to 30 6 U.S.C. 1151(13). 49 CFR 1580.3 and 1580.100(b). See also discussion in 73 FR 72130 at 72134 (Nov. 26, 2008). 32 75 FR 10974 (Mar. 9, 2010). Additional information is included in the preamble to the related NPRM. See 73 FR 52558 (Sept. 9, 2008). 33 These regulations are also referred to as HM– 232. 31 See VerDate Sep<11>2014 20:02 Dec 15, 2016 Jkt 241001 freight railroad carriers, motor carriers, and shippers and receivers of hazmat. In addition to amendments to security planning requirements, the PHMSA final rule provided a revised list of hazardous materials for which a security plan is required. DOT worked closely with TSA to align the proposed lists of materials subject to their security programs with ongoing efforts by TSA. The materials considered included certain explosives, compressed gases and flammable liquids, poisonous gases and materials, corrosive materials, radioactive materials, and chemicals listed by the Chemical Weapons Convention. There were also requests to PHMSA to harmonize the list of materials for which security plans are required with the list of materials designated as high consequence dangerous goods for which enhanced security measures are recommended in the United Nations Model Regulations on the Transport of Dangerous Goods (UN Recommendations). Discussions regarding the materials identified in the PHMSA regulations can be found in the preambles to their relevant rulemakings.34 TSA proposes to adopt the PHMSA list for purposes of defining TSSM. This approach avoids unnecessary duplication and ensures consistent alignment of the materials meeting this standard in Federal regulations. A discussion regarding the materials in the list can be found in the preamble to PHMSA’s final rule.35 B. Amendments to Part 1503 TSA is proposing minor amendments to part 1503 (Investigative and Enforcement Procedures) as necessary to conform these regulations to changes made by the proposed rule. In § 1503.101(b), the scope of statutory provisions is amended to add authorities in title 6 U.S.C. that are administered by the TSA Administrator—which are relevant to this proposed rule. These are conforming amendments with no cost impact. C. Amendments to Part 1520 TSA is also proposing to modify part 1520 (Protection of Sensitive Security Information). TSA is required to promulgate regulations governing the protection of information obtained or developed in carrying out security under the authority of ATSA 36 if public disclosure of that information could be detrimental to transportation security. TSA’s current SSI regulation, 49 CFR part 1520, establishes certain requirements for the recognition, identification, handling, and dissemination of SSI, including restrictions on disclosure and civil 35 75 34 See PO 00000 supra, n. 32. Frm 00010 Fmt 4701 FR at 10977. 49 U.S.C. 114(r). 36 See Sfmt 4702 E:\FR\FM\16DEP3.SGM 16DEP3 Federal Register / Vol. 81, No. 242 / Friday, December 16, 2016 / Proposed Rules penalties for violations of those restrictions. DOT has nearly identical SSI authority (49 U.S.C. 40119) and a nearly identical SSI regulation (49 CFR part 15).37 Because TSA is expanding the scope of its regulatory requirements in order to fulfill the mandates of the 9/11 Act, it is necessary to conform the SSI provisions to include these transportation security-related requirements. The proposed amendments are limited to: (1) Eliminating unnecessary terms from part 1520 that are added to part 1500 and (2) replacing the limiting term ‘‘rail transportation security requirement’’ with ‘‘surface transportation security requirement.’’ In some places, such as the definition of ‘‘vulnerability assessment’’ in § 1520.3, TSA is proposing to streamline a lengthy description of types of transportation to simply state ‘‘aviation, maritime, or surface transportation.’’ The impact of these minor revisions should also be minimal. Under § 1520.7(j), any person who has access to SSI is required to protect it according to the requirements of the regulation. While some of the proposed population that would be affected by this rule has not previously been subject to TSA regulations, most of them have previously received SSI information from TSA, as well as training on the proper handling of SSI, and have procedures in place to ensure the requirements of the regulation are met.38 TSA’s regulations for SSI have a counterpart in DOT regulations under 49 CFR part 15. Any comments received on these proposed amendments will be shared with DOT. As these are parallel rules, assuming there are changes to part 1520 adopted as part of this notice and comment rulemaking, DOT may subsequently make similar changes to part 15. We invite comments on the proposed changes to part 1520, and we will share with DOT any comments received on potential changes to part 15. We also invite comments on this process for making changes to both parts. D. Amendments to Part 1570 1. Overview of Changes and Structure TSA is proposing to divide part 1570 into four subparts: (1) Subpart A would cover general requirements applicable to all aspects of subchapter D to chapter XII of title 49; (2) subpart B provides the general framework for security 91345 programs; (3) subpart C covers operational requirements; and (4) subpart D would move and consolidate general provisions related to security threat assessments (STAs) which are more specifically addressed in part 1572. As previously discussed, mode— specific requirements are contained in subsequent parts. Because of the significant restructuring of part 1570, the proposed rule text includes the entirety of the revision—not just the parts that would be added because of this rulemaking. This includes terms applicable to the STAs required by part 1572, as well as related STA provisions that TSA proposes moving to new subpart D. 2. Subpart A—General Terms and Definitions (§ 1570.3) As previously indicated, TSA is proposing to move several terms from § 1570.3 to § 1500.3 as part of a general effort to streamline TSA’s regulations by consolidating terms used in multiple parts. In addition, TSA is proposing to add the terms identified in Table 4 to § 1570.3 as they are used in multiple sections of subchapter D to chapter XII of title 49. TABLE 4—EXPLANATION OF PROPOSED TERMS AND DEFINITIONS Summary of change Explanation Propose adding definition of ‘‘Contractor’’ ............................................... This term is used in the definition of ‘‘employee’’ for purposes of this subchapter and is based on a definition of contractor used in DOT regulations, see, e.g., 49 CFR 655.4. This term is used in several definitions, most notably, the definition of ‘‘security-sensitive employee,’’ which is the term used to define the scope of individuals who must be trained under the proposed rule (see discussion in III.E) and the requirements of the training program. See proposed definition of ‘‘security-sensitive employee’’ in 49 CFR 1580.3, 1582.3, and 1584.3. It is also used in sections regarding responsibility for compliance (proposed 49 CFR 1570.13), and terms used for ‘‘chain of custody’’ requirements in proposed 49 CFR 1580.3 (currently 49 CFR 1580.107). This term is used in the definition of ‘‘Employee.’’ It is intended to ensure that any ‘‘immediate supervisors’’ performing security-sensitive functions for an owner/operator receive the required security training. It is also intended to limit the layers of management that must receive security training to those who have an actual nexus to transportation security. More information can be found in the discussion of employees required to be trained in preamble section III.E. This term is used in provisions of part 1570 as part of the proposed security training requirements. The definition provides a signal to find the appropriate mode-specific definitions in 49 CFR parts 1580, 1582, and 1584. This term is used in provisions of part 1570 as part of the proposed security training requirements. The definition provides a signal to find the appropriate mode-specific definitions in 49 CFR parts 1580, 1582 and 1584. Propose adding definition for ‘‘Employee’’ ............................................... Propose adding definition of ‘‘Immediate supervisor’’ .............................. Propose adding definition of ‘‘Security-sensitive employee’’ ................... mstockstill on DSK3G9T082PROD with PROPOSALS3 Propose adding definition of ‘‘Security-sensitive job function’’ ................ 37 For more information on these regulations, see 69 FR 28078 (May 18, 2004). VerDate Sep<11>2014 20:02 Dec 15, 2016 Jkt 241001 38 Publicly available information on proper handling of SSI is available on TSA’s Web site at www.tsa.gov. PO 00000 Frm 00011 Fmt 4701 Sfmt 4702 E:\FR\FM\16DEP3.SGM 16DEP3 91346 Federal Register / Vol. 81, No. 242 / Friday, December 16, 2016 / Proposed Rules mstockstill on DSK3G9T082PROD with PROPOSALS3 Security Responsibilities for Employees and Other Persons (§ 1570.7) In proposed § 1570.7, TSA is seeking to make its regulations regarding the responsibility for compliance consistent for all modes. Under 49 U.S.C. 114(f), TSA is required to enforce security related regulations and requirements and oversee the implementation of security measures for all modes of transportation.39 As with the similar aviation regulation, the obligation for compliance is not limited to owner/ operators specifically referenced under applicability provisions. Any person may be held to have violated these proposed rules, including contractors who provide service to owner/operators and the employees of such contractors. For example, a contractor who is authorized by an owner/operator to provide security training to individuals performing security-sensitive functions on the owner/operator’s behalf would be expected to fulfill all of the responsibilities under these three parts with respect to such training. Similarly, contractors would also be subject to inspection for compliance with this proposed rule and enforcement actions when appropriate (see following discussion on proposed § 1570.9 for more information on TSA’s investigatory and enforcement authority). Compliance, Inspection, and Enforcement (§ 1570.9) TSA is mandated to: (1) Enforce its regulations and requirements; (2) oversee the implementation and ensure the adequacy of security measures; and (3) inspect, maintain, and test security facilities, equipment, and systems for all modes of transportation.40 This mandate applies even in the absence of regulations stating the authority, but TSA has chosen to include a restatement of its authority in its regulations. The statute specifically requires TSA to— • Assess threats to transportation; • Enforce security-related regulations and requirements; • Inspect, maintain, and test security of facilities, equipment, and systems; • Ensure the adequacy of security measures for the transportation of cargo; • Oversee the implementation, and ensure the adequacy, of security measures at airports and other transportation facilities; • Require background checks for airport security screening personnel, 39 See 49 U.S.C. 114(f)(7) and (11). A similar provision applicable to aviation employees and other related persons is in 49 CFR 1540.105(a)(1) and (b). 40 See 49 U.S.C. 114(f). VerDate Sep<11>2014 20:02 Dec 15, 2016 Jkt 241001 individuals with access to secure areas of airports, and other transportation security personnel; and • Carry out such other duties, and exercise such other powers, relating to transportation security as the Administrator considers appropriate, to the extent authorized by law. While current part 1570 includes a provision stating TSA’s compliance, inspection, and enforcement authority, it is not as detailed as what TSA has promulgated in more recent regulations.41 Therefore, TSA is proposing to transfer the text of current § 1580.5 to subpart A as proposed § 1570.9, with minor modifications to reflect the addition of certain bus operations that have previously been unregulated by TSA.42 3. Subpart B—Security Programs As previously noted, TSA intends to consolidate and avoid duplication of requirements in its regulations by placing all of the security program requirements that are consistent across all modes in subpart B. These include: (1) Submission, review, and approval of the program; (2) procedures for amending the program; (3) the training schedule (including initial and recurrent training, previous training, relation to other training, and failure to train); and (4) recordkeeping. Proposed requirements for which employees must be trained and content of the program are found in the proposed revisions to part 1580 (freight rail) and new parts 1582 (PTPR) and 1584 (OTRB). Program Content (§ 1570.103) Under the statutory requirements, TSA must issue regulations mandating security training for owner/operators of public transportation agencies, railroads, and OTRBs.43 In proposing these regulations, TSA assumes that Congress intended the requirement to provide for the use of ‘‘existing procedures, protocols, and standards to satisfy the regulatory requirements’’ for vulnerability assessments and security plans apply equally to security training.44 Proposed § 1570.3 implements these requirements by stating that each owner/operator 41 Compare current § 1570.11 with current § 1580.5. The provision in part 1580 is also consistent with 49 CFR 1542.5, 1544.3. 1546.3, 1548.3, and 1549.3. 42 A more detailed discussion of current § 1580.5, still relevant to the proposed section, can be found in the preamble for current part 1580. See 71 FR 76852 (Dec. 12, 2006) (NPRM) and 73 FR 72130 (Nov. 26, 2008) (Final Rule). 43 See 6 U.S.C. 1137, 1167, and 1184. 44 See 6 U.S.C. 1162(j) and 1181(i) (use of existing procedures, protocols, and standards to satisfy regulatory requirements). PO 00000 Frm 00012 Fmt 4701 Sfmt 4702 required to have a security program under proposed parts 1580, 1582, and 1584 must address all of the identified requirements. In addition, the proposed section implements the requirement to allow for use of existing programs by allowing the owner/operators to include these existing programs as an appendix. The owner/operators would be required to cross-reference the relevant portions of the appendix or TSA could assume it is all part of the security program and enforce it as such. To minimize costs of compliance, TSA may identify pre-existing or widely-available training programs that meet some or all of this proposed rule’s requirements. If owner/operators decide to use a program already determined by TSA to meet the proposed rules requirements, the owner/operator must notify TSA of the program name, presenter, modifications made to the training material since the program was approved by TSA, and the last date of modification. If TSA has already determined the program meets some or all of the requirements for the proposed rule and is applicable to the owner/ operator’s operations, it would be unnecessary for the owner/operator to submit a copy of the program to TSA for approval or include it in the appendix. Responsibility for Determinations (§ 1570.105) As part of this rulemaking, TSA is proposing to apply the requirements to the highest-risk operations within the three modes identified by the 9/11 Act. As part of the surface security requirements in the 9/11 Act, TSA is required to develop risk tiers.45 The criteria used for determining the highest-risk tier for each mode is discussed in more detail in section III.F of this NPRM. The text of proposed § 1570.105(a) informs owner/operators that TSA has determined the applicability criteria, but it is the owner/operator’s responsibility to determine whether their operations meet the criteria. The proposed rule would require owner/operators to notify TSA within 30 days of the effective date of the final rule if they meet the criteria for applicability. In addition to publishing the regulatory requirements in the Federal Register, TSA will work with 45 For public transportation, 6 U.S.C. 1137(e) states that any public transportation agency that receives a grant under 6 U.S.C. 1135 shall be required to develop and implement a training program pursuant to this section. The grant program implemented under sec. 1135 relies on high-risk determinations. See also 6 U.S.C. 1162(a) and (h) and 1181(a) and (h) (Secretary shall identify risk tiers for freight railroads and OTRB and apply regulatory requirements to those at the highest-risk). E:\FR\FM\16DEP3.SGM 16DEP3 Federal Register / Vol. 81, No. 242 / Friday, December 16, 2016 / Proposed Rules the relevant associations for each of the modes to ensure their memberships are apprised of the requirements. TSA will identify the form and manner of notification in the final rule consistent with cost-effective methodologies at that time. Because the proposed rule would require owner/operators to determine whether the criteria apply, TSA could bring an enforcement action against an owner/operator that meets the criteria, but has failed to comply with the requirements. The obligation to self-determine applicability also applies to new and existing operations (those commencing after publication of the final rule). They would be required to notify TSA no later than 90 calendar days before commencing operations or implementing modifications that would put them within the applicability of the requirements. mstockstill on DSK3G9T082PROD with PROPOSALS3 Recognition of Previous Training (§ 1570.107) As previously noted, TSA is required to allow use of existing programs to satisfy the security program requirements implemented as a result of 9/11 Act’s provisions.46 Under proposed § 1570.107, an owner/operator could rely on previous training that occurred within the identified periods for initial or recurrent training. In order to use previous training, the owner/operator would need to validate the training provided satisfies the requirements of this proposed rule—including records of training, curriculum, and appropriateness for the employee and owner/operator’s operations. Security Training Program Submission, Review, and Approval (§ 1570.109) The 9/11 Act’s requirements include specific deadlines for submission of programs and TSA’s review.47 Proposed § 1570.109 identifies the required deadlines for submitting security training programs and TSA approval. In general, not later than 90 days from the effective date of the final rule, owner/operators would be required to submit programs to TSA in a form and manner prescribed by TSA. Owner/ operators commencing new businesses or operations that would make them subject to this proposed rule would be required to submit their security training programs to TSA no less than 60 days before commencing operations. 46 See 6 U.S.C. 1162(j) and 1181(i) (use of existing procedures, protocols, and standards to satisfy regulatory requirements). 47 See 6 U.S.C. 1137(d)(1) and (2), 1167(d)(1) and (2), and 1184(d)(1) and (2) (must submit program 90 days from effective date, TSA must approve within 60 days of receipt or notify of need for revisions). VerDate Sep<11>2014 20:02 Dec 15, 2016 Jkt 241001 In the final rule, TSA will provide details for submission (encouraging use of a secure Web site or other electronic submissions). TSA assumes submission would likely be by email or mail service, but requests comments on preferences. Consistent with requirements of the 9/11 Act, TSA would review the programs within 60 days of receipt and either approve them or specify changes that would be needed for approval.48 If TSA requires changes, the owner/operator would be required to submit a modified training program that meets TSA’s specifications within 30 days of notification by TSA of the needed changes. The section includes the availability to request reconsideration of any TSA-required modifications. TSA provides an analysis of burden and estimated costs associated with this information collection in section V.A. of this preamble and the draft OMB 83–I Supporting Statement for its information collection request, which is available in the docket for this rulemaking. Initial training (§ 1570.111(a)) Consistent with the 9/11 Act’s requirements, TSA proposes that existing employees must be trained within one year of TSA’s approval of the program.49 As further required by the 9/ 11 Act, initial training for new employees or those transitioning to a covered job function (as identified in proposed Appendix B to parts 1580 (freight rail), 1582 (PTPR), and 1584 (OTRB), must occur within the first 60 days of the date an employee begins to perform a security-sensitive function.50 During the consultation process at the initial stages of this rulemaking, some stakeholders objected to a one-year deadline for completion of initial training. While the 9/11 Act does not provide for flexibility on the initial training schedule, TSA has attempted to address these concerns through provisions on recurrent and previous training (as discussed in section III.D.3 of this NPRM). In addition, TSA is proposing to include a section allowing regulated parties to request an extension 48 See 6 U.S.C. 1137(d)(1) and (2), 1167(d)(1) and (2), and 1184(d)(1) and (2) (TSA must approve within 60 days of receipt or notify of need for revisions). 49 See 6 U.S.C. 1137(d)(3), 1167(d)(3), and 1184(d)(3) (no later than 1 year after approval of security training program, owner/operator must have trained all covered employees). 50 This is a mandatory requirement for railroads and OTRB companies. See 6 U.S.C. 1167(d)(3) and 1184(d)(3) (New employees must be trained within first 60 days of employment). PO 00000 Frm 00013 Fmt 4701 Sfmt 4702 91347 if they cannot meet the required training schedule.51 Proposed § 1570.111(a)(3) is included to address the situation of nonpermanent employees. TSA recognizes that some individuals may be intermittently employed as contractors or representatives to perform securitysensitive functions; they might not perform these functions for 60 or more consecutive calendar days. For example, an employee may function as a maintenance worker for a 30-day period and then, at a later date, perform that function for another period of 30 days or longer. This may also include individuals who are employed by multiple owner/operators, such as multiple-employer drivers.52 The proposed rule would require that such individuals receive training within 60 calendar days after employment that meets the definition of a securitysensitive employee.53 In general, this means that an employee would need to be trained within 60 days of beginning permanent employment in a position that may perform a security-sensitive function, whether full or part-time. If, however, an individual is employed on an intermittent or non-permanent basis, such as a contractor who is employed in a position that may perform a securitysensitive function for short durations, then the training would need to take place before the individual’s total time of employment by the owner/operator equals sixty calendar days within a consecutive twelve-month period. TSA recognizes that some owner/operators may address this requirement by requiring training for all regular contractors or other individuals employed for short, but regular durations. TSA requests comments on other options for determining accumulated days of employment and for ensuring owner/operators do not engage in employment practices or use of contractors to avoid the requirements of this proposed rule. As previously noted, the proposed rule includes a provision regarding use of previous training (see discussion on proposed § 1570.107). TSA is aware of stakeholder concerns regarding the schedule for initial training, but TSA is also aware that many of the affected owner/operators have already implemented initial employee security training—frequently through the use of 51 See § 1570.115(c) of this proposed rule. as individuals meeting the definition of ‘‘multiple-employer driver’’ in the Federal Motor Carrier Safety Administration (FMCSA) regulations at 49 CFR 390.5. 53 See discussion of ‘‘security-sensitive employees’’ in section III.E. of this NPRM. 52 Such E:\FR\FM\16DEP3.SGM 16DEP3 91348 Federal Register / Vol. 81, No. 242 / Friday, December 16, 2016 / Proposed Rules mstockstill on DSK3G9T082PROD with PROPOSALS3 grant funds provided by DHS for that purpose.54 TSA invites comments on these requirements as they appear in the proposed rule. In meeting the initial training schedule, TSA expects that many owner/operators will rely on the provisions in proposed § 1570.107, which provides standards for accepting previous training. Under this section of the proposed rule, TSA would allow ‘‘training credit’’ to be given for employees who received training that satisfies the requirements of the proposed rule within one year before its effective date. This may include emergency preparedness plans that railroads connected with the operation of passenger trains must implement to address such subjects as communication, employee training and qualification, joint operations, tunnel safety, liaison with emergency responders, on-board emergency equipment, and passenger safety information, as well as policies that transit agencies implement to ensure safety promotion to support the execution of the Transit Agency Safety Plan by all employees, agents, and contractors for the rail fixed guideway public transportation system.55 See discussion of these training programs in section III.I. of this NPRM. Similarly, public transportation agencies may have been providing training through funds granted under the TSGP. The recordkeeping provisions of the proposed rule require an owner/ operator to provide current and former employees with documentation upon request of any training completed to meet the requirements of this rule.56 Options for compliance with this requirement could include providing employees with certificates to validate completed training. This proposed requirement anticipates situations where an employee may have received training from a previous owner/operator, as well as industry practices where employees may work for multiple owner/operators (such as commercial drivers operating OTRBs). If an owner/operator can validate that an employee has received the required training within the specified timeframe, the training would 54 Congressional appropriations to FTA fund course offerings to public transportation agencies that meet some of the requirements in this proposed rule. Similarly, appropriations through DHS fund the provision of courses in prevention and response that are available to PTPR agencies. Further, FTA and FEMA courses that may meet portions of this proposed rule are listed among the approved vendors and programs for use of TSGP awards. 55 Id. 56 See § 1570.121 of the proposed rule. VerDate Sep<11>2014 20:02 Dec 15, 2016 Jkt 241001 not need to be repeated. Because it would be the obligation of the current owner/operator to ensure that all training requirements are met, that owner/operator would be responsible for ensuring that any previous training courses satisfy the proposed rule’s requirements and documenting that the training was received within the required timeframe. Finally, there may be situations where ‘‘dual-hatted’’ or other specific-function employees are required to receive security training from other sources as part of their jobs, such as railroad police officers employed by the owner/ operator. As indicated above, it is the obligation of the owner/operator to ensure and document the training, including training received under these circumstances. Recurrent Training (§ 1570.111(b)) Recurrent training is essential for maintaining a high level of security awareness. The 9/11 Act recognizes this by requiring routine and ongoing training for public transportation employees.57 Congress has left it to the discretion of TSA to determine the appropriate schedule for recurrent training and to require a similar schedule for railroad and OTRB employees.58 TSA believes annual recurrent training is essential for transportation employees to maintain a high level of awareness, competency, and currency with overall changes in security posture within the surface transportation environment. TSA’s decision is consistent with several key considerations, including: (1) Other TSA regulations requiring training, as well as similar training required for TSA employees; (2) the difficulty of learning, developing, and demonstrating security awareness in the dynamic aspects of the surface transportation environment, and (3) industry recommended guidelines for security awareness training. TSA requires annual training for aviation workers. For example, regulations applicable to Ground Security Coordinators used by aircraft operators specifically require annual training.59 Other aviation workers are required to receive annual recurrent training as part of the approved security program (including aircraft operators, indirect air carriers, air cargo, etc.).60 57 See 6 U.S.C. 1137(f). 6 U.S.C. 1137(c)(11), 1167(c)(12), and 1184(c)(12). 59 See 49 CFR 1544.233. 60 The relevant security program requirements are under 49 CFR 1544.233, 1544.235, 1544.407, 1548.5, and 1549.103. 58 See PO 00000 Frm 00014 Fmt 4701 Sfmt 4702 TSA’s decision to require annual training is supported by the DifficultyImportance-Frequency (DIF) model 61 that TSA uses for determining training requirements for its own employees.62 The DIF model uses three design criteria: Difficulty, importance, and frequency. TSA’s subject matter experts responsible for TSA-related training determined that measuring the proposed security training program against these standards supports annual training as: (1) The difficulty of learning surface transportation security awareness related information is at the medium/ moderately difficult range because it requires decision making when applying what one has learned; (2) the importance of conducting this security training is at the high/very important range because the cost of failure is high and would cause damage and losses in the event of an attack; and (3) the frequency of how often the task would be performed is within medium range. TSA’s decision is also supported by the American Public Transportation Association (APTA) and their recommendations for security training: Security Awareness Training for Transit Employees.63 Developed in collaboration and consultation with TSA and transportation industry stakeholders, the recommended practice provides minimum guidelines for security awareness training for all transit employees to strengthen transit system security. APTA ‘‘recommends that all transit employees be refreshed on transit security awareness objectives annually, in an abbreviated method at least . . . to reflect advancements or modifications to criminal and terrorist activities and reinforce the security awareness training that employees received initially.’’ TSA does not find it necessary to include the ‘‘abbreviated method’’ option used by APTA as part of the proposed rule for two reasons. First, the 61 Bill Melton & J. Bahlis, ‘‘ADVISOR Enterprise Difficulty-Importance-Frequency (DIF) Model Fact Sheet’’, BNH Expert Software Inc. (February 23, 2011), available at https://www.bnhexpertsoft.com/ english/products/advent/ADVISOR_DIF_Model.pdf. DIF is a standard instructional design tool used by a variety of users including the Department of Defense (DOD), the Department of Energy (DOE), and private sector education and healthcare providers, to determine training priority and frequency of training. 62 The proposed schedule is consistent with TSA’s security awareness training for its own employees—including annual training on operational security (OPSEC), responding to active shooter incidents, and social engineering that could undermine security of information systems. 63 APTA Security Risk Management Working Group., ‘‘Security Awareness Training for Transit Employees’’ (March 2012), APTA–SS–SRM–RP– 005–12. E:\FR\FM\16DEP3.SGM 16DEP3 mstockstill on DSK3G9T082PROD with PROPOSALS3 Federal Register / Vol. 81, No. 242 / Friday, December 16, 2016 / Proposed Rules First ObserverTM program, discussed more fully in section III.J. of this NPRM, will meet most of the training requirements in approximately one hour. Having reviewed a wide variety of programs that could be used to meet elements of the 9/11 Act’s requirements, TSA is not aware of any other existing material that could meet all of the proposed requirements in such an abbreviated period.64 To the extent owner/operators intend to continue to use their existing training program to meet the regulatory requirements, they may want to consider using First ObserverTM as an abbreviated form of recurrent training. Second, owner/operators could request to use some other type of abbreviated security training as an alternative measure for compliance. Owner/operators may request to use alternative measures as part of the interactive and iterative process TSA intends to use for approval and review of required security programs, as detailed in proposed 49 CFR 1570.117. Under this proposed section, the owner/ operator must establish that the alternative is in the best interest of the public and transportation security. When applied to recurrent training, TSA may require validation that the expected baseline of security awareness is reached and maintained with the abbreviated program. For example, the owner/operator may propose abbreviated training for employees who can pass a pre-test. TSA is aware that an annual recurrent training requirement could present challenges for owner/operators who must also meet other regulatory training requirements. For example, FRA requires a two-year recurrent training schedule for the emergency preparedness training required under 49 CFR part 239 (emergency response and evacuation for rail passengers). The security training required by PHMSA under 49 CFR part 172 (securing transportation of hazardous materials) is on a three-year recurrent training cycle. As TSA does not control these training schedules, we cannot harmonize all of them through this rulemaking. To the extent, however, that owner/operators must comply with these other training requirements, they may be able to use them as part of their program to meet the meet recurrent training requirements. TSA is interested in 64 As part of the 2013 Notice, TSA included a matrix in the docket of training programs that meet elements of the 9/11 Act’s requirements. The matrix is available in the docket for the 2013 Notice at: https://www.regulations.gov/ (search for ’’TSA– 2013–0005–0084’’). Of the 20 programs listed, none of them addressed all of the 9/11 Act requirements. VerDate Sep<11>2014 20:02 Dec 15, 2016 Jkt 241001 comments regarding options for harmonizing training schedules and for adding efficiencies with other relevant regulatory requirements. While TSA is proposing annual recurrent training, a three-year recurrent cycle is included as a programmatic alternative. The results of the cost analysis for this alternative can be found in chapter III section K of the Regulatory Impact Analysis (RIA) for this rulemaking, which is included in the public docket. Amendments to the Security Program (§§ 1570.113 and 1570.115) Allowing owner/operators to revise or amend their programs, as proposed in § 1570.113, is a subset of addressing the 9/11 Act’s requirements for implementation and submission or programs.65 It is also consistent with TSA’s statutory authority to allow exemptions from regulatory requirements.66 Proposed § 1570.113 includes procedures allowing an owner/ operator to submit a request to TSA to amend its program and the standard for TSA’s approval of that request. The proposed section identifies appropriate reasons for amending programs, such as changes to an operating environment that could include new equipment or changes in station construction. If the operating environment changes, it is reasonable to expect that some aspects of the security training program would also need to be revised. TSA may approve an amendment if it is in the interest of public and transportation security and meets the required security standards. TSA could ask for additional information or time in order to makes its determination. Similarly, TSA may need to require amendments in the interest of the public and transportation security. The 9/11 Act specifically provides that TSA must update the requirements, as appropriate, ‘‘to reflect new or changing security threats’’ and owner/operators shall change their programs and retrain employees as necessary within a reasonable time.67 As indicated in proposed § 1570.115, TSA could require owner/operators to revise their training based on emerging threats or methods for addressing emerging threats. For example, the curriculum requirements identified in the 9/11 Act do not address training to respond to active shooter incidents. Following several active shooter incidents, including one that 65 See 6 U.S.C. 1137(d) (public transportation), 1167(d) (railroads), and 1184(d) (OTRB). 66 See 49 U.S.C. 114(q) (Under Secretary may grant exemptions from regulatory requirements). 67 See 6 U.S.C. 1137(d)(4) and 1167(d)(4) and 1184(d)(4). PO 00000 Frm 00015 Fmt 4701 Sfmt 4702 91349 resulted in the death of a Transportation Security Officer in Los Angeles, Congress prioritized the need for this type of training.68 As with other requirements imposed by TSA, the owner/operator could request a petition for reconsideration of TSA-required amendments. Alternative Measures (§ 1570.117) The proposed rule includes procedures allowing for an owner/ operator to submit a request to use alternative measures to satisfy all of some of the requirements of subchapter D and the standard for TSA to approve such a request. For example, the owner/ operator could request to extend the time periods for submitting its training program or for training all of its security-sensitive employees. In reviewing such a request, TSA would expect the owner/operator to demonstrate good cause for the extension. Under this provision, an owner/operator could request a waiver from some or all of the regulatory requirements. TSA could grant such a request under the authority 49 U.S.C. 114(q), which provides the TSA Administrator with authority to consider and grant requests from an owner/operator for a waiver from all or some of the regulatory requirements. For example, a freight railroad may meet the criteria for applicability, but the operations that trigger applicability may be a de minimis part of its overall business operations. In such a situation, the owner/operator might consider requesting either a complete waiver or an alternative that limits the requirements to a more discrete part of its business. Proposed § 1570.117 would include the procedures for requesting such a waiver, procedures for requesting the use of alternative measures, and identification of the types of information TSA would need in order to make a decision to grant such requests. In general, TSA would need to consider factors, such as risk associated with the type of operation, any relevant threat information, and any other factors relevant to potential risk to the public and transportation security. Petitions for Reconsideration (§ 1570.119) Proposed § 1570.119 describes the review and petition process for TSA’s reconsideration when it denies a request for amendment, waiver, or alternative measures—as well as a TSA requirement to modify or amend a 68 See Gerardo Hernandez Airport Security Act of 2015, Public Law 114–50, 159 Stat. 490 (Sept. 24, 2015). E:\FR\FM\16DEP3.SGM 16DEP3 91350 Federal Register / Vol. 81, No. 242 / Friday, December 16, 2016 / Proposed Rules program. If an owner/operator challenges the decision, the owner/ operator would be required to submit a written petition for reconsideration within the time frame identified in the applicable section.69 The petition would need to include a statement, with supporting documentation, explaining why the owner/operator believes the reason for the denial or for the amendment, as applicable, is incorrect. If the owner/operator requested the amendment, the results of the reconsideration could be confirmation of TSA’s previous denial or approval of the proposed amendment. If the issue involves a TSA required amendment, the results of the reconsideration could be withdrawal, affirmation, or modification of the amendment. TSA would consider whether a disposition pursuant to proposed 49 CFR 1570.119 would constitute a final agency action for purposes of review under 49 U.S.C. 46110. mstockstill on DSK3G9T082PROD with PROPOSALS3 Recordkeeping Requirements (§ 1570.121) TSA proposes that owner/operators create and maintain lists of their security-sensitive employees and when they received training that meets the requirements of the proposed rule. Specifically, records would need to include each trained employee’s name, job title or function, date of hiring, and date and course information on the most recent security training that each employee received. Records for individual employees would need to reflect the training courses completed and date of completion. Training records for each employee of initial and recurrent training would need to be maintained by owner/operators for no less than five years from the date of the training and available at any location(s) specified in the security training program approved by TSA. The proposed rule provides flexibility to owner/operators to decide whether to maintain the records in electronic format provided that (1) any electronic records system used is designed to prevent tampering, loss of data, or corruption of records, and (2) paper copies of records, and any amendments to those records, would be made available to TSA upon request for inspection or copying. Whether the 69 The proposed rule would require petitions for reconsideration to be submitted no later than 30 days of a TSA requirement to modify under § 1570.109, denial of an owner/operator-requested amendment under § 1570.111, or denial of a request for waiver or alternative measures under § 1570.117; submission would be required within 15 days for a TSA-required amendment under § 1570.113. VerDate Sep<11>2014 20:02 Dec 15, 2016 Jkt 241001 records are kept in electronic or other form, the employee must be provided with proof of training upon request, at any time during the five-year recordkeeping period without regard to the requestor’s current status as an employee of that entity. As discussed above in ‘‘Initial training (§ 1570.111(a)),’’ owner/operators may meet this requirement to provide proof of training by providing a certificate or other similar documentation to the employee upon completion of training. In order for TSA to allow any owner/ operator to rely upon previous security training to satisfy the requirements of this proposed rule, it is critical that employees be able to validate whether they received previous training. TSA assumes training records are unlikely to include SSI, but nonetheless provides a reminder in the proposed section that any SSI maintained as a result of these recordkeeping requirements must be maintained consistent with the standards in 49 CFR part 1520. For example, an owner/ operator may decide to keep a copy of the content of the training program with the employee files (which is not required by the proposed rule), if the curriculum contains SSI information, any file it is in would need to be stored as required by the SSI regulations. Owner/operators needing additional information about appropriately maintaining SSI may contact TSA for assistance and/or find information on TSA’s Web site.70 4. Subpart C—Operations Under current regulations (49 CFR part 1580), TSA requires freight and passenger railroad carriers, rail transit systems, rail hazardous materials shippers, and certain rail hazardous materials receivers to appoint ‘‘rail security coordinators’’ 71 (RSCs) and report significant security concerns to TSA.72 The RSC, serve as the security liaisons to TSA, providing a single point of contact for receiving communications and inquiries from TSA concerning threat information or security procedures, and coordinating responses with appropriate law enforcement and emergency response agencies. The information reported to TSA provides information from the frontline of rail transportation that can be used to identify developing threats based on consolidated reporting and trend analysis. Because of the benefits of this requirement to transportation security, 70 See https://www.tsa.gov/for-industry/sensitivesecurity-information. 71 See 49 CFR 1580.101 and 1580.201. 72 See 49 CFR 1580. 105 and 1580.203. PO 00000 Frm 00016 Fmt 4701 Sfmt 4702 TSA is proposing to extend these requirements to the modes of transportation covered by this proposed rule that are not currently subject to the requirements of 49 CFR part 1580. Security Coordinator Requirements (§ 1570.201) As previously noted, TSA currently requires security coordinators for rail operations including freight, passenger, and public transportation. In addition to mandating security coordinators for railroads, the 9/11 Act also requires security coordinators for OTRB companies.73 Consistent with this mandate, TSA proposes to extend the requirement to appoint a primary and at least one alternate security coordinator for OTRB companies and the bus operations of PTPR owner/operators (with a limited impact as most public transportation bus agencies are part of a larger system that is required to have a security coordinator under current 49 CFR part 1580). This would be accomplished by moving the provision from part 1580 to subpart C of the proposed rule and eliminating railspecific terms from the text. Security coordinators are a vital part of transportation security, providing TSA and other government agencies with an identified point of contact with access to company leadership and knowledge of the owner/operators operations, in the event it is necessary to convey extremely time-sensitive information about threats or security procedures to an owner/operator, particularly in situations requiring frequent information updates. The security coordinator and alternate provide TSA with a contact in a position to understand security problems; immediately raise issues with, or transmit information to, corporate or system leadership; and recognize when emergency response action is appropriate. The individuals must be accessible to TSA 24 hours per day, 7 days per week. The proposed rule does not change the expectation that the security coordinator and alternate be appointed at the headquarters level. This proposed rule does not require the security coordinator or alternate to be a dedicated position staffed by an individual who has no other primary or additional duties. This proposed rule, however, does require that the owner/ operator have a designated individual 73 See 6 U.S.C. 1162(e)(1)(A) (‘‘Identification of a security coordinator having authority—(i) to implement security actions under the plan; (ii) to coordinate security improvements; (iii) to receive immediate communications from appropriate Federal officials regarding railroad security’’). E:\FR\FM\16DEP3.SGM 16DEP3 Federal Register / Vol. 81, No. 242 / Friday, December 16, 2016 / Proposed Rules that TSA may reach at all times. The proposed rule would require the following information for both the security coordinator and alternate: Name, title, telephone number(s), and email address. Any change in this information would have to be provided to TSA within seven days of the change taking effect. As previously noted, this is not a new requirement for owner/operators of railroads, including the rail transit operations of PTPR owner/operators. If an owner/operator subject to this proposed rule has provided the required information for primary and alternate RSCs to TSA in the past, it would not have to take further action to meet the requirement.74 This is the case for passenger rail carriers, freight railroad carriers, and rail transit systems operated by public transportation agencies. mstockstill on DSK3G9T082PROD with PROPOSALS3 Extension and Modification of Requirement To Report Security Concerns (§ 1570.203) TSA is proposing to make two changes to its existing requirements in part 1580 to report security concerns to TSA.75 As with the security coordinator requirement, TSA proposes to move and consolidate the requirement into proposed § 1570.203 and extend it to bus operations.76 TSA is also proposing to modify the security concerns to be reported to address a need for clarification and align with other relevant standards. Since publication of 49 CFR part 1580, some stakeholders have asked TSA for clarification of the events they are required to report pursuant to 49 CFR 1580.105 and 1580.203. Additionally, in December 2012, the U.S. Government Accountability Office (GAO) published a report on passenger rail security.77 In 74 The requirement to inform TSA of any changes is not modified by this proposed rulemaking. Therefore, those currently covered by the security coordinator and reporting requirements under current 49 CFR part 1580 must report information regarding changes to the names, titles, telephone numbers, and email addresses of the RSCs and alternate RSCs to TSA within seven calendar days of the change taking effect. 75 See current 49 CFR 1580.105 and 1580.203. 76 This extension is within TSA’s discretion to require other actions or procedures determined to be appropriate to address the security of public transportation and OTRB operations. See 6 U.S.C. 1134(c)(2)(I) and 1181(e)(1)(H). 77 See GAO, ‘‘Passenger Rail Security, Consistent Incident Reporting and Analysis Needed to Achieve Program Objectives,’’ GAO–13–20 (December 2012). VerDate Sep<11>2014 20:02 Dec 15, 2016 Jkt 241001 the report, GAO stated that TSA has inconsistently overseen and enforced its rail security incident reporting requirement because the agency does not have guidance published, leading to considerable variation in the types and number of incidents reported. The GAO recommended that the agency develop guidance on the types of incidents that should be reported and this guidance should be disseminated to TSA inspectors and regulated entities, including rail and transit agencies. Pending this rulemaking, TSA provided information to the railroads and transit agencies subject to the requirements of part 1580 to provide more examples about the types of incidents that should be reported. TSA is also modifying the list of reportable significant security concerns to be more consistent with the Nationwide Suspicious Activity Reporting (SAR) Initiative (NSI). The NSI is a partnership between Federal, State, local, tribal, and territorial law enforcement that ‘‘establishes a national capacity for gathering, documenting, processing, analyzing and sharing SAR information . . . in a manner that rigorously protects the privacy and civil liberties of Americans.’’ 78 The NSI defines ‘‘suspicious activity’’ as ‘‘observed behavior reasonably indicative of pre-operational planning associated with terrorism or other criminal activity.’’ 79 The NSI implements a standardized, integrated approach to gathering, documenting, processing, analyzing, and sharing information about suspicious activity that is potentially terrorism-related. In applying this approach, standards have been developed, setting criteria for the types of activities that warrant reporting as suspicious and potentially terrorismrelated. These criteria recognize the capability of law enforcement and security professionals to apply their experience and expertise to identify significant security concerns by focusing on the nature of the incidents and the context in which they occur. The standardized approach among law enforcement officers and security officials with surface transportation entities produces more informative 78 See Nationwide SAR Initiative (NSI), ‘‘About the NSI’’ (accessed Nov. 3, 2016), available at https:// nsi.ncirc.gov/about_nsi.aspx. 79 Id. PO 00000 Frm 00017 Fmt 4701 Sfmt 4702 91351 reports that can more effectively focus investigative efforts and intelligence analysis for potential trends and indicators of terrorism-related activity. Thus, TSA intends to ensure clarity by incorporating the examples previously provided to industry and consistency by aligning its regulations with the concepts of the NSI. The proposed list of reportable incidents can be found in proposed Appendix A to part 1570 and includes not only a list of incidents, but descriptions and examples to assist regulated parties in making a determination of whether an incident fits within the reporting requirements. Finally, TSA is proposing to modify the schedule for reporting incidents. Currently the regulation requires immediate reporting to TSA. If, however, there is an immediate threat, the first priority is to notify and work with first responders. Therefore, TSA is proposing to remove the necessity for immediacy and, instead, require notification within 24 hours of the incident (see proposed 49 CFR 1570.203(a)). This will enable TSA to obtain timely information without undermining the ability of the owner/ operator to appropriately handle a situation requiring their full attention. Examples for Reporting Information (§ 1570.203(b)) As previously noted, TSA has almost a decade of experience with incidents reported by railroads under current 49 CFR part 1580. Based on this experience, TSA recognizes that its ability to analyze the data and improve the quality of information disseminated back to its stakeholders is proportional to the quality of information it receives. Proposed § 1570.203(b) is consistent with the previous reporting requirements, which reflected the need for detailed and verified information from individual owner/operators to enhance TSA’s ability to provide timely and useful information products to all of the relevant stakeholders. While not included in the rule text, Table 5 is being provided to assist security coordinators and other responsible officials to understand TSA’s expectations for the types of information that are needed in order to meet the standards of § 1570.203(b). E:\FR\FM\16DEP3.SGM 16DEP3 91352 Federal Register / Vol. 81, No. 242 / Friday, December 16, 2016 / Proposed Rules TABLE 5—EXAMPLES OF REPORTING INFORMATION REQUIRED BY PROPOSED § 1570.203(C) Reporting requirements in proposed § 1570.203(c) Examples • Company Representative: Joe BLOGGS. • Company: ABC Rail Road Company. • Address: XXXXX, XX (Street), XXXXX (City), XX (State), XXXXX (ZIP). • Phone: (111) 123–1234. • POC Email: Reporting.Official@ABCRR.com. (2) The affected freight or passenger train, transit vehicle, motor vehi- • Locomotive: ABCRR, Reporting Marks. cle, station, terminal, rail hazardous materials facility, or other facility • Locomotive Number 1234. or infrastructure, including identifying information and current location. • Rail Car: ABCRR Railcar Number XXXX 001234. • Train: ABCRR Train Number XXX of XX, etc. • Facility: ABCRR (Rail Yard, Subway Station, Passenger Station, Storage Yard, Repair Facility, etc.) and facility physical address. • Right of Way: Mile Post Marker, Sub-division, and physical address (as much as known). (3) Scheduled origination and termination locations for the affected • ABCRR, Northern Corridor Express–Boston to New York, XYZ Line, freight or passenger train, transit vehicle, or motor vehicle, including via X, Y and Z Cities. Train Number XXX of XX is currently located departure and designation city and route. at: MP 123.12, XXX Sub-division, XXXX (City), XX (State). • Transit Vehicle: ABCRR LRV Number XXXXX etc. Route: XXX North Corridor. Is currently located at XXXX Line Section or XXX Station, Street, City, State, ZIP. (4) Description of the threat, incident, or activity, including who has • At XXXX hours, January 01, 2020. been notified and what action has been taken. • ABCRR Police Sergeant, Joe BLOGGS, badge number XXXX, ABCRR Police Department (ABCPD) reported the following: At WWWW hours, January 01, 2020, a suspicious person (described as a white male, approximately 6′0″ tall, 190 lbs., blonde hair, approximately 35 to 40 years of age, wearing a long black knee-length coat, blue jeans, red sneakers, and a XXXX ball club baseball hat) was detected adjacent to the ticket vending machine at the street level entrance to the XXst Street and YYYYY Avenue, Station, XXXX (City), XX (State). The person was deemed suspicious because although the temperature at the time was 85 degrees, he was wearing a knee-length heavy black coat. The individual was sweating and exhibited nervousness when security officials were present (the individual looked away every time a security official appeared, so as to not reveal his face). The individual had a black ‘‘Traveler,’’ ‘‘Expandable’’ suitcase with him (estimated measurements: 36″ W X 24″H X 12″ D) with a red piece of ribbon tied to the handle. At WWW5 hours, the individual rapidly departed the area when a security official began to approach him, leaving the black suitcase behind. A review of the Closed-circuit television (CCTV) surveillance system determined the individual had arrived at the station at VV30 hours in a Red, 4-door, Land Rover, VA License Plate XX123XXXX, which was parked adjacent to the XXXXX. Closed-circuit television revealed the vehicle was being driven by a white female with shoulder length blonde hair, approximately 35 years of age. A check of the VA DOT License registry revealed the vehicle is registered to Joe DOE, DOB: XX/XX/XXXX, POB: XXXXX (City), XX (State) and Jane (NEE: SMITH) DOE, DOB: XX/XX/XXXX, POB: XXXXX (City), XX (State) of 1234 West Disobedience Street, Anytown, VA 202XX, Phone Number: (XXX) XXX–XXXX. A check of the VA driver’s license registry revealed similar/matching descriptions of Joe and Jane DOE to those persons identified during the incident. At ZZZZ hours, a XXXX City Police Explosive Ordnance Demolition (EOD) team conducted an examination of the black suitcase with x-ray equipment and determined the suitcase contained an unknown device comprised of wiring and circuitry. Explosive Ordinance Disposal (EOD) disrupted the suitcase, which yielded negative secondary results. EOD’s examination of the suitcase’s contents revealed limited amounts of women’s clothing and what appeared to be the inner workings of a radio. At ZZZ1 hours, the scene was cleared by XXXX City Police EOD Sergeant Jeff BOMBGARTEN, badge number XXXX who secured the suitcase and its contents and transported them away from the facility. (5) The names and other available biographical data, and/or descrip- • Witness: Joe SMITH, DOB: XX/XX/XXXX, POB: XXXX City, XX tions (including vehicle or license plate information) of individuals or State. Address: XXXXX, XX Street, XXXX City, XX State, Phone vehicles known or suspected to be involved in the threat, incident, or Number (XXX) XXX–XXXX, ABCRR, XXXX (Address), (XXX) XXX– activity. XXXX. • Security: Fred ARRESTER, Sergeant, XXXX (City) Police Department, Badge # XXXX, Phone Number: (XXX) XXX–XXXX. • Suspected Associate: Mrs. Jane DOE. mstockstill on DSK3G9T082PROD with PROPOSALS3 (1) The name of the reporting individual and contact information, including a telephone number or e-mail address. VerDate Sep<11>2014 20:02 Dec 15, 2016 Jkt 241001 PO 00000 Frm 00018 Fmt 4701 Sfmt 4702 E:\FR\FM\16DEP3.SGM 16DEP3 Federal Register / Vol. 81, No. 242 / Friday, December 16, 2016 / Proposed Rules 91353 TABLE 5—EXAMPLES OF REPORTING INFORMATION REQUIRED BY PROPOSED § 1570.203(C)—Continued Reporting requirements in proposed § 1570.203(c) Examples (6) The source of any threat information ................................................. 5. Subpart D—Security Threat Assessments As previously noted, TSA is including the full text of revised part 1570 as it would look with the proposed changes—including three sections related to STAs generally unaffected by this rulemaking. As part of this rulemaking, TSA would move all sections of current part 1570 limited to STAs to a new subpart D, to consist of §§ 1570.301 (formerly § 1570.7— fraudulent use or manufacture; responsibilities of persons), 1570.303 (formerly § 1570.9—inspection of credential); and 1570.305 (formerly § 1570.13—false statements regarding security background checks by public transportation agency or railroad carrier). Only the last provision (§ 1570.305) has been revised, with revisions limited to removing definitions for terms that have been added elsewhere as part of this rulemaking. E. Security-Sensitive Employees (§§ 1580.3, 1582.3, and 1584.3) As part of requiring security training for frontline employees of railroads, • DOB: XX/XX/XXXX, POB: XXXX City, XX State. Address: XXXXX, XX (Street), XXXX (City), XX (State), Phone Number (XXX) XXX– XXXX, ABCRR, XXXX (Address), (XXX) XXX–XXXX. • Jane DOE, DOB: XX/XX/XXXX, POB: XXXX (City), XX (State). Address: XXXXX, XX (Street), XXXX (City), XX (State), Phone Number (XXX) XXX–XXXX, ABCRR, XXXX (Address), (XXX) XXX–XXXX. PTPR, and OTRB owner/operators–the 9/11 Act provided definitions for ‘‘frontline employee’’ within each mode of transportation.80 For the reasons discussed below, TSA is proposing to use the term ‘‘security-sensitive employees,’’ with specific definitions of the term for freight rail, PTPR, and OTRB operations. These proposed definitions, which would appear in §§ 1580.3 (freight rail), 1582.3 (PTPR), and 1584.3 (OTRB), would need to be used by owner/operators to determine which employees must receive security training. TSA’s proposed definition began with an analysis of the employees listed in the 9/11 Act’s definitions of ‘‘frontline employees’’ and whether there are any other employees who may be in a position to spot suspicious activity because of where they work, their interaction with the public, or their access to information (such as cleaning the restrooms, selling tickets and providing assistance to passengers, maintaining equipment and operations in vulnerable areas, or operating a train or bus). TSA also considered who would need to know how to report or respond to these potential threats. The only gap identified between the employees stipulated in the 9/11 Act and those that would fall under the discretionary category are those who have specific responsibilities under any security plan the organization may have. While most of these individuals are likely identified in other categories, from a security perspective it is essential that there are no gaps, particularly where individuals may have responsibility for responding to a terrorist-related emergency. As a result of this analysis, TSA proposes that employees who perform functions with a direct nexus to, or impact on, transportation security be designated as ‘‘security-sensitive employees’’ based on their job functions. While TSA has proposed a specific list of job functions relevant to the mode, these roughly fall into similar categories. Table 6 aligns these categories with the definitions of frontline employee in the 9/11 Act. TABLE 6—COMPARISON OF SECURITY TRAINING NPRM PROPOSED CATEGORIES FOR ‘‘SECURITY-SENSITIVE EMPLOYEES’’ TO 9/11 ACT DEFINITIONS OF ‘‘FRONTLINE EMPLOYEES’’ WHO MUST BE TRAINED 9/11 Act—Definitions of frontline employees Proposed rule—security-sensitive job functions 6 U.S.C. 1151(6) Railroad frontline employees A. Operating a vehicle ..................................................... Locomotive engineers, conductors, trainmen, and other onboard employees. Maintenance and maintenance support personnel, and bridge tenders. ............................................ Transit vehicle driver or operator. Drivers. Maintenance and maintenance support employee. Maintenance and maintenance support personnel. Dispatchers ........................ Security personnel ............. Dispatchers ........................ Security employee, or transit police. mstockstill on DSK3G9T082PROD with PROPOSALS3 B. Inspecting and maintaining vehicles ........................... C. Inspecting or maintaining building or transportation infrastructure. D. Controlling dispatch or movement of a vehicle .......... E. Providing security of the owner/operator’s equipment and property. 80 See 6 U.S.C. 1151(6) (railroads), 6 U.S.C. 1131(4) (public transportation), and 6 U.S.C. VerDate Sep<11>2014 20:02 Dec 15, 2016 Jkt 241001 6 U.S.C. 1131(4) Public transportation frontline employees * ............................................ 1151(5) (OTRB and railroad frontline employees, respectively). PO 00000 Frm 00019 Fmt 4701 Sfmt 4702 6 U.S.C. 1151(5) OTRB frontline employees E:\FR\FM\16DEP3.SGM 16DEP3 Dispatchers. Security personnel. 91354 Federal Register / Vol. 81, No. 242 / Friday, December 16, 2016 / Proposed Rules TABLE 6—COMPARISON OF SECURITY TRAINING NPRM PROPOSED CATEGORIES FOR ‘‘SECURITY-SENSITIVE EMPLOYEES’’ TO 9/11 ACT DEFINITIONS OF ‘‘FRONTLINE EMPLOYEES’’ WHO MUST BE TRAINED—Continued 9/11 Act—Definitions of frontline employees Proposed rule—security-sensitive job functions 6 U.S.C. 1151(6) Railroad frontline employees F. Loading or unloading cargo or baggage and/or ......... G. Interacting with travelling public (on board a vehicle or within a transportation facility) Locomotive engineers, conductors, and other onboard employees. H. Complying with security programs or measures, including those required by federal law (a catch-all category that would include a small number of employees such as security coordinators and any other individuals who may have responsibility for carrying out aspects of the owner/operator’s security program or measures who are not otherwise identified in the previous categories). Any other employees of railroad carriers that the Secretary determines should receive security training. 6 U.S.C. 1131(4) Public transportation frontline employees * Station attendant, customer service employee, and any other employee who has direct contact with riders on a regular basis. Any other employee of a public transportation agency that the Secretary determines should receive security training. 6 U.S.C. 1151(5) OTRB frontline employees Ticket agents [and] other terminal employees. Other employees of an over-the-road bus operator or terminal owner or operator that the Secretary determines should receive security training. mstockstill on DSK3G9T082PROD with PROPOSALS3 * Definition of 1151(6) applies to passenger rail operations. In general, TSA proposes to define mode-specific ‘‘security-sensitive employees’’ as employees performing one of the security-sensitive job functions identified in a proposed appendix for each part. The definition of ‘‘employee’’ in proposed § 1570.3 includes immediate supervisors, contractors, and other authorized representatives. The intent is that anyone who performs a securitysensitive function must have the training, including managers, supervisors, or others who perform the function or who so directly supervise the performance of a function that their nexus to the job function is equivalent to the employee. For example, a yardmaster in freight railroad operations would be considered a securitysensitive employee because he or she directs security-sensitive functions, even if not in the direct management chain of all individuals performing those functions. At the same time, individuals within a corporate structure who neither perform a security-sensitive function nor have direct management responsibilities over individuals who do are unlikely to have a position within the corporation with a significant nexus to transportation. To the extent there are such individuals in the management structure, they would not be considered ‘‘security-sensitive’’ employees. In choosing the term ‘‘securitysensitive employee,’’ TSA recognized the relationship of this proposed rule to other regulatory requirements applicable to the population covered by this proposed rule. The Department of Transportation uses the terms ‘‘safetysensitive function’’ and ‘‘safety-sensitive employees’’ in its regulations to identify VerDate Sep<11>2014 20:02 Dec 15, 2016 Jkt 241001 employees whose functions require special measures to ensure (emphasis added) safety, such as drug and alcohol testing and rules governing hours of service.81 TSA proposes using the term ‘‘security-sensitive’’ to identify employees whose job functions require special measures to enhance (emphasis added) security. The scope of security-sensitive employees is broader than safetysensitive employees. In other words, having analyzed the job functions that are regulated as safety-sensitive, TSA has determined that while there are some security-sensitive employees that may not be in safety-sensitive employees, there are no safety-sensitive employees that are not also securitysensitive employees. In the rail context, owner/operators have already identified employees in safety-sensitive positions because they are covered by the Federal hours of service laws 82 during a duty tour. Therefore, TSA proposes to include any rail employee subject to the Federal hours of service laws (49 U.S.C. 211) in the designation of securitysensitive employees to reduce the regulatory impact of identifying these individuals. To further reduce the impact of these proposed training requirements, TSA and DOT anticipate that owner/operators will provide training sessions that meet the requirements of DOT and the proposed requirements of TSA. 81 See 49 CFR 40.1; see also 49 U.S.C. 20140, 21101–21108, 49 CFR parts 219 and 228, 49 CFR 382.107 (motor carriers), and 49 CFR 655.4 (public transportation). 82 49 U.S.C. 21101 et seq. The relevant definitions are included in 49 U.S.C. 21101. PO 00000 Frm 00020 Fmt 4701 Sfmt 4702 TSA also recognizes that each mode covered by the NPRM has unique operating environments and functions. To address unique aspects of each mode, the security-sensitive functions are identified in mode-specific tables within the proposed rule.83 These tables provide general categories and accompanying modal-specific securitysensitive functions. All employees performing ‘‘security-sensitive functions’’ as described in the appendices must be trained. The table in proposed part 1580 Appendix B is unique in that it includes examples of the job titles related to these functions based on historic use of these terms for railroads. The job titles, however, are provided solely as a resource to help understand the functions described; whether an employee must be trained is based upon the function, not the job title. TSA encourages owner/operators to consider other employees within a corporate structure who may not be performing a security-sensitive function as identified in the proposed rule, but who could provide an additional layer of security if they received security training. Furthermore, if an owner/ operator identifies positions or functions not listed by TSA as securitysensitive, but which have the nexus to transportation security that is intended to be covered by the proposed rule, TSA would encourage the owner/operator to identify and include those employees within its security training program. Finally, TSA is aware that some freight rail employees identified as 83 See proposed Appendices B to parts 1580 (freight railroad), 1582 (passenger railroad and public transportation), and 1584 (OTRB). E:\FR\FM\16DEP3.SGM 16DEP3 Federal Register / Vol. 81, No. 242 / Friday, December 16, 2016 / Proposed Rules ‘‘security-sensitive’’ may also be considered ‘‘hazmat employees’’ and, therefore, subject to security training under 49 CFR 172.704 (these provisions are part of the hazardous materials regulations promulgated by PHMSA). It is not, however, a one-to-one correlation as determining which employees should be identified as ‘‘security-sensitive’’ for purposes of receiving training under this proposed rule is not the same analysis as that conducted for determining if an individual meets the definition of ‘‘hazmat employees’’ who must receive training under the PHMSA rule. As a result, there may be some overlap, but the group of individual employees that must be trained under the separate rules is unlikely to be identical. The effect of the overlap on training requirements is further discussed in section III.G of this NPRM. mstockstill on DSK3G9T082PROD with PROPOSALS3 F. Security Programs—Applicability (§§ 1580.301, 1582.301, and 1584.301) As previously noted, the 9/11 Act mandates regulations requiring security training for frontline employees of public transportation agencies (6 U.S.C. 1137); railroads (6 U.S.C. 1167); and OTRBs (6 U.S.C. 1184). In implementing these requirements, TSA considered the operations and security risks associated with each mode identified in the 9/11 Act. This analysis determined risk consistent with DHS’s official definition of risk as the ‘‘potential for an adverse outcome assessed as a function of threats, vulnerabilities, and consequences associated with an incident, event, or occurrence.’’ 84 As TSA focuses on the risk associated with acts of terrorism, this analysis considers threat as informed by intelligence, potential consequences of a terrorist attack, and inherent vulnerabilities in transportation systems and operations. In general, the security training requirements of this proposed rule would apply to owner/operators 85 with operations that meet the criteria identified in §§ 1580.301, 1582.301, and 1584.301. From a counter-terrorism perspective, TSA has determined that less than 300 out of approximately 10,000 surface transportation operations meet this criteria. Consistent with its commitment to a risk-based approach to transportation security, the proposed rule would only apply to these higherrisk operations. Nonetheless, TSA also encourages lower-risk operations to implement security training programs 84 DHS Risk Lexicon, 2010 Edition, at 27. proposed definition of ‘‘owner/operator’’ in § 1500.3 and discussion of terms in section III.A.1, Table 3, of this NPRM. 85 See VerDate Sep<11>2014 20:02 Dec 15, 2016 Jkt 241001 consistent with the requirements in this proposed rule. While the proposed criteria assume general similarities for operations within each mode, TSA recognizes that not all owner/operators have similar corporate structures and that there are many considerations affecting organizational decisions. TSA considered an applicability determination that would require a parent corporation to provide security training to its employees if one subsidiary triggered the requirements. But there may be some owner/operators that are subsidiaries of subsidiaries to a parent company that have no other transportation-related assets. Recognizing these variations in corporate structure, TSA is proposing to limit the requirements to the level of the subsidiary whose operations would trigger applicability. During the review and approval process, TSA would work with owner/operators in an effort to address any compliance issues based on corporate structure. For example, owner/operator A may be organized to make each regional area a separate subsidiary. As such, only the subsidiary that meets the applicability requirements would be required to develop a security training program. Owner/operator B may be a single entity for purposes of corporate-legal structure, with branches rather than subsidiaries providing service on specific routes. Under the rule, the entire corporation would be subject to the requirements based on the operations of one route. In this situation, owner/operator A could choose to submit a proposed alternative that would apply the requirements to branches and a handful of headquarters or other regional employees that provide them operational support. The submission requirements and procedures for requesting alternative measures are discussed in section III.D.3 of this NPRM. The following section describes how TSA considered each of these risk elements in determining applicability for the proposed rule. 1. Freight Railroad Approximately 574 freight railroads operate on the general railroad system of transportation in the United States.86 The general railroad system of transportation is a shared rail network in which multiple railroad operators may use the same tracks for multiple 86 Under 49 CFR part 209, Appendix A, the ‘‘general railroad system of transportation’’ is defined as ‘‘the network of standard gage track over which goods may be transported throughout the nation and passengers may travel between cities and within metropolitan and suburban areas.’’ PO 00000 Frm 00021 Fmt 4701 Sfmt 4702 91355 purposes. Thus, a very small railroad operator may be using the same tracks as a large operator, and a freight railroad will often operate on the same tracks as a passenger rail operator. The geographic scope of this mode includes railroads operating on nearly 140,000 miles of track throughout North America.87 The freight rail system transports 40 percent of intercity freight volume and approximately one-third of U.S. exports to ports and other distribution centers.88 Commodities and products include consumer goods, agriculture and food products, motor vehicles, coal, chemicals, paper and lumber, and other commodities including ores, petroleum, and minerals.89 In addition, freight rail lines are used for the operation of most of the commuter and intercity passenger railroads outside of the northeast corridor and freight rail personnel are sometimes used, on a contractual basis, to operate passenger trains. Class I railroads 90 account for 69 percent of U.S. freight rail mileage and 90 percent of the employees. They are the only providers of intercity freight rail transportation, supporting major economic sectors in 44 states. Outside of the Northeast Corridor, Amtrak is dependent on Class I railroads for its operations—over 70 percent of Amtrak’s routes operate on track owned by other railroads.91 Threat Intelligence reviews of various attacks worldwide, as well as analysis of seized documents and the interrogation of captured and arrested suspects, reveal historic interest in carrying out attacks on railroad systems. For freight rail, the threat is greatest for shipments of RSSM, such as poison or toxic inhalation hazards (TIH), which could be directly 87 Association of American Railroads (AAR), ‘‘Railroad Facts, 2014 Edition’’ at pgs. 3 and 5 (2014). 88 Id. 89 Id. 90 TSA is not modifying the definition of ‘‘Class I’’ in current 49 CFR part 1580, which incorporates by reference the Surface Transportation Board’s classification of railroads based on annual operating revenues. The following are currently designated as Class I railroads: BNSF Railway, CSX Transportation, Grand Trunk Corporation, Kansas City Southern Railway, Norfolk Southern Combined Railroad Subsidiaries, Soo Line Corporation, and Union Pacific Railroad. 91 See DeGood, Kevin, ‘‘Understanding Amtrak and the Importance of Passenger Rail in the United States’’ (posted June 4, 2015), available at https:// www.americanprogress.org/issues/economy/report/ 2015/06/04/114298/understanding-amtrak-and-theimportance-of-passenger-rail-in-the-united-states/. See also Amtrak, ‘‘A Message from Amtrak Regarding On-Time Performance’’ (posted Feb. 8, 2015), available at https://blog.amtrak.com/2015/02/ message-amtrak-regarding-time-performance/. E:\FR\FM\16DEP3.SGM 16DEP3 91356 Federal Register / Vol. 81, No. 242 / Friday, December 16, 2016 / Proposed Rules targeted or used as a weapon of mass effect with devastating physical and psychological consequences. Materials designated as RSSM are a subset of hazardous materials designated by PHMSA under 49 CFR 172.800(b).92 Vulnerability The diversity and expanse of the North American railroad system presents a unique preparedness challenge related to preventing, responding to, and recovering from potentially devastating effects. The rail network is vast and the owner/operators vary in size and communities served. Numerous passenger and commuter rail systems throughout the country operate at least partially over tracks or rights-ofway owned by freight railroads. mstockstill on DSK3G9T082PROD with PROPOSALS3 Consequences The interdependency of the railroad infrastructure—bridges, tunnels, dispatch and control centers, tracks, signals, and switches—means that threats and incidents affecting one railroad could impact many others on the general railroad system of transportation. A successful terrorist attack on the U.S. rail system could affect the functioning of private businesses and the government, and cause cascading effects far beyond the targeted physical location. Such an attack could result in significant losses in terms of human casualties, property destruction, and economic effects, as well as damage to public morale and confidence. Disruption or delay of rail service would also have adverse impacts on other sectors. For example, freight railroads have a critical role in the support of the energy sector and are responsible for the transportation of more than 70 percent of all U.S. coal shipments. They are also a critical part of the supply chain for military weapons and supplies. While railroads have been able to quickly respond to delays caused by natural disasters, such as the 2013 flooding in Colorado that washed-out tracks and delayed coal shipments and Amtrak service, this requires rerouting and can cause significant over-crowding and delays on lines used to move passengers and cargo pending restoration of damaged infrastructure.93 Similarly, the release of 92 TSA is proposing to adopt the list in 49 CFR 172.800(b) for purposes of meeting the requirement in sec. 1501 of the 9/11 Act to define transportationrelated security-sensitive materials. This definition is discussed in section III.A.2 of this NPRM. 93 See ‘‘Colorado floods wash out tracks, delay coal shipments, Amtrak service,’’ The Denver Post (Sept. 16, 2013), available at https:// www.denverpost.com/2013/09/16/colorado-floodswash-out-tracks-delay-coal-shipments-amtrakservice/. VerDate Sep<11>2014 20:02 Dec 15, 2016 Jkt 241001 TIH or other materials designated as RSSM could be catastrophic if it occurs in a metropolitan area or near critical resources that could be contaminated by the release. Risk Determination TSA has determined that the highestrisk freight railroads are those designated as Class I based on their revenue (over $72.9 billion in 2013) and the Nation’s dependence on these systems to move both freight in support of critical sectors and passengers. Similarly, there are other shortlines (also known as Class II or Class III railroads) that are also higher-risk because they transport RSSM through HTUAs. Finally, to the extent the preceding does not capture freight railroads hosting higher-risk passenger railroads, the hosting relationship and dual use of infrastructure puts such railroads into the higher-risk category. Proposed Applicability Based on this risk determination, TSA is proposing to cover a railroad if it is designated as Class I, transports RSSM in one or more of the areas listed in current Appendix A to 49 CFR part 1580, or hosts a higher-risk rail operation (including freight railroads and the intercity or commuter systems identified in proposed § 1582.101). This would cover approximately 36 freight railroads. In proposing this applicability, TSA recognizes that joint operations are common within this industry and include agreements such as allowing another railroad carrier to operate over track it does not own.94 In these situations, the ‘‘host railroad’’ that owns the track exercises operational control of the movement of trains of the other railroads (the ‘‘tenant’’ railroads) while they are using that track.95 Under the proposed rule, both the host and tenant railroads would be required to have a training program that appropriately addresses the ramifications of the hosting relationship. For example, the host railroad’s training program would need to address the operational considerations of the hosting 94 TSA’s use of this term in this proposed rule is consistent with industry’s general understanding of its meaning and 49 CFR 239.7, which defines ‘‘joint operations’’ as ‘‘rail operations conducted by more than one railroad on the same track, except as necessary for the purpose of interchange, regardless of whether such operations are the result of: (1) Contractual arrangements between the railroads; (2) Order of a government agency or a court of law: or (3) Any other legally binding directive.’’ 95 In recognition of these situations, TSA is proposing to add a definition of the term ‘‘host railroad’’ to 49 CFR 1500.3. The term ‘‘host railroad’’ is defined to mean ‘‘a railroad that has effective control over a segment of track.’’ PO 00000 Frm 00022 Fmt 4701 Sfmt 4702 relationship, such as training dispatchers on their role and responsibilities in halting the tenant railroad’s operations over a segment of track that has just been destroyed by an IED. Similarly, a tenant railroad subject to the security training requirements of proposed 49 CFR part 1582 (PTPR), would need to address the operational considerations of the hosting relationship, such as instructing its train and engine employees on the proper communication procedures to follow when informing the host railroad of a suspicious package blocking the track. Under either example, the host and tenant railroad owner/operators would only be responsible for training their own employees. TSA also understands that some commuter passenger train services are owned by public transportation agencies, but operated by private companies (such as freight railroad carriers). This is not a hosting relationship. In this situation, TSA would consider the freight railroad carrier (the private company) to be a contractor of the PTPR owner/operator (the owner/operator of the passenger train service). TSA would hold the PTPR owner/operator primarily responsible for compliance and for ensuring that all security-sensitive employees receive the required training, whether they are employed directly by the PTPR owner/operator or contractor. In other words, the PTPR owner/ operator would have the obligation to train the freight railroad carrier’s employees that are performing securitysensitive functions related to the passenger train service. To the extent the contract between the PTPR owner/ operator and the freight railroad includes a provision for the freight railroad to train its own employees, such training would need to be documented in the PTPR owner/ operator’s security training program. TSA would expect the passenger operation to clearly state in its security training program, as part of the submission process under proposed 49 CFR 1570.109, that the freight railroad carrier would conduct the training and provide the required information on that training. Alternative Considered TSA considered expanding the applicability of the proposed rule to a broader scope of owner/operators that would be responsible for developing their own security training program. The parameters for this alternative population include all freight railroad owner/operators operating within, or through, any geographic areas E:\FR\FM\16DEP3.SGM 16DEP3 Federal Register / Vol. 81, No. 242 / Friday, December 16, 2016 / Proposed Rules mstockstill on DSK3G9T082PROD with PROPOSALS3 designated for purposes of the FY 2015 Urban Area Security Initiative (UASI) Program regions. TSA estimates that this alternative would cover a total of 69 freight railroads in 26 metropolitan areas. TSA estimates that this alternative would have a cost of approximately $91.99 million for freight railroad owner/operators over a 10-year period (at a 7 percent discount rate). The basis for the estimates of benefits and costs are included in the RIA for this rulemaking, which is included in the public docket. TSA rejected this alternative because the agency has determined that the proposed applicability aligns with its commitment to risk-based security policy and outcomes-based regulation. TSA has consistently recognized the security risks associated with transport of RSSM through the areas identified in Appendix A to current 49 CFR part 1580. The security basis for identifying these areas has not changed. Furthermore, expanding beyond the proposed applicability was unnecessary to gain the intended security benefits as it would not represent a corresponding expansion of employees trained since 90 percent of railroad employees would receive training as a result of the proposed rule’s applicability. Additionally, when compared to the ten-year costs of the proposed applicability rule for freight railroad owner/operators ($90.74 million at 7 percent), this alternative would result in $1.25 million in additional costs. 2. Public Transportation and Passenger Railroads There are more than 7,000 PTPR systems operating in the United States.96 As part of an intermodal system of transportation, commuter passenger railroads provide critical regional services, such as between a central city and adjacent suburbs during morning and evening peak periods, as well as connecting to other modes of transportation through multimodal systems and within multimodal infrastructures. Since 1995, public transit ridership is up 39 percent, outpacing population growth, which is up 21 percent, and vehicle miles traveled (VMT), which is up 25 percent.97 While passenger railroads primarily operate on the same track as freight railroads, they have many similarities to public transportation 96 APTA, ‘‘2014 Public Transportation Fact Book,’’ 65th Edition, at 6, (Nov. 2014), available at https://www.apta.com/resources/statistics/ Documents/FactBook/2014-APTA-Fact-Book.pdf. 97 See ‘‘Quick Facts’’ on APTA’s Web site as of Jan. 27, 2016, available at https://www.apta.com/ mediacenter/ptbenefits/Pages/default.aspx. VerDate Sep<11>2014 20:02 Dec 15, 2016 Jkt 241001 because of the operational concerns related to transporting people. Amtrak operates the Nation’s primary intercity passenger rail service over a 22,000-mile network (primarily over leased, freight railroad tracks), serving more than 500 stations in 46 states and the District of Columbia. Many of these stations are multimodal transportation facilities located in higher-risk areas. Threat Based on incidents in other countries, TSA assesses that terrorists view PTPR systems as attractive targets because they carry large numbers of people, are open and easily accessible to the public, are critical to regional transportation systems, and are vital to local economies. Terrorists have targeted rail and bus systems overseas. Notable incidents include the sarin gas attacks on the Tokyo subway system in April 1995; the multiple detonations of IEDs left on commuter trains in Madrid in March 2004; the multiple suicide attacks employing IEDs on the London Underground and a double-decker bus in London in July 2005; the multiple detonations of IEDs on commuter trains in the greater Mumbai area in July 2006; and, the double suicide attacks and two incidents of IED detonations in Dagestan and Moscow, respectively, in March, June, and August 2010. TSA’s Office of Intelligence and Analysis assesses with high confidence that terrorists remain intent on perpetrating attacks against this mode. In the period between January 1 and December 31, 2014, there were 144 reported attacks on mass transit systems overseas. Of these attacks, 76 targeted buses and associated infrastructure and 68 targeted mass transit and passenger rail systems and associated infrastructure. Vulnerability Attributes of PTPR systems essential to their efficiency also create potential security vulnerabilities that terrorists seek to exploit. Unlike strict access controls applicable to air transport, the public transportation system’s multiple stops and interchanges lead to high passenger turnover, which is difficult to monitor effectively. In addition, the broad geographical coverage of passenger rail networks provides numerous options for access and getaway and affords the ability to use the system itself as the means to reach the location to conduct the attack. Consequences A potential terrorist attack on a public transportation center in a major metropolitan area can result in a large PO 00000 Frm 00023 Fmt 4701 Sfmt 4702 91357 number of victims, both killed and wounded, as well as significant infrastructure damage. Rail system bombings in Madrid, London, and Mumbai—all involving use of multiple IEDs—are tragic reminders of this reality. Attacks could be isolated, having minimal effect on the total operating system, or could result in a major impact that has national implications: an attack on an intercity passenger railroad operating on the general system of transportation could potentially shut down railroad operation support for specific sectors. The disruption of any portion of the operation can confuse the public, directly affect businesses, and lead to panic. Attacks on multiple portions of a PTPR system exacerbate these impacts. Risk Determination In the context of resource allocations under the Transit Security Grant Program (TSGP), DHS has determined the highest transit-specific risk areas and transit systems using a model approved by the Secretary and vetted by Congress.98 DHS has consistently considered several factors when determining risk for PTPR, including credible and specific international and domestic terrorist threats based on information provided by the intelligence community, system and infrastructure vulnerabilities, and consequences primarily in terms of the impact on the mission. As the mission of PTPR systems is to transport people, the consequences include the potential for devastating casualties.99 TSA believes this model is an appropriate method for determining applicability for purposes of this rulemaking. An analysis of the transit-specific risk scores developed using the DHS method indicates a natural and significant break in the risk curve (delta between risk scores of one urban area to the next) between the top eight regions with the highest transit-specific risk and the others.100 When combined, these areas represent over 94 percent of the total transit-specific risk to all urban areas across the Nation. Within each of these areas, DHS has identified the systems with the highest-risk based on considerations related to ridership, location of services provided (use of the same stations and stops), and 98 Federal Emergency Management Agency (FEMA) Grant Programs Directorate, ‘‘Risk Methodology, Fiscal Year 2015 Report to Congress, Calculating Risk for the FY 2015 DHS Preparedness Grant Programs’’ (December 21, 2015). 99 Id. at 25–26. 100 This analysis is based on SSI and/or classified intelligence information. As a result, TSA may not share details of the information or the analysis. E:\FR\FM\16DEP3.SGM 16DEP3 91358 Federal Register / Vol. 81, No. 242 / Friday, December 16, 2016 / Proposed Rules relationship between feeder and primary systems. mstockstill on DSK3G9T082PROD with PROPOSALS3 Proposed Applicability Using this criteria, TSA is proposing to apply the requirements of this proposed rule to the systems identified in proposed 49 CFR part 1582, Appendix A. These 47 PTPR systems (46 PTPR plus Amtrak) are the systems with the highest risk operating in the eight regions with the highest transitspecific risk. Applying the rule’s requirements to these 47 PTPR systems, corresponds to enhanced security for more than 80 percent of all PTPR passengers. TSA is also proposing to apply the requirements to any PTPR owner/ operator that hosts a high-risk freight railroad as identified in proposed § 1580.101. The reasons previously discussed for the parallel applicability to freight railroads in a hosting relationship with a high-risk passenger railroad apply equally to passenger railroads hosting high-risk freight railroads. Alternative Considered TSA considered expanding the applicability of a security training program to a broader scope of owner/ operators. The parameters for this alternative population include all PTPR operations within or through a UASI region. TSA estimates that this alternative would cover a total of 253 PTPR owner/operators in 26 metropolitan areas. TSA estimates that this alternative would have a cost of approximately $127.88 million for PTPR owner/operators over a 10-year period (at a 7 percent discount rate). The basis for the estimates of benefits and costs are included in the RIA for this rulemaking, which is included in the public docket. TSA rejected this alternative because the agency has determined that the proposed applicability aligns with its commitment to risk-based security policy and outcomes-based regulation. The risk analysis used for developing the TSGP funding allocations begins with identification of the UASI regions and then takes into consideration unique aspects of PTPR operations within that UASI in light of known risks. To adopt the UASI designations for applicability would ignore the second, critical step of the analysis used for TSGP allocations. By linking applicability to those agencies that have historically and consistently been designated as highest-risk for purposes of TSGP funding allocation, the proposed applicability links the greatest regulatory burden to those systems that VerDate Sep<11>2014 20:02 Dec 15, 2016 Jkt 241001 the Federal government has determined merit the greatest funding allocations to address security. The majority of the funding under the TSGP goes to the highest-risk regions to ensure the greater risk is being addressed (94 percent in FY 15 and 95 percent in FY 14). Based on these considerations, the negative impact of a broader regulatory requirement would not have a corresponding benefit to security— especially recognizing that the systems covered under the proposed applicability transport 80 percent of the PTPR ridership. Additionally, when compared to the ten-year costs of the proposed applicability rule for PTPR owner/operators ($53.14 million at 7%), this alternative would result in $74.74 million in additional costs. 3. Over-the-Road Buses Highways are the largest and most prevalent component of the Nation’s transportation network. Virtually every location within the continental United States is accessible by highway. The system today encompasses more than four million miles of roadway on which more than 600,000 bridges and 650 tunnels offer possible chokepoints. Within that system, commercial buses offer the most cost-effective intercity transportation to thousands of communities. For many people, fixedroute, intercity bus service is the only alternative to private vehicles. It is estimated that there are over 3,300 private OTRB owner/operators operating approximately 29,000 buses and employing over 118,000 people in full and part-time jobs within the United States.101 These owner/operators primarily conduct interstate operations that include wholly-owned bus terminals, shared terminals with other transportation modes (such as passenger rail), or pre-determined pick-up and drop-off locations (which may not be on the owner/operator’s property). In general, OTRBs have an average capacity of 55–60 passengers per bus 101 For purposes of this discussion, an OTRB is considered the same as a motorcoach, which is consistent with the industry’s interchangeable use of this term. For example, the Motorcoach Census 2015, commissioned by the American Bus Association (ABA), states: ‘‘a motorcoach, or overthe-road bus (OTRB), is defined as a vehicle designed for long-distance transportation of passengers, characterized by integral construction with an elevated passenger deck located over a baggage compartment. It is at least 35 feet in length with a capacity of more than 30 passengers . . . . This definition of a motorcoach excludes the typical city transit bus city sightseeing buses, such as double-decker buses and trolleys.’’ See ABA, ‘‘Motorcoach Census 2015,’’ at 7 (Feb. 11, 2016), available at https://www.buses.org/assets/images/ uploads/general/ Motorcoach%20Census%202015.pdf. PO 00000 Frm 00024 Fmt 4701 Sfmt 4702 and carry approximately 751 million passengers annually to thousands of destinations within the United States and to/from Canada and Mexico. Destinations include urban areas and passenger transfer points with close proximity to many of the most iconic and valuable sites in the Nation. Threat According to TSA’s intelligence analysts and subject matter experts, buses represent attractive targets for terrorists, especially as it relates to hijacking, because they can be used as a vehicle-borne improvised explosive device (VBIED), provide the potential for large numbers of casualties, or could serve as a source for hostages. While there has not been a terrorist attack against a bus in the United States, threats and terrorist actions against motor coaches have occurred in other nations, including Israel, Spain, and the United Kingdom. As the Volpe National Transportation Systems Center noted, the industry provides terrorists with a ‘‘physically dispersed, easily accessed, high volume, target rich environment with potential for mass casualties.’’ 102 Over-the-Road Buses ‘‘serve all large metropolitan areas and travel in close proximity to some of the nation’s most visible and populated sites, such as sporting events, major tourist attractions, and national landmarks.’’ 103 TSA identifies that the most likely threat would be represented by an IED brought aboard by a passenger or delivered by another vehicle in close proximity to the OTRB. There is also the potential threat of an attacker intent on capturing control of the bus and using it as a delivery system for a weapon of mass destruction against a high-value destination. Terrorists with access to this type of vehicle could use its capacity to transport as much as 12 tons of explosives. Coupled with the use of such vehicles in urban centers and in daily proximity to high-value buildings or venues, an OTRB could serve as a VBIED. Vulnerability Over-the-Road Buses travel on open roads, often on scheduled and predictable routes, with only a driver and passengers. While OTRBs are used to transport large volumes of passengers and baggage (either in the under-floor storage area or accessible to the 102 Volpe National Transportation Systems Center, ‘‘Security Enhancement Study for the U.S. Motorcoach Industry,’’ at vii (May 2003), available at https://ntl.bts.gov/lib/55000/55200/55204/ Security_enhancement_motorcoach_industry_exec_ summ.pdf. 103 Id. E:\FR\FM\16DEP3.SGM 16DEP3 Federal Register / Vol. 81, No. 242 / Friday, December 16, 2016 / Proposed Rules passenger), most owner/operators do not screen passengers and baggage for threats. Furthermore, OTRBs generally have large cargo compartments that can be reached without boarding the bus. As previously noted, a high number of OTRBs operate in urban settings and have the ability to gain close proximity to high-profile targets and highlypopulated areas. These operations are vulnerable to a potential terrorist— providing frequent and predictable access to a vehicle that could either be targeted or exploited by an individual with malicious intent: It is relatively easy to perform reconnaissance, purchase a ticket, and travel anonymously with baggage that does not undergo screening. Consequences The consequence of a successful attack on an individual OTRB in a remote location is assumed to be the loss of the vehicle and many of its passengers. The same vehicle as a VBIED aimed at a high-value target is much greater. The National Counterterrorism Center (NCTC) states that one VBIED containing 4,000 kg of homemade explosives is equivalent to 200 pipe bombs or 20 suicide vests.104 Risk Determination While it is possible an OTRB could be the target of a terrorist attack, it is more likely that an OTRB would be used to mstockstill on DSK3G9T082PROD with PROPOSALS3 104 See ‘‘TNT EQUIVALENTS’’ at https:// www.nctc.gov/site/methods.html#sarin. VerDate Sep<11>2014 20:02 Dec 15, 2016 Jkt 241001 deliver an IED, making the bus a VBIED that could be used to target an urban area. This risk determination reflects that a terrorist could obtain access to a large vehicle by simply purchasing a ticket for a fixed-route OTRB travelling to the target region (with specific knowledge of where the bus would transfer passengers and any close proximity that could provide to other targets). Because the risk involving an OTRB as a VBIED is primarily to the targeted urban area, TSA relied on a risk model developed by DHS to determine highestrisk urban areas for the UASI grant program.105 This model has been approved by the Secretary of Homeland Security and vetted by Congress as an appropriate method to determine risk to an individual city or urban area. As with PTPR, there is a natural and significant break in the risk curve (delta of risk scores or one urban area to the next). Proposed Applicability TSA proposes to apply the requirements of this rule to owner/ 105 The UASI program is intended to assist ‘‘highthreat, high-density Urban Areas in efforts to build and sustain the capabilities necessary to prevent, protect against, mitigate, respond to, and recover from acts of terrorism.’’ See DHS, ‘‘Notice of Funding Opportunity: Fiscal Year 2015 Homeland Security Grant Program,’’ at 2 (FY 15 UASI Allocations), available at https://www.fema.gov/ media-library-data/14292918228877f203c9296fde6160b727475532c7796/ FY2015HSGP_NOFO_v3.pdf. See also supra, at n. 98. PO 00000 Frm 00025 Fmt 4701 Sfmt 4702 91359 operators providing fixed-route service in the 10 areas identified in proposed 49 CFR part 1584, Appendix A.106 These 10 areas are those that receive the highest funding allocation under the FY 2015 UASI grant program. UASI funds are allocated based on a risk methodology employed by DHS and Federal Emergency Management Agency (FEMA). Together, these 10 urban areas were allocated 88 percent of total UASI funds based on risk to these 10 regions.107 The determining factor for whether a fixed-route OTRB owner/operator is within the scope of the proposed rule is not where they are headquartered, but where they provide service. In proposing this applicability, TSA considered factors that could make an OTRB a potential target for a terrorist attack, including its visibility (the size of its operations), the extent to which its schedule is publicly available, whether or not it is relatively easy for unknown individuals to board the bus, and whether the bus would have ease of access to high-consequence locations. TSA is aware that some private companies provide commuter services that may trigger applicability of the proposed rule. Diagram A provides a flowchart to assist with determining if the proposed rule would apply. 106 ‘‘Fixed-route service’’ is defined in proposed § 1500.3 to mean, ‘‘the provision of transportation service by private entities operated a long a prescribed route according to a fixed schedule.’’ 107 See FY 2015 UASI Allocations, supra n.105. E:\FR\FM\16DEP3.SGM 16DEP3 Federal Register / Vol. 81, No. 242 / Friday, December 16, 2016 / Proposed Rules mstockstill on DSK3G9T082PROD with PROPOSALS3 TSA estimates that the applicability of the proposed rule would apply to approximately 202 OTRB owner/ operators. Alternative Considered TSA considered expanding the applicability of a security training program to OTRB owner/operators operating within or through one or more of the UASI regions. TSA estimates that this alternative would cover a total of 403 owner/operators in 26 metropolitan areas in year one of the regulation. TSA estimates that this alternative would have a cost of approximately $22.09 million for OTRB owner/operators over a 10-year period (at a 7 percent discount rate). The basis for the estimates of benefits and costs are included in the RIA for this rulemaking, which is included in the public docket. TSA rejected this alternative because the agency has determined that the proposed rule better aligns with its commitment to risk-based security policy and outcomes-based regulation. As previously noted, while it is possible an OTRB could be the target of a terrorist attack, it is more likely that an OTRB would be used to deliver an IED– making the bus a VBIED that could be used to target an urban area. While there VerDate Sep<11>2014 20:02 Dec 15, 2016 Jkt 241001 are more UASI regions than those covered by the proposed rule, the areas identified in proposed Appendix A to part 1584 represent those with the highest-risk. Additionally, when compared to the ten-year costs of the proposed applicability rule for OTRB owner/operators ($12.08 million at 7 percent), this alternative would result in $10.01 million in additional costs. 4. Foreign Owner/Operators While the proposed applicability provisions for security training do not specifically reference foreign owner/ operators,108 the employees who must be trained include any employee performing a security-sensitive function ‘‘in the United States or in direct support of the common carriage of persons or property between a place in the United States and any place outside the United States.’’ 109 Therefore, the training requirements of this proposed rule would apply equally to domestic owner/operators and foreign owner/ operators with employees performing covered functions within the United 108 See proposed §§ 1580.101 (freight railroads), 1582.101 (PTPR), and 1584.101 (OTRBs). 109 See proposed §§ 1580.3 (freight railroads), 1582.3 (PTPR), and 1584.3 (OTRBs). PO 00000 Frm 00026 Fmt 4701 Sfmt 4702 States or in support of operations within the United States. For example, if a Canadian OTRB owner/operator has fixed-route service that begins at a point in Canada and transits through an area identified in proposed part 1584, Appendix A before concluding at a point in Mexico, any employees operating that bus providing maintenance or inspection services, providing dispatch information, or performing any other security-sensitive function for that bus affecting its operations within the United States would need to be trained and the owner/operator would need to submit a training plan to TSA for approval. Where the function is being performed, in essence whether the employee is performing the security-sensitive function at a location in Canada or along the route in the United States, is irrelevant. In addition, while foreign owner/ operators providing service in the United States would be required to have a security coordinator and alternate, foreign owner/operators would only be required to report potential threats and significant security concerns for operations in the United States or transportation to, from, or within the E:\FR\FM\16DEP3.SGM 16DEP3 EP16DE16.013</GPH> 91360 Federal Register / Vol. 81, No. 242 / Friday, December 16, 2016 / Proposed Rules United States. Foreign freight railroad owner/operators currently meet this requirement under the requirements of current 49 CFR part 1580. This approach is also consistent with that taken by the FRA. 5. Preemption While current 49 CFR part 1580 includes a preemption provision, which will be carried over to the proposed revisions of part 1580 and addition of part 1582, that provision is based upon the specific statutory preemption in 49 U.S.C. 20106. There is no similar statutory provision for the other modes of transportation covered by this proposed rule. Therefore, TSA has not included preemption provisions for the other modes. Furthermore, based on TSA’s experience with the implementation of 49 CFR part 1580 since it was finalized in 2008, it has not become aware of any State, local, or tribal laws, regulations, or orders that would be inconsistent with the provisions of this NPRM nor were any concerns raised during the consultations discussed in section IV of this NPRM. TSA invites comments about specific laws, regulations, or orders that commenters believe would conflict with the provisions of the proposed rule. mstockstill on DSK3G9T082PROD with PROPOSALS3 G. Security Program General Requirements (§§ 1580.113, 1582.113, and 1584.113) Under proposed §§ 1580.113, 1582.113, and 1584.113 owner/ operators identified in §§ 1580.101, 1582.101, and 1584.101 would be required to adopt and implement a security training program that meets the requirements of the relevant subparts. TSA is deliberately proposing that owner/operators be required to ‘‘adopt and implement’’ rather than ‘‘develop and implement’’ training programs because TSA is aware that relevant training curriculum may already exist that aligns with most, if not all, of the curriculum requirements—including resources developed by TSA (which will be further discussed in section III.I and J. of this NPRM). 1. Information About the Owner/ Operator This section includes proposed requirements for the content of the program to be submitted to TSA, including information regarding the owner/operator (paragraphs (b)(1) and (2)), scope of training (for example, number of employees to be trained by job function) (paragraph (b)(3)), implementation schedule for the training program (paragraph (b)(4)) consistent with the requirements of VerDate Sep<11>2014 20:02 Dec 15, 2016 Jkt 241001 proposed § 1570.111, and location of training records (paragraph (b)(5)) consistent with the requirements in proposed § 1570.121. 2. Information on How Training Will Be Provided Proposed paragraphs (b)(6) through (9) require general information on the curriculum to be used to meet the training requirements, such as lesson plans, objectives, and modes of delivery. As previously noted, TSA is aware that some owner/operators would seek approval to use existing training programs, implemented to comply with other Federal requirements or other standards, to satisfy some or all of the requirements of this NPRM. Under proposed paragraph (b)(6), the curriculum or lesson plan for that program would need to be included in the training program submitted for TSA approval. For example, an owner/operator may have provided training on topics similar to those in the proposed rule to meet programs implemented to fulfill the HMR, such as those in 49 CFR part 172, or FRA safety/evacuation training.110 In the training program submitted to TSA for approval, owner/operators using any of these training programs to meet the requirements of the proposed rule would also need to explain how the training programs selected meet TSA’s requirements and are appropriate for the particular owner/operator. During review, TSA may need to request additional information from the owner/ operator in order to determine if the courses selected meet this rule’s requirements. 3. Ensuring Supervision of Untrained Employees and Providing Notice of Changes Affecting Training Proposed paragraphs (b)(7) and (8) would require owner/operators to provide information on their plans for addressing specific requirements in §§ 1580.115, 1582.115, and 1584.115. These include plans for ensuring untrained employees are properly supervised (as required by proposed §§ 1580.115(a), 1582.115(a), and 1584.115(a)) and notifying employees of any changes that affect their training. For example, under proposed § 1580.115(c) (similar provisions exist in §§ 1582.115(c) and 1584.115(c)), employees must be trained on their responsibilities under the owner/ operator’s security plans and/or programs. If the security plans and/or programs change, the employee must be notified of how that change would affect 110 See PO 00000 49 CFR part 239. Frm 00027 Fmt 4701 the information they were provided during previously provided training. This would not affect the timing of recurrent training unless affected employees are required to participate in training courses as part of updates to the security program. 4. Methods for Determining Effectiveness of Training Proposed paragraph (b)(9) would require owner/operators to include in their training program a method for measuring the effectiveness of their training program. TSA would afford flexibility to each individual owner/ operator to measure effectiveness of their security training program using methods and criteria appropriate for their operations. TSA does not prescribe the method in the proposed rule, but does propose that every training program specify the manner and method by which the effectiveness of the training program would be evaluated by the owner/operator. For example, TSA expects that some owner/operators would choose to administer a form of written test or evaluation to gauge their employees’ level of knowledge, while others may rely upon operational tests conducted by supervisors to determine employees are being trained effectively. Similarly, TSA is not proposing to prescribe conditions for a pass/fail policy that may be associated with posttraining testing. While individual companies may elect to enforce pass/fail criteria with associated personnel actions, TSA is neither requiring this nor recommending a specified maximum number of times that an individual may take a test or evaluation to demonstrate knowledge and competency. As previously noted, the standards proposed by an owner/ operator for determining training efficacy may affect TSA’s approval of any alternative measures for compliance. TSA requests comments on this issue to further inform a final rule. 5. Relation to Other Training TSA is proposing paragraph (c) in recognition that many owner/operators covered by this proposed rule are subject to training requirements under regulations of DOT that overlap with the training content identified in the 9/11 Act’s requirements. For example, an owner/operator may have provided training on topics similar to those in the proposed rule to meet programs implemented under DOT hazardous material regulations,111 FRA safety/ 111 See, Sfmt 4702 91361 E:\FR\FM\16DEP3.SGM e.g., 49 CFR part 172. 16DEP3 91362 Federal Register / Vol. 81, No. 242 / Friday, December 16, 2016 / Proposed Rules evacuation training,112 or Federal Transit Administration (FTA) Safety Management System training provided under a rail fixed guideway public transportation system’s Transit Agency Safety Plan.113 Other training programs are addressed in section III.I of this NPRM. TSA does not expect owner/operators to duplicate training. If they are already subject to requirements to provide similar training, they can use that training to satisfy TSA’s requirements. To the extent that an owner/operator intends to use existing training programs implemented to comply with other Federal requirements or other standards in order to satisfy some or all of the requirements of this NPRM, the program submitted to TSA for approval would need to identify how the other training would be used to satisfy TSA’s requirements, such as the curriculum or lesson plan for that program. Proposed paragraph (c)(2) requires an index to be provided if the owner/ operator chooses to submit all or part of an existing security training program to TSA for approval. The index would need to be organized in the same sequence as the content requirements in §§ 1580.115, 1582.115, and 1584.115. Indexing is a necessary requirement if TSA is to provide flexibility for owner/ operators to use existing training programs to satisfy this proposed rule. TSA may request additional information on the program through the review and approval process. mstockstill on DSK3G9T082PROD with PROPOSALS3 H. Security Training and Knowledge for Security-Sensitive Employees (§§ 1580.115, 1582.115, and 1584.115) 1. Training Required for SecuritySensitive Employees Any owner/operator required to have a security training program under §§ 1580.101, 1582.101, or 1584.101, must provide security training to its security-sensitive employees. Consistent with the definition of employee in § 1570.3, this requirement applies to any direct employee, contractor, employee of a contractor, or other authorized person who is compensated for performing a security-sensitive function on behalf of or for the benefit of the owner/operator. For example, if an OTRB owner/operator does not employ any drivers directly, but uses drivers under contract, those drivers would need to be trained. Similarly, if an owner/operator has chosen to combine dispatch services with two affiliates of its parent corporation, the owner/ 112 See 113 See 49 CFR part 239. 49 CFR 674.29 and Appendix A to part operator required to provide security training to its direct employees would also be required to provide security training to any dispatchers providing services for its fleet. In some circumstances, securitysensitive functions may be performed by individuals not within the definition of ‘‘employee’’ for purposes of this NPRM. For example, police officers employed by a local law enforcement agency may be routinely patrolling the owner/ operator’s premises and/or operations. They would not be subject to the proposed rule unless there is a contractual relationship for the law enforcement agency to provide that service and the law enforcement officer is assigned to that location. In situations where the owner/operator has a dedicated police or security force, the members of that force assigned to work at the facility would need to have security training consistent with that required for other employees. For those situations where those personnel are not required to be trained, TSA would encourage law enforcement personnel regularly assigned to patrols at that location to receive the same training as the employees to enhance communication and cooperation in response to potential threats. 2. Limits on Use of Untrained Employees If a security-sensitive employee does not receive the required security training, under the proposed rule, that employee would be prohibited from performing a security-sensitive function unless he or she is under the direct supervision of a security-sensitive employee who has met the training requirements. While TSA is not defining the word ‘‘direct,’’ TSA would expect the supervisor to be located in reasonable proximity to the employee to supervise actions and provide the necessary level of security awareness and response capabilities. Further, even if an employee is directly supervised, TSA proposes to impose a 60-day limit for the amount of time that an employee may perform a security-sensitive function without receiving training. After 60 days, the proposed rule would require the owner/operator to remove the employee from a security-sensitive function; the owner/operator would, of course, retain the discretion to reassign the individual to other non-securitysensitive job functions. 674. VerDate Sep<11>2014 20:02 Dec 15, 2016 Jkt 241001 PO 00000 Frm 00028 Fmt 4701 Sfmt 4702 3. Knowledge Required Consistent with other TSA regulations,114 TSA is proposing to require a training program that focuses on the specific knowledge provided to security-sensitive employees. The proposed rule affords flexibility for owner/operators to develop and implement a program that addresses the required components of the security training program in the context of their operational environments. In developing the requirements, TSA considered the specifically enumerated subjects in the 9/11 Act, other Federal regulatory requirements, and curriculum elements already being provided by owner/operators (based on information obtained as part of TSA’s ongoing interaction with its stakeholders). TSA has organized these requirements into four broad categories: prepare, observe, assess, and respond. As noted in Diagram B below, all statutorily required program elements are included within these broad categories. For purposes of this discussion and Diagram B, the statutory requirements will be referenced as PT # (‘‘PT’’ aligns to 6 U.S.C. 1137 and the # with the relevant section in 1137(c)—for example, PT # 1 corresponds to 6 U.S.C. 1137(c)(1)); RR # (‘‘RR’’ aligns with requirements in 6 U.S.C. 1167 and the # with the relevant sections of 1167(c)); and OTRB # (‘‘OTRB’’ aligns with requirements in 6 U.S.C. 1184 and the # with the relevant section in 1184(c)). Other existing training that could be relevant to each of the categories is also identified in Diagram B as it could be useful to owner/operators in identifying existing training that could be used to satisfy the proposed regulatory requirements. The ‘‘prepare’’ category is intended to address training that may be specifically relevant to a particular job function. For example, an appropriate method for self-defense (as required by PT 3, RR 3, and OTRB 3) could vary based upon an employee’s job and extent to which he or she interacts with the public. Similarly, an employee’s role in operating and maintaining security equipment (as required by PT 10, RR 11, and OTRB 11) varies based upon the responsibilities of the employee. The ‘‘prepare’’ category would also address training on discharging any security responsibilities that securitysensitive employees may have under a security plan or measure. This proposed rule does not require any owner/ operator to adopt or implement a 114 See, e.g., 49 CFR 1548.11 (Training and knowledge for individuals with security-related duties) applicable to indirect air carriers). E:\FR\FM\16DEP3.SGM 16DEP3 Federal Register / Vol. 81, No. 242 / Friday, December 16, 2016 / Proposed Rules mstockstill on DSK3G9T082PROD with PROPOSALS3 security plan or measures. TSA is aware, however, that many owner/ operators have security plans or measures that they developed voluntarily, to comply with federal requirements, or to qualify for Federal grants. To the extent these plans or procedures exist, employees must be trained in order to ensure these plans or measures are effective. Similar to the threat and incident prevention and response training, this portion of the training program would need to be tailored to the specific operation. TSA intends for training provided under this category to satisfy requirements for indepth security training for ‘‘hazmat employees’’ as required by 49 CFR 172.704(a)(5). For freight railroads, the requirements in proposed § 1580.115(c) include providing training on chain of custody and control requirements, as appropriate. This additional training is relevant to ensuring appropriate procedures are followed to comply with the security requirements in proposed subpart C to part 1580 (which contains the requirements in current §§ 1580.103 and 1580.107). The ‘‘observe’’ category is intended to provide knowledge to increase a security-sensitive employee’s observational skills. This category would address behavior recognition requirements of the 9/11 Act (PT 6, RR 6 and OTRB 6)—encompassing an understanding of unusual or abnormal behavior that should trigger a response by employees because of the potential that the behavior may indicate a threat to transportation security. It also addresses a requirement to be able to recognize dangerous or suspicious items, behavior, or situations (required by PT 8, RR 9, and OTRB 9). In general, this training focuses on recognizing the difference between what is normal for VerDate Sep<11>2014 20:02 Dec 15, 2016 Jkt 241001 the operational environment and abnormalities that could indicate terrorist planning or imminent attack. Training delivered should teach the employees that suspicious activity is a combination of actions and individual behaviors that appear strange, inconsistent, or out of the ordinary for the employee’s work environment. In most instances, it will not be a single factor, but a combination of factors taking place at a particular time and place, that will accurately identify a suspicious individual or act. The ‘‘assess’’ category requires providing knowledge of how to determine if what is observed requires a response and what those appropriate responses may be. TSA is aware that some stakeholders provide training that includes tools to help employees assess the seriousness of a threat. This category addresses requirements in the 9/11 Act (PT 1, RR1, and OTRB 1) as well as the security awareness training required for ‘‘hazmat employees’’ under 49 CFR 172.704(e)(4). The ‘‘respond’’ category includes training on security incident responses—including how to appropriately report a security threat, interact with the public and first responders at the scene of threat or incident, applicable uses of self-defense devices or protective equipment, and communication with passengers. This category addresses several elements of the 9/11 Act relating to communication and coordination (PT 2, RR 2, and OTRB 2), use of personal protective devices or equipment (PT 4, RR 4, and OTRB 4), evacuation procedures (PT 5, RR 5, and OTRB 5), responses to terrorist threats or incidents (PT 6, RR 7, and OTRB 7), and understanding procedures for interacting with responders (PT 9, RR 10, and OTRB 10). This category also addresses elements of security PO 00000 Frm 00029 Fmt 4701 Sfmt 4702 91363 awareness training required by 49 CFR 172.704(a)(4). To the extent owner/ operators need to provide training on specific self-defense devices or protective equipment, TSA has not calculated these costs as it assumes this is a standard part of any operation before providing such devices or equipment to individuals and would not be a cost of this rule. Based on feedback received in consultation with stakeholders, TSA considered whether to tailor particular training requirements to specific job functions. It may be argued, for example, that training elements relevant to employees who encounter the public are not necessary for mechanics or other employees performing non-public functions. TSA believes, however, that there should be a common level of proficiency among security-sensitive employees of the covered entities; training in security awareness and behavior recognition is appropriate for all employees. At the same time, security-sensitive employees must be aware of their particular responsibility in preventing or responding to a threat or incident prevention and response and adequately trained to fulfill their roles. TSA recognizes that owner/operators may integrate into their required security training programs varying levels of training for particular categories of employees or job functions to meet the objectives of their overall security strategy or plan. TSA encourages continuation of these practices as long as the security training program meets the core requirements proposed in this rulemaking. Diagram B identifies the type of training covered within each of these categories by reference to the considerations that led to their development. E:\FR\FM\16DEP3.SGM 16DEP3 Federal Register / Vol. 81, No. 242 / Friday, December 16, 2016 / Proposed Rules mstockstill on DSK3G9T082PROD with PROPOSALS3 I. Other Security Training Programs The 9/11 Act includes requirements for TSA to consider ‘‘any current security training requirements or best practices’’ before issuing security training regulations.115 As discussed above and indicated in Diagram B, TSA has taken current Federal regulations, guidance, and other practices affecting transportation security into consideration and has crafted this proposed rule to be consistent with those regulations and practices where they meet the requirements of the 9/11 Act and the objectives of this rulemaking. In addition, TSA has been consulting with DOT to avoid potential inconsistencies and unnecessary duplication as a result of this proposed rule. Many of the owner/operators required to provide security training under this regulation have been providing security training either under the requirements of training programs discussed in this section or using materials developed and/or approved by TSA for other purposes. A range of courses including those sponsored by TSA and other 115 See 6 U.S.C. 1167(a) and 1184(a). VerDate Sep<11>2014 20:02 Dec 15, 2016 Jkt 241001 Federal agencies, such as FTA, Federal Emergency Management Agency (FEMA), and PHMSA, provide a means for covered entities to coordinate training for their employees in many of the elements stipulated in the proposed rule. For example, the training program this proposed rule would require is consistent with, and builds upon, security training programs that PTPR owner/operators have implemented through courses sponsored by FTA, TSA, and FEMA, including guidance provided to PTPR owner/operators to fast track grant applications for security training funding. In many cases, agencies have secured third-party training through funds awarded on projects approved under the TSGP administered by DHS. These government-sponsored and third-party courses would remain as approved options to the extent they adequately address the elements required in the final rule. As in the past, TSA would provide lists of approved courses to PTPR owner/operators subject to the regulatory requirements. As discussed in section III.D.3 (recognition of previous training) of this NPRM, an owner/operator may rely on PO 00000 Frm 00030 Fmt 4701 Sfmt 4702 this training to satisfy the training requirements of the proposed rule to the extent the training program they submit includes the curriculum and an explanation of how the previous training meets TSA’s requirements and is appropriate for the particular owner/ operator. TSA anticipates that for many owner/operators, the training discussed above would meet most of the requirements. It is likely, however, that additional training would be needed for some of the knowledge required by the ‘‘prepare’’ category of training in proposed §§ 1580.115(c), 1582.115(c), and 1584.115(c). The following section discusses some of the programs and requirements that are relevant to these considerations. 1. Federal Railroad Administration Safety Training Requirements Passenger railroad employee training programs already comply with FRA safety standards requiring the preparation, adoption, and implementation of emergency preparedness plans by railroads connected with the operation of passenger trains (including freight carriers hosting passenger rail E:\FR\FM\16DEP3.SGM 16DEP3 EP16DE16.014</GPH> 91364 Federal Register / Vol. 81, No. 242 / Friday, December 16, 2016 / Proposed Rules operations).116 The FRA defines an ‘‘emergency’’ as an unexpected event related to the operation of passenger train service involving a significant threat to the safety or health of one or more persons requiring immediate action, and includes a security situation.117 Under the regulations in 49 CFR part 239, each affected railroad is required to instruct its employees on the provisions of its plan. Emergency preparedness plans must address such subjects as communication (including on-board crewmember notification of the control center and passengers about the nature of the emergency and control center personnel notification of outside emergency responders and adjacent rail modes of transportation), passenger evacuation in emergency situations, employee training and qualification, joint operations, tunnel safety, liaison with emergency responders, on-board emergency equipment, and passenger safety information. FRA also requires full-scale emergency simulations for passenger trains. In general, the FRA has found few failures to provide the required training. In FY 2014, there was a single recommended violation for failure to meet the requirements of 49 CFR 239.7.118 As stated in §§ 1580.113(c) and 1582.113(c) of the proposed rule, TSA recognizes that the training required by 49 CFR 239.7 may be combined with other training to partially or fully meet or exceed requirements under proposed §§ 1580.115(f) or 1582.115(f) and would not expect owner/operators to duplicate this training. TSA would work in cooperation with the FRA to validate that the owner/operators have provided the training as represented in any programs submitted to TSA for approval. As previously noted, the training program required under this proposed rule would need to clearly describe and identify the training and how it is being used to satisfy the requirements of the TSA regulation. 2. Federal Transit Administration Safety Requirements Under 49 CFR part 659, the FTA manages State Safety Oversight for Rail Fixed Guideway Systems.119 Currently, mstockstill on DSK3G9T082PROD with PROPOSALS3 116 See 49 CFR part 239. 117 See 49 CFR 239.7. 118 See FRA, ‘‘Fiscal Year 2014 Enforcement Report,’’ at 3. This is an annual report published by FRA summarizing settled claims for civil penalty violations of Federal railroad safety and hazardous materials statues, regulations and orders during Federal Fiscal Year 2014 and is available is available under Enforcement & Litigation on FRA’s Web site at https://www.fra.dot.gov/eLib. 119 On March 16, 2016, the FTA published a final rule for State safety oversight of rail fixed guideway public transportation systems not regulated by the VerDate Sep<11>2014 20:02 Dec 15, 2016 Jkt 241001 part 659 requires States to oversee the safety and security of rail fixed guideway systems operating in their jurisdictions through designated Oversight Agencies (OAs). The OAs must require the operator of the rail fixed guideway system to develop and implement a written system safety program plan and a written system security plan as separate products. Each covered system must base its Transit Agency Safety Plan on an adequate Safety Management System (SMS), and include an adequate means of safety promotion to support the execution of the plan by all employees, agents, and contractors.120 The Safety Promotion component of the SMS includes safety communication, which requires a combination of training and communication of safety information to employees to heighten the efficiency and effectiveness of the transit agency’s SMS, and typically includes training on the mechanism for employees to report safety concerns.121 Safety communication is intended to ensure that personnel are aware of the SMS and their role within it, and receive safetycritical information in an effective and timely manner.122 Additionally, the OAs must require covered transit agencies to conduct annual reviews of both their system safety program plans and system security plans. Further, the OAs must require covered agencies to develop and document a process for the performance of on-going internal safety and security reviews in their system safety program plans. Finally, the OAs themselves must conduct on-site reviews of system safety program plan and system security plan implementation. 3. OTRB Safety Requirements The FMCSA has not issued regulations regarding OTRB owner/ operators to provide training to their employees on evacuation procedures. In its 2012 update to the ‘‘Motorcoach Safety Action Plan,’’ FMCSA noted its commitment to examining ‘‘ways to FRA that replaces the current State Safety Oversight (SSO) rule in 49 CFR part 659. See State Safety Oversight; Final Rule, 81 FR 14229 (Mar. 16, 2016) (adding part 674 to title 49 of the CFR). The FTA will rescind the current SSO rule no later than April 15, 2019. SSO Agencies and rail transit agencies (RTAs) will continue to comply with the current SSO rule until they come into compliance with the new regulations. The FTA omitted System Security Plans from its final rule, noting, ‘‘TSA . . . has the prerogative and responsibility for all rulemakings on security in public transportation.’’ Id. at 14233. 120 See 49 CFR 674.29 and Appendix A to part 674. 121 Id. 122 Id. PO 00000 Frm 00031 Fmt 4701 Sfmt 4702 91365 convey safety information to passengers and improve evacuation for a diverse population.’’ It is important to recognize that in the OTRB environment, the only employee of the owner/operator on the bus may be the driver. Focusing on what the driver can do, FMCSA published guidance in 2007 to the industry recommending providing pre-trip safety information to passengers. FMCSA also distributed safety brochures, posters, and an audio compact disc (CD) based on the guidance that contains safety announcements regarding emergency egress that can be broadcast. The original CD was in English and FMCSA subsequently translated it in six other languages.123 To the extent an owner/ operator has provided training related to this issue pursuant to FMCSA recommendations, they could provide information on this training and their use of it to TSA as part its security training program submission. 4. Hazardous Materials Regulations a. Overlap With DOT Regulations Regarding Transportation of Hazardous Materials Both DOT and DHS have responsibility regarding the transportation of hazardous materials. TSA is the lead Federal entity for transportation security, including hazardous materials and pipeline security, while PHMSA has responsibility for promulgating and enforcing regulations and administering a national program of safety, including security, in multimodal hazmat transportation.124 As part of a Memorandum of Understanding (MOU) between these agencies to coordinate on activities related to their respective missions, TSA and PHMSA agreed to coordinate in the development of standards, regulations, guidelines, or directives and to build on existing standards when it is determined that the adequacy of existing standards needs to be addressed.125 Consistent with that agreement, TSA and PHMSA have coordinated regarding PHMSA’s security regulations and on this NPRM. 123 U.S. Department of Transportation, ‘‘Motorcoach Safety Action Plan:2012 Update,’’ at 29 (Dec. 2012), FMCSA–ADO–13–001. See id. at 42–43 for additional information on ongoing initiatives of FMCSA on this issue. 124 See ‘‘Annex to the Memorandum of Understanding Between the Department of Homeland Security and the Department of Transportation Concerning Transportation Security Administration and Pipeline and Hazardous Materials Safety Administration Cooperation on Pipeline and Hazardous Materials Transportation Security,’’ at secs. III.b. and III.c. (August 2006). 125 Id. at sec. II. E:\FR\FM\16DEP3.SGM 16DEP3 91366 Federal Register / Vol. 81, No. 242 / Friday, December 16, 2016 / Proposed Rules mstockstill on DSK3G9T082PROD with PROPOSALS3 A copy of the MOU is available in the docket for this rulemaking. For the purposes of this rulemaking, it is important to recognize that PHMSA’s security requirements for hazmat transportation apply to freight railroad carriers, motor carriers, and shippers and receivers of hazmat. Within these populations, PHMSA regulations require all individuals within the definition of ‘‘hazmat employee’’ to receive training in security awareness.126 The HMR also requires hazmat employers who offer for transportation or who transport a subset of hazardous materials in specific quantities to develop security plans.127 In addition, any hazmat employer required to have a security plan must provide in-depth security training to its employees.128 Specifically, the HMR require training of hazmat employees in: (1) Familiarity with the general provisions of the HMR and recognizing and identifying hazardous materials; (2) knowledge of specific HMR requirements applicable to functions performed; and (3) knowledge of emergency response information, self-protection measures, and accident prevention methods. The in-depth security training requirements include training on: (1) Awareness of the security issues associated with hazardous materials transportation and possible methods to enhance transportation security; and (2) the owner/operator’s security objectives, specific security procedures, employee responsibilities, actions to be taken in the event of a security breach, and the organizational security structure.129 TSA’s proposed rule would apply to a subset of those entities required to have security training programs under the HMR. Within the population subject to both the HMR and TSA’s proposed rule, employees to be trained also differs. PHMSA applies the definition of ‘‘hazmat employee’’ used for their safety regulations,130 while TSA’s proposed rule applies to employees whose functions are determined by TSA to be ‘‘security-sensitive.’’ Data is not available to precisely determine the extent of overlap. For the subset of the HMR population also within the scope of TSA’s proposed rule, TSA’s proposed training requirements go beyond the 126 49 CFR 172.704(a)(4). See 49 CFR 171.8 for definition of ‘‘hazmat employee.’’ 127 49 CFR 172.800 and 172.802. 128 Whether a hazmat employer is required to have a security plan, and therefore provide in-depth security training, is determined by whether they transport any of the materials identified in 49 CFR 172.800. 129 Id. 130 49 CFR 171.8. VerDate Sep<11>2014 20:02 Dec 15, 2016 Jkt 241001 baseline required by PHMSA. Diagram B includes references to the HMR requirements. PHMSA has reviewed TSA’s proposed requirements and agrees that owner/ operators subject to its rule who meet TSA’s proposed requirements would also satisfy the corresponding provisions in PHMSA’s security training requirements. PHMSA’s regulations state that training conducted by owner/ operators to comply with security training programs required by other Federal agencies may be used to satisfy their hazmat employee training to the extent that such training addresses the training components specified for hazmat employee training.131 b. Inspections and Enforcement TSA recognizes that stakeholders may be concerned about the potential overlap between PHMSA’s regulations and TSA’s proposed regulations. For example, under its Secure Contact Review program, the FRA audits railroads and evaluates their compliance with security plans and security training as mandated by the PHMSA regulations. Federal Railroad Administration inspectors are given authority to write citations for an owner/operator’s failure to properly comply with the requirements. PHMSA also conducts periodic compliance investigations and its inspectors are given authority to write citations for failure to properly comply with the requirements.132 PHMSA recognizes TSA’s lead role and regulatory responsibilities in the secure transport of hazmat. After summarizing TSA’s authorities in its preamble to the final rule amending the HMR, PHMSA stated: adopted its security regulations, it was stated that these regulations were ‘the first step in what may be a series of rulemakings to address the security of hazardous materials shipments.’ 68 FR 14511. PHMSA noted in the NPRM that TSA ‘is developing regulations that are likely to impose additional requirements beyond those established in this final rule’ and stated that it would ‘consult and coordinate with TSA concerning security-related hazardous materials transportation regulations . . . . TSA intends to promulgate additional regulations for railroad carriers and other modes of surface transportation that will require them to submit vulnerability assessments and security plans to DHS for review and approval, as well as to develop and implement security training programs for 131 49 CFR 172.704(b). 75 FR 10974 (Mar. 9, 2010). See also 49 CFR 107.301 et seq. 132 See PO 00000 Frm 00032 Fmt 4701 Sfmt 4702 employees performing security-sensitive functions to prepare for potential security threats and conditions. The security plan requirements established by the HMR are to be used as a baseline for security planning. When TSA regulations are issued, the PHMSA security plan and security training requirements for regulated parties that will be subject to the TSA regulations will be reevaluated and revised as appropriate.133 DHS and DOT are committed to coordinating on the oversight of security-related training for carriers of RSSM. Consistent with the MOU previously discussed, PHMSA’s Final Rule revising the HMR acknowledged the agreement between the agencies: If, in the course of an inspection of a railroad or motor carrier or a rail or highway hazardous material shipper or receiver, TSA identifies evidence of non-compliance with a DOT safety or security regulation, TSA will provide the information to FRA (for rail) or FMCSA (for motor carriers) and PHMSA for appropriate action. Similarly, since DOT does not have the authority to enforce TSA security requirements, if a DOT inspector identifies evidence of non-compliance with a TSA security regulation or identifies other security deficiencies, DOT will provide the information to TSA for appropriate action.134 TSA has committed to DOT to do the same. c. Overlap With Other DHS Regulations Parts of TSA’s current regulations for rail security include requirements applicable to certain shippers and receivers of hazardous materials.135 While TSA is not modifying its existing requirements for shippers and receivers as part of this proposed rule, it is also not proposing to apply the security training requirements to shippers and receivers. This is consistent with TSA’s intent to avoid any overlap with regulations promulgated by the National Protection and Programs Directorate (NPPD) of DHS for the security of certain high-risk chemical facilities in the United States.136 NPPD has previously recognized that certain aspects of its authorities 137 are concurrent and overlapping with TSA due to the transportation of these chemicals by rail, but stated that it does not presently plan to screen railroad facilities for inclusion in the CFATS program (although the Department reserved the right to reevaluate possible scope at a 133 75 FR at 10976. at 10977. 135 See scope identified in current § 1580.1. 136 Promulgated under the authority of sec. 550 of the Department of Homeland Security Appropriations Act, 2007 (2007 DHS Appropriations Act), Public Law 109–295, 120 Stat. 1355 (Oct. 4, 2006). 137 See id. 134 Id. E:\FR\FM\16DEP3.SGM 16DEP3 Federal Register / Vol. 81, No. 242 / Friday, December 16, 2016 / Proposed Rules future date).138 TSA and NPPD, continue to work closely together to ensure that the efforts directed at these facilities are coordinated and consistent. While facility security training and transportation security training have unique differences and shall be considered as separate issues, TSA’s subject matter experts have reviewed the training requirements of CFATS RBPS 11 and determined that they meet or exceed the requirements considered necessary by TSA for secure transportation of the identified chemicals. There would be no additional security benefit from extending the training requirements of this proposed rule to entities subject to CFATS. This determination was considered as part of TSA’s decision not to include shippers and receivers of hazardous materials within the scope of this proposed rule. J. Training Resources As previously discussed, TSA is aware that many owner/operators that would be subject to this proposed rule already provide security training to their employees that may meet the proposed requirements. To further reduce the burden to owner/operators who do not have an existing training program or whose program does not include all of the required content, TSA is expanding existing resources that will be made available to owner/operators at no cost. Owner/operators would be able to use these expanded resources, described below, to meet the content requirements of §§ 1580.115, 1582.115, and 1584.115 of the proposed rule. mstockstill on DSK3G9T082PROD with PROPOSALS3 First ObserverTM First ObserverTM is a national training program initially created through a grant from DHS to raise security awareness for highway modes.139 It was designed to provide transportation professionals with information that will enable them to observe effectively, assess and report suspicious individuals, vehicles, packages, and/or objects. The program has been used to teach thousands of highway transportation professionals to actively participate in recognizing suspicious activities and reporting them through appropriate mechanisms. TSA is expanding the program to be relevant to other modes of surface 138 See 72 FR 17729, 17698–17699 (Apr. 9, 2007) (IFR for CFATS). 139 ‘‘First ObserverTM’’ refers to the current program and any future expansion or changes to the program. VerDate Sep<11>2014 20:02 Dec 15, 2016 Jkt 241001 transportation, including freight railroads, passenger railroads, and public transportation systems. The First ObserverTM Program is undergoing extensive revision and TSA is ensuring the content of all revised First ObserverTM products will ultimately meet the security training requirements set forth in a final rule. At this time, TSA does not anticipate that First ObserverTM will satisfy the requirement to provide employer specific training to security-sensitive employees with responsibility under their employer’s specific security programs or measures—addressed under the ‘‘Prepare’’ component of training—as this is company-specific training. TSA does, however, anticipate that the SMARToolbox, discussed below, may provide resources needed to reduce costs for this aspect of the proposed training. To ensure the expanded program is relevant to all of the modes of transportation covered by this proposed rule, TSA sought to obtain input from its stakeholders and will continue with this effort. For example, while this rulemaking was under development, a meeting of the joint industrygovernment panel operating as the Transit Policing and Security Peer Advisory Group (PAG) 140 looked at available training programs in light of what the 9/11 Act specified as required training for public transportation.141 For purposes of the discussion on the 9/11 Act’s requirements, the FTA’s representatives included a course curriculum developer. The group produced a comprehensive matrix that included standards and criteria needed to meet the training elements required by the 9/11 Act as well as suggested learning objectives to assist in the creation of lesson plans. The intent was to provide a resource that could be used by transit agencies to: (1) Review their existing training programs and close any gaps; (2) develop new programs; or (3) evaluate commercial courses. The panel also pre-screened a selection of available courses that could be used for training that met all of the elements identified in the 9/11 Act. The standards and criteria developed by this group feeds into the considerations identified in Diagram B. This exercise also supports TSA’s assumption that 140 The PAG shares expertise and guidance among TSA, transit police chiefs, and security directors. The group meets by teleconference with TSA at least once a month to discuss relevant issues involving transit security and anti-terrorism approaches. PO 00000 Frm 00033 Fmt 4701 Sfmt 4702 91367 most of the owner/operators that would be affected by this proposed rule already have training programs in place that would substantially comply with the proposed rule’s requirements. SMARToolbox As with the general security training content, TSA is aware that many owner/ operators already provide training to prepare security-sensitive employees for their specific responsibilities under their company’s security plan as required by proposed §§ 1580.115(c), 1582.115(c), and 1584.115(c). For example, any owner/operator subject to the security training requirements of 49 CFR part 172 is required to provide indepth training on company-specific measures under 49 CFR 172.704(a)(5). This population overlaps with most of the freight railroad population that would be subject to this proposed rule. For those that do not currently provide this type of training, TSA has resources available to reduce the burden. In particular, TSA encourages owner/operators to use the SMARToolbox—an industry-led initiative supported by TSA—as a resource presenting a broad range of security measures that peer agencies have identified as valuable to their organization. A searchable, modifiable database allows for various specified searches—making it easy for the users to find information relevant to their specific needs. SMARToolbox includes measures gathered from publically available sources as well as from discussions amongst industry representatives at a variety of stakeholder events. As part of this rulemaking effort, TSA has ensured the SMARToolbox includes information relevant to this training requirement. K. Programmatic Alternatives In addition to the applicability alternatives discussed in section III.F. of this NPRM, TSA has also considered other programmatic alternatives. In general, these alternatives eliminated aspects of the proposed rule that are within TSA’s discretion, or even necessary parts of implementing the statutory requirements, but not directly mandated by the 9/11 Act. Table 7 identifies these provisions relevant to each mode. 141 See E:\FR\FM\16DEP3.SGM 6 U.S.C. 1137(c). 16DEP3 91368 Federal Register / Vol. 81, No. 242 / Friday, December 16, 2016 / Proposed Rules TABLE 7—IDENTIFICATION OF PROGRAMMATIC REQUIREMENTS ELIMINATED OR MODIFIED IN ALTERNATIVE ANALYSIS Freight rail mstockstill on DSK3G9T082PROD with PROPOSALS3 Recordkeeping ................................................................................................. Training on chain of custody requirements ..................................................... Security coordinators and alternates ............................................................... Reporting security incidents ............................................................................ Annual recurrent training (replaced with 3 year cycle) .................................... In determining the implications of these alternatives, TSA continues to assume that owner/operators would use First ObserverTM to meet the requirements—or to fill any gaps in their current training programs. In most cases, the programmatic alternatives assume elimination of the requirement. For recurrent training, the alternative assumes recurrent training would occur every three years rather than annually (since there is not a statutory requirement for how often covered security sensitive employees must be trained, TSA sets the minimum interval of recurrent training to once every three years as opposed to the annual training TSA is requiring in the proposed rule). Based on these assumptions, these alternatives would have an estimated cost of approximately— • $25.27 million for freight railroad owner/operators over a 10-year period (at a 7 percent discount rate). • $18.50 million for PTPR owner/ operators over a 10-year period (at a 7 percent discount rate). • $5.85 million for OTRB owner/ operators over a 10-year period (at a 7 percent discount rate). The basis for the estimates of benefits and costs is set forth in the RIA for this rulemaking, which is included in the public docket. TSA rejected these alternatives because the agency has determined that the proposed rule better aligns with its commitment to risk-based security policy and outcomes-based regulation. While recordkeeping is not specifically stated as a requirement in the 9/11 Act, it is a necessary part of enforcing any regulatory requirement. TSA also believes requiring owner/operators to maintain records of training and provide proof of training to current and former employees upon request can reduce costs of training based upon the recognition given to prior training. Chain of custody is a critical requirement for freight railroads to ensure security during the transportation of RSSM. TSA believes it is essential for employees with responsibility to perform requirements identified in part 1580 related to chain of custody be trained on how to perform VerDate Sep<11>2014 20:02 Dec 15, 2016 Jkt 241001 PTPR (Rail) PTPR (Bus) OTRB) X X ........................ ........................ X X ........................ ........................ ........................ X X ........................ X X X X ........................ ........................ X X those requirements as part of their security training curriculum. To inconsistently apply the requirement for security coordinators and reporting of security incidents for high-risk entities could create significant gaps in the information obtained and shared— creating unnecessary security vulnerabilities. TSA discusses its basis for requiring annual training in section III.D.3 of this NPRM. IV. Stakeholder Consultations The 9/11 Act directed TSA to consult with major stakeholders during the development of this NPRM.142 The categories of stakeholders to be included in these consultations consist of industry representatives, first responders, terrorism experts, and, nonprofit employee labor organizations. As discussed below, TSA has complied with these requirements through meetings with stakeholders before drafting of this proposed rule began, requests for comments submitted through associations, as well as a targeted request for additional input through a Notice published in the Federal Register. As noted, TSA published a notice in the Federal Register requesting the public to provide comments and data on employee security training programs and planned security training exercises currently provided by owner/operators of freight railroads, passenger railroads, public transportation systems (excluding ferries), and OTRBs.143 TSA received a few responsive comments from trade associations, public agencies, and private companies that helped TSA to understand the current ‘‘baseline’’ training environment for freight rail, PTPR, and OTRB employees. As the limited information received provided data relevant to the economic impact of this proposed rule, it is discussed more fully in the RIA for this rulemaking, which can be found in the docket. TSA has taken stakeholder comments into consideration in developing the NPRM. The text below describes 142 See 143 See PO 00000 6 U.S.C. 1137(b), 1167(b), and 1184(b). 78 FR 35945 (June 14, 2013). Frm 00034 Fmt 4701 Sfmt 4702 stakeholder outreach TSA has conducted. A. Multi-Modal Outreach In September and October of 2009, TSA reached out to representatives of the constituencies mandated by 6 U.S.C. 1137, 1167, and 1184. These stakeholders included representatives of State, local, and tribal governmental authorities; first responders; security and terrorism experts; appropriate labor organizations; and organizations representing the elderly and disabled. On September 14, 2009, TSA reached out to representatives of the following stakeholder groups by transmitting a letter and summary document outlining the key statutory requirements of the NPRM and requesting their comments: TSA/Office of Civil Rights and Liberties; Homeland Security Institute; Mineta Transportation Institute; FEMA/United States Fire Administration/National Fire Programs; International Association of Chiefs of Police; National Sheriffs Association; National Emergency Medical Services Association; Commercial Vehicle Safety Alliance; State, Local, Tribal, and Territorial Government Coordinating Council (GCC); and DHS/National Protection and Programs Directorate/ Intergovernmental Programs. B. Freight Rail TSA conducted meetings and conference calls with representatives of the freight railroad industry, including trade associations representing railroad carriers and shippers of hazardous materials. Class I carriers as well as short line and regional railroads participated in these consultations. TSA also met with representatives from two rail labor organizations. In addition, TSA met with members of the AAR in November 2009 to discuss the proposed security training. The AAR has stated that ‘‘TSA regulation of security training for railroad employees is unnecessary’’ 144 144 ‘‘Comments of the Association of American Railroads’’ (Docket ID: TSA–2013–0005–0116), available at https://www.regulations.gov/. Input the Docket ID ‘‘TSA–2013–0005–0116’’ into the blue ‘‘Search’’ field. E:\FR\FM\16DEP3.SGM 16DEP3 Federal Register / Vol. 81, No. 242 / Friday, December 16, 2016 / Proposed Rules because most freight rail hazmat employees already receive training in compliance with the PHMSA, which requires freight rail employees who perform HAZMAT functions to ‘‘receive training that provides an awareness of security risks associated with hazardous materials transportation . . . this training must also include a component covering how to recognize and respond to possible security threats.’’ 145 The AAR affirms this and explicitly states in its comments that ‘‘railroads provide security awareness training to their front line employees and have done so for many years’’ and employees have to take recurrent training every three years, at minimum.146 The American Short Line and Regional Railroad Association also submitted comments and stated that, with regards to its members, the current level of ‘‘[t]raining involves looking for suspicious persons, items[, w]hat IEDs may look like[, and h]ow to handle different situations . . . .’’ 147 TSA’s freight rail subject matter experts confirmed that higher-risk freight railroad owner/operators currently provide training to their security-sensitive employees on the procedures on chain of custody control requirements–based on the compliance rates for current 49 CFR 1580.107. This information leads TSA to conclude that all freight rail owner/operators affected by the proposed rule that transport RSSM provide training to their employees on, at minimum, security awareness; employee- and companyspecific security program and measures; and chain of custody and control requirements. C. Public Transportation and Passenger Rail mstockstill on DSK3G9T082PROD with PROPOSALS3 TSA consulted with industry representatives, governmental authorities, security experts, first responders, and employee representatives through the Transit, Commuter and Long Distance Rail GCC,148 the Mass Transit Sector 145 49 CFR 172.704(a)(4). (citing 49 CFR 172.704(a)(4)). 147 ‘‘Comments of the American Short Line and Regional Railroad Association’’ (Docket ID: TSA– 2013–0005–0124), available at https:// www.regulations.gov/. Input the Docket ID ‘‘TSA– 2013–0005–0124’’ into the blue ‘‘Search’’ field. 148 The Commuter and Long Distance Rail GCC includes representatives from TSA, other DHS components, the FTA, and the FBI. 146 Id. VerDate Sep<11>2014 20:02 Dec 15, 2016 Jkt 241001 Coordinating Council (SCC),149 and PAG.150 TSA initiated consultations in October 2007 by explaining the planned approach in a joint meeting with the SCC and via a teleconference with the PAG. Participants at both forums were advised that a summary of the developing concepts and considerations for the security training program rulemaking would be prepared and provided to them for review and feedback. In preparing the summary, TSA coordinated with the membership of the GCC. The summary was completed in November 2007. Dissemination to the SCC and PAG for review and comment occurred in December 2007 and January 2008. TSA received feedback in February and March 2008. A second round of consultations with the SCC and PAG occurred during October and November 2009. At that time, the consultations expanded to include additional law enforcement chiefs and security directors, specifically those not previously consulted to participate in the semiannual Transit Safety and Security Roundtables.151 149 The Mass Transit SCC is a representative group for the mass transit and passenger rail community formed in accordance with the National Infrastructure Protection Plan to advance the public-private partnership for mass transit and passenger rail security. Its membership includes senior executives, law enforcement chiefs, and security directors for mass transit and passenger rail agencies of varying sizes, locations, and system types as well as representatives of APTA, the Community Transportation Association of America, and the Amalgamated Transit Union. 150 As previously noted, see supra, n. 140, the PAG brings together the expertise of some 15 law enforcement chiefs and security directors from mass transit and passenger rail systems across the Nation of varying location, size, and system type as a consultative forum with extensive experience to facilitate development and implementation of effective security programs. To advance these purposes, the Group, which formed in November 2006, convenes with TSA officials in monthly teleconferences. Membership in the PAG consists of the law enforcement chiefs or security directors of public transportation agencies in large metropolitan areas, as well as Amtrak. In addition to Amtrak, the following agencies are members of the PAG: Metro Transit of Harris County, Texas (Houston Area), Massachusetts Bay Transportation Authority; New York Metropolitan Transportation Authority; New York Police Department—Transit Bureau; New Jersey Transit; Southeast Pennsylvania Transportation Authority; Washington Metropolitan Area Transit Authority; Metropolitan Atlanta Rapid Transit Authority; Chicago Transit Authority; Dallas Area Rapid Transit; Denver Regional Transportation District; King County Metro Transit (Seattle Area); Bay Area Rapid Transit; and Los Angeles County Sheriff’s Department. 151 TSA, FTA, and FEMA host semi-annual Transit Safety and Security Roundtables with the law enforcement chiefs and security directors of the largest 50 mass transit and passenger rail systems (by passenger volume) and Amtrak. These agencies account for more than 80 percent of all users of PO 00000 Frm 00035 Fmt 4701 Sfmt 4702 91369 In its general comments in response to the 2013 Notice, APTA asserted that ‘‘the elements of the 9/11 Act are already addressed within the scope of security training programs throughout the public transportation industry.’’ 152 The American Public Transportation Association cited training required by 49 CFR 239.101 as evidence that they meet certain portions of the 9/11 Act. As noted in section III.G.1 of this NPRM, 49 CFR part 239 (also known as the ‘‘Passenger Train Emergency Preparedness Rule’’) has a training requirement for rail equipment familiarization, situational awareness, coordination of functions, and ‘handson’ instruction concerning the location, function, and operation of on-board emergency equipment.153 These requirements, which align with some of those in TSA’s proposed rule, apply to many of the public transportation modes affected by the proposed rule (intercity passenger rail and commuter rail). Individual public transportation agencies—including a few that would be affected by the proposed rule–also provided comments on the type of training they currently implement for frontline employees. This training includes programs on security awareness and employee- and companyspecific training on their own security programs and measures (which employees have to take every two years). All of this information has led TSA to conclude that some PTPR owner/operators, either in compliance with other security rules or because the owner/operator makes security a priority, invest in security training for their frontline employees and, at minimum, cover the topics of security awareness, and employee- and company-specific security program and measures. D. Over-the-Road Buses TSA conducted a meeting with industry stakeholders in November 2007. In July 2009, TSA met again with industry representatives. During the 2007 consultations, industry stakeholders included large motorcoach public transportation services nationally. The threeday sessions employ a workshop format to address specific issues pertaining to terrorism prevention and response. The collective expertise fosters the development of collaborative security solutions, informs setting of priorities for security programs, and advances the strategic priority of elevating the baseline level of security throughout the mass transit and passenger rail mode. 152 APTA, ‘‘RE: Docket No. TSA–2013–0005’’ (Docket ID: TSA–2013–0005–0114), available at https://www.regulations.gov/. Input the Docket ID ‘‘TSA–2013–0005–0114’’ into the blue ‘‘Search’’ field. 153 Id. E:\FR\FM\16DEP3.SGM 16DEP3 91370 Federal Register / Vol. 81, No. 242 / Friday, December 16, 2016 / Proposed Rules operators and trade associations representing both large and small operators. In July 2009, TSA again met with representatives of the OTRB community and presented a series of issues on which TSA sought their individual opinions. In its response to the 2013 Notice, the American Bus Association (ABA) 154 described the importance of the OTRB Security Grant Program in providing financial assistance to the industry for implementing security measures, such as equipment and training.155 According to the ABA, nearly 10 percent of the funding from the OTRB Security Grant Program went to security training. The OTRB Security Grant Program has since been discontinued and the ABA states that some security upgrades were not enacted because: [T]he private bus industry was largely unable to pay for such upgrades. The inability to pay is a function of the small business nature of the industry, the huge number of bus operators with few resources and the inability of bus passengers to absorb any fare increases that could be used to pay for security upgrades.156 The ABA states that despite this loss in funding, two of the major private OTRB companies currently use ‘‘Operation Secure Transport’’—an OTRB-specific version of First ObserverTM—to train their ‘‘front line’’ employees. This is validated by the comments provided by the private companies themselves. Additionally, according to comments from the OTRB Working Group of the Highway Motor Carrier SCC, ‘‘all [of its] PAG members have supplied training to front line employees using Highway Watch, First ObserverTM, or Cat Eyes training.’’ 157 This group includes a third, major OTRB company. All of this information has led TSA to conclude that, at minimum, three of the larger OTRB companies currently use First ObserverTM to train their ‘‘front line’’ employees. mstockstill on DSK3G9T082PROD with PROPOSALS3 E. Labor Unions In addition to inviting participation of labor union representatives in many of the mode-specific meetings, TSA also met specifically with labor unions as 154 The ABA describes itself as a trade association that is ‘‘home to some 850 bus operating companies and over 3,000 other companies, organizations and partnerships involved in providing transportation, tour and travel services to the traveling public.’’ See ‘‘Comments of the American Bus Association’’ (Docket ID: TSA–2013–0005–0119), available at https://www.regulations.gov/. Input the Docket ID ‘‘TSA–2013–0005–0119’’ into the blue ‘‘Search’’ field. 155 Id. 156 Id. 157 Id. VerDate Sep<11>2014 20:02 Dec 15, 2016 Jkt 241001 part of its stakeholder consultation process. In December 2007, TSA met with representatives of several labor unions. On November 3, 2009, TSA met with representatives from the Transportation Trades Department of the American Federation of Labor and Congress of Industrial Organizations, the International Brotherhood of Teamsters, the Brotherhood of Locomotive Engineers and the Amalgamated Transit Union to discuss the surface training issues. V. Rulemaking Analyses and Notices A. Paperwork Reduction Act The Paperwork Reduction Act of 1995 (PRA) 158 requires that TSA consider the impact of paperwork and other information collection burdens imposed on the public and, under the provisions of PRA sec. 3507(d), obtain approval from the OMB for each collection of information it conducts, sponsors, or requires through regulations. Under OMB Control No. 1652–0051, OMB has approved a related information collection request for contact information for RSCs and alternate RSCs, as well as the reporting of significant security concerns by freight railroad carriers, passenger rail road carriers, and rail transit systems. This proposed rule contains new information collection activities subject to the PRA. Accordingly, TSA has submitted the following information requirements to OMB for its review. The OMB 83–I Supporting Statement for this information collection request is available in the docket for this rulemaking. Title: Security Training Programs for Surface Mode Employees. Summary: This proposed rule would require the following information collections: First, owner/operators identified in 49 CFR 1580.101, 1582.101, and 1584.101 would be required to submit to TSA for approval a security training program for security-sensitive employees that meets the requirements of subpart B of 49 CFR part 1580, subpart B of 49 CFR part 1582, and subpart B of 49 CFR part 1584. Second, respondents would be required to retain individual training records on security-sensitive employees at the location(s) specified in each respondent’s respective security training program, and make such records available to TSA upon request. Third, the public transportation bus systems and OTRB owner/operators to whom the proposed rule applies would 158 44 PO 00000 U.S.C. 3501 et seq. Frm 00036 Fmt 4701 Sfmt 4702 be required to report significant security concerns, which includes incidents, suspicious activities, and/or threat information. Finally, the owner/operators to whom the proposed rule applies would be required to make their operations and records available for announced or unannounced inspections that would assess compliance with the NPRM. Use of: This proposal would support the information needs to evaluate security training programs against requirements set forth in the NPRM. Recordkeeping requirements would be used to verify employee training is in compliance with the proposed rule. Security coordinator information would support respondent communications with TSA concerning intelligence information, security related activities, and incident or threat response with appropriate law enforcement and emergency response agencies. The reporting of significant security concerns would support the analysis of trends and indicators of developing threats and potential terrorist activity. Finally, information collected through inspections would be used to enforce compliance with the proposed requirements. Respondents (including number of): The likely respondents to this information collection are the owners and/or operators of covered surface modes, which are estimated to incur approximately 1,374,501 responses over the next 3 years (including 449,067 freight railroad responses; 673,033 PTPR responses; and 252,401 OTRB company responses), which amounts to an average annual cost of $657,370. Frequency: TSA estimates that following initial submission, security training programs would need to be periodically updated as appropriate. Security training records would need to be updated after each training occurrence. Security coordinator information would need to be updated as appropriate. Significant security concerns would be reported as they occur. TSA estimates inspections for compliance would occur at a rate of one inspection per year per owner/operator. Annual Burden Estimate: The average yearly burden for security training program development and submission, security coordinator submission, employee training documentation recordkeeping, and incident reporting is estimated to be 1,518 hours for freight railroads; 2,147 hours for PTPRs; and 4,247 hours for OTRB companies. The total average annual time burden estimate is approximately 7,912 hours. Table 8 shows the information collections and corresponding hour E:\FR\FM\16DEP3.SGM 16DEP3 Federal Register / Vol. 81, No. 242 / Friday, December 16, 2016 / Proposed Rules 91371 burdens for entities falling under the requirements of the proposed rule. TABLE 8—PRA HOURS OF BURDEN Time per response (hours) Collection Number of responses Year 1 Year 2 3-Year time burden Year 3 Average annual time burden Initial Security Training Program Development and Submission Freight Rail ............................................... PTPR ........................................................ OTRB (Large to Medium) ........................ OTRB (Small) ........................................... 52 52 32 16 36 47 28 174 0 0 0 3 0 0 1 3 1,872 2,444 928 2,883 624 815 309 961 0 0 0 3 810 518 418 1,297 270 173 139 432 8 181 35 409 12 136 149,665 219,646 41,824 150,341 219,856 42,355 1,871 2,746 523 624 915 174 Modified Security Training Program Development and Submission Freight Rail ............................................... PTPR ........................................................ OTRB (Large to Medium) ........................ OTRB (Small) ........................................... 25 25 16 8 32 21 25 157 0 0 0 3 Security Coordinator Information Submission PTPR ........................................................ OTRB ....................................................... 0.5 0.5 52 459 8 178 Employee Training Documentation Recordkeeping Freight Rail ............................................... PTPR ........................................................ OTRB ....................................................... 0.004 0.004 0.004 148,992 219,437 41,300 Incident Reporting 0.05 0.05 4,652 41,173 4,652 41,898 4,652 42,635 698 6,285 233 2,095 Total Burden (responses) ................. ........................ ........................ ........................ ........................ 1,374,501 ........................ Total Burden (hours) ......................... mstockstill on DSK3G9T082PROD with PROPOSALS3 PTPR ........................................................ OTRB ....................................................... ........................ ........................ ........................ ........................ 23,735 7,912 TSA is soliciting comments to— (1) Evaluate whether the proposed information requirement is necessary for the proper performance of the functions of the agency, including whether the information would have practical utility; (2) Evaluate the accuracy of the agency’s estimate of the burden; (3) Enhance the quality, utility, and clarity of the information to be collected; and (4) Minimize the burden of the collection of information on those who are to respond, including using appropriate automated, electronic, mechanical, or other technological collection techniques or other forms of information technology. Individuals and organizations may submit comments on the information collection requirements by February 14, 2017. Direct the comments to the address listed in the ADDRESSES section of this document, and email your comments to OMB using the following address: OIRA_submission@ omb.eop.gov. A comment to OMB is most effective if OMB receives it within VerDate Sep<11>2014 20:02 Dec 15, 2016 Jkt 241001 30 days of publication. TSA will publish the OMB control number for this information collection in the Federal Register after OMB approves it. As provided by the PRA, as amended, an agency may not conduct or sponsor, and a person is not required to respond to, a collection of information unless it displays a currently valid OMB control number. B. Economic Impact Analyses 1. Regulatory Impact Analysis Summary Changes to Federal regulations must undergo several economic analyses. First, Executive Order (E.O.) 12866, Regulatory Planning and Review,159 as supplemented by E.O. 13563, Improving Regulation and Regulatory Review,160 directs each Federal agency to propose or adopt a regulation only upon a reasoned determination that the benefits of the intended regulation justify its costs. Second, the Regulatory Flexibility 159 58 160 76 PO 00000 FR 51735 (Oct. 4, 1993). FR 3821 (Jan. 21, 2011). Frm 00037 Fmt 4701 Sfmt 4702 Act of 1980 (RFA) 161 requires agencies to consider the economic impact of regulatory changes on small entities. Third, the Trade Agreement Act of 1979 162 prohibits agencies from setting standards that create unnecessary obstacles to the foreign commerce of the United States. Fourth, the Unfunded Mandates Reform Act of 1995 163 (UMRA) requires agencies to prepare a written assessment of the costs, benefits, and other effects of proposed or final rules that include a Federal mandate likely to result in the expenditure by State, local, or tribal governments, in the aggregate, or by the private sector, of $100 million or more annually (adjusted for inflation). 161 Public Law 96–354, 94 Stat. 1164 (Sept. 19, 1980) (codified at 5 U.S.C. 601 et seq., as amended by the Small Business Regulatory Enforcement Fairness Act of 1996 (SBREFA)). 162 Public Law 96–39, 93 Stat. 144 (July 26, 1979) (codified at 19 U.S.C. 2531–2533). 163 Public Law 104–4, 109 Stat. 66 (Mar. 22, 1995) (codified at 2 U.S.C. 1181–1538). E:\FR\FM\16DEP3.SGM 16DEP3 91372 Federal Register / Vol. 81, No. 242 / Friday, December 16, 2016 / Proposed Rules There are 574 U.S. freight rail owners/ operators and are composed of 7 Class I, 21 Class II, and 546 Class III railroads.164 A total of 36 (7 Class I, 8 Class II, and 21 Class III) out of the 574 U.S. freight rail owner/operators carry RSSM through an HTUA and would be affected by the proposed rule.165 These 36 freight rail owner/operators provide security awareness 166 and chain of custody and control 167 trainings to their employees. These trainings address two of the required elements of security training required by the proposed rule in § 1580.115 (Security training and knowledge for security-sensitive employees: Prepare and Assess). Additionally, freight rail owner/ operators are already required to comply with the requirements to assign security coordinators and report significant security concerns to TSA under current 49 CFR 1580. Table 9 below displays the requirements of the proposed rule for freight rail. The check marked items in the table represent existing requirements under PHMSA 49 CFR 172.704 and 1580.107, therefore do not represent additional burden to the freight rail owners/operators. There are more than 7,100 public transportation organizations.168 Of these, 47 PTPR owner/operators 169 fall within the applicability of the proposed rule. Twenty-four of these 47 PTPR owner/operators effectively provide training to their employees on security awareness and employee- and companyspecific security programs and measures.170 These trainings address two of the required elements of security training required by the proposed rule in § 1582.115 (Security training and knowledge for security-sensitive employees: Prepare and Assess). Additionally, 23 PTPR owner/operators are already required to comply with the requirements to assign security coordinators and report significant security concerns to TSA under current 49 CFR 1580. Table 10 below displays the requirements of the proposed rule for PTPRs. The check marked items in the table represent existing requirements under 49 CFR 1580 and, therefore do not represent additional burden to the freight rail owners/ operators. 164 AAR, ‘‘Railroad Facts, 2015 Edition,’’ at 3 (2015). 165 TSA used its railcar tracking system that monitors toxic inhalant hazard cars, the Toxic Inhalation Hazard Risk Reduction Verification System, (TIHRRVS) to identify freight rail owner/ operators. 166 As required by PHMSA 49 CFR 172.704. 167 In place because of the chain of custody requirement in 49 CFR 1580.107. 168 APTA, ‘‘2014 Public Transportation Fact Book’’ (Nov. 2014), available at https:// www.apta.com/resources/statistics/Documents/ FactBook/2014-APTA-Fact-Book.pdf. 169 TSA elicited and used input from SMEs in its Surface Division, combined with data from the Federal Transit Administration’s (FTA) National Transit Database (NTD) to identify the 47 PTPR owner/operators. 170 Agencies identified using latest evaluation from TSA’s BASE assessment. Information on BASE assessment can be found here: https://www.tsa.gov/ news/top-stories/2015/09/21/transit-agencies-earnhigh-ratings-through-base-program. mstockstill on DSK3G9T082PROD with PROPOSALS3 VerDate Sep<11>2014 20:02 Dec 15, 2016 Jkt 241001 PO 00000 Frm 00038 Fmt 4701 Sfmt 4702 E:\FR\FM\16DEP3.SGM 16DEP3 EP16DE16.015</GPH> Executive Orders 12866 and 13563 direct agencies to assess the costs and benefits of available regulatory alternatives and, if regulation is necessary, to select regulatory approaches that maximize net benefits (including potential economic, environmental, public health and safety effects, distributive impacts, and equity). Executive Order 13563 emphasizes the importance of quantifying both costs and benefits, of reducing costs, of harmonizing rules, and of promoting flexibility. In conducting these analyses, TSA has determined: 1. This rulemaking is a ‘‘significant regulatory action,’’ although not an economically significant regulatory action, under sec. 3(f) of E.O. 12866. Accordingly, the Office of Management and Budget (OMB) has reviewed this NPRM. 2. TSA has prepared an Initial Regulatory Flexibility Analysis (IRFA), which suggests this rulemaking would have a significant impact on a substantial number of small entities. 3. This rulemaking would not constitute a barrier to international trade. 4. This rulemaking does not impose an unfunded mandate on State, local, or tribal governments, or on the private sector under UMRA. TSA has prepared an analysis of its estimated costs and benefits, summarized in the following paragraphs. The OMB Circular A–4 Accounting Statement for this proposed rule is in section V.C. When estimating the cost of a rulemaking, agencies typically estimate future expected costs imposed by a regulation over a period of analysis. For this rule’s period of analysis, TSA uses a 10-year period of analysis to estimate the initial and recurring costs of the regulated surface mode owner/operators and new owner/ operators that are expected due to industry growth. TSA concluded the following about the current, or baseline, training environment for freight rail, public transportation and passenger railroad (PTPR), and OTRB employees (see section 1.9 of the RIA placed in the docket for further detailed information on the current baseline): 2. Executive Orders 12866 and 13563 Assessments Federal Register / Vol. 81, No. 242 / Friday, December 16, 2016 / Proposed Rules 91373 affected parties: Freight railroad owner/ operators, PTPR owner/operators, OTRB owner/operators, and TSA. As displayed in Table 12, TSA estimates 171 American Bus Association Foundation, ‘‘Motorcoach Census 2014’’ (Mar. 12, 2015), available at https://www.buses.org/assets/images/ uploads/general/Report%20%20Census2013data.pdf. 172 TSA relied on a variety of sources to identify the 202 owner/operators: TSA Intercity Bus Security Grant Program (IBSGP) applications, the American Intercity Bus Riders Association (AIBRA) intercity bus service operator list, consultations with ABA, and Internet research of Web sites like GotoBus.com and other publicly available sources of information. 173 OMB, ‘‘Circular A–4,’’ at 2 (Sept. 17, 2003), available at https://www.whitehouse.gov/sites/ default/files/omb/assets/regulatory_matters_pdf/a4.pdf (‘‘Benefits and costs are defined in comparison with a clearly stated alternative. This normally will be a ‘no action’ baseline: What the world will be like if the proposed rule is not adopted.’’). 174 OMB also requires TSA to consider a ‘‘prestatute’’ baseline. Id. at 16. Costs of First ObserverTM have accrued since passage of the 9/11 Act and are part of this ‘‘pre-statute’’ baseline. VerDate Sep<11>2014 20:02 Dec 15, 2016 Jkt 241001 PO 00000 Frm 00039 Fmt 4701 Sfmt 4702 E:\FR\FM\16DEP3.SGM 16DEP3 EP16DE16.017</GPH> currently using this program compared to the ‘‘no-action’’ baseline.173 In Appendix A of the RIA, however, TSA has also monetized the cost of their current participation in First ObserverTM. TSA estimated this cost at $0.36 million to these owner/operators over 10 years (discounted at 7 percent).174 EP16DE16.016</GPH> § 1584.115 (Security training and knowledge for security-sensitive employees: Observe, Assess, and Respond). Table 11 displays the requirements of this proposed rule for OTRB owner/operators. The check marked items in the table represent the training components already covered by the First ObserverTM program and, therefore do not represent additional burden to the ORTB owners/operators TSA summarizes the costs of the proposed rule to be borne by four mstockstill on DSK3G9T082PROD with PROPOSALS3 There are 3,741 U.S. companies in the motorcoach industry.171 Of these, 202 of them 172 fall within the applicability of the proposed rule. Three of the 202 are large OTRB companies that currently use the TSA-supplied First ObserverTM program, which covers a majority of the 9/11 Act security training requirements, to train their employees. This training addresses three of the security training elements of this proposed rule 91374 Federal Register / Vol. 81, No. 242 / Friday, December 16, 2016 / Proposed Rules the 10-year total cost of this proposed rule to be $222.80 million undiscounted, $190.45 million discounted at 3 percent, and $157.27 million discounted at 7 percent. The costs to industry (all three surface modes) comprise approximately 99 percent of the total costs of the rule; and the remaining costs are incurred by TSA. TABLE 12—TOTAL COST OF THE PROPOSED RULE BY ENTITY [$ millions] Total proposed rule cost Year Freight rail PTPR OTRB TSA Undiscounted Discounted at 3% Discounted at 7% 1 ................................... 2 ................................... 3 ................................... 4 ................................... 5 ................................... 6 ................................... 7 ................................... 8 ................................... 9 ................................... 10 ................................. $14.51 14.37 8.68 14.50 14.56 8.93 14.69 14.76 8.92 14.89 $9.29 5.84 9.06 5.85 9.08 6.00 9.10 5.87 9.11 5.88 $2.04 1.62 1.47 1.66 1.68 1.82 1.73 1.76 1.60 1.80 $0.52 0.12 0.13 0.13 0.13 0.18 0.13 0.14 0.14 0.14 $26.35 21.95 19.33 22.13 25.45 16.93 25.65 22.66 19.76 22.71 $25.59 20.69 17.69 19.67 21.95 14.18 20.86 17.78 15.15 16.91 $24.63 19.17 15.78 16.89 18.15 11.28 15.98 13.11 10.75 11.55 Total ...................... Annualized ............ 128.80 ........................ 75.08 ........................ 17.17 ........................ 1.75 ........................ 222.80 ........................ 190.45 22.33 157.27 22.39 Note: Totals may not add due to rounding. million undiscounted, $110.00 million discounted at 3 percent, and $90.74 million discounted at 7 percent, as displayed by cost categories in Table 13. TSA estimates the 10-year costs to the PTPR industry to be $75.08 million undiscounted, $64.26 million discounted at 3 percent, and $53.14 million discounted at 7 percent, as displayed by cost categories in Table 14. VerDate Sep<11>2014 20:02 Dec 15, 2016 Jkt 241001 PO 00000 Frm 00040 Fmt 4701 Sfmt 4702 E:\FR\FM\16DEP3.SGM 16DEP3 EP16DE16.018</GPH> mstockstill on DSK3G9T082PROD with PROPOSALS3 TSA estimates the 10-year costs to the freight railroad industry to be $128.80 Federal Register / Vol. 81, No. 242 / Friday, December 16, 2016 / Proposed Rules 91375 million discounted at 7 percent, as displayed by cost categories in Table 15. TSA estimates the 10-year costs to TSA to be $1.75 million undiscounted, $1.54 million discounted at 3 percent, and $1.31 million discounted at 7 percent, as displayed by cost categories in Table 16. VerDate Sep<11>2014 20:02 Dec 15, 2016 Jkt 241001 PO 00000 Frm 00041 Fmt 4701 Sfmt 4702 E:\FR\FM\16DEP3.SGM 16DEP3 EP16DE16.020</GPH> undiscounted, $14.65 million discounted at 3 percent, and $12.08 EP16DE16.019</GPH> mstockstill on DSK3G9T082PROD with PROPOSALS3 TSA estimates the 10-year costs to the OTRB industry to be $17.17 million Federal Register / Vol. 81, No. 242 / Friday, December 16, 2016 / Proposed Rules mstockstill on DSK3G9T082PROD with PROPOSALS3 The proposed rule would enhance surface transportation security by reducing vulnerability to terrorist attacks in four different ways. First, the surface transportation employees in each of the three covered modes would be trained to identify security vulnerabilities. Second, these surface transportation employees would be better trained to recognize potentially threatening behavior and properly report that information. Third, these surface employees would be trained to respond to incidents, thereby mitigating the consequences of an attack. Finally, the covered surface transportation owner/operators would be required to report significant security concerns to TSA so that TSA can analyze potential threats across all modes. While training is not an absolute deterrent for terrorists intent on carrying 175 See out attacks on surface modes of transportation, TSA expects the probability of success for such attacks to decrease if security-sensitive employees within these transportation modes are trained in the elements required under the proposed rule. TSA uses a break-even analysis to frame the relationship between the potential benefits of the proposed rule and the costs of implementing the rule. When it is not possible to quantify or monetize a majority of the incremental benefits of a regulation, OMB recommends conducting a threshold, or ‘‘break-even’’ analysis. According to OMB Circular No. A–4, ‘‘Regulatory Analysis,’’ such an analysis answers the question ‘‘How small could the value of the non-qualified benefits be (or how large would the value of the non- quantified costs need to be) before the rule would yield zero net benefits?’’ 175 To conduct the break-even analysis, TSA evaluates three composite scenarios for each the three modes covered by the proposed rule. For each scenario, TSA calculates a total monetary consequence from an estimated statistical value of the human casualties and capital replacement resulting from the attack (see Section 4.3 of the Surface Training Program for Surface Mode Employees Regulatory Impact Analysis for a more detailed description of these calculations however many assumptions regarding specific terrorist attacks scenarios are SSI and cannot be publically released). Table 17 presents the composite or weighted average of direct consequences from a successful attack on each mode. id. VerDate Sep<11>2014 20:02 Dec 15, 2016 Jkt 241001 PO 00000 Frm 00042 Fmt 4701 Sfmt 4702 E:\FR\FM\16DEP3.SGM 16DEP3 EP16DE16.021</GPH> 91376 Federal Register / Vol. 81, No. 242 / Friday, December 16, 2016 / Proposed Rules TSA compared the estimated direct monetary costs of an attack to the annualized cost (discounted at 7 percent) to industry and TSA from the proposed rule for each mode to estimate how often an attack of that nature would need to be averted for the expected benefits to equal estimated costs. Table 18 presents the results of the break-even analysis for each mode. For example, Table 18 shows that if the freight rail training requirements in this rule prevents one freight rail terrorist attack every 96 years, this rule ‘‘breaks-even’’ (the benefits equal the costs). The break-even analysis does not include the difficult to quantify indirect costs of an attack or the macroeconomic impacts that could occur due to a major attack. In addition to the direct impacts of a terrorist attack in terms of lost life and property, there are other more indirect impacts that are difficult to measure. As noted by Cass Sunstein in the Laws of Fear, ‘‘. . . fear is a real social cost, and it is likely to lead to 91377 other social costs.’’ 178 In addition, Ackerman and Heinzerling state ‘‘. . . terrorism ‘works’ through the fear and demoralization caused by uncontrollable uncertainty.’’ 179 As devastating as the direct impacts of a successful terrorist attack can be in terms of the immediate loss of life and property, avoiding the impacts of the more difficult to measure indirect effects are also substantial benefits of preventing a terrorist attack. TABLE 18—BREAK-EVEN ANALYSIS RESULTS [$ millions] Weighted average direct costs of a successful attack a Modes Freight Rail ................................................................... PTPR ............................................................................ OTRB ............................................................................ Annualized cost of the proposed rule at 7% b $1,218.92 613.19 679.02 $12.94 7.60 1.86 Breakeven averted attack frequency c=a÷b One attack every 94 years. One attack every 81 years. One attack every 365 years. Note: Totals may not add due to rounding. and qualitative benefits of the proposed rule. 3. OMB A–4 Statement 176 As explained in the RIA in the docket, to monetize injuries, TSA used two approaches (depending on whether the injury was due to exposure to hazardous chemicals). To monetize ‘‘non-chemical’’ injuries, TSA uses guidance from the Department of Transportation for valuing injuries based on the Abbreviated Injury Scale. To VerDate Sep<11>2014 20:02 Dec 15, 2016 Jkt 241001 monetize chemical-related injuries, TSA obtained information on the cost of medical treatment for poisoning injuries. 177 Total Direct Consequences = (Deaths × $9.1 million VSL) + (Severe injuries × $2.42 million) + (Moderate injuries × $0.43 million) + (Severe chemical injuries × $42,462) + (Moderate chemical PO 00000 Frm 00043 Fmt 4701 Sfmt 4702 injuries × $1,563) + Public property loss + Private property loss + Rescue and clean-up cost. 178 Cass R. Sunstein, ‘‘Laws of Fear,’’ at 127 (2005). 179 Frank Ackerman and Lisa Heinzerling, ‘‘Priceless On Knowing the Price of Everything and the Value of Nothing,’’ at 136 (2004). E:\FR\FM\16DEP3.SGM 16DEP3 EP16DE16.022</GPH> mstockstill on DSK3G9T082PROD with PROPOSALS3 The OMB A–4 Accounting Statement (in Table 19) presents annualized costs 91378 Federal Register / Vol. 81, No. 242 / Friday, December 16, 2016 / Proposed Rules TABLE 19—OMB A–4 $ ACCOUNTING STATEMENT [in $ millions, 2015 dollars] Primary estimate Category Minimum estimate Maximum estimate Source citation (final RIA, preamble, etc.) Benefits ($ millions) Annualized monetized benefits (discount rate in parentheses) ..................... Unquantified benefits ...................................................................................... NPRM RIA. The requirements proposed in this rule, if finalized, produce benefits by reducing security risks through training security-sensitive surface mode employees to identify and/or mitigate an attempted terrorist attack. NPRM RIA. (7%) $22.39 (3%) $22.33 0 NPRM RIA. Costs ($ millions) Annualized monetized costs (discount rate in parentheses) ......................... Annualized quantified, but unmonetized, costs .............................................. 0 0 Qualitative costs (unquantified) ...................................................................... N/A NPRM RIA. NPRM RIA. Transfers Annualized monetized transfers: ‘‘on budget’’ ................................................ From whom to whom? .................................................................................... Annualized monetized transfers: ‘‘off-budget’’ ................................................ From whom to whom? .................................................................................... 0 N/A 0 N/A 0 N/A 0 N/A Miscellaneous Analyses/Category Effects Effects Effects Effects on on on on mstockstill on DSK3G9T082PROD with PROPOSALS3 Effects State, local, and/or tribal governments ......................................... small businesses ........................................................................... wages ............................................................................................ growth ............................................................................................ 4. Alternatives Considered In addition to the proposed rule, TSA also considered two alternative policies. As discussed in section III.K of this NPRM, the first alternative (Alternative 1) only includes requirements that are statutory according to the 9/11 Act.180 The second alternative (Alternative 2) expands the population of owners/ operators to all who operate within the UASI—which includes the entire metropolitan statistical area—and requires them to develop their own training program. This would be the case if First Observer PlusTM were not made available to owner/operators or if the owners/operators would not adopt First Observer PlusTM. This alternative was considered in the early stages of this proposed rule when the First ObserverTM program was still in development. Notionally, an owner/ operator-developed training program would provide a marginal increase in 180 Table 59 in the RIA found in the docket provides a section-by section analysis of which regulatory provisions are statutorily required and which provisions are discretionary. VerDate Sep<11>2014 20:02 Dec 15, 2016 Jkt 241001 Frm 00044 Fmt 4701 Sfmt 4702 NPRM RIA. None. NPRM RIA. None. Source Citation (NPRM RIA, preamble, etc.). None Prepared IRFA None None effectiveness over a ‘‘one size fits all’’ training program because it would be customized to the individual owner/ operator and take into account the unique security and structural characteristics inherent in a large and complicated system like a transportation network. Though not the least costly option, TSA selects the proposed rule as its preferred alternative because TSA recommends that all surface mode employees be refreshed on their security training objectives annually, in an abbreviated method at the very least. TSA recognizes recurrent training as essential to maintaining a high level of security awareness. The 9/11 Act recognizes this as well by requiring routine and ongoing training for public transportation employees. Congress has left it to the discretion of TSA to determine the appropriate schedule for recurrent training. TSA believes that annual training is essential for maintaining a high level of security awareness among surface transportation employees. TSA’s goal is to ensure the expected baseline of security awareness PO 00000 0 N/A 0 N/A NPRM RIA. IRFA. None. None. is reached and maintained across the higher-risk systems and will work with the owner/operators as necessary to ensure that goal is accomplished. Additionally, the affected population for the proposed rule (and Alternative 1) is based on a risk assessment on these modes of transportation (for more detail see preamble section III.B.). TSA reviewed the scope of the relevant industries and the security risks associated with each. This assessment considers not only threat (as informed by intelligence), but also the potential consequences of a terrorist attack on a system or vehicle(s) and the vulnerabilities inherent in the design and/or operation of these systems and vehicles. Both the proposed rule and Alternative 1 target higher-risk areas or transportation systems as opposed to Alternative 2, which covers a broader population and sets its parameters by other industry characteristics. The reasons for rejecting Alternative 2 are discussed in section III.D. of this NPRM. For these reasons, TSA has chosen the proposed rule as its preferred alternative. Table 20 presents a E:\FR\FM\16DEP3.SGM 16DEP3 Federal Register / Vol. 81, No. 242 / Friday, December 16, 2016 / Proposed Rules component for industry and TSA for the proposed rule and both alternatives. Table 20. Comparison of Costs Between Alternatives (in millions) 10-Year Costs Initial Affected (in$ millions) at a 7% Population Alternative Requirements discount rate (Number of Owner/Operators) Industry TSA Total (1) Train security -sensitive employees on security using First Observer Plus™ or custom training plan, (2) designate a security Proposed coordinator, (3) $155.96 $1.31 $157.27 Rule report significant security incidents to TSA, (4) maintain employee training records, and (5) allow TSA to perform 36 Freight Rails on site 47 PTPRs inspections. 202 OTRBs (1) Train security -sensitive employees once every three years on security using First Observer Plus™ or custom training plan (except for Chain Alternative 1 $49.61 $0.63 $50.24 of custody and control); (2) OTRB designates a security coordinator, and (3) allow TSA to perform onsite inspections. VerDate Sep<11>2014 20:02 Dec 15, 2016 Jkt 241001 PO 00000 Frm 00045 Fmt 4701 Sfmt 4725 E:\FR\FM\16DEP3.SGM 16DEP3 EP16DE16.023</GPH> mstockstill on DSK3G9T082PROD with PROPOSALS3 comparison of the costs by cost 91379 Federal Register / Vol. 81, No. 242 / Friday, December 16, 2016 / Proposed Rules 5. Regulatory Flexibility Assessment The Regulatory Flexibility Act (RFA) of 1980 requires agencies to consider the impacts of their rules on small entities. TSA performed an Initial Regulatory Flexibility Analysis (IRFA) to analyze the impact to small entities affected by the proposed rule. See the RIA in the docket for the full IRFA. A summary of the RFA is below. Under the RFA, the term ‘‘small entities’’ comprises small businesses, not-for-profit organizations that are independently owned and operated and are not dominant in their fields, and small governmental jurisdictions with populations of less than 50,000. Individuals and States are not considered ‘‘small entities’’ based on the definitions in the RFA (5 U.S.C. 601). The PTPR owner/operators affected by this proposed rule are not considered small because they are either owned/ operated by governmental jurisdictions that exceed the RFA population threshold of 50,000 or a business that exceeds the SBA size threshold. Only freight rail and OTRB owner/operators have small entities that may be affected by the proposed rule. TSA uses the Small Business Administration’s (SBA) size standards to identify that 13 freight VerDate Sep<11>2014 20:02 Dec 15, 2016 Jkt 241001 rail owner/operators affected by the proposed rule are considered a small business. TSA calculates that proposed rule’s requirements are estimated to cost $68.78 per employee and $6,068.49 per entity to these freight rail owner/ operators. Of these 13 small freight rail owner/operators, TSA estimates that only one of them would have an impact to revenue greater that 1 percent. For OTRBs, TSA uses SBA’s threshold to estimate that 174 OTRB owner/ operators affected by the proposed rule are considered a small business. TSA calculates that the proposed rule’s requirements are estimated to cost $33.41 per employee and $3,347.67 per entity to these OTRB owner/operators. Of these 174 small OTRB owner/ operators, TSA estimates that 20 of them would have an impact to revenue greater than 1 percent. TSA considered two alternative policies in addition to the proposed rule. As discussed in section III.K of this NPRM and section 5.1 of the RIA, the first alternative (Alternative 1) only includes requirements that are statutory according to the 9/11 Act. This alternative would remain applicable to the same population of the proposed rule, but would only require owner/ PO 00000 Frm 00046 Fmt 4701 Sfmt 4702 operators to train security-sensitive employees according to statutory guidelines set in the 9/11 Act. In Alternative 1, recurrent training is required only once every three years— similar to other training requirements of transportation modes—because the 9/11 Act does not require annual recurrent training as TSA does in the proposed rule. As discussed in section III.F(1)(2)(3) of this NPRM (Alternatives Considered) and section 5.2 of the RIA, the second alternative (Alternative 2) expands the population of owners/operators to all who operate within the UASI—which includes the entire metropolitan statistical area–and requires them to develop their own training program. TSA considered Alternative 2 while the First ObserverTM program was still in development. TSA chose the proposed rule as its preferred alternative, thus rejecting Alternative 1, because TSA recommends that all surface mode employees be refreshed on their security training objectives annually. TSA recognizes recurrent training as essential to maintaining a high level of security awareness. TSA’s objective is to ensure the expected baseline of security E:\FR\FM\16DEP3.SGM 16DEP3 EP16DE16.024</GPH> mstockstill on DSK3G9T082PROD with PROPOSALS3 91380 Federal Register / Vol. 81, No. 242 / Friday, December 16, 2016 / Proposed Rules mstockstill on DSK3G9T082PROD with PROPOSALS3 awareness is reached and maintained across the higher-risk systems and will work with the owner/operators as necessary to ensure that goal is accomplished. TSA has met this objective by developing First Observer PlusTM. TSA intends for the training content in First Observer PlusTM to align with most of the regulatory requirements in a final rule. This resource will be provided free to owner/ operators so that they may comply with the proposed rule at minimized costs. Additionally, the affected population for the proposed rule (and Alternative 1) is based on a risk assessment on these modes of transportation (for more detail see section III.B of this NPRM). TSA reviewed the scope of the relevant industries and the security risks associated with each. This assessment considers not only threat (as informed by intelligence), but also the potential consequences of a terrorist attack on a system or vehicle(s) and the vulnerabilities inherent in the design and/or operation of these systems and vehicles. Both the proposed rule and Alternative 1 target higher-risk areas or transportation systems as opposed to Alternative 2, which covers a broader population and sets its parameters by other industry characteristics. Alternative 2 leads to higher costs to small entities not necessarily considered higher-risk. TSA rejected Alternative 2 because the agency has determined that the proposed rule better aligns with its commitment to risk-based security policy and outcomes-based regulation and because it would impose a higher cost to small entities outside the higherrisk profile. TSA invites all interested parties to submit data and information regarding the potential economic impact on small entities that would result from the adoption of the proposed requirements in the proposed rule. 6. International Trade Impact Assessment The Trade Agreement Act of 1979 prohibits Federal agencies from establishing any standards or engaging in related activities that create unnecessary obstacles to the foreign commerce of the United States. Legitimate domestic objectives, such as safety, are not considered unnecessary obstacles. The statute also requires consideration of international standards and, where appropriate, that they be the basis for U.S. standards. TSA has assessed the potential effect of this proposed rule and has determined that it would have only a domestic impact and therefore no effect on any tradesensitive activity. VerDate Sep<11>2014 20:02 Dec 15, 2016 Jkt 241001 91381 7. Unfunded Mandates Assessment The Unfunded Mandates Reform Act of 1995 (UMRA) is intended, among other things, to curb the practice of imposing unfunded Federal mandates on State, local, and tribal governments. Title II of the UMRA requires each Federal agency to prepare a written statement assessing the effects of any Federal mandate in a proposed or final agency rule that may result in a $100 million or more expenditure (adjusted annually for inflation) in any one year by State, local, and tribal governments, in the aggregate, or by the private sector; such a mandate is deemed to be a ‘‘significant regulatory action.’’ This proposed rule does not contain such a mandate. The requirements of Title II of the UMRA, therefore, do not apply and TSA has not prepared a statement. transportation, Rail hazardous materials receivers, Rail hazardous materials shippers, Rail transit systems, Railroad carriers, Railroad safety, Railroads, Reporting and recordkeeping requirements, Security measures, Transportation facility, Vessels. C. Executive Order 13132, Federalism TSA has analyzed this rulemaking under the principles and criteria of Executive Order 13132, Federalism. We determined that this action would not have a substantial direct effect on the States, on the relationship between the National Government and the States, or on the distribution of power and responsibilities among the various levels of government, and therefore would not have federalism implications. 49 CFR Part 1570 D. Environmental Analysis TSA has reviewed this rulemaking for purposes of the National Environmental Policy Act of 1969 (NEPA) (42 U.S.C. 4321–4347) and has determined that this action will not have a significant effect on the human environment. This action is covered by categorical exclusion (CATEX) number A3(b) in DHS Management Directive 023–01 (formerly Management Directive 5100.1), Environmental Planning Program, which guides TSA compliance with NEPA. E. Energy Impact Analysis The energy impact of this rulemaking has been assessed in accordance with the Energy Policy and Conservation Act (EPCA), Public Law 94–163, as amended (42 U.S.C. 6362). TSA has determined that this rulemaking is not a major regulatory action under the provisions of the EPCA. 49 CFR Part 1520 Air carriers, Air transportation, Aircraft, Airports, Bus transit systems, Commuter bus systems, Law enforcement officer, Maritime carriers, Over-the-Road buses, Public transportation, Rail hazardous materials receivers, Rail hazardous materials shippers, Rail transit systems, Railroad carriers, Railroad safety, Railroads, Reporting and recordkeeping requirements, Security measures, Transportation facility, Vessels. Commuter bus systems, Crime, Fraud, Hazardous materials transportation, Motor carriers, Over-the-Road bus safety, Over-the-Road buses, Public transportation, Public transportation safety, Rail hazardous materials receivers, Rail hazardous materials shippers, Rail transit systems, Railroad carriers, Railroad safety, Railroads, Reporting and recordkeeping requirements, Security measures, Transportation facility, Transportation Security-Sensitive Materials. 49 CFR Part 1580 Hazardous materials transportation, Rail hazardous materials receivers, Rail hazardous materials shippers, Railroad carriers, Railroad safety, Railroads, Reporting and recordkeeping requirements, Security measures. 49 CFR Part 1582 Public transportation, Public transportation safety, Railroad carriers, Railroad safety, Railroads, Rail transit systems, Reporting and recordkeeping requirements, Security measures. 49 CFR Part 1584 Over-the-Road bus safety, Over-theRoad buses, Reporting and recordkeeping requirements, Security measures. List of Subjects The Proposed Amendments 49 CFR Part 1500 Air carriers, Air transportation, Aircraft, Airports, Bus transit systems, Commuter bus systems, Law enforcement officer, Maritime carriers, Over-the-Road buses, Public For the reasons set forth in the preamble, the Transportation Security Administration proposes to amend Chapter XII, of Title 49, Code of Federal Regulations to read as follows: PO 00000 Frm 00047 Fmt 4701 Sfmt 4702 E:\FR\FM\16DEP3.SGM 16DEP3 91382 Federal Register / Vol. 81, No. 242 / Friday, December 16, 2016 / Proposed Rules SUBCHAPTER A—ADMINISTRATIVE AND PROCEDURAL RULES PART 1500—APPLICABILITY, TERMS, AND ABBREVIATIONS 1. The authority citation for part 1500 is revised to read as follows: ■ Authority: 6 U.S.C. 1137, 1151, 1167, and 1184; 49 U.S.C. 114, 5103, 40113, 44901– 44907, 44913–44914, 44916–44918, 44935– 44936, 44942, 46105. ■ 2. Revise § 1500.3 to read as follows: mstockstill on DSK3G9T082PROD with PROPOSALS3 § 1500.3 Terms and abbreviations used in this chapter. As used in this chapter: Administrator means the Assistant Secretary for Homeland Security, Transportation Security Administration (Assistant Secretary), who is the highest-ranking TSA official, or his or her designee. Administrator also means the Under Secretary of Transportation for Security identified in 49 U.S.C. 114(b). Authorized representative means any individual who is not a direct employee of a person regulated under this title, but is authorized to act on that person’s behalf to perform measures required under the Transportation Security Regulations, or a TSA security program. For purposes of this subchapter, the term ‘‘authorized representative’’ includes agents, contractors, and subcontractors, and employees of the same. Bus means any of several types of motor vehicles used by public or private entities to provide transportation service for passengers. Bus transit system means a public transportation system providing frequent transportation service (not limited to morning and evening peak travel times) for the primary purpose of moving passengers between bus stops, often through multiple connections (a bus transit system does not become a commuter bus system even if its primary purpose is the transportation of commuters). This term does not include tourist, scenic, historic, or excursion operations. Commuter bus system means a system providing passenger service primarily during morning and evening peak periods, between an urban area and more distant outlying communities in a greater metropolitan area. This term does not include tourist, scenic, historic, or excursion operations. Commuter passenger train service means ‘‘train, commuter’’ as defined in 49 CFR 238.5, and includes service provided by diesel or electric powered locomotives and railroad passenger cars to serve an urban area, its suburbs, and VerDate Sep<11>2014 20:02 Dec 15, 2016 Jkt 241001 more distant outlying communities in the greater metropolitan area. A commuter passenger train service is part of the general railroad system of transportation regardless of whether it is physically connected to other railroads. DHS means the Department of Homeland Security and any directorate, bureau, or other component within the Department of Homeland Security, including the United States Coast Guard. DOT means the Department of Transportation and any operating administration, entity, or office within the Department of Transportation. Fixed-route service means the provision of transportation service by private entities operated along a prescribed route according to a fixed schedule. General railroad system of transportation means ‘‘the network of standard gauge track over which goods may be transported throughout the nation and passengers may travel between cities and within metropolitan and suburban areas’’ as defined in Appendix A to 49 CFR part 209. Hazardous material means ‘‘hazardous material’’ as defined in 49 CFR 171.8. Heavy rail transit means service provided by self-propelled electric railcars, typically drawing power from a third rail, operating in separate rightsof-way in multiple cars; also referred to as subways, metros or regional rail. Host railroad means a railroad that has effective control over a segment of track. Improvised explosive device (IED) means a device fabricated in an improvised manner that incorporates explosives or destructive, lethal, noxious, pyrotechnic, or incendiary chemicals in its design, and generally includes a power supply, a switch or timer, and a detonator or initiator. Intercity passenger train service means both ‘‘train, long-distance intercity passenger’’ and ‘‘train, shortdistance intercity passenger’’ as defined in 49 CFR 238.5. Light rail transit means service provided by self-propelled electric railcars, typically drawing power from an overhead wire, operating in either exclusive or non-exclusive rights-of-way in single or multiple cars, with shorter distance trips, and frequent stops; also referred to as streetcars, trolleys, and trams. Motor vehicle means a vehicle, machine, tractor, trailer, or semitrailer propelled or drawn by mechanical power and used upon the highways in the transportation of passengers or property, or any combination thereof, PO 00000 Frm 00048 Fmt 4701 Sfmt 4702 but does not include any vehicle, locomotive, or car operated exclusively on a rail or rails, or a trolley bus operated by electric power derived from a fixed overhead wire, furnishing local passenger transportation similar to street-railway service. Over-the-Road Bus (OTRB) means a bus characterized by an elevated passenger deck located over a baggage compartment. Owner/operator means any person that owns, or maintains operational control over, any transportation infrastructure asset, facility, or system regulated under this title, including airport operator, aircraft operator, foreign air carrier, indirect air carrier, certified cargo screening facility, flight school within the meaning of 49 CFR 1552.1(b), motor vehicle, public transportation agency, or railroad carrier. For purposes of a maritime facility or a vessel, owner/operator has the same meaning as defined in 33 CFR 101.105. Passenger rail car means rail rolling equipment intended to provide transportation for members of the general public and includes a selfpropelled rail car designed to carry passengers, baggage, mail, or express. This term includes a rail passenger coach, cab car, and a Multiple Unit (MU) locomotive. In the context of articulated equipment, ‘‘passenger rail car’’ means that segment of the rail rolling equipment located between two trucks. This term does not include a private rail car. Passenger railroad carrier means a railroad carrier that provides transportation to persons (other than employees, contractors, or persons riding equipment to observe or monitor railroad operations) by railroad in intercity passenger service or commuter or other short-haul passenger service in a metropolitan or suburban area. Passenger train means a train that transports or is available to transport members of the general public. Person means an individual, corporation, company, association, firm, partnership, society, joint-stock company, or governmental authority. It includes a trustee, receiver, assignee, successor, or similar representative of any of them. Private rail car means rail rolling equipment that is used only for excursion, recreational, or private transportation purposes. A private rail car is not a passenger rail car. Public transportation means transportation provided to the general public by a regular and continuing general or specific transportation vehicle that is owned or operated by a E:\FR\FM\16DEP3.SGM 16DEP3 mstockstill on DSK3G9T082PROD with PROPOSALS3 Federal Register / Vol. 81, No. 242 / Friday, December 16, 2016 / Proposed Rules public transportation agency, including providing one or more of the following types of passenger transportation: (1) Intercity or commuter passenger train service or other short-haul railroad passenger service in a metropolitan or suburban area (as described by 49 U.S.C. 20102(1)). (2) Heavy or light rail transit service, whether on or off the general railroad system of transportation. (3) An automated guideway, cable car, inclined plane, funicular, or monorail system. (4) Bus transit or commuter bus service. Public transportation agency means any publicly-owned or operated provider of regular and continuing public transportation. Rail hazardous materials receiver means any owner/operator of a fixedsite facility that has a physical connection to the general railroad system of transportation and receives or unloads from transportation in commerce by rail one or more of the categories and quantities of rail securitysensitive materials identified in 49 CFR 1580.3, but does not include the owner/ operator of a facility owned or operated by a department, agency or instrumentality of the Federal government. Rail hazardous materials shipper means the owner/operator of any fixedsite facility that has a physical connection to the general railroad system of transportation and offers (as defined in the definition of ‘‘person who offers or offeror’’ in 49 CFR 171.8), prepares or loads for transportation by rail one or more of the categories and quantities of rail security-sensitive materials as identified in 49 CFR 1580.3, but does not include the owner/operator of a facility owned or operated by a department, agency or instrumentality of the Federal government. Rail secure area means a secure location(s) identified by a rail hazardous materials shipper or rail hazardous materials receiver where securityrelated pre-transportation or transportation functions are performed or rail cars containing the categories and quantities of rail security-sensitive materials are prepared, loaded, stored, and/or unloaded. Rail transit facility means rail transit stations, terminals, and locations at which rail transit infrastructure assets are stored, command and control operations are performed, or maintenance is performed. The term also includes rail yards, crew management centers, dispatching centers, transportation terminals and VerDate Sep<11>2014 20:02 Dec 15, 2016 Jkt 241001 stations, fueling centers, and telecommunication centers. Rail transit system or ‘‘Rail Fixed Guideway System’’ means any light, heavy, or rapid rail system, monorail, inclined plane, funicular, cable car, trolley, or automated guideway that traditionally does not operate on track that is part of the general railroad system of transportation. Railroad carrier means an owner/ operator providing railroad transportation. Railroad transportation means any form of non-highway ground transportation that runs on rails or electromagnetic guideways, including (1) commuter or other short-haul rail passenger service in a metropolitan or suburban area and (2) high speed ground transportation systems that connect metropolitan areas, without regard to whether those systems use new technologies not associated with traditional railroads. Such term includes rail transit service operating on track that is part of the general railroad system of transportation but does not include rapid transit operations in an urban area that are not connected to the general railroad system of transportation. Record includes any means by which information is preserved, irrespective of format, including a book, paper, drawing, map, recording, tape, film, photograph, machine-readable material, and any information stored in an electronic format. The term record also includes any draft, proposed, or recommended change to any record. Sensitive security information (SSI) means information that is described in and must be managed in accordance with 49 CFR part 1520. State means a State of the United States and the District of Columbia. Tourist, scenic, historic, or excursion operation means a railroad or bus operation that carries passengers, often using antiquated equipment, with the conveyance of the passengers to a particular destination not being the principal purpose. Train or bus movements of new passenger equipment for demonstration purposes are not tourist, scenic, historic, or excursion operations. Transit means mass transportation by a conveyance that provides regular and continuing general or special transportation to the public, but does not include school bus, charter, or sightseeing transportation. Rail transit may occur on or off the general railroad system of transportation. Transportation or transport means the movement of property including loading, unloading, and storage. PO 00000 Frm 00049 Fmt 4701 Sfmt 4702 91383 Transportation or transport also includes the movement of people, boarding, and disembarking incident to that movement. Transportation facility means a location at which transportation cargo, equipment or infrastructure assets are stored, equipment is transferred between conveyances and/or modes of transportation, transportation command and control operations are performed, or maintenance operations are performed. The term also includes, but is not limited to, passenger stations and terminals (including any fixed facility at which passengers are picked-up or discharged), vehicle storage buildings or yards, crew management centers, dispatching centers, fueling centers, and telecommunication centers. Transportation security equipment and systems means items, both integrated into a system and standalone, used by owner/operators to enhance capabilities to detect, deter, prevent, or respond to a threat or incident, including, but not limited to, video surveillance, explosives detection, radiological detection, intrusion detection, motion detection, and security screening. Transportation Security Regulations (TSR) means the regulations issued by the Transportation Security Administration, in title 49 of the Code of Federal Regulations, chapter XII, which includes parts 1500 through 1699. Transportation Security-Sensitive Material (TSSM) means hazardous materials identified in 49 CFR 172.800(b). TSA means the Transportation Security Administration. United States, in a geographical sense, means the States of the United States, the District of Columbia, and territories and possessions of the United States, including the territorial sea and the overlying airspace. Vulnerability assessment includes any review, audit, or other examination of the security of a transportation system, infrastructure asset, or a transportationrelated automated system or network to determine its vulnerability to unlawful interference, whether during the conception, planning, design, construction, operation, or decommissioning phase. A vulnerability assessment includes the methodology for the assessment, the results of the assessment, and any proposed, recommended, or directed actions or countermeasures to address security concerns. E:\FR\FM\16DEP3.SGM 16DEP3 91384 Federal Register / Vol. 81, No. 242 / Friday, December 16, 2016 / Proposed Rules PART 1503—INVESTIGATIVE AND ENFORCEMENT PROCEDURES 3. The authority citation for part 1503 continues to read as follows: ■ Authority: 6 U.S.C. 1142; 18 U.S.C. 6002; 28 U.S.C. 2461 (note); 49 U.S.C. 114, 20109, 31105, 40113–40114, 40119, 44901–44907, 46101–46107, 46109–46110, 46301, 46305, 46311, 46313–46314. Subpart B—Scope of Investigative and Enforcement Procedures 4. In § 1503.101 revise paragraphs (b)(1) and (b)(2), and add paragraph (b)(3) to read as follows: ■ § 1503.101 TSA requirements. * * * * * (b) * * * (1) Those provisions of title 49 U.S.C. administered by the Administrator; (2) 46 U.S.C. chapter 701; and (3) Those provisions of title 6 U.S.C. administered by the Administrator. SUBCHAPTER B—SECURITY RULES FOR ALL MODES OF TRANSPORTATION PART 1520—PROTECTION OF SENSITIVE SECURITY INFORMATION 5. The authority citation for part 1520 continues to read as follows: ■ Authority: 46 U.S.C. 70102–70106, 70117; 49 U.S.C. 114, 40113, 44901–44907, 44913– 44914, 44916–44918, 44935–44936, 44942, 46105. § 1520.3 [Amended] 6. In § 1520.3 remove the definitions for ‘‘DHS, ‘‘DOT’’, ‘‘Rail facility’’, ‘‘Rail hazardous materials receiver’’, ‘‘Rail hazardous materials shipper, ‘‘Rail transit facility’’, ‘‘Rail transit system or Rail Fixed Guideway System’’, ‘‘Railroad’’, ‘‘Record’’, and ‘‘Vulnerability assessment’’. ■ 7. In § 1520.5 revise paragraphs (b)(1), (b)(6)(i), (b)(8) introductory text, (b)(10), (b)(12) introductory text, and (b)(15) to read as follows: ■ § 1520.5 Sensitive security information. mstockstill on DSK3G9T082PROD with PROPOSALS3 * * * * * (b) * * * (1) Security programs, security plans, and contingency plans. Any security program, security plan, or security contingency plan issued, established, required, received, or approved by DHS or DOT, including any comments, instructions, or implementing guidance, including— (i) Any aircraft operator, airport operator, fixed base operator, or air cargo security program, or security contingency plan under this chapter; (ii) Any vessel, maritime facility, or port area security plan required or directed under Federal law; VerDate Sep<11>2014 20:02 Dec 15, 2016 Jkt 241001 (iii) Any national or area security plan prepared under 46 U.S.C. 70103; (iv) Any security incident response plan established under 46 U.S.C. 70104, and (v) Any security program or plan required under subchapter D of this title. * * * * * (6) * * * (i) Details of any aviation, maritime, or surface transportation inspection, or any investigation or an alleged violation of aviation, maritime, or surface transportation security requirements of Federal law, that could reveal a security vulnerability, including the identity of the Federal special agent or other Federal employee who conducted the inspection or investigation, and including any recommendations concerning the inspection or investigation. * * * * * (8) Security measures. Specific details of aviation, maritime, or surface transportation security measures, both operational and technical, whether applied directly by the Federal government or another person, including the following: * * * * * (10) Security training materials. Records created or obtained for the purpose of training persons employed by, contracted with, or acting for the Federal government or another person to carry out aviation, maritime, or surface transportation security measures required or recommended by DHS or DOT. * * * * * (12) Critical transportation infrastructure asset information. Any list identifying systems or assets, whether physical or virtual, so vital to the aviation, maritime, or surface transportation that the incapacity or destruction of such assets would have a debilitating impact on transportation security, if the list is— * * * * * (15) Research and development. Information obtained or developed in the conduct of research related to aviation, maritime, or surface transportation, where such research is approved, accepted, funded, recommended, or directed by DHS or DOT, including research results. * * * * * ■ 8. In § 1520.7 revise paragraph (n) to read as follows: requirements of subchapter D of this chapter. ■ 9. Revise the heading for subchapter D to read as follows: § 1520.7 In addition to the definitions in §§ 1500.3, 1500.5, and 1503.202 of subchapter A, the following terms are used in this subchapter: Covered persons. * * * * * (n) Each owner/operator of maritime or surface transportation subject to the PO 00000 Frm 00050 Fmt 4701 Sfmt 4702 SUBCHAPTER D—MARITIME AND SURFACE TRANSPORTATION SECURITY 10. Revise part 1570 to read as follows: ■ PART 1570—GENERAL RULES Subpart A—General Sec. 1570.1 Scope. 1570.3 Terms used in this subchapter. 1570.5 Fraud and intentional falsification of records. 1570.7 Security responsibilities of employees and other persons. 1570.9 Compliance, inspection, and enforcement. Subpart B—Security Programs Sec. 1570.101 Scope. 1570.103 Content. 1570.105 Responsibility for Determinations. 1570.107 Recognition of prior or established security measures or programs. 1570.109 Submission and approval. 1570.111 Implementation schedules. 1570.113 Amendments requested by owner/ operator. 1570.115 Amendments required by TSA. 1570.117 Alternative measures. 1572.119 Petitions for reconsideration. 1570.121 Recordkeeping and availability. Subpart C—Operations Sec. 1570.201 Security Coordinator. 1570.203 Reporting significant security concerns. Subpart D—Security Threat Assessments Sec. 1570.301 Fraudulent use or manufacture; responsibilities of persons. 1570.303 Inspection of credential. 1570.305 False statements regarding security background checks by public transportation agency or railroad carrier. Appendix A to Part 1570—Reporting Of Significant Security Concerns Authority: 6 U.S.C. 469, 1134, 1137, 1143, 1151, 1162, 1167, 1170, 1181 and 1184; 18 U.S.C. 842, 845; 46 U.S.C. 70105; 49 U.S.C. 114, 5103a, 40113, and 46105. Subpart A—General § 1570.1 Scope. This part applies to any person involved in maritime or surface transportation as specified in this subchapter. § 1570.3 E:\FR\FM\16DEP3.SGM Terms used in this subchapter. 16DEP3 mstockstill on DSK3G9T082PROD with PROPOSALS3 Federal Register / Vol. 81, No. 242 / Friday, December 16, 2016 / Proposed Rules Adjudicate means to make an administrative determination of whether an applicant meets the standards in this subchapter, based on the merits of the issues raised. Alien means any person not a citizen or national of the United States. Alien registration number means the number issued by the U.S. Department of Homeland Security (DHS) to an individual when he or she becomes a lawful permanent resident of the United States or attains other lawful, noncitizen status. Applicant means a person who has applied for one of the security threat assessments identified in this subchapter. Commercial driver’s license (CDL) is used as defined in 49 CFR 383.5. Contractor means a person or organization that provides a service for an owner/operator regulated under this subchapter consistent with a specific understanding or arrangement. The understanding can be a written contract or an informal arrangement that reflects an ongoing relationship between the parties. Convicted means any plea of guilty or nolo contendere, or any finding of guilt, except when the finding of guilt is subsequently overturned on appeal, pardoned, or expunged. For purposes of this subchapter, a conviction is expunged when the conviction is removed from the individual’s criminal history record and there are no legal disabilities or restrictions associated with the expunged conviction, other than the fact that the conviction may be used for sentencing purposes for subsequent convictions. In addition, where an individual is allowed to withdraw an original plea of guilty or nolo contendere and enter a plea of not guilty and the case is subsequently dismissed, the individual is no longer considered to have a conviction for purposes of this subchapter. Determination of No Security Threat means an administrative determination by TSA that an individual does not pose a security threat warranting denial of an HME or a TWIC. Employee means an individual who is engaged or compensated by an owner/ operator regulated under this subchapter, or by a contractor to an owner/operator regulated under this subchapter. The term includes direct employees, contractor employees, authorized representatives, immediate supervisors, and individuals who are self-employed. Federal Maritime Security Coordinator (FMSC) has the same meaning as defined in 46 U.S.C. 70103(a)(2)(G); is the Captain of the Port VerDate Sep<11>2014 20:02 Dec 15, 2016 Jkt 241001 (COTP) exercising authority for the COTP zones described in 33 CFR part 3, and is the Port Facility Security Officer as described in the International Ship and Port Facility Security (ISPS) Code, part A. Final Determination of Threat Assessment means a final administrative determination by TSA, including the resolution of related appeals, that an individual poses a security threat warranting denial of an HME or a TWIC. Hazardous materials endorsement (HME) means the authorization for an individual to transport hazardous materials in commerce, an indication of which must be on the individual’s commercial driver’s license, as provided in the Federal Motor Carrier Safety Administration (FMCSA) regulations in 49 CFR part 383. Immediate supervisor means a manager, supervisor, or agent of the owner/operator to the extent the individual (a) performs the work of a security-sensitive employee or (b) supervises and otherwise directs the performance of a security-sensitive employee. Imprisoned or imprisonment means confined to a prison, jail, or institution for the criminally insane, on a full-time basis, pursuant to a sentence imposed as the result of a criminal conviction or finding of not guilty by reason of insanity. Time spent confined or restricted to a half-way house, treatment facility, or similar institution, pursuant to a sentence imposed as the result of a criminal conviction or finding of not guilty by reason of insanity, does not constitute imprisonment for purposes of this rule. Incarceration means confined or otherwise restricted to a jail-type institution, half-way house, treatment facility, or another institution on a full or part-time basis, pursuant to a sentence imposed as the result of a criminal conviction or finding of not guilty by reason of insanity. Initial Determination of Threat Assessment means an initial administrative determination by TSA that an applicant poses a security threat warranting denial of an HME or a TWIC. Initial Determination of Threat Assessment and Immediate Revocation means an initial administrative determination that an individual poses a security threat that warrants immediate revocation of an HME or invalidation of a TWIC. In the case of an HME, the State must immediately revoke the HME if TSA issues an Initial Determination of Threat Assessment and Immediate Revocation. In the case of a TWIC, TSA invalidates the TWIC PO 00000 Frm 00051 Fmt 4701 Sfmt 4702 91385 when TSA issues an Initial Determination of Threat Assessment and Immediate Revocation. Invalidate means the action TSA takes to make a credential inoperative when it is reported as lost, stolen, damaged, no longer needed, or when TSA determines an applicant does not meet the security threat assessment standards of 49 CFR part 1572. Lawful permanent resident means an alien lawfully admitted for permanent residence, as defined in 8 U.S.C. 1101(a)(20). Maritime facility has the same meaning as ‘‘facility’’ together with ‘‘OCS facility’’ (Outer Continental Shelf facility), as defined in 33 CFR 101.105. Mental health facility means a mental institution, mental hospital, sanitarium, psychiatric facility, and any other facility that provides diagnoses by licensed professionals of mental retardation or mental illness, including a psychiatric ward in a general hospital. National of the United States means a citizen of the United States, or a person who, though not a citizen, owes permanent allegiance to the United States, as defined in 8 U.S.C. 1101(a)(22), and includes American Samoa and Swains Island. Revocation means the termination, deactivation, rescission, invalidation, cancellation, or withdrawal of the privileges and duties conferred by an HME or TWIC, when TSA determines an applicant does not meet the security threat assessment standards of 49 CFR part 1572. Secure area means the area on board a vessel or at a facility or outer continental shelf facility, over which the owner/operator has implemented security measures for access control, as defined by a Coast Guard approved security plan. It does not include passenger access areas or public access areas, as those terms are defined in 33 CFR 104.106 and 105.106 respectively. Vessels operating under the waivers provided for at 46 U.S.C. 8103(b)(3)(A) or (B) have no secure areas. Facilities subject to 33 CFR chapter I, subchapter H, part 105 may, with approval of the Coast Guard, designate only those portions of their facility that are directly connected to maritime transportation or are at risk of being involved in a transportation security incident as their secure areas. Security threat means an individual whom TSA determines or suspects of posing a threat to national security; to transportation security; or of terrorism. Security-sensitive employee, for purposes of this part, means ‘‘security sensitive employee’’ as defined in §§ 1580.3, 1582.3, or 1584.3 of this title. E:\FR\FM\16DEP3.SGM 16DEP3 91386 Federal Register / Vol. 81, No. 242 / Friday, December 16, 2016 / Proposed Rules Security-sensitive job function, for purposes of this part, means a job function identified in Appendix B to part 1580, Appendix B to part 1582, and Appendix B to part 1584 of this title. Transportation Worker Identification Credential (TWIC) means a Federal biometric credential, issued to an individual, when TSA determines that the individual does not pose a security threat. Withdrawal of Initial Determination of Threat Assessment is the document that TSA issues after issuing an Initial Determination of Security Threat, when TSA determines that an individual does not pose a security threat that warrants denial of an HME or TWIC. § 1570.5 Fraud and intentional falsification of records. No person may make, cause to be made, attempt, or cause to attempt any of the following: (a) Any fraudulent or intentionally false statement in any record or report that is kept, made, or used to show compliance with the subchapter, or exercise any privileges under this subchapter. (b) Any reproduction or alteration, for fraudulent purpose, of any record, report, security program, access medium, or identification medium issued under this subchapter or pursuant to standards in this subchapter. mstockstill on DSK3G9T082PROD with PROPOSALS3 § 1570.7 Security responsibilities of employees and other persons. (a) No person may— (1) Tamper or interfere with, compromise, modify, attempt to circumvent, or cause another person to tamper or interfere with, compromise, modify, or attempt to circumvent any security measure implemented under this subchapter. (2) Enter, or be present within, a secured or restricted area without complying with the security measures applied as required under this subchapter to control access to, or presence or movement in, such areas. (3) Use, allow to be used, or cause to be used, any approved access medium or identification medium that authorizes the access, presence, or movement of persons or vehicles in secured or restricted areas in any other manner than that for which it was issued by the appropriate authority to meet the requirements of this subchapter. (b) The provisions of paragraph (a) of this section do not apply to conducting inspections or tests to determine compliance with this subchapter authorized by— (1) TSA and DHS officials working with TSA; or VerDate Sep<11>2014 20:02 Dec 15, 2016 Jkt 241001 (2) The owner/operator when acting in accordance with the procedures described in a security plan and/or program approved by TSA. § 1570.9 Compliance, inspection, and enforcement. (a) Each person subject to any of the requirements of this subchapter, must allow TSA and other authorized DHS officials, at any time and in a reasonable manner, without advance notice, to enter, assess, inspect, and test property, facilities, equipment, and operations; and to view, inspect, and copy records, as necessary to carry out TSA’s securityrelated statutory or regulatory authorities, including its authority to— (1) Assess threats to transportation. (2) Enforce security-related laws, regulations, directives, and requirements. (3) Inspect, maintain, and test the security of facilities, equipment, and systems. (4) Ensure the adequacy of security measures for the transportation of passengers and cargo. (5) Oversee the implementation, and ensure the adequacy, of security measures for the owner/operator’s conveyances and vehicles, at transportation facilities and infrastructure and other assets related to transportation. (6) Review security plans and/or programs. (7) Determine compliance with any requirements in this chapter. (8) Carry out such other duties, and exercise such other powers, relating to transportation security, as the Administrator for TSA considers appropriate, to the extent authorized by law. (b) At the request of TSA, each owner/ operator subject to the requirements of this subchapter must provide evidence of compliance with this chapter, including copies of records. (c) TSA and other authorized DHS officials, may enter, without advance notice, and be present within any area or within any vehicle or conveyance, terminal, or other facility covered by this chapter without access media or identification media issued or approved by an owner/operator covered by this chapter in order to inspect or test compliance, or perform other such duties as TSA may direct. (d) TSA inspectors and other authorized DHS officials working with TSA will, on request, present their credentials for examination, but the credentials may not be photocopied or otherwise reproduced. PO 00000 Frm 00052 Fmt 4701 Sfmt 4702 Subpart B—Security Programs § 1570.101 Scope. The requirements of this subpart address general security program requirements applicable to each owner/ operator required to have a security program under subpart B to 49 CFR parts 1580, 1582, and 1584. § 1570.103 Content. (a) Security program. Except as otherwise approved by TSA, each owner/operator required to have a security program must address each of the security program requirements identified in subpart B to 49 CFR parts 1580, 1582, and 1584. (b) Use of appendices. The owner/ operator may comply with the requirements referenced in paragraph (a) of this section by including in its security program, as an appendix, any document that contains the information required by the applicable subpart B, including procedures, protocols or memorandums of understanding related to external agency response to security incidents or events. The appendix must be referenced in the corresponding section(s) of the security program. § 1570.105 Responsibility for Determinations. (a) Higher-risk operations. While TSA has determined the criteria for applicability of the requirements in subpart B to 49 CFR parts 1580, 1582, and 1584 based on risk-assessments for freight railroad, public transportation system, passenger railroad, or over-theroad (OTRB) owner/operators are required to determine if the applicability requirements apply to them using the criteria identified in 49 CFR 1580.101, 1582.101, and 1584.101. Owner/operators are required to notify TSA of applicability within 30 days of [Insert effective date of final rule in the Federal Register]. (b) New or modified operations. If an owner/operator commences new operations or modifies existing operations after [Insert date of publication of final rule in the Federal Register], that person is responsible for determining whether the new or modified operations would meet the applicability determinations in subpart B to 49 CFR parts 1580, 1582, or 1584 and must notify TSA no later than 90 calendar days before commencing operations or implementing modifications. § 1570.107 Recognition of prior or established security measures or programs. Previously provided security training may be credited towards satisfying the E:\FR\FM\16DEP3.SGM 16DEP3 Federal Register / Vol. 81, No. 242 / Friday, December 16, 2016 / Proposed Rules requirements of this subchapter provided the owner/operator— (a) Obtains a complete record of such training and validates the training meets requirements of §§ 1580.115, 1582.115, or 1584.115 of this subchapter as it relates to the function of the individual security-sensitive employee and the training was provided within the schedule required for recurrent training. (b) Retains a record of such training in compliance with the requirements of § 1570.121 of this part. mstockstill on DSK3G9T082PROD with PROPOSALS3 § 1570.109 Submission and approval. (a) Submission of security program. Each owner/operator required under parts 1580, 1582, or 1584 of this subchapter to adopt and carry out a security program must submit it to TSA for approval in a form and manner prescribed by TSA. (b) Security training deadlines. Except as otherwise directed by TSA, each owner/operator required under subpart B to parts 1580, 1582, or 1584 of this subchapter to develop a security training program must— (1) Submit its program to TSA for approval no later than 90 calendar days after [insert effective date of final rule in the Federal Register]. (2) If commencing or modifying operations so as to be subject to the requirements of subpart B to 49 CFR parts 1580, 1582, or 1584 after [Insert effective date of final rule in the Federal Register], submit a training program to TSA no later than 90 calendar days before commencing new or modified operations. (c) TSA approval. (1) No later than 60 calendar days after receiving the proposed security program required by subpart B to 49 CFR parts 1580, 1582, and 1584, TSA will either approve the program or provide the owner/operator with written notice to modify the program to comply with the applicable requirements of this subchapter. TSA will notify the owner/operator if it needs an extension of time to approve the program or provide the owner/ operator with written notice to modify the program to comply with the applicable requirements of this subchapter. (2) Notice to modify. If TSA provides the owner/operator with written notice to modify the security program to comply with the applicable requirements of this subchapter, the owner/operator must provide a modified security program to TSA for approval within the timeframe specified by TSA. (3) TSA may request additional information, and the owner/operator must provide the information within the VerDate Sep<11>2014 20:02 Dec 15, 2016 Jkt 241001 time period TSA prescribes. The 60-day period for TSA approval or modification will begin when the owner/operator provides the additional information. (g) Petition for reconsideration. Within 30 days of receiving the notice to modify, the owner/operator may file a petition for reconsideration under § 1570.119 of this part. § 1570.111 Implementation schedules. (a) Initial security training. (1) Once TSA approves an owner/operator’s security training program, the owner/ operator must provide initial security training to a security-sensitive employee— (2) No later than one year after the date of approval if the employee is employed to perform a securitysensitive function on the date TSA approves the program. (3) No later than 60 calendar days after the employee first performs a security-sensitive job function if performance of a security-sensitive job function is initiated after TSA approves the program. (4) No later than the 60th calendar day of employment performing a security-sensitive function, aggregated over a consecutive 12-month period, if the security-sensitive job function is performed intermittently. (b) Recurrent security training. Each owner/operator must provide annual recurrent security training to each employee performing a securitysensitive job function not later than the anniversary calendar month of the employee’s initial security training. If the owner/operator provides the recurrent security training in the month of, the month before, or the month after it is due, the employee is considered to have taken the training in the month it is due. Recurrent training must use the most recent iteration of any training materials submitted to, and approved by, TSA. (c) Extensions of time. TSA may grant an extension of time for implementing a security program identified in subpart B to parts 1580, 1582, and 1584 of this subchapter upon a showing of good cause. The owner/operator must request the extension of time in writing and TSA must receive the request within a reasonable time before the due date to be extended; an owner/operator may request an extension after the expiration of a due date by sending a written request describing why the failure to meet the due date was excusable. TSA will respond to the request in writing. PO 00000 Frm 00053 Fmt 4701 Sfmt 4702 91387 § 1570.113 Amendments requested by owner/operator. (a) Requirement to request amendment. Each owner/operator required under parts 1580, 1582, or 1584 of this subchapter to adopt and carry out a security program must submit a request to amend its security program if, after approval, changes expected to have a duration of 60 calendar days or more have occurred to the— (1) Ownership or control of the operations; and/or (2) Measures, training, or staffing described in the security program. (b) Schedule for requesting amendment. The owner/operator must file the request for an amendment with TSA no later than 45 calendar days before the proposed amendment takes effect, unless TSA allows a shorter time period. (c) TSA approval. (1) Within 30 calendar days after receiving a proposed amendment, TSA will, in writing, either approve or deny the request to amend. TSA will notify the owner/operator if it needs an extension of time to consider the proposed amendment. (2) TSA may approve an amendment to a security program if TSA determines that it is in the interest of the public and transportation security and the proposed amendment provides the level of security required under this subchapter. TSA may request additional information from the owner/operator before rendering a decision. (d) No later than 30 calendar days after receiving a denial, the owner/ operator may file a petition for reconsideration under § 1570.119 of this part. § 1570.115 Amendments required by TSA. (a) Notification of requirement to amend. TSA may require amendments to a security program in the interest of the public and transportation security, including any new information about emerging threats, or methods for addressing emerging threats, as follows: (1) TSA will notify the owner/ operator of the proposed amendment, fixing a period of not less than 30 calendar days within which the owner/ operator may submit written information, views, and arguments on the amendment. (2) After TSA considers all relevant material received, TSA will notify the owner/operator of any amendment adopted or rescind the notice. (b) Effective date of amendment. If TSA adopts the amendment, it becomes effective not less than 30 calendar days after the owner/operator receives the notice of amendment, unless the owner/ E:\FR\FM\16DEP3.SGM 16DEP3 91388 Federal Register / Vol. 81, No. 242 / Friday, December 16, 2016 / Proposed Rules operator disagrees with the proposed amendment and files a petition for reconsideration under § 1570.119 of this part no later than 15 calendar days before the effective date of the amendment. A timely petition for reconsideration stays the effective date of the amendment. (c) Emergency amendments. If TSA determines that there is an emergency requiring immediate action in the interest of the public or transportation security, TSA may issue an amendment, without the prior notice and comment procedures in paragraph (a) of this section, effective without stay on the date the covered owner/operator receives notice of it. In such a case, TSA will incorporate in the notice a brief statement of the reasons and findings for the amendment to be adopted. The owner/operator may file a petition for reconsideration under § 1570.119 of this part; however, this does not stay the effective date of the emergency amendment. mstockstill on DSK3G9T082PROD with PROPOSALS3 § 1570.117 Alternative measures. (a) If in TSA’s judgment, the overall security of transportation provided by an owner/operator subject to the requirements of 49 CFR parts 1580, 1582, or 1584 are not diminished, TSA may approve alternative measures. (b) Each owner/operator requesting alternative measures must file the request for approval in a form and manner prescribed by TSA. The filing of such a request does not affect the owner/operator’s responsibility for compliance while the request is being considered. (c) TSA may request additional information, and the owner/operator must provide the information within the time period TSA prescribes. Within 30 calendar days after receiving a request for alternative measures and all requested information, TSA will, in writing, either approve or deny the request. (d) If TSA finds that the use of the alternative measures is in the interest of the public and transportation security, it may grant the request subject to any conditions TSA deems necessary. In considering the request for alternative measures, TSA will review all relevant factors including— (1) The risks associated with the type of operation, for example, whether the owner/operator transports hazardous materials or passengers within a high threat urban area, whether the owner/ operator transports passengers and the volume of passengers transported, or whether the owner/operator hosts a passenger operation. (2) Any relevant threat information. VerDate Sep<11>2014 20:02 Dec 15, 2016 Jkt 241001 (3) Other circumstances concerning potential risk to the public and transportation security. (e) No later than 30 calendar days after receiving a denial, the owner/ operator may petition for reconsideration under § 1570.119 of this part. § 1570.119 Petitions for reconsideration. (1) If an owner/operator seeks to petition for reconsideration of a determination, required modification, denial of a request for amendment by the owner/operator, denial to rescind a TSA-required amendment, or denial of an alternative measure, the owner/ operator must submit a written petition for reconsideration that includes a statement and any supporting documentation explaining why the owner/operator believes TSA’s decision is incorrect. (2) Upon review of the petition for reconsideration, the Administrator or designee will dispose of the petition by affirming, modifying, or rescinding its previous decision. This is considered a final agency action. § 1570.121 Recordkeeping and availability. (a) Retention. Each owner/operator required to have a security program under subpart B to parts 1580, 1582, and 1584 of this subchapter must— (1) Retain security training records for each individual trained for no less than five years from the date of training that, at a minimum— (i) Includes employee’s full name, job title or function, date of hire, and date of initial and recurrent security training; and (ii) Identifies the date, course name, course length, and list of topics addressed for the security training most recently provided in each of the areas required under §§ 1580.115, 1582.115, and 1584.115 of this subchapter. (2) Retain records of initial and recurrent security training for no less than five years from the date of training. (3) Provide records to current and former employees upon request and at no charge as necessary to provide proof of training. (b) Electronic records. Each owner/ operator required to retain records under this section may keep them in electronic form. An owner/operator may maintain and transfer records through electronic transmission, storage, and retrieval provided that the electronic system provides for the maintenance of records as originally submitted without corruption, loss of data, or tampering. (c) Protection of SSI. Each owner/ operator must restrict the distribution, disclosure, and availability of security PO 00000 Frm 00054 Fmt 4701 Sfmt 4702 sensitive information, as identified in part 1520 of this chapter, to persons with a need to know. The owner/ operator must refer requests for such information by other persons to TSA. (d) Availability. Each owner/operator must make the records available to TSA upon request for inspection and copying. Subpart C—Operations § 1570.201 Security Coordinator. (a) Except as provided in paragraph (b) of this section, each owner/operator identified in §§ 1580.1, 1582.1, and 1584.101 of this subchapter must designate and use a primary and at least one alternate Security Coordinator. (b) An owner/operator described in § 1580.101(a)(5) or § 1582.101(a)(4) of this subchapter must designate and use a primary and at least one alternate Security Coordinator, only if notified by TSA in writing that a threat exists concerning that type of operation. (c) The Security Coordinator and alternate(s) must be appointed at the corporate level. (d) Each owner/operator required to have a Security Coordinator must provide in writing to TSA the names, U.S. citizenship status, titles, phone number(s), and email address(es) of the Security Coordinator and alternate Security Coordinator(s) within 7 calendar days of the effective date of this rule, commencement of operations, or change in any of the information required by this section. (e) Each owner/operator required to have a Security Coordinator must ensure that at least one Security Coordinator— (1) Serves as the primary contact for intelligence information and securityrelated activities and communications with TSA. Any individual designated as a Security Coordinator may perform other duties in addition to those described in this section. (2) Is accessible to TSA on a 24-hours a day, 7 days a week basis. (3) Coordinates security practices and procedures internally and with appropriate law enforcement and emergency response agencies. § 1570.203 concerns. Reporting significant security (a) Each owner/operator identified in §§ 1580.1, 1582.1, and 1584.101 of this subchapter must report, within 24 hours of initial discovery, any potential threats and significant security concerns involving transportation-related operations in the United States or transportation to, from, or within the United States as soon as possible by the methods prescribed by TSA. E:\FR\FM\16DEP3.SGM 16DEP3 Federal Register / Vol. 81, No. 242 / Friday, December 16, 2016 / Proposed Rules (b) Potential threats or significant security concerns encompass incidents, suspicious activities, and threat information including, but not limited to, the categories of reportable events listed in Appendix A to this part. (c) Information reported must include the following, as available and applicable: (1) The name of the reporting individual and contact information, including a telephone number or email address. (2) The affected freight or passenger train, transit vehicle, motor vehicle, station, terminal, rail hazardous materials facility, or other facility or infrastructure, including identifying information and current location. (3) Scheduled origination and termination locations for the affected freight or passenger train, transit vehicle, or motor vehicle—including departure and destination city and route. (4) Description of the threat, incident, or activity, including who has been notified and what action has been taken. (5) The names, other available biographical data, and/or descriptions (including vehicle or license plate information) of individuals or motor vehicles known or suspected to be involved in the threat, incident, or activity. (6) The source of any threat information. Subpart D—Security Threat Assessments § 1570.301 Fraudulent use or manufacture; responsibilities of persons. (a) No person may use or attempt to use a credential, security threat assessment, access control medium, or identification medium issued or conducted under this subchapter that was issued or conducted for another person. (b) No person may make, produce, use or attempt to use a false or fraudulently created access control medium, identification medium or security threat assessment issued or conducted under this subchapter. (c) No person may tamper or interfere with, compromise, modify, attempt to circumvent, or circumvent TWIC access control procedures. (d) No person may cause or attempt to cause another person to violate paragraphs (a)–(c) of this section. § 1570.303 Inspection of credential. (a) Each person who has been issued or possesses a TWIC must present the TWIC for inspection upon a request from TSA, the Coast Guard, or other authorized DHS representative; an authorized representative of the National Transportation Safety Board; or a Federal, State, or local law enforcement officer. (b) Each person who has been issued or who possesses a TWIC must allow his or her TWIC to be read by a reader and must submit his or her reference biometric, such as a fingerprint, and any other required information, such as a PIN, to the reader, upon a request from TSA, the Coast Guard, other authorized DHS representative; or a Federal, State, or local law enforcement officer. § 1570.305 False statements regarding security background checks by public transportation agency or railroad carrier. (a) Scope. This section implements sections 1414(e) (6 U.S.C. 1143) and 1522(e) (6 U.S.C. 1170) of the ‘‘Implementing Recommendations of the 9/11 Commission Act of 2007,’’ Public Law 110–53 (121 Stat. 266, Aug. 3, 2007). (b) Definitions. In addition to the terms in §§ 1500.3, 1500.5, and 1503.202 of subchapter A and § 1570.3 of subchapter D of this chapter, the following terms apply to this part: Covered individual means an employee of a public transportation agency or a contractor or subcontractor of a public transportation agency or an 91389 employee of a railroad carrier or a contractor or subcontractor of a railroad carrier. Security background check means reviewing the following for the purpose of identifying individuals who may pose a threat to transportation security, national security, or of terrorism: (1) Relevant criminal history databases. (2) In the case of an alien (as defined in sec. 101 of the Immigration and Nationality Act (8 U.S.C. 1101(a)(3)), the relevant databases to determine the status of the alien under the immigration laws of the United States. (3) Other relevant information or databases, as determined by the Secretary of Homeland Security. (c) Prohibitions. (1) A public transportation agency or a contractor or subcontractor of a public transportation agency may not knowingly misrepresent to an employee or other relevant person, including an arbiter involved in a labor arbitration, the scope, application, or meaning of any rules, regulations, directives, or guidance issued by the Secretary of Homeland Security related to security background check requirements for covered individuals when conducting a security background check. (2) A railroad carrier or a contractor or subcontractor of a railroad carrier may not knowingly misrepresent to an employee or other relevant person, including an arbiter involved in a labor arbitration, the scope, application, or meaning of any rules, regulations, directives, or guidance issued by the Secretary of Homeland Security related to security background check requirements for covered individuals when conducting a security background check. Appendix A to Part 1570—Reporting of Significant Security Concerns Description Breach, Attempted Intrusion, and/or Interference mstockstill on DSK3G9T082PROD with PROPOSALS3 Category Unauthorized personnel attempting to or actually entering a restricted area or secure site relating to a transportation facility or conveyance owned, operated, or used by an owner/operator subject to this part. This includes individuals entering or attempting to enter by impersonation of authorized personnel (for example, police/security, janitor, vehicle owner/operator). Activity that could interfere with the ability of employees to perform duties to the extent that security is threatened. Presenting false, or misusing, insignia, documents, and/or identification, to misrepresent one’s affiliation with an owner/operator subject to this part to cover possible illicit activity that may pose a risk to transportation security. Stealing or diverting identification media or badges, uniforms, vehicles, keys, tools capable of compromising track integrity, portable derails, technology, or classified or sensitive security information documents which are proprietary to the facility or conveyance owned, operated, or used by an owner/operator subject to this part. Misrepresentation ............................................... Theft, Loss, and/or Diversion ............................. VerDate Sep<11>2014 20:02 Dec 15, 2016 Jkt 241001 PO 00000 Frm 00055 Fmt 4701 Sfmt 4702 E:\FR\FM\16DEP3.SGM 16DEP3 91390 Federal Register / Vol. 81, No. 242 / Friday, December 16, 2016 / Proposed Rules Category Description Sabotage, Tampering, and/or Vandalism ........... Damaging, manipulating, or defeating safety and security appliances in connection with a facility, infrastructure, conveyance, or routing mechanism, resulting in the compromised use or the temporary or permanent loss of use of the facility, infrastructure, conveyance or routing mechanism. Placing or attaching a foreign object to a rail car(s). Compromising, or attempting to compromise or disrupt the information/technology infrastructure of an owner/operator subject to this part. Communicating a spoken or written threat to damage or compromise a facility/infrastructure/ conveyance owned, operated, or used by an owner/operator subject to this part (for example, a bomb threat or active shooter). Questioning that may pose a risk to transportation or national security, such as asking one or more employees of an owner/operator subject to this part about particular facets of a facility’s conveyance’s purpose, operations, or security procedures. Deliberate interactions with employees of an owner/operator subject to this part or challenges to facilities or systems owned, operated, or used by an owner/operator subject to this part that reveal physical, personnel, or cyber security capabilities. Taking photographs or video of facilities, conveyances, or infrastructure owned, operated, or used by an owner/operator subject to this part in a manner that may pose a risk to transportation or national security. Examples include taking photographs or video of infrequently used access points, personnel performing security functions (for example, patrols, badge/vehicle checking), or security-related equipment (for example, perimeter fencing, security cameras). Demonstrating unusual interest in facilities or loitering near conveyances, railcar routing appliances or any potentially critical infrastructure owned or operated by an owner/operator subject to this part in a manner that may pose a risk to transportation or national security. Examples include observation through binoculars, taking notes, or attempting to measure distances. Acquisition and/or storage by an employee of an owner/operator subject to this part of materials such as cell phones, pagers, fuel, chemicals, toxic materials, and/or timers that may pose a risk to transportation or national security (for example, storage of chemicals not needed by an employee for the performance of his or her job duties). Weapons or explosives in or around a facility, conveyance, or infrastructure of an owner/operator subject to this part that may present a risk to transportation or national security (for example, discovery of weapons inconsistent with the type or quantity traditionally used by company security personnel). Discovery or observation of suspicious items, activity or behavior in or around a facility, conveyance, or infrastructure of an owner/operator subject to this part that results in the disruption or termination of operations (for example, halting the operation of a conveyance while law enforcement personnel investigate a suspicious bag, briefcase, or package). Cyber Attack ....................................................... Expressed or Implied Threat .............................. Eliciting Information ............................................ Testing or Probing of Security ............................ Photography ........................................................ Observation or Surveillance ............................... Materials Acquisition and/or Storage .................. Weapons Discovery, Discharge, or Seizure ....... Suspicious Items or Activity ................................ 1580.205 Chain of custody and control requirements. 1580.207 Harmonization of federal regulation of nuclear facilities. 11. Revise part 1580 to read as follows: ■ PART 1580—FREIGHT RAIL TRANSPORTATION SECURITY Subpart D [Reserved] Appendix A to Part 1580—High Threat Urban Areas (HTUAs) Subpart A—General Sec. 1580.1 1580.3 1580.5 Appendix B to Part 1580—Security-Sensitive Job Functions For Freight Rail Scope. Terms used in this part. Preemptive effect. Authority: 6 U.S.C. 1162 and 1167; 49 U.S.C. 114. mstockstill on DSK3G9T082PROD with PROPOSALS3 Subpart B—Security Programs Sec. 1580.101 Applicability. 1580.103 [Reserved] 1580.105 [Reserved] 1580.107 [Reserved] 1580.109 [Reserved] 1580.111 [Reserved] 1580.113 Security training program general requirements. 1580.115 Security training and knowledge for security-sensitive employees. Subpart C—Operations Sec. 1580.201 Applicability. 1580.203 Location and shipping information. VerDate Sep<11>2014 20:02 Dec 15, 2016 Jkt 241001 Subpart A—General § 1580.1 Scope. (a) Except as provided in paragraph (b) of this section, this part includes requirements for the following persons. Specific sections in this part provide detailed requirements. (1) Each freight railroad carrier that operates rolling equipment on track that is part of the general railroad system of transportation. (2) Each rail hazardous materials shipper. (3) Each rail hazardous materials receiver located within an HTUA. PO 00000 Frm 00056 Fmt 4701 Sfmt 4702 (4) Each freight railroad carrier serving as a host railroad to a freight railroad operation described in paragraph (a)(1) of this section or a passenger operation described in § 1582.1 of this subchapter. (5) Each owner/operator of private rail cars, including business/office cars and circus trains, on or connected to the general railroad system of transportation. (b) This part does not apply to a freight railroad carrier that operates rolling equipment only on track inside an installation that is not part of the general railroad system of transportation. § 1580.3 Terms used in this part. In addition to the terms in §§ 1500.3, 1500.5, and 1503.202 of subchapter A and § 1570.3 of subchapter D of this chapter, the following terms apply to this part: Class I means Class I as assigned by regulations of the Surface Transportation Board (STB) (49 CFR part 1201; General Instructions 1–1). E:\FR\FM\16DEP3.SGM 16DEP3 mstockstill on DSK3G9T082PROD with PROPOSALS3 Federal Register / Vol. 81, No. 242 / Friday, December 16, 2016 / Proposed Rules A rail car is attended if an employee— (1) Is physically located on-site in reasonable proximity to the rail car; (2) Is capable of promptly responding to unauthorized access or activity at or near the rail car, including immediately contacting law enforcement or other authorities; and (3) Immediately responds to any unauthorized access or activity at or near the rail car either personally or by contacting law enforcement or other authorities. Document the transfer means documentation uniquely identifying that the rail car was attended during the transfer of custody, including: (1) Car initial and number. (2) Identification of individuals who attended the transfer (names or uniquely identifying employee number). (3) Location of transfer. (4) Date and time the transfer was completed. High threat urban area (HTUA) means, for purposes of this part, an area comprising one or more cities and surrounding areas including a 10-mile buffer zone, as listed in Appendix A to this part 1580. Maintains positive control means that the rail hazardous materials receiver and the railroad carrier communicate and cooperate with each other to provide for the security of the rail car during the physical transfer of custody. Attending the rail car is a component of maintaining positive control. Rail security-sensitive materials (RSSM) means— (1) A rail car containing more than 2,268 kg (5,000 lbs.) of a Division 1.1, 1.2, or 1.3 (explosive) material, as defined in 49 CFR 173.50; (2) A tank car containing a material poisonous by inhalation as defined in 49 CFR 171.8, including anhydrous ammonia, Division 2.3 gases poisonous by inhalation as set forth in 49 CFR 173.115(c), and Division 6.1 liquids meeting the defining criteria in 49 CFR 173.132(a)(1)(iii) and assigned to hazard zone A or hazard zone B in accordance with 49 CFR 173.133(a), excluding residue quantities of these materials; and (3) A rail car containing a highway route-controlled quantity of a Class 7 (radioactive) material, as defined in 49 CFR 173.403. Residue means the hazardous material remaining in a packaging, including a tank car, after its contents have been unloaded to the maximum extent practicable and before the packaging is either refilled or cleaned of hazardous material and purged to remove any hazardous vapors. VerDate Sep<11>2014 20:02 Dec 15, 2016 Jkt 241001 Security-sensitive employee means an employee who performs— (1) Service subject to the Federal hours of service laws (49 U.S.C. chapter 211), regardless of whether the employee actually performs such service during a particular duty tour; or (2) One or more of the securitysensitive job functions identified in Appendix B to this part where the security-sensitive function is performed in the United States or in direct support of the common carriage of persons or property between a place in the United States and any place outside of the United States. § 1580.5 Preemptive effect. Under 49 U.S.C. 20106, issuance of the regulations in this subchapter preempts any State law, regulation, or order covering the same subject matter, except an additional or more stringent law, regulation, or order that is necessary to eliminate or reduce an essentially local security hazard; that is not incompatible with a law, regulation, or order of the U.S. Government; and that does not unreasonably burden interstate commerce. For example, under 49 U.S.C. 20106, issuance of 49 CFR 1580.205 preempts any State or tribal law, rule, regulation, order or common law requirement covering the same subject matter. Subpart B—Security Programs § 1580.101 Applicability. This subpart applies to each of the following owner/operators: (a) Described in § 1580.1(a)(1) of this part that is a Class I freight railroad. (b) Described in § 1580.1(a)(1) of this part that transports one or more of the categories and quantities of RSSM in an HTUA. (c) Described in § 1580.1(a)(4) of this part that serves as a host railroad to a freight railroad described in paragraph (a) of (b) of this section or a passenger operation described in § 1582.101 of this subchapter. § 1580.103 [Reserved] § 1580.105 [Reserved] § 1580.107 [Reserved] § 1580.109 [Reserved] § 1580.111 [Reserved] § 1580.113 Security training program general requirements. (a) Security training program required. Each owner/operator identified in § 1580.101 of this part is required to adopt and carry out a security training program under this subpart. PO 00000 Frm 00057 Fmt 4701 Sfmt 4702 91391 (b) General requirements. The security training program must include the following information: (1) Name of owner/operator. (2) Name, title, telephone number, and email address of the primary individual to be contacted with regard to review of the security training program. (3) Number, by specific job function category identified in Appendix B to this part, of security-sensitive employees trained or to be trained. (4) Implementation schedule that identifies a specific date by which initial and recurrent security training required by § 1570.111 of this part will be completed. (5) Location where training program records will be maintained. (6) Curriculum or lesson plan, learning objectives, and method of delivery (such as instructor-led or computer-based training) for each course used to meet the requirements of § 1580.115 of this part. TSA may request additional information regarding the curriculum during the review and approval process. (7) Plan for ensuring supervision of untrained security-sensitive employees performing functions identified in Appendix B to this part. (8) Plan for notifying employees of changes to security measures that could change information provided in previously provided training. (9) Method(s) for evaluating the effectiveness of the security training program in each area required by § 1580.115 of this part. (c) Relation to other training. (1) Training conducted by owner/operators to comply other requirements or standards, such as emergency preparedness training required by the Department of Transportation (DOT) (49 CFR part 239) or other training for communicating with emergency responders to arrange the evacuation of passengers, may be combined with and used to satisfy elements of the training requirements in this subpart. (2) If the owner/operator submits a security training program that relies on pre-existing or previous training materials to meet the requirements of subpart B, the program submitted for approval must include an index, organized in the same sequence as the requirements in this subpart. (d) Submission and Implementation. The owner/operator must submit and implement the security training program in accordance with the schedules identified in §§ 1570.109 and 1570.111 of this subchapter. E:\FR\FM\16DEP3.SGM 16DEP3 91392 Federal Register / Vol. 81, No. 242 / Friday, December 16, 2016 / Proposed Rules mstockstill on DSK3G9T082PROD with PROPOSALS3 § 1580.115 Security training and knowledge for security-sensitive employees. (a) Training required for securitysensitive employees. No owner/operator required to have a security training program under § 1580.101 of this part may use a security-sensitive employee to perform a function identified in Appendix B to this part, unless that individual has received training as part of a security training program approved by TSA under 49 CFR part 1570, subpart B, or is under the direct supervision of a security-sensitive employee who has received the training required by this section. (b) Limits on use of untrained employees. Notwithstanding paragraph (a) of this section, a security-sensitive employee may not perform a securitysensitive function for more than sixty (60) calendar days without receiving security training. (c) Prepare. (1) Each owner/operator must ensure that each of its securitysensitive employees with position- or function-specific responsibilities under the owner/operator’s security program has knowledge of how to fulfill those responsibilities in the event of a security threat, breach, or incident to ensure— (i) Employees with responsibility for transportation security equipment and systems are aware of their responsibilities and can verify the equipment and systems are operating and properly maintained; and (ii) Employees with other duties and responsibilities under the company’s security plans and/or programs, including those required by Federal law, know their assignments and the steps or resources needed to fulfill them. (2) Each employee who performs any security-related functions under § 1580.205 of this subpart must be provided training specifically applicable to the functions the employee performs. As applicable, this training must address— (i) Inspecting rail cars for signs of tampering or compromise, IEDs, suspicious items, and items that do not belong; (ii) Identification of rail cars that contain rail security-sensitive materials, including the owner/operator’s procedures for identifying rail securitysensitive material cars on train documents, shipping papers, and in computer train/car management systems; and (iii) Procedures for completing transfer of custody documentation. (d) Observe. Each owner/operator must ensure that each of its securitysensitive employees has knowledge of VerDate Sep<11>2014 20:02 Dec 15, 2016 Jkt 241001 the observational skills necessary to recognize— (1) Suspicious and/or dangerous items (such as substances, packages, or conditions (for example, characteristics of an IED and signs of equipment tampering or sabotage); (2) Combinations of actions and individual behaviors that appear suspicious and/or dangerous, inappropriate, inconsistent, or out of the ordinary for the employee’s work environment which could indicate a threat to transportation security; and (3) How a terrorist or someone with malicious intent may attempt to gain sensitive information or take advantage of vulnerabilities. (e) Assess. Each owner/operator must ensure that each of its security-sensitive employees has knowledge necessary to— (1) Determine whether the item, individual, behavior, or situation requires a response as a potential terrorist threat based on the respective transportation environment; and (2) Identify appropriate responses based on observations and context. (f) Respond. Each owner/operator must ensure that each of its securitysensitive employees has knowledge of how to— (1) Appropriately report a security threat, including knowing how and when to report internally to other employees, supervisors, or management, and externally to local, state, or federal agencies according to the owner/ operator’s security procedures or other relevant plans; (2) Interact with the public and first responders at the scene of the threat or incident, including communication with passengers on evacuation and any specific procedures for individuals with disabilities and the elderly; and (3) Use any applicable self-defense devices or other protective equipment provided to employees by the owner/ operator. Subpart C—Operations § 1580.201 Applicability. This subpart applies to the following: (1) Each owner/operator described in paragraph (a)(1) of § 1580.1 of this part that transports one or more of the categories and quantities of rail securitysensitive materials. (2) Each owner/operator described in paragraphs (a)(2) and (3) of § 1580.1 of this part. § 1580.203 Location and shipping information. (a) General Requirement. Each owner/ operator described in § 1580.201 of this PO 00000 Frm 00058 Fmt 4701 Sfmt 4702 part must have procedures in place to determine the location and shipping information for each rail car under its physical custody and control that contains one or more of the categories and quantities of rail security-sensitive materials. (b) Required Information. The location and shipping information must include the following: (1) The rail car’s current location by city, county, and state, including, for freight railroad carriers, the railroad milepost, track designation, and the time that the rail car’s location was determined. (2) The rail car’s routing, if a freight railroad carrier. (3) A list of the total number of rail cars containing rail security-sensitive materials, broken down by— (i) The shipping name prescribed for the material in column 2 of the table in 49 CFR 172.101; (ii) The hazard class or division number prescribed for the material in column 3 of the table in 49 CFR 172.101; and (iii) The identification number prescribed for the material in column 4 of the table in 49 CFR 172.101. (4) Each rail car’s initial and number. (5) Whether the rail car is in a train, rail yard, siding, rail spur, or rail hazardous materials shipper or receiver facility, including the name of the rail yard or siding designation. (c) Timing-Class I Freight Railroad Carriers. Upon request by TSA, each Class I freight railroad carrier described in paragraph (a) of this section must provide the location and shipping information to TSA no later than— (1) Five minutes if the request applies to a single (one) rail car; and (2) Thirty minutes if the request concerns multiple rail cars or a geographic region. (d) Timing-Other than Class I Freight Railroad Carriers. Upon request by TSA, all owner/operators described in paragraph (a) of this section, other than Class I freight railroad carriers, must provide the location and shipping information to TSA no later than 30 minutes, regardless of the number of cars covered by the request. (e) Method. All owner/operators described in paragraph (a) of this section must provide the requested location and shipping information to TSA by one of the following methods: (1) Electronic data transmission in spreadsheet format. (2) Electronic data transmission in Hyper Text Markup Language (HTML) format. (3) Electronic data transmission in Extensible Markup Language (XML). E:\FR\FM\16DEP3.SGM 16DEP3 Federal Register / Vol. 81, No. 242 / Friday, December 16, 2016 / Proposed Rules (4) Facsimile transmission of a hard copy spreadsheet in tabular format. (5) Posting the information to a secure Web site address approved by TSA. (6) Another format approved by TSA. (f) Telephone Number. Each owner/ operator described in § 1580.201 of this part must provide a telephone number for use by TSA to request the information required in paragraph (b) of this section. (1) The telephone number must be monitored at all times. (2) A telephone number that requires a call back (such as an answering service, answering machine, or beeper device) does not meet the requirements of this paragraph. mstockstill on DSK3G9T082PROD with PROPOSALS3 § 1580.205 Chain of custody and control requirements. (a) Within or outside of an HTUA, rail hazardous materials shipper transferring to carrier. Except as provided in paragraph (g) of this section, at each location within or outside of an HTUA, a rail hazardous materials shipper transferring custody of a rail car containing one or more of the categories and quantities of rail securitysensitive materials to a freight railroad carrier must do the following: (1) Physically inspect the rail car before loading for signs of tampering, including closures and seals; other signs that the security of the car may have been compromised; and suspicious items or items that do not belong, including the presence of an improvised explosive device. (2) Keep the rail car in a rail secure area from the time the security inspection required by paragraph (a)(1) of this section or by 49 CFR 173.31(d), whichever occurs first, until the freight railroad carrier takes physical custody of the rail car. (3) Document the transfer of custody to the railroad carrier in hard copy or electronically. (b) Within or outside of an HTUA, carrier receiving from a rail hazardous materials shipper. At each location within or outside of an HTUA where a freight railroad carrier receives from a rail hazardous materials shipper custody of a rail car containing one or more of the categories and quantities of rail security-sensitive materials, the freight railroad carrier must document the transfer in hard copy or electronically and perform the required security inspection in accordance with 49 CFR 174.9. (c) Within an HTUA, carrier transferring to carrier. Within an HTUA, whenever a freight railroad carrier transfers a rail car containing one or more of the categories and quantities of rail security-sensitive materials to VerDate Sep<11>2014 20:02 Dec 15, 2016 Jkt 241001 another freight railroad carrier, each freight railroad carrier must adopt and carry out procedures to ensure that the rail car is not left unattended at any time during the physical transfer of custody. These procedures must include the receiving freight railroad carrier performing the required security inspection in accordance with 49 CFR 174.9. Both the transferring and the receiving railroad carrier must document the transfer of custody in hard copy or electronically. (d) Outside of an HTUA, carrier transferring to carrier. Outside an HTUA, whenever a freight railroad carrier transfers a rail car containing one or more of the categories and quantities of rail security-sensitive materials to another freight railroad carrier, and the rail car containing this hazardous material may subsequently enter an HTUA, each freight railroad carrier must adopt and carry out procedures to ensure that the rail car is not left unattended at any time during the physical transfer of custody. These procedures must include the receiving railroad carrier performing the required security inspection in accordance with 49 CFR 174.9. Both the transferring and the receiving railroad carrier must document the transfer of custody in hard copy or electronically. (e) Within an HTUA, carrier transferring to rail hazardous materials receiver. A freight railroad carrier delivering a rail car containing one or more of the categories and quantities of rail security-sensitive materials to a rail hazardous materials receiver located within an HTUA must not leave the rail car unattended in a non-secure area until the rail hazardous materials receiver accepts custody of the rail car. Both the railroad carrier and the rail hazardous materials receiver must document the transfer of custody in hard copy or electronically. (f) Within an HTUA, rail hazardous materials receiver receiving from carrier. Except as provided in paragraph (j) of this section, a rail hazardous materials receiver located within an HTUA that receives a rail car containing one or more of the categories and quantities of rail security-sensitive materials from a freight railroad carrier must— (1) Ensure that the rail hazardous materials receiver or railroad carrier maintains positive control of the rail car during the physical transfer of custody of the rail car; (2) Keep the rail car in a rail secure area until the car is unloaded; and (3) Document the transfer of custody from the railroad carrier in hard copy or electronically. (g) Within or outside of an HTUA, rail hazardous materials receiver rejecting PO 00000 Frm 00059 Fmt 4701 Sfmt 4702 91393 car. This section does not apply to a rail hazardous materials receiver that does not routinely offer, prepare, or load for transportation by rail one or more of the categories and quantities of rail securitysensitive materials. If such a receiver rejects and returns a rail car containing one or more of the categories and quantities of rail security-sensitive materials to the originating offeror or shipper, the requirements of this section do not apply to the receiver. The requirements of this section do apply to any railroad carrier to which the receiver transfers custody of the rail car. (h) Document retention. Covered entities must maintain the documents required under this section for at least 60 calendar days and make them available to TSA upon request. (i) Rail secure area. The rail hazardous materials shipper and the rail hazardous materials receiver must use physical security measures to ensure that no unauthorized individual gains access to the rail secure area. (j) Exemption for rail hazardous materials receivers. A rail hazardous materials receiver located within an HTUA may request from TSA an exemption from some or all of the requirements of this section if the receiver demonstrates that the potential risk from its activities is insufficient to warrant compliance with this section. TSA will consider all relevant circumstances, including the following: (1) The amounts and types of all hazardous materials received. (2) The geography of the area surrounding the receiver’s facility. (3) Proximity to entities that may be attractive targets, including other businesses, housing, schools, and hospitals. (4) Any information regarding threats to the facility. (5) Other circumstances that indicate the potential risk of the receiver’s facility does not warrant compliance with this section. § 1580.207 Harmonization of federal regulation of nuclear facilities. TSA will coordinate activities under this subpart with the Nuclear Regulatory Commission (NRC) and the Department of Energy (DOE) with respect to regulation of rail hazardous materials shippers and receivers that are also licensed or regulated by the NRC or DOE under the Atomic Energy Act of 1954, as amended, to maintain consistency with the requirements imposed by the NRC and DOE. Appendix A to Part 1580—High Threat Urban Areas (HTUAs) E:\FR\FM\16DEP3.SGM 16DEP3 91394 Federal Register / Vol. 81, No. 242 / Friday, December 16, 2016 / Proposed Rules State Urban area Geographic areas AZ ....................... Phoenix Area ................ CA ...................... Anaheim/Santa Ana Area. Bay Area ....................... Chandler, Gilbert, Glendale, Mesa, Peoria, Phoenix, Scottsdale, Tempe, and a 10-mile buffer extending from the border of the combined area. Anaheim, Costa Mesa, Garden Grove, Fullerton, Huntington Beach, Irvine, Orange, Santa Ana, and a 10-mile buffer extending from the border of the combined area. Berkeley, Daly City, Fremont, Hayward, Oakland, Palo Alto, Richmond, San Francisco, San Jose, Santa Clara, Sunnyvale, Vallejo, and a 10-mile buffer extending from the border of the combined area. Burbank, Glendale, Inglewood, Long Beach, Los Angeles, Pasadena, Santa Monica, Santa Clarita, Torrance, Simi Valley, Thousand Oaks, and a 10-mile buffer extending from the border of the combined area. Elk Grove, Sacramento, and a 10-mile buffer extending from the border of the combined area. Chula Vista, Escondido, and San Diego, and a 10-mile buffer extending from the border of the combined area. Arvada, Aurora, Denver, Lakewood, Westminster, Thornton, and a 10-mile buffer extending from the border of the combined area. National Capital Region and a 10-mile buffer extending from the border of the combined area. Fort Lauderdale, Hollywood, Miami Gardens, Miramar, Pembroke Pines, and a 10-mile buffer extending from the border of the combined area. Jacksonville and a 10-mile buffer extending from the city border. Hialeah, Miami, and a 10-mile buffer extending from the border of the combined area. Orlando and a 10-mile buffer extending from the city border. Clearwater, St. Petersburg, Tampa, and a 10-mile buffer extending from the border of the combined area. Atlanta and a 10-mile buffer extending from the city border. Honolulu and a 10-mile buffer extending from the city border. Chicago and a 10-mile buffer extending from the city border. Indianapolis and a 10-mile buffer extending from the city border. Louisville and a 10-mile buffer extending from the city border. Baton Rouge and a 10-mile buffer extending from the city border. New Orleans and a 10-mile buffer extending from the city border. Boston, Cambridge, and a 10-mile buffer extending from the border of the combined area. Baltimore and a 10-mile buffer extending from the city border. Detroit, Sterling Heights, Warren, and a 10-mile buffer extending from the border of the combined area. Minneapolis, St. Paul, and a 10-mile buffer extending from the border of the combined entity. Independence, Kansas City (MO), Kansas City (KS), Olathe, Overland Park, and a 10-mile buffer extending from the border of the combined area. St. Louis and a 10-mile buffer extending from the city border. Charlotte and a 10-mile buffer extending from the city border. Los Angeles/Long Beach Area. Sacramento Area .......... San Diego Area ............ CO ...................... Denver Area .................. DC ...................... FL ....................... National Capital Region Fort Lauderdale Area .... Jacksonville Area .......... Miami Area .................... Orlando Area ................ Tampa Area .................. GA ...................... HI ........................ IL ........................ IN ........................ KY ...................... LA ....................... MA ...................... MD ...................... MI ....................... Atlanta Area .................. Honolulu Area ............... Chicago Area ................ Indianapolis Area .......... Louisville Area .............. Baton Rouge Area ........ New Orleans Area ........ Boston Area .................. Baltimore Area .............. Detroit Area ................... MN ...................... MO ..................... Twin Cities Area ............ Kansas City Area .......... NC ...................... NE ...................... NJ ....................... NV ...................... NY ...................... OH ...................... OK ...................... OR ...................... PA ...................... TN ...................... TX ....................... mstockstill on DSK3G9T082PROD with PROPOSALS3 WA ..................... WI ....................... St. Louis Area ............... Charlotte ....................... Area .............................. Omaha Area ................. Jersey City/Newark Area. Las Vegas Area ............ Buffalo Area .................. New York City Area ...... Cincinnati Area ............. Cleveland Area ............. Columbus Area ............. Toledo Area .................. Oklahoma City Area ...... Portland Area ................ Philadelphia Area .......... Pittsburgh Area ............. Memphis Area ............... Dallas/Fort Worth/Arlington Area. Houston Area ................ San Antonio Area ......... Seattle Area .................. Milwaukee Area ............ Appendix B to Part 1580—SecuritySensitive Functions for Freight Rail This table identifies security-sensitive job functions for owner/operators VerDate Sep<11>2014 20:02 Dec 15, 2016 Jkt 241001 Omaha and a 10-mile buffer extending from the city border. Elizabeth, Jersey City, Newark, and a 10-mile buffer extending from the border of the combined area. Las Vegas, North Las Vegas, and a 10-mile buffer extending from the border of the combined entity. Buffalo and a 10-mile buffer extending from the city border. New York City, Yonkers, and a 10-mile buffer extending from the border of the combined area. Cincinnati and a 10-mile buffer extending from the city border. Cleveland and a 10-mile buffer extending from the city border. Columbus and a 10-mile buffer extending from the city border. Oregon, Toledo, and a 10-mile buffer extending from the border of the combined area. Norman, Oklahoma and a 10-mile buffer extending from the border of the combined area. Portland, Vancouver, and a 10-mile buffer extending from the border of the combined area. Philadelphia and a 10-mile buffer extending from the city border. Pittsburgh and a 10-mile buffer extending from the city border. Memphis and a 10-mile buffer extending from the city border. Arlington, Carrollton, Dallas, Fort Worth, Garland, Grand Prairie, Irving, Mesquite, Plano, and a 10-mile buffer extending from the border of the combined area. Houston, Pasadena, and a 10-mile buffer extending from the border of the combined entity. San Antonio and a 10-mile buffer extending from the city border. Seattle, Bellevue, and a 10-mile buffer extending from the border of the combined area. Milwaukee and a 10-mile buffer extending from the city border. regulated under this part. All employees performing security-sensitive functions are ‘‘security-sensitive employees’’ for PO 00000 Frm 00060 Fmt 4701 Sfmt 4702 purposes of this rule and must be trained. E:\FR\FM\16DEP3.SGM 16DEP3 Federal Register / Vol. 81, No. 242 / Friday, December 16, 2016 / Proposed Rules Examples of job titles applicable to these functions* Categories Security-sensitive job functions for freight rail A. Operating a vehicle .................... 1. Employees who operate or directly control the movements of locomotives or other self-powered rail vehicles. 2. Train conductor, trainman, brakeman, or utility employee or performs acceptance inspections, couples and uncouples rail cars, applies handbrakes, or similar functions. 3. Employees covered under the Federal hours of service laws as ‘‘train employees.’’ See 49 U.S.C. 21101(5) and 21103. Employees who inspect or repair rail cars and locomotives ................. B. Inspecting and maintaining vehicles. C. Inspecting or maintaining building or transportation infrastructure. D. Controlling dispatch or movement of a vehicle. E. Providing security of the owner/ operator’s equipment and property. F. Loading or unloading cargo or baggage. G. Interacting with travelling public (on board a vehicle or within a transportation facility). H. Complying with security programs or measures, including those required by federal law. 91395 1. Employees who— .............................................................................. a. Maintain, install, or inspect communications and signal equipment b. Maintain, install, or inspect track and structures, including, but not limited to, bridges, trestles, and tunnels. 2. Employees covered under the Federal hours of service laws as ‘‘signal employees.’’ See 49 U.S.C. 21101(3) and 21104. 1. Employees who— .............................................................................. a. Dispatch, direct, or control the movement of trains. ......................... b. Operate or supervise the operations of moveable bridges.. c. Supervise the activities of train crews, car movements, and switching operations in a yard or terminal.. 2. Employees covered under the Federal hours of service laws as ‘‘dispatching service employees.’’ See 49 U.S.C. 21101(2) and 21105. Employees who provide for the security of the railroad carrier’s equipment and property, including acting as a railroad police officer (as that term is defined in 49 CFR 207.2).. Includes, but is not limited to, employees that load or unload hazardous materials. Employees of a freight railroad operating in passenger service ........... 1. Employees who serve as security coordinators designated in § 1570.201 of this subchapter, as well as any designated alternates or secondary security coordinators. 2. Employees who— .............................................................................. a. Conduct training and testing of employees when the training or testing is required by TSA’s security regulations.. b. Perform inspections or operations required by § 1580.205 of this subchapter.. c. Manage or direct implementation of security plan requirements. Engineer, conductor. Carman, car repairman, car inspector, engineer, conductor. Signalman, signal maintainer, trackman, gang foreman, bridge and building laborer, roadmaster, bridge, and building inspector/operator. Yardmaster, dispatcher, block operator, bridge operator. Police officer, special agent; patrolman; watchman; guard. Service track employee. Conductor, engineer, agent. Security coordinator, train master, assistant train master, roadmaster, division roadmaster. * These job titles are provided solely as a resource to help understand the functions described; whether an employee must be trained is based upon the function, not the job title. ■ 12. Add part 1582 to read as follows: PART 1582—PUBLIC TRANSPORTATION AND PASSENGER RAILROAD SECURITY Subpart A—General Sec. 1582.1 1582.3 1582.5 Subpart C—[Reserved] Appendix A to Part 1582—Public Transportation Agencies Appendix B to Part 1582—Security-Sensitive Job Functions For Public Transportation and Passenger Railroads Authority: 6 U.S.C. 1134 and 1137; 49 U.S.C. 114. Scope. Terms used in this part. Preemptive effect. Subpart A—General mstockstill on DSK3G9T082PROD with PROPOSALS3 Subpart B—Security Programs § 1582.1 1582.101 Applicability. 1582.103 [Reserved] 1582.105 [Reserved] 1582.107 [Reserved] 1582.109 [Reserved] 1582.111 [Reserved] 1582.113 Security training program general requirements. 1582.115 Security training and knowledge for security-sensitive employees. (a) Except as provided in paragraph (b) of this section, this part includes requirements for the following persons. Specific sections in this part provide detailed requirements. (1) Each passenger railroad carrier. (2) Each public transportation agency. (3) Each operator of a rail transit system that is not operating on track that is part of the general railroad VerDate Sep<11>2014 20:02 Dec 15, 2016 Jkt 241001 PO 00000 Scope. Frm 00061 Fmt 4701 system of transportation, including heavy rail transit, light rail transit, automated guideway, cable car, inclined plane, funicular, and monorail systems. (4) Each tourist, scenic, historic, and excursion rail owner/operator, whether operating on or off the general railroad system of transportation. (b) This part does not apply to a ferry system required to conduct training pursuant to 46 U.S.C. 70103. § 1582.3 Sfmt 4702 Terms used in this part. In addition to the terms in §§ 1500.3, 1500.5, and 1503.202 of subchapter A and § 1570.3 of subchapter D of this chapter, the following term applies to this part. Security-sensitive employee means an employee whose responsibilities for the owner/operator include one or more of the security-sensitive job functions identified in Appendix B to this part if E:\FR\FM\16DEP3.SGM 16DEP3 91396 Federal Register / Vol. 81, No. 242 / Friday, December 16, 2016 / Proposed Rules the security-sensitive function is performed in the United States or in direct support of the common carriage of persons or property between a place in the United States and any place outside of the United States. § 1582.5 Preemptive effect. Under 49 U.S.C. 20106, issuance of the passenger railroad and public transportation regulations in this subchapter preempts any State law, regulation, or order covering the same subject matter, except an additional or more stringent law, regulation, or order that is necessary to eliminate or reduce an essentially local security hazard; that is not incompatible with a law, regulation, or order of the U.S. Government; and that does not unreasonably burden interstate commerce. Subpart B—Security Programs § 1582.101 Applicability. The requirements of this subpart apply to the following: (1) Amtrak (also known as the National Railroad Passenger Corporation). (2) Each owner/operator identified in Appendix A to this part. (3) Each owner/operator described in § 1582.1(a)(1) through (3) of this part that serves as a host railroad to a freight operation described in § 1580.301 of this subchapter or to a passenger train operation described in paragraph (a)(1) or (a)(2) of this section. § 1582.103 [Reserved] § 1582.105 [Reserved] § 1582.107 [Reserved] § 1582.109 [Reserved] § 1582.111 [Reserved] mstockstill on DSK3G9T082PROD with PROPOSALS3 § 1582.113 Security training program general requirements. (a) Security training program required. Each owner/operator identified in § 1582.101 of this part is required to adopt and carry out a security training program under this subpart. (b) General requirements. The security training program must include the following information: (1) Name of owner/operator. (2) Name, title, telephone number, and email address of the primary individual to be contacted with regard to review of the security training program. (3) Number, by specific job function category identified in Appendix B to this part, of security-sensitive employees trained or to be trained. VerDate Sep<11>2014 20:02 Dec 15, 2016 Jkt 241001 (4) Implementation schedule that identifies a specific date by which initial and recurrent security training required by § 1570.111 of this subchapter will be completed. (5) Location where training program records will be maintained. (6) Curriculum or lesson plan, learning objectives, and method of delivery (such as instructor-led or computer-based training) for each course used to meet the requirements of § 1582.115 of this part. TSA may request additional information regarding the curriculum during the review and approval process. (7) Plan for ensuring supervision of untrained security-sensitive employees performing functions identified in Appendix B to this part. (8) Plan for notifying employees of changes to security measures that could change information provided in previously provided training. (9) Method(s) for evaluating the effectiveness of the security training program in each area required by § 1582.115 of this part. (c) Relation to other training. (1) Training conducted by owner/operators to comply other requirements or standards, such as emergency preparedness training required by the Department of Transportation (DOT) (49 CFR part 239) or other training for communicating with emergency responders to arrange the evacuation of passengers, may be combined with and used to satisfy elements of the training requirements in this subpart. (2) If the owner/operator submits a security training program that relies on pre-existing or previous training materials to meet the requirements of subpart B, the program submitted for approval must include an index, organized in the same sequence as the requirements in this subpart. (d) Submission and Implementation. The owner/operator must submit and implement the security training program in accordance with the schedules identified in §§ 1570.109 and 1570.111 of this subchapter. § 1582.115 Security training and knowledge for security-sensitive employees. (a) Training required for securitysensitive employees. No owner/operator required to have a security training program under § 1582.101 of this part may use a security-sensitive employee to perform a function identified in Appendix B to this part unless that individual has received training as part of a security training program approved by TSA under 49 CFR part 1570, subpart B, or is under the direct supervision of PO 00000 Frm 00062 Fmt 4701 Sfmt 4702 a security-sensitive employee who has received the training required by this section. (b) Limits on use of untrained employees. Notwithstanding paragraph (a) of this section, a security-sensitive employee may not perform a securitysensitive function for more than sixty (60) calendar days without receiving security training. (c) Prepare. Each owner/operator must ensure that each of its securitysensitive employees with position- or function-specific responsibilities under the owner/operator’s security program have knowledge of how to fulfill those responsibilities in the event of a security threat, breach, or incident to ensure— (1) Employees with responsibility for transportation security equipment and systems are aware of their responsibilities and can verify the equipment and systems are operating and properly maintained; and (2) Employees with other duties and responsibilities under the company’s security plans and/or programs, including those required by Federal law, know their assignments and the steps or resources needed to fulfill them. (d) Observe. Each owner/operator must ensure that each of its securitysensitive employees has knowledge of the observational skills necessary to recognize— (1) Suspicious and/or dangerous items (such as substances, packages, or conditions (for example, characteristics of an IED and signs of equipment tampering or sabotage); (2) Combinations of actions and individual behaviors that appear suspicious and/or dangerous, inappropriate, inconsistent, or out of the ordinary for the employee’s work environment which could indicate a threat to transportation security; and (3) How a terrorist or someone with malicious intent may attempt to gain sensitive information or take advantage of vulnerabilities. (e) Assess. Each owner/operator must ensure that each of its security-sensitive employees has knowledge necessary to— (1) Determine whether the item, individual, behavior, or situation requires a response as a potential terrorist threat based on the respective transportation environment; and (2) Identify appropriate responses based on observations and context. (f) Respond. Each owner/operator must ensure that each of its securitysensitive employees has knowledge of how to— (1) Appropriately report a security threat, including knowing how and when to report internally to other E:\FR\FM\16DEP3.SGM 16DEP3 Federal Register / Vol. 81, No. 242 / Friday, December 16, 2016 / Proposed Rules employees, supervisors, or management, and externally to local, state, or federal agencies according to the owner/ operator’s security procedures or other relevant plans; (2) Interact with the public and first responders at the scene of the threat or incident, including communication with passengers on evacuation and any specific procedures for individuals with disabilities and the elderly; and (3) Use any applicable self-defense devices or other protective equipment provided to employees by the owner/ operator. 91397 Subpart C [Reserved] Appendix A to Part 1582— Determinations for Public Transportation and Passenger Railroads State Urban area Systems CA ..................................... Bay Area ............................................. Alameda-Contra Costa Transit District (AC Transit). Altamont Commuter Express (ACE). San Francisco Bay Area Rapid Transit District (BART). Central Contra Costa Transit Authority. Golden Gate Bridge, Highway and Transportation District (GGBHTD). Peninsula Corridor Joint Powers Board (PCJPB) (Caltrain). San Francisco Municipal Railway (MUNI) (San Francisco Municipal Transportation Agency). San Mateo County Transit Authority (SamTrans). Santa Clara Valley Transportation Authority (VTA). Transbay Joint Powers Authority. City of Los Angeles Department of Transportation (LADOT). Foothill Transit. Long Beach Transit (LBT). Los Angeles County Metropolitan Transportation Authority (LACMTA). Montebello Bus Lines (MBL). Omnitrans (OMNI). Orange County Transportation Authority (OCTA). Santa Monica’s Big Blue Bus (Big Blue Bus). Southern California Regional Rail Authority (Metrolink). Arlington Rapid Transit. City of Alexandria (Alexandria Transit Company) (Dash). ........................................................ ........................................................ ........................................................ ........................................................ ........................................................ DC/MD/VA ........................ ........................................................ ........................................................ ........................................................ Greater Los Angeles Area (Los Angeles/Long Beach and Anaheim/ Santa Ana UASI Areas). ........................................................ ........................................................ ........................................................ ........................................................ ........................................................ ........................................................ Greater National Capital Region (National Capital Region and Baltimore UASI Areas). ........................................................ ........................................................ ........................................................ ........................................................ ........................................................ GA .................................... IL/IN .................................. MA .................................... NY/NJ/CT ......................... ........................................................ ........................................................ Atlanta Area ........................................ Chicago Area ...................................... ........................................................ ........................................................ ........................................................ Boston Area ........................................ New York City/Northern New Jersey Area (New York City and Jersey City/Newark UASI Areas). ........................................................ ........................................................ ........................................................ ........................................................ ........................................................ ........................................................ mstockstill on DSK3G9T082PROD with PROPOSALS3 PA/NJ ............................... Philadelphia Area ............................... ........................................................ ........................................................ ........................................................ ........................................................ VerDate Sep<11>2014 20:02 Dec 15, 2016 Jkt 241001 PO 00000 Frm 00063 Fairfax County Department of Transportation—Fairfax Connector Bus System. Maryland Transit Administration (MTA). Montgomery County Department of Transportation (Ride-On Montgomery County Transit). Potomac and Rappahannock Transportation Commission. Prince George’s County Department of Public Works and Transportation (The Bus). Virginia Railway Express (VRE). Washington Metropolitan Area Transit Authority (WMATA). Georgia Regional Transportation Authority (GRTA). Metropolitan Atlanta Rapid Transit Authority (MARTA). Chicago Transit Authority (CTA). Northeast Illinois Commuter Railroad Corporation (Metra/NIRCRC). Northern Indiana Commuter Transportation District (NICTD). PACE Suburban Bus Company. Massachusetts Bay Transportation Authority (MBTA). Connecticut Department of Transportation (CDOT). Connecticut Transit (Hartford Division and New Haven Divisions of CTTransit). Metropolitan Transportation Authority (All Agencies). New Jersey Transit Corp. (NJT). New York City Department of Transportation. Port Authority of New York and New Jersey (PANYNJ) (excluding ferry). Westchester County Department of Transportation Bee-Line System (The Bee-Line System). Delaware River Port Authority (DRPA)—Port Authority Transit Corporation (PATCO). Delaware Transit Corporation (DTC). New Jersey Transit Corp. (NJT) (covered under NY). Pennsylvania Department of Transportation. Southeastern Pennsylvania Transportation Authority (SEPTA). Fmt 4701 Sfmt 4702 E:\FR\FM\16DEP3.SGM 16DEP3 91398 Federal Register / Vol. 81, No. 242 / Friday, December 16, 2016 / Proposed Rules Appendix B to Part 1582—SecuritySensitive Job Functions For Public Transportation and Passenger Railroads This table identifies security-sensitive job functions for owner/operators regulated under this part. All employees performing security-sensitive functions are ‘‘security-sensitive employees’’ for purposes of this rule and must be trained. Categories Security-sensitive job functions for public transportation and passenger railroads (PTPR) A. Operating a vehicle ........................................ 1. Employees who— a. Operate or control the movements of trains, other rail vehicles, or transit buses. b. Act as train conductor, trainman, brakeman, or utility employee or performs acceptance inspections, couples and uncouples rail cars, applies handbrakes, or similar functions. 2. Employees covered under the Federal hours of service laws as ‘‘train employees.’’ See 49 U.S.C. 21101(5) and 21103. Employees who— 1. Perform activities related to the diagnosis, inspection, maintenance, adjustment, repair, or overhaul of electrical or mechanical equipment relating to vehicles, including functions performed by mechanics and automotive technicians. 2. Provide cleaning services to vehicles owned, operated, or controlled by an owner/operator regulated under this subchapter. Employees who— 1. Maintain, install, or inspect communication systems and signal equipment related to the delivery of transportation services. 2. Maintain, install, or inspect track and structures, including, but not limited to, bridges, trestles, and tunnels. 3. Provide cleaning services to stations and terminals owned, operated, or controlled by an owner/operator regulated under this subchapter that are accessible to the general public or passengers. 4. Provide maintenance services to stations, terminals, yards, tunnels, bridges, and operation control centers owned, operated, or controlled by an owner/operator regulated under this subchapter. 5. Employees covered under the Federal hours of service laws as ‘‘signal employees.’’ See 49 U.S.C. 21101(4) and 21104. Employees who— 1. Dispatch, report, transport, receive or deliver orders pertaining to specific vehicles, coordination of transportation schedules, tracking of vehicles and equipment. 2. Manage day-to-day management delivery of transportation services and the prevention of, response to, and redress of service disruptions. 3. Supervise the activities of train crews, car movements, and switching operations in a yard or terminal. 4. Dispatch, direct, or control the movement of trains or buses. 5. Operate or supervise the operations of moveable bridges. 6. Employees covered under the Federal hours of service laws as ‘‘dispatching service employees.’’ See 49 U.S.C. 21101(2) and 21105. Employees who— 1. Provide for the security of PTPR equipment and property, including acting as a police officer. 2. Patrol and inspect property of an owner/operator regulated under this subchapter to protect the property, personnel, passengers and/or cargo. Employees who load, or oversee loading of, property tendered by or on behalf of a passenger on or off of a portion of a train that will be inaccessible to the passenger while the train is in operation. Employees who provide services to passengers on-board a train or bus, including collecting tickets or cash for fares, providing information, and other similar services. Including: 1. On-board food or beverage employees. 2. Functions on behalf of an owner/operator regulated under this subchapter that require regular interaction with travelling public within a transportation facility, such as ticket agents. 1. Employees who serve as security coordinators designated in § 1570.201 of this subchapter, as well as any designated alternates or secondary security coordinators. 2. Employees who— a. Conduct training and testing of employees when the training or testing is required by TSA’s security regulations. b. Manage or direct implementation of security plan requirements. B. Inspecting and maintaining vehicles .............. C. Inspecting or maintaining building or transportation infrastructure. D. Controlling dispatch or movement of a vehicle. E. Providing security of the owner/operator’s equipment and property. F. Loading or unloading cargo or baggage ........ G. Interacting with travelling public (on board a vehicle or within a transportation facility). mstockstill on DSK3G9T082PROD with PROPOSALS3 H. Complying with security programs or measures, including those required by federal law. 13. Add part 1584 to read as follows: PART 1584—HIGHWAY AND MOTOR CARRIERS 1584.3 Subpart A—General ■ 1584.101 1584.103 1584.105 1584.107 Sec. 1584.1 VerDate Sep<11>2014 20:02 Dec 15, 2016 Jkt 241001 PO 00000 Scope. Frm 00064 Fmt 4701 Sfmt 4702 Terms used in this part. Subpart B—Security Programs E:\FR\FM\16DEP3.SGM Applicability. [Reserved] [Reserved] [Reserved] 16DEP3 Federal Register / Vol. 81, No. 242 / Friday, December 16, 2016 / Proposed Rules 1584.109 [Reserved] 1584.111 [Reserved] 1584.113 Security training program general requirements. 1584.115 Security training and knowledge for security-sensitive employees. Subpart C [Reserved] Appendix A to Part 1584—Urban Area Determinations for Over-The-Road Buses Appendix B to Part 1584—Security-Sensitive Job Functions For Over-the-Road Buses Authority: 6 U.S.C. 1181 and 1184; 49 U.S.C. 114. Subpart A—General § 1584.1 Scope. This part includes requirements for persons providing transportation by an over-the-road bus (OTRB). Specific sections in this part provide detailed requirements. § 1584.3 Terms used in this part. In addition to the terms in §§ 1500.3, 1500.5, and 1503.202 of subchapter A and § 1570.3 of subchapter D of this chapter, the following term applies to this part. Security-sensitive employee means an employee whose responsibilities for the owner/operator include one or more of the security-sensitive job functions identified in Appendix B to this part where the security-sensitive function is performed in the United States or in direct support of the common carriage of persons or property between a place in the United States and any place outside of the United States. Subpart B—Security Programs § 1584.101 Applicability. The requirements of this subpart apply to each OTRB owner/operator providing fixed-route service that originates, travels through, or ends in a geographic location identified in Appendix A to this part. § 1584.103 [Reserved] § 1584.105 [Reserved] § 1584.107 [Reserved] § 1584.109 [Reserved] § 1584.111 [Reserved] mstockstill on DSK3G9T082PROD with PROPOSALS3 § 1584.113 Security training program general requirements. (a) Security training program required. Each owner/operator identified in § 1584.101 of this part is required to adopt and carry out a security training program under this subpart. (b) General requirements. The security training program must include the following information: VerDate Sep<11>2014 20:02 Dec 15, 2016 Jkt 241001 (1) Name of owner/operator. (2) Name, title, telephone number, and email address of the primary individual to be contacted with regard to review of the security training program. (3) Number, by specific job function category identified in Appendix B to this part, of security-sensitive employees trained or to be trained. (4) Implementation schedule that identifies a specific date by which initial and recurrent security training required by § 1570.111 of this subchapter will be completed. (5) Location where training program records will be maintained. (6) Curriculum or lesson plan, learning objectives, and method of delivery (such as instructor-led or computer-based training) for each course used to meet the requirements of § 1584.115 of this part. TSA may request additional information regarding the curriculum during the review and approval process. (7) Plan for ensuring supervision of untrained security-sensitive employees performing functions identified in Appendix B to this part. (8) Plan for notifying employees of changes to security measures that could change information provided in previously provided training. (9) Method(s) for evaluating the effectiveness of the security training program in each area required by § 1584.115 of this part. (c) Relation to other training. (1) Training conducted by owner/operators to comply other requirements or standards may be combined with and used to satisfy elements of the training requirements in this subpart. (2) If the owner/operator submits a security training program that relies on pre-existing or previous training materials to meet the requirements of subpart B, the program submitted for approval must include an index, organized in the same sequence as the requirements in this subpart. (d) Submission and Implementation. The owner/operator must submit and implement the security training program in accordance with the schedules identified in §§ 1570.109 and 1570.111 of this subchapter. § 1584.115 Security training and knowledge for security-sensitive employees. (a) Training required for securitysensitive employees. No owner/operator required to have a security training program under § 1584.101 of this part may use a security-sensitive employee to perform a function identified in Appendix B to this part unless that PO 00000 Frm 00065 Fmt 4701 Sfmt 4702 91399 individual has received training as part of a security training program approved by TSA under 49 CFR part 1570, subpart B, or is under the direct supervision of a security-sensitive employee who has received the training required by this section. (b) Limits on use of untrained employees. Notwithstanding paragraph (a) of this section, a security-sensitive employee may not perform a securitysensitive function for more than sixty (60) calendar days without receiving security training. (c) Prepare. Each owner/operator must ensure that each of its securitysensitive employees with position- or function-specific responsibilities under the owner/operator’s security program have knowledge of how to fulfill those responsibilities in the event of a security threat, breach, or incident to ensure— (1) Employees with responsibility for transportation security equipment and systems are aware of their responsibilities and can verify the equipment and systems are operating and properly maintained; and (2) Employees with other duties and responsibilities under the company’s security plans and/or programs, including those required by Federal law, know their assignments and the steps or resources needed to fulfill them. (d) Observe. Each owner/operator must ensure that each of its securitysensitive employees has knowledge of the observational skills necessary to recognize— (1) Suspicious and/or dangerous items (such as substances, packages, or conditions (for example, characteristics of an IED and signs of equipment tampering or sabotage); (2) Combinations of actions and individual behaviors that appear suspicious and/or dangerous, inappropriate, inconsistent, or out of the ordinary for the employee’s work environment which could indicate a threat to transportation security; and (3) How a terrorist or someone with malicious intent may attempt to gain sensitive information or take advantage of vulnerabilities. (e) Assess. Each owner/operator must ensure that each of its security-sensitive employees has knowledge necessary to— (1) Determine whether the item, individual, behavior, or situation requires a response as a potential terrorist threat based on the respective transportation environment; and (2) Identify appropriate responses based on observations and context. (f) Respond. Each owner/operator must ensure that each of its security- E:\FR\FM\16DEP3.SGM 16DEP3 91400 Federal Register / Vol. 81, No. 242 / Friday, December 16, 2016 / Proposed Rules sensitive employees has knowledge of how to— (1) Appropriately report a security threat, including knowing how and when to report internally to other employees, supervisors, or management, and externally to local, state, or federal agencies according to the owner/ operator’s security procedures or other relevant plans; (2) Interact with the public and first responders at the scene of the threat or incident, including communication with passengers on evacuation and any specific procedures for individuals with disabilities and the elderly; and State Urban area CA ............................ Anaheim/Los Angeles/Long Beach/Santa Ana Areas. San Diego Area ..................... San Francisco Bay Area ....... National Capital Region ........ DC (VA, MD, and WV). IL/IN ......................... MA ........................... NY (NJ and PA) ...... PA (DE and NJ) ...... TX ............................ Philadelphia Area/Southern New Jersey. Area ....................................... Dallas Fort Worth/Arlington Area. Houston Area ........................ This table identifies security-sensitive job functions for owner/operators Subpart C [Reserved] Appendix A to Part 1584—Urban Area Determinations for Over-the-Road Buses Geographic areas Chicago ................................. Area ....................................... Boston ................................... Area ....................................... New York City/Jersey City/ Newark Area. Appendix B to Part 1584—SecuritySensitive Job Functions For Over-theRoad Buses (3) Use any applicable self-defense devices or other protective equipment provided to employees by the owner/ operator. Los Angeles and Orange Counties. San Diego County. Alameda, Contra Costa, Marin, San Francisco, and San Mateo Counties. District of Columbia; Counties of Calvert, Charles, Frederick, Montgomery, and Prince George’s, MD; Counties of Arlington, Clarke, Fairfax, Fauquier, Loudoun, Prince William, Spotsylvania, Stafford, and Warren County, VA; Cities of Alexandria, Fairfax, Falls Church, Fredericksburg, Manassas, and Manassas Park City, VA; Jefferson County, WV. Counties of Cook, DeKalb, DuPage, Grundy, Kane, Kendall, Lake, McHenry, and Will, IL; Counties of Jasper, Lake, Newton, and Porter, IN; Kenosha County, WI. Counties of Essex, Norfolk, Plymouth, Suffolk, Middlesex, MA; Counties of Rockingham and Strafford, NH. Counties of Bronx, Kings, Nassau, New York, Putnam, Queens, Richmond, Rockland, Suffolk, and Westchester, NY; Counties of Bergen, Essex, Hudson, Hunterdon, Ocean, Middlesex, Monmouth, Morris, Passaic, Somerset, Sussex, and Union, NJ; Pike County, PA. Counties of Burlington, Camden, and Gloucester, NJ; Counties of Bucks, Chester, Delaware, Montgomery, and Philadelphia, PA; New Castle County, DE; Cecil County, MD; Salem County, NJ. Collin, Dallas, Delta, Denton, Ellis, Hunt, Kaufman, Rockwall, Johnson, Parker, Tarrant, and Wise Counties, TX. Austin, Brazoria, Chambers, Fort Bend, Galveston, Harris, Liberty, Montgomery, San Jacinto, and Waller Counties, TX. regulated under this part. All employees performing security-sensitive functions are ‘‘security-sensitive employees’’ for purposes of this rule and must be trained. Categories Security-sensitive job functions for over-the-road buses A. Operating a vehicle ........................................ B. Inspecting and maintaining vehicles .............. Employees who have a commercial driver’s license (CDL) and operate an OTRB. Employees who— 1. Perform activities related to the diagnosis, inspection, maintenance, adjustment, repair, or overhaul of electrical or mechanical equipment relating to vehicles, including functions performed by mechanics and automotive technicians. 2. Does not include cleaning or janitorial activities. Employees who— 1. Provide cleaning services to areas of facilities owned, operated, or controlled by an owner/ operator regulated under this subchapter that are accessible to the general public or passengers. 2. Provide cleaning services to vehicles owned, operated, or controlled by an owner/operator regulated under this part (does not include vehicle maintenance). 3. Provide general building maintenance services to buildings owned, operated, or controlled by an owner/operator regulated under this part. Employees who— 1. Dispatch, report, transport, receive or deliver orders pertaining to specific vehicles, coordination of transportation schedules, tracking of vehicles and equipment. 2. Manage day-to-day delivery of transportation services and the prevention of, response to, and redress of disruptions to those services. 3. Perform tasks requiring access to or knowledge of specific route information. Employees who patrol and inspect property of an owner/operator regulated under this part to protect the property, personnel, passengers and/or cargo. Employees who load, or oversee loading of, property tendered by or on behalf of a passenger on or off of a portion of a bus that will be inaccessible to the passenger while the vehicle is in operation. mstockstill on DSK3G9T082PROD with PROPOSALS3 C. Inspecting or maintaining building or transportation infrastructure. D. Controlling dispatch or movement of a vehicle. E. Providing security of the owner/operator’s equipment and property. F. Loading or unloading cargo or baggage ........ VerDate Sep<11>2014 20:02 Dec 15, 2016 Jkt 241001 PO 00000 Frm 00066 Fmt 4701 Sfmt 4702 E:\FR\FM\16DEP3.SGM 16DEP3 Federal Register / Vol. 81, No. 242 / Friday, December 16, 2016 / Proposed Rules 91401 Categories Security-sensitive job functions for over-the-road buses G. Interacting with travelling public (on board a vehicle or within a transportation facility). Employees who— 1. Provide services to passengers on-board a bus, including collecting tickets or cash for fares, providing information, and other similar services. 2. Includes food or beverage employees, tour guides, and functions on behalf of an owner/operator regulated under this part that require regular interaction with travelling public within a transportation facility, such as ticket agents. 1. Employees who serve as security coordinators designated in § 1570.201 of this subchapter, as well as any designated alternates or secondary security coordinators. 2. Employees who— a. Conduct training and testing of employees when the training or testing is required by TSA’s security regulations. b. Manage or direct implementation of security plan requirements. H. Complying with security programs or measures, including those required by federal law. Dated: November 18, 2016. Huban A. Gowadia, Deputy Administrator. [FR Doc. 2016–28298 Filed 12–15–16; 8:45 am] BILLING CODE 9110–05–P DEPARTMENT OF HOMELAND SECURITY Transportation Security Administration 49 CFR Chapter XII [Docket No. TSA–2016–0002] RIN 1652–AA56 Surface Transportation Vulnerability Assessments and Security Plans (VASP) Transportation Security Administration, DHS. ACTION: Advance notice of proposed rulemaking (ANPRM). The Transportation Security Administration (TSA) is issuing this ANPRM to request public comments on several topics relevant to the development of surface transportation vulnerability assessment and security plan regulations mandated by the Implementing Recommendations of the 9/11 Commission Act of 2007 (9/11 Act). Based on its regular interaction with stakeholders, TSA assumes many higher-risk railroads (freight and passenger), public transportation agencies, and over-the-road buses (OTRBs) have implemented security programs with security measures similar to those identified by the 9/11 Act’s regulatory requirements. In general, TSA is requesting information on three types of issues. First, existing practices, standards, tools, or other resources used or available for conducting vulnerability assessments and developing security plans. Second, information on existing security measures, including whether implemented voluntarily or in response to other regulatory requirements, and mstockstill on DSK3G9T082PROD with PROPOSALS3 VerDate Sep<11>2014 20:02 Dec 15, 2016 Jkt 241001 Submit comments by February 14, 2017. ADDRESSES: You may submit comments, identified by the TSA docket number to this rulemaking, to the Federal Docket Management System (FDMS), a government-wide, electronic docket management system, using any one of the following methods: Electronically: You may submit comments through the Federal eRulemaking portal at https:// www.regulations.gov. Follow the online instructions for submitting comments. Mail, In Person, or Fax: Address, hand-deliver, or fax your written comments to the Docket Management Facility, U.S. Department of Transportation, 1200 New Jersey Avenue SE., West Building Ground Floor, Room W12–140, Washington, DC 20590–0001; fax (202) 493–2251. The Department of Transportation (DOT), which maintains and processes TSA’s official regulatory dockets, will scan the submission and post it to FDMS. See SUPPLEMENTARY INFORMATION for format and other information about comment submissions. FOR FURTHER INFORMATION CONTACT: Harry Schultz (TSA Office of Security Policy and Industry Engagement) or Traci Klemm (TSA Office of the Chief DATES: AGENCY: SUMMARY: the potential impact of additional requirements on operations. Third, information on the scope/cost of current security systems and other measures used to provide security and mitigate vulnerabilities. This information is necessary for TSA to establish the current baseline, estimate cost of implementing the statutory mandate, and develop appropriate performance standards. While TSA will review and consider all comments submitted, TSA invites responses to a number of specific questions posed in the ANPRM. See the Comments Invited section under SUPPLEMENTARY INFORMATION that follows. PO 00000 Frm 00067 Fmt 4701 Sfmt 4702 Counsel) at telephone (571) 227–3531 or email to VASPPOLICY@tsa.dhs.gov. SUPPLEMENTARY INFORMATION: Comments Invited TSA invites interested persons to participate in this rulemaking by submitting written comments, data, or views. We also invite comments relating to the economic, environmental, energy, or federalism impacts that might result from this rulemaking action. See ADDRESSES above for information on where to submit comments. With each comment, please identify the docket number at the beginning of your comments. You may submit comments and material electronically, in person, by mail, or fax as provided under ADDRESSES, but please submit your comments and material by only one means. If you submit comments by mail or delivery, submit them in an unbound format, no larger than 8.5 by 11 inches, suitable for copying and electronic filing. If you would like TSA to acknowledge receipt of comments submitted by mail, include with your comments a selfaddressed, stamped postcard on which the docket number appears. TSA will stamp the date on the postcard and mail it to you. TSA will file all comments to our docket address, as well as items sent to the address or email under FOR FURTHER INFORMATION CONTACT, in the public docket, except for comments containing confidential information and sensitive security information (SSI).1 Should you wish your personally identifiable information redacted prior to filing in the docket, please so state. TSA will consider all comments that are in the docket on or before the closing date for 1 ‘‘Sensitive Security Information’’ or ‘‘SSI’’ is information obtained or developed in the conduct of security activities, the disclosure of which would constitute an unwarranted invasion of privacy, reveal trade secrets or privileged or confidential information, or be detrimental to the security of transportation. The protection of SSI is governed by 49 CFR part 1520. E:\FR\FM\16DEP3.SGM 16DEP3

Agencies

[Federal Register Volume 81, Number 242 (Friday, December 16, 2016)]
[Proposed Rules]
[Pages 91336-91401]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2016-28298]



[[Page 91335]]

Vol. 81

Friday,

No. 242

December 16, 2016

Part III

Book 2 of 2 Books

Pages 91335-91642





 Department of Homeland Security





-----------------------------------------------------------------------



Transportation Security Administration



-----------------------------------------------------------------------



49 CFR Ch. XII and Parts 1500, 1520, et al.



Security Training for Surface Transportation Employees and Surface 
Transportation Vulnerability Assessments and Security Plans (VASP); 
Proposed Rules

Federal Register / Vol. 81 , No. 242 / Friday, December 16, 2016 / 
Proposed Rules

[[Page 91336]]


-----------------------------------------------------------------------

DEPARTMENT OF HOMELAND SECURITY

Transportation Security Administration

49 CFR Parts 1500, 1520, 1570, 1580, 1582, and 1584

[Docket No. TSA-2015-0001]
RIN 1652-AA55


Security Training for Surface Transportation Employees

AGENCY: Transportation Security Administration, DHS.

ACTION: Notice of proposed rulemaking (NPRM).

-----------------------------------------------------------------------

SUMMARY: The Transportation Security Administration (TSA) is proposing 
to require security training for employees of higher-risk freight 
railroad carriers, public transportation agencies (including rail mass 
transit and bus systems), passenger railroad carriers, and over-the-
road bus (OTRB) companies. Owner/operators of these higher-risk 
railroads, systems, and companies would be required to train employees 
performing security-sensitive functions, using a curriculum addressing 
preparedness and how to observe, assess, and respond to terrorist-
related threats and/or incidents. As part of this rulemaking, TSA would 
also expand its current requirements for rail security coordinators and 
reporting of significant security concerns (currently limited to 
freight railroads, passenger railroads, and the rail operations of 
public transportation systems) to include the bus components of higher-
risk public transportation systems and higher-risk OTRB companies. TSA 
also proposes to make the maritime and land transportation provisions 
of TSA's regulations consistent with other TSA regulations by codifying 
general responsibility to comply with security requirements; 
compliance, inspection, and enforcement; and procedures to request 
alternate measures for compliance. Finally, TSA is adding a definition 
for Transportation Security-Sensitive Materials (TSSM). Other 
provisions are being amended or added, as necessary, to implement these 
additional requirements.
    While TSA will review and consider all comments submitted, TSA 
invites responses to a number of specific questions posed in the 
preamble of the NPRM. See the Comments Invited section under 
SUPPLEMENTARY INFORMATION that follows.

DATES: Submit comments by March 16, 2017.

ADDRESSES: You may submit comments, identified by the TSA docket number 
to this rulemaking, to the Federal Docket Management System (FDMS), a 
government-wide, electronic docket management system, using any one of 
the following methods:
    Electronically: You may submit comments through the Federal 
eRulemaking portal at https://www.regulations.gov. Follow the online 
instructions for submitting comments.
    Mail, In Person, or Fax: Address, hand-deliver, or fax your written 
comments to the Docket Management Facility, U.S. Department of 
Transportation, 1200 New Jersey Avenue SE., West Building Ground Floor, 
Room W12-140, Washington, DC 20590-0001; Fax 202-493-2251. The 
Department of Transportation (DOT), which maintains and processes TSA's 
official regulatory dockets, will scan the submission and post it to 
FDMS.
    See SUPPLEMENTARY INFORMATION for format and other information 
about comment submissions.

FOR FURTHER INFORMATION CONTACT: Harry Schultz (TSA Office of Security 
Policy and Industry Engagement) or Traci Klemm (TSA Office of the Chief 
Counsel) at telephone (571) 227-5563 or email to 
SecurityTrainingPolicy@tsa.dhs.gov.

SUPPLEMENTARY INFORMATION: 

Comments Invited

    TSA invites interested persons to participate in this rulemaking by 
submitting written comments, data, or views. We also invite comments 
relating to the economic, environmental, energy, or federalism impacts 
that might result from this rulemaking action. See ADDRESSES above for 
information on where to submit comments.
    With each comment, please identify the docket number at the 
beginning of your comments. TSA encourages commenters to provide their 
names and addresses. The most helpful comments reference a specific 
portion of the rulemaking, explain the reason for any recommended 
change, and include supporting data. You may submit comments and 
material electronically, in person, by mail, or fax as provided under 
ADDRESSES, but please submit your comments and material by only one 
means. If you submit comments by mail or delivery, submit them in an 
unbound format, no larger than 8.5 by 11 inches, suitable for copying 
and electronic filing.
    If you want TSA to acknowledge receipt of comments submitted by 
mail, include with your comments a self-addressed, stamped postcard on 
which the docket number appears. We will stamp the date on the postcard 
and mail it to you.
    TSA will file in the public docket all comments TSA receives, 
except for comments containing confidential information and Sensitive 
Security Information (SSI).\1\ TSA will consider all comments received 
on or before the closing date for comments and will consider comments 
filed late to the extent practicable. The docket is available for 
public inspection before and after the comment closing date.
---------------------------------------------------------------------------

    \1\ ``Sensitive Security Information'' or ``SSI'' is information 
obtained or developed in the conduct of security activities, the 
disclosure of which would constitute an unwarranted invasion of 
privacy, reveal trade secrets or privileged or confidential 
information, or be detrimental to the security of transportation. 
The protection of SSI is governed by 49 CFR parts 15 and 1520.
---------------------------------------------------------------------------

NPRM Specific Questions

    While TSA will review and consider all comments submitted, TSA 
invites responses to the following five specific questions:
    (1) The preferred avenue to submit security training programs to 
TSA, such as through email, secure Web site, or mailing address.
    (2) TSA is proposing to use accumulated days of employment as one 
of the factors triggering whether an employee must be trained and 
requests comment specifically on how to calculate accumulated days and 
to ensure contractors are not used to avoid the requirements of this 
proposed rule.
    (3) The use of previous training to satisfy requirements in the 
proposed rule.
    (4) Options for harmonizing the proposed training schedule with 
existing training schedules and for adding efficiencies with other 
relevant regulatory requirements, including identification of any laws, 
regulations, or orders not identified by TSA that commenters believe 
would conflict with the provisions of the proposed rule.
    (5) Options for ensuring training is effective in the absence of 
proficiency standards. For example, the proposed rule does not 
prescribe conditions for a pass/fail policy that may be associated with 
post-training testing, nor recommending a specified maximum number of 
times that an individual may take a test or evaluation to demonstrate 
knowledge and competency.

Handling of Confidential or Proprietary Information and Sensitive 
Security Information (SSI) Submitted in Public Comments

    Do not submit comments that include trade secrets, confidential 
commercial

[[Page 91337]]

or financial information, or SSI to the public regulatory docket. 
Please submit such comments separately from other comments on the 
rulemaking. Comments containing this type of information must be 
appropriately marked as containing such information and submitted by 
mail to the address listed in FOR FURTHER INFORMATION CONTACT section.
    TSA will not place comments containing SSI in the public docket, 
but will handle them in accordance with applicable safeguards and 
restrictions on access. TSA will hold documents containing SSI, 
confidential business information, or trade secrets in a separate file 
to which the public does not have access, and place a note in the 
public docket that TSA has received such materials from the commenter. 
If TSA determines, however, that portions of these comments may be made 
publicly available, TSA may include a redacted version of the comment 
in the public docket. If TSA receives a request to examine or copy 
information that is not in the public docket, TSA will treat it as any 
other request under the Freedom of Information Act (FOIA) (5 U.S.C. 
552) and FOIA regulation of the Department of Homeland Security (DHS) 
found in 6 CFR part 5.

Reviewing Comments in the Docket

    Please be aware that anyone is able to search the electronic form 
of all comments in any of our dockets by the name of the individual who 
submitted the comment (or signed the comment, if submitted on behalf of 
an association, business, labor union, etc.). You may review the 
applicable Privacy Act Statement published in the Federal Register on 
April 11, 2000 (65 FR 19477) and modified on January 17, 2008 (73 FR 
3316), or you may visit https://DocketsInfo.dot.gov.
    You may review TSA's electronic public docket on the Internet at 
https://www.regulations.gov. In addition, DOT's Docket Management 
Facility provides a physical facility, staff, equipment, and assistance 
to the public. To obtain assistance or to review comments in TSA's 
public docket, you may visit this facility between 9:00 a.m. and 5:00 
p.m., Monday through Friday, excluding legal holidays, or call (202) 
366-9826. This docket operations facility is located in the West 
Building Ground Floor, Room W12-140 at 1200 New Jersey Avenue SE., 
Washington, DC 20590.

Availability of Rulemaking Document

    An electronic copy can be obtained using the Internet by--
    (1) Searching the electronic Federal Docket Management System 
(FDMS) Web page at https://www.regulations.gov;
    (2) Accessing the Government Printing Office's Web page at https://www.gpo.gov/fdsys/browse/collection.action?collectionCode=FR to view 
the daily published Federal Register edition; or accessing the ``Search 
the Federal Register by Citation'' in the ``Related Resources'' column 
on the left, if you need to do a Simple or Advanced search for 
information, such as a type of document that crosses multiple agencies 
or dates.
    In addition, copies are available by writing or calling the 
individual in the FOR FURTHER INFORMATION CONTACT section. Make sure to 
identify the docket number of this rulemaking.

Abbreviations and Terms Used in This Document

AAR--Association of American Railroads
ABA--American Bus Association
Amtrak--National Railroad Passenger Corporation
APTA--American Public Transportation Association
CD--Compact Disc
CCTV--Closed-Circuit Television
CFATS--Chemical Facility Anti-Terrorism Standards
CFATS EAP--Expedited Approval Program for the CFATS program
CFATS RBPS--Risk-Based Performance Standards of the CFATS program
CFATS SSP--Site Specific Plans part of the CFATS program
DHS--Department of Homeland Security
DIF--Difficulty-Importance-Frequency
EOD--Explosives Ordinance Disposal
FMCSA--Federal Motor Carrier Safety Administration
FRA--Federal Railroad Administration
FTA--Federal Transit Administration
GAO--U.S. Government Accountability Office
GCC--Government Coordinating Council
HMR--Hazardous Materials Regulations
HSA--Homeland Security Act of 2002
HTUA--High Threat Urban Area
IED--Improvised Explosive Device
IFR--Interim Final Rule
IRFA--Initial Regulatory Flexibility Analysis
MOU--Memorandum of Understanding
NCTC--National Counterterrorism Center
NSI--Nationwide Suspicious Activity Reporting (SAR) Initiative
OAs--Oversight Agencies
OMB--Office of Management and Budget
OTRB--Over-the-Road Bus
PAG--Transit Policing and Security Peer Advisory Group
PHMSA--Pipeline and Hazardous Materials Safety Administration
PRA--Paperwork Reduction Act of 1995
PTPR--Public Transportation and Passenger Railroads
RFA--Regulatory Flexibility Act of 1980
RIA--Regulatory Impact Analysis
RSC--Rail Security Coordinator
RSSM--Rail Security-Sensitive Material
SBA--Small Business Administration
SCC--Sector Coordinating Council
SMS--Safety Management System
SSI--Sensitive Security Information
TIH--Toxic Inhalation Hazard
TSA--Transportation Security Administration
TSGP--Transit Security Grant Program
TSSM--Transportation Security Sensitive Material
UASI--Urban Area Security Initiative
UMRA--Unfunded Mandates Reform Act of 1995
VBIED--Vehicle-Borne Improvised Explosive Device

Table of Contents

I. Executive Summary
II. Background
    A. Context and Purpose
    B. Statutory Authorities
    C. Rule Organization
III. Proposed Rule
    A. Amendments to Part 1500
    1. General Terms
    2. Transportation Security-Sensitive Materials
    B. Amendments to Part 1503
    C. Amendments to Part 1520
    D. Amendments to Part 1570
    1. Overview of changes and structure
    2. Subpart A--General
    3. Subpart B--Security Programs
    4. Subpart C--Operations
    5. Subpart D--Security Threat Assessments
    E. Security-Sensitive Employees (Sec. Sec.  1580.3, 1582.3, and 
1584.3)
    F. Security Programs--Applicability (Sec. Sec.  1580.301, 
1582.301, and 1584.301)
    1. Freight Railroads
    2. Public Transportation and Passenger Railroads
    3. Over-the-Road Buses
    4. Foreign Owner/Operators
    5. Preemption
    G. Security Program General Requirements (Sec. Sec.  1580.113, 
1582.113, and 1584.113)
    1. Information About the Owner/Operator
    2. Information on How Training Will Be Provided
    3. Ensuring Supervision of Untrained Employees and Providing 
Notice of Changes Affecting Training
    4. Methods for Determining Effectiveness of Training
    5. Relation to Other Training
    H. Security Training and Knowledge for Security-Sensitive 
Employees (Sec. Sec.  1580.115, 1582.115 and 1584.115)
    1. Training Required for Security-Sensitive Employees
    2. Limits on Use of Untrained Employees
    3. Knowledge Required
    I. Other Security Training Programs
    1. Federal Railroad Administration Safety Training Requirements
    2. Federal Transit Administration Safety Requirements
    3. OTRB Safety Requirements
    4. Hazardous Materials Regulations
    a. Overlap With DOT Regulations Regarding Transportation of 
Hazardous Materials
    b. Inspections and Enforcement
    c. Overlap With Other DHS Regulations
    J. Training Resources
    K. Programmatic Alternatives

[[Page 91338]]

IV. Stakeholder Consultations
    A. Multi-Modal Outreach
    B. Freight Rail
    C. Public Transportation and Passenger Rail
    D. Over-the-Road Buses
    E. Labor Unions
V. Rulemaking Analyses and Notices
    A. Paperwork Reduction Act
    B. Economic Impact Analyses
    1. Regulatory Impact Analysis Summary
    2. Executive Orders 12866 and 13563 Assessments
    3. OMB A-4 Statement
    4. Alternatives Considered
    5. Regulatory Flexibility Assessment
    6. International Trade Impact Assessment
    7. Unfunded Mandates Assessment
    C. Executive Order 13132, Federalism
    D. Environmental Analysis
    E. Energy Impact Analysis

I. Executive Summary

Purpose of the Regulatory Action

    The purpose of this proposed rule is to solidify the enhanced 
baseline of security for higher-risk surface transportation operations 
by improving and sustaining the capability of employees to observe, 
assess, and respond to security risks and potential security breaches. 
These critical capabilities include identifying, reporting, and 
appropriately reacting to suspicious activity, suspicious items, 
dangerous substances, and security incidents that may be associated 
with terrorist reconnaissance, preparation, or action. The proposed 
requirements specifically apply to training employees performing 
security-sensitive job functions for higher-risk public transportation 
systems, railroad carriers (passenger and freight), and OTRB owner/
operators. Preparing and training these employees to observe, assess, 
and respond to anomalies, threats, and incidents within their unique 
working environment may be the critical point for preventing a 
terrorist act and mitigating the consequences.
    Since its creation following the attacks of September 11, 2001, TSA 
has had statutory authority to assess a security risk for any mode of 
transportation, develop security measures for dealing with that risk, 
and enforce compliance with those measures.\2\ This includes broad 
regulatory authority, which enables TSA to issue, rescind, and revise 
regulations as necessary to carry out its transportation security 
functions.\3\ As part of the Implementing Recommendations of the 9/11 
Commission Act of 2007 (9/11 Act),\4\ Congress mandated that DHS use 
its authority to issue regulations and included in the statute minimum 
requirements for employees to be trained, subjects of training, and 
procedures for the submission and approval of training programs.\5\ As 
part of this mandate, the 9/11 Act also requires higher-risk railroads 
and OTRBs to appoint security coordinators.\6\ This NPRM would propose 
to implement those provisions.
---------------------------------------------------------------------------

    \2\ See Section 101 of the Aviation and Transportation Security 
Act (ATSA), Public Law 107-71, 115 Stat. 597 (Nov. 19, 2001), 
codified at 49 U.S.C. 114 (ATSA created TSA and established the 
agency's primary federal role to enhance security for all modes of 
transportation). Section 403(2) of the Homeland Security Act of 2002 
(HSA), Public Law 107-296, 116 Stat. 2135 (Nov. 25, 2002), 
transferred all functions related to transportation security, 
including those of the Secretary of Transportation and the Under 
Secretary of Transportation for Security, to the Secretary of 
Homeland Security. Pursuant to DHS Delegation Number 7060.2, the 
Secretary delegated to the Administrator, subject to the Secretary's 
guidance and control, the authority vested in the Secretary with 
respect to TSA, including that in sec. 403(2) of the HSA.
    \3\ 49 U.S.C. 114(l)(1).
    \4\ Public Law 110-53, 121 Stat. 266 (Aug. 3, 2007).
    \5\ See secs. 1408, 1517, and 1534 of the 9/11 Act, codified at 
6 U.S.C. 1137, 1167, and 1184, respectively. For the remainder of 
this NPRM, TSA will refer to the codified section numbers.
    \6\ See secs. 1512 and 1181 of the 9/11 Act, codified at 6 
U.S.C. 1162 and 1181, respectively. TSA addresses 6 U.S.C 
1162(e)(1)(A) and 1181(e)(1)(A) in this rulemaking. TSA intends to 
address the other regulatory requirements of these provisions in 
separate rulemakings.
---------------------------------------------------------------------------

Summary of the Major Provisions

    As discussed in section III.F. of this NPRM, TSA is proposing to 
apply the requirements to higher-risk operations, based on mode-
specific assessments of risk. Based on these assessments, the 
requirements would apply to:
     Class I freight railroad carriers, railroads transporting 
Rail Security-Sensitive Materials (RSSMs) through identified High 
Threat Urban Areas (HTUAs) (applying those terms as defined in current 
49 CFR 1580.3), and railroads that host other higher-risk rail 
operations. This would cover approximately 36 railroads.
     Public transportation and passenger railroads (PTPRs) 
operating in the eight regions with the highest transit-specific risk. 
This would cover approximately 46 systems.
     The National Railroad Passenger Corporation (Amtrak), an 
intercity passenger railroad.
     OTRB owner/operators providing fixed-route service (also 
referred to as regular route or scheduled service) to/through/from the 
highest-risk urban areas. This would cover approximately 202 OTRB 
owner/operators.
    This NPRM proposes requiring the entities listed above to:
     Develop security training programs to enhance and sustain 
the capability of their security-sensitive employees to observe, 
assess, and respond to security incidents as well as to have the 
training necessary to implement their specific responsibilities in the 
event of a security incident.
     Submit the required security training program to TSA for 
review and approval.
     Implement the security training program and ensure all 
existing and new security-sensitive employees complete the required 
security training within the specified timeframes for initial and 
recurrent training.
     Maintain records demonstrating compliance and make the 
records available to TSA upon request for inspection and copying.
     Appoint security coordinators and alternates-who will be 
accessible to TSA 24 hours per day, 7 days per week-and transmit 
contact information for those individuals to TSA (an extension of 
current 49 CFR part 1580 requirements).
     Report significant security incidents or concerns to TSA 
(an extension of current 49 CFR part 1580 requirements).
     Review and update security training programs as necessary 
to address changing security measures or conditions.
    The proposed rule would also amend 49 CFR part 1500 to streamline 
definitions for TSA's regulation and would add a definition of 
Transportation Security-Sensitive Materials (TSSMs). Proposed revisions 
to 49 CFR parts 1503 and 1520 would conform references and provisions 
related to enforcement and handling of SSI to the expanded scope of 
security requirements in the proposed rule.
    The most significant proposed revisions are found in subchapter D 
of chapter XII of title 49. This subchapter would be retitled 
``Maritime and Surface Transportation Security,'' reorganized, and 
expanded to include the proposed security program requirements. The 
general rules for subchapter D would continue to be in part 1570, but 
reorganized and expanded to address the new requirements proposed in 
this rule. This NPRM also proposes to add a new section (1570.7) to 
make it clear that owner/operators, employees, contractors, and other 
persons can be held liable for violating TSA's regulations. A similar 
provision is part of TSA's aviation-related regulations and adding it 
to subchapter D ensures consistency in enforcement across all modes of 
transportation. This provision is further discussed in section III.D.2 
of this NPRM.
    Some provisions currently limited to railroads under part 1580 
would be

[[Page 91339]]

moved and revised to address the additional modes, such as provisions 
related to ``compliance, inspection, and enforcement.'' This 
necessitates reorganization and minor revisions to current part 1580. 
The impact of the proposed rule on the organization and scope of 
current 49 CFR part 1580 is discussed in section II.C. of this NPRM. 
The following table (Table 1) provides a summary of the requirements 
and their applicability (distinguishing between current requirements/
applicability and proposed requirements/applicability).

                                                        Table 1--Summary of Proposed Requirements
    [Current 49 CFR part 1580 requirements incorporated into this NPRM are indicated with an ``X''; proposed requirements are indicated with a ``P'']
--------------------------------------------------------------------------------------------------------------------------------------------------------
                                                                                         Protecting                        Reporting
                                                                        Inspection       sensitive         Security         security
                                                                     authority (Sec.      security       coordinator    incidents (Sec.      Security
                                                                          1570.9)       information         (Sec.           1570.203)      training \1\
                                                                                        (part 1520)       1570.201)
--------------------------------------------------------------------------------------------------------------------------------------------------------
Freight railroad carriers..........................................               X                X                X                X                P
Rail hazardous materials shippers..................................               X                X                X                X   ...............
Rail hazardous materials receivers in HTUAs........................               X                X                X                X   ...............
Owner/operators of private rail cars...............................               X                X                X                X   ...............
Host railroads of freight or PTPR rail operations within scope of                 X                X                X                X                P
 rule..............................................................
PTPR operating rail transit systems on general railroad system,                   X                X                X                X            \2\ P
 intercity passenger train service, and commuter train services....
PTPR operating rail transit systems not part of general railroad                  X                X                X                X            \2\ P
 system............................................................
Tourist, scenic, historic, and excursion rail owner/operators......               X                X                X                X   ...............
PTPR operating bus transit or commuter bus systems in designated                  P                P                P                P                P
 areas.............................................................
OTRB owner/operators providing fixed-route service in designated                  P                P                P                P                P
 areas.............................................................
--------------------------------------------------------------------------------------------------------------------------------------------------------
\1\ 49 CFR part 1570, Subpart B (Security Programs); 49 CFR part 1580, Subpart B--Employee Security Training (freight railroads); 49 CFR part 1582,
  Subpart B--Employee Security Training (PTPR); and 49 CFR part 1584, Subpart B--Employee Security Training (OTRBs).
\2\ If Amtrak, or listed in proposed part 1582, Appendix A (a public transportation system, or part of a public transportation system).

Costs and Benefits

    TSA estimates the overall cost of this proposed rule is $157.27 
million over 10 years discounted at 7 percent. TSA estimates the cost 
of this proposed rule by the 4 affected parties (all costs are 10 years 
at 7 percent): For freight railroads the rule would cost a total of 
$90.74 million, for PTPR the cost is $53.14 million, for OTRB the cost 
is $12.08 million, and for TSA the cost is $1.31 million.
    The proposed rule, if finalized, would enhance surface 
transportation security by reducing vulnerability to terrorist attacks 
in four different ways. First, the surface transportation employees in 
each of the three covered modes would be trained to identify security 
vulnerabilities. Second, these surface transportation employees would 
be better trained to recognize potentially threatening behavior and 
properly report that information. Third, these surface employees would 
be trained to respond to incidents, thereby mitigating the consequences 
of an attack. Finally, the covered surface transportation owner/
operators would be required to report significant security concerns to 
TSA so that TSA can analyze potential threats across all modes.
    This analysis reflects information obtained through a Notice 
published in the Federal Register in 2013 \7\ (2013 Notice). Through 
that Notice, TSA requested data needed to provide a more accurate 
understanding of the existing baseline and potential costs associated 
with the proposed rule. In particular, TSA requested information 
regarding programs currently implemented--whether as a result of 
regulatory requirements, grant requirements, in anticipation of a rule, 
voluntary, or otherwise--and the costs associated with those training 
programs.
---------------------------------------------------------------------------

    \7\ 78 FR 35945 (June 14, 2013).
---------------------------------------------------------------------------

II. Background

A. Context and Purpose

    Surface transportation systems--including public transportation 
systems, intercity and commuter passenger railroads, freight railroads, 
intercity buses, and related infrastructure--are vital to our economy 
and essential to national security.\8\ The potential for a terrorist 
attack exists at each stage of moving people, goods, and services 
throughout the Nation.
---------------------------------------------------------------------------

    \8\ Surface Transportation and Rail Security Act of 2007, report 
of the Senate Committee on Commerce, Science, and Transportation at 
2 (S. Rept. 110-29, Mar. 1, 2007), quoting Executive Order (E.O.) 
13416 (Dec. 5, 2006), published at 71 FR 71033 (Dec. 7, 2006).
---------------------------------------------------------------------------

    Recent attacks indicate the risk of terrorist attack to surface 
transportation. On August 21, 2015, there was an attempted mass 
shooting on a packed high-speed train bound for Paris from 
Amsterdam.\9\ Metropolitan Police treated a December 5, 2015, knife 
attack in a London public transportation station as a terrorist 
incident.\10\ There have been other documented terrorist attacks 
targeting surface transportation, including the attack in Madrid, 
Spain, on March 11, 2004, in which terrorists attacked four commuter 
trains using 10 improvised explosive devices (IED) that exploded near-
simultaneously and resulted in the deaths of 191 people and injury to 
more than 1,800 people.\11\ In July 2005, four coordinated suicide 
bombings occurred, three on separate trains through London Underground 
stations and the fourth on a double-

[[Page 91340]]

decker bus, killed 52 people.\12\ In July 2008, a group linked to 
Lashkar-e-Tayyiba attacked Mumbai's Western Railway Line with seven 
IEDs during evening commute hours, killing 183 people.\13\ In November 
2008, this group committed another coordinated attack that included 
shooting and bombing operations at several targets--including a train 
station--and killed a total of 164 people.\14\ More recently, U.S. news 
media reported that the Federal Bureau of Investigation (FBI) uncovered 
a plot to attack the PATH commuter rail system serving New York and New 
Jersey in mid-2006.\15\ These previous events highlight the magnitude 
of the deadly consequences that an attack on surface transportation 
could have.
---------------------------------------------------------------------------

    \9\ See Michael Birnbaum, ``A change of seats for 3 Americans 
led to saved lives on Paris-bound train,'' Washington Post (Aug. 24, 
2015), available at https://www.washingtonpost.com/world/as-french-train-suspect-is-interrogated-questions-mount-on-europes-security/2015/08/23/088ff2fe-4923-11e5-9f53-d1e3ddfd0cda_story.html.
    \10\ See BBC, ``Leytonstone Tube station stabbing a `terrorist 
incident' '' (Dec. 6, 2015), available at https://www.bbc.com/news/uk-35018789.
    \11\ Encyclopedia Britannica, ``Madrid train bombings of 2004'' 
(May 19, 2013), available at https://www.britannica.com/event/Madrid-train-bombings-of-2004.
    \12\ CNN, ``July 7 2005 London Bombings Fast Facts'' (updated 
June 29, 2016, 9:44 a.m.), available at https://www.cnn.com/2013/11/06/world/europe/july-7-2005-london-bombings-fast-facts/.
    \13\ Bureau of Diplomatic Security, ``India 2013 Crime and 
Safety Report: Mumbai'' (March 5, 2013), available at https://www.osac.gov/pages/ContentReportDetails.aspx?cid=13701.
    \14\ CNN, ``Mumbai Terror Attacks Fast Facts'' (updated Nov. 4, 
2015, 11:57 a.m.), available at https://www.cnn.com/2013/09/18/world/asia/mumbai-terror-attacks/.
    \15\ Mary Frost, ``NYC subways targeted in ISIS terror plot--
NYPD, FBI evaluating threat level,'' Brooklyn Daily Eagle (Sept. 25, 
2014), available at https://www.brooklyneagle.com/articles/2014/9/25/nyc-subways-targeted-isis-terror-plot-nypd-fbi-evaluating-threat-level.
---------------------------------------------------------------------------

    As part of its ongoing communications with stakeholders, TSA has 
alerted owner/operators affected by this proposed rule to 
transportation-related threats and has worked with many of them to 
review and recognize potential vulnerabilities to their operations. The 
impact that security training can have on these operations was 
recognized by Congress when it mandated, and provided detailed 
requirements for, security training regulations as part of the 9/11 
Act.\16\
---------------------------------------------------------------------------

    \16\ Public Law 110-53, 121 Stat. 266 (Aug. 3, 2007).
---------------------------------------------------------------------------

    TSA recognizes that the owner/operators of surface transportations 
systems, both public and private, are principally responsible for the 
safety and security of the people using their services. As noted in 
Presidential Policy Directive/PPD-21, ``Critical Infrastructure 
Security and Resilience:''

    The Nation's critical infrastructure is diverse and complex. It 
includes distributed networks, varied organizational structures and 
operating models (including multinational ownership), interdependent 
functions and systems in both the physical space and cyberspace, and 
governance constructs that involve multi-level authorities, 
responsibilities, and regulations. Critical infrastructure owners 
and operators are uniquely positioned to manage risks to their 
individual operations and assets, and to determine effective 
strategies to make them more secure and resilient.\17\
---------------------------------------------------------------------------

    \17\ PPD-21 (Feb. 12, 2013) (emphasis added).

Surface transportation employees--the people who provide and support 
these services--are a critical resource for protecting passengers and 
the transportation infrastructure.
    As a result of TSA's programmatic efforts, as well as awareness of 
the requirements of the 9/11 Act, many owner/operators of higher-risk 
surface transportation operations have voluntarily implemented security 
training programs that address some of the requirements of this 
proposed rule. As noted in the economic analysis for this rulemaking, 
however, the private market may not provide adequate incentives for 
owner/operators to make a socially optimal investment in the full range 
of measures that would reduce the probability of a successful terrorist 
attack based on the economics of externalities. (Externalities are 
costs or benefits from an economic transaction experienced by parties 
``external'' to the transaction.) Specifically, for surface mode owner/
operators, the total consequences of an attack or other security 
incident to society may be greater than what would be suffered by the 
individual owner/operator of the infrastructure or facility.
    Without ignoring the voluntary efforts of owner/operators to 
increase the baseline of their security, including by providing 
security training, TSA also recognizes a firm normally would not choose 
to make an investment in security over its privately optimal amount in 
a competitive market place, since such an investment would increase the 
firm's cost of production, placing it at a disadvantage when competing 
with companies that have not chosen to make a similar investment in 
security.
    Focusing on the higher-risk operations and frontline employees 
(defined in the rule as those performing security-sensitive functions), 
this proposed rule would close gaps in the scope or breadth of training 
provided as part of voluntary efforts. To the extent resource and 
economic considerations could cause this voluntary commitment to abate 
in the future, this proposed rule, when finalized, should solidify 
these efforts and commitment to security training.
    Thus, the purpose of this proposed rule is to solidify a baseline 
of security training for surface transportation by enhancing and 
sustaining the capability of frontline employees for higher-risk public 
transportation systems, railroad carriers (passenger and freight), and 
OTRB owner/operators to observe, assess, and respond to security risks 
and potential security breaches. These critical capabilities include 
identifying, reporting, and appropriately reacting to suspicious 
activity, suspicious items, dangerous substances, and security 
incidents that may be associated with terrorist reconnaissance, 
preparation, or action. An employee who is prepared and trained to 
observe, assess, and respond may be the critical point for preventing a 
terrorist act.
    Security awareness training is an important and effective tool to 
enhance an employee's ability to detect and deter attacks by terrorists 
or others--particularly those with malicious intent to target surface 
transportation or use vehicles as delivery systems for weapons of mass 
destruction. Well-trained employees can serve as security force-
multipliers. Their familiarity with the facilities and operating 
environments of their specific transportation systems makes them 
especially effective at recognizing situations and conditions that may 
pose a threat to the safety and security of passengers, cargo, and 
transportation infrastructure.
    Employees who are prepared to execute their security-related 
responsibilities and trained to observe, assess, and respond bring an 
informed vigilance to their daily responsibilities. They are more 
capable of identifying and making timely reports to support inquiry by 
law enforcement and security personnel, increasing the potential for 
detection or disruption of terrorist planning, preparations, and 
observations. In the event an incident does occur, employees who 
understand their roles and responsibilities under the owner/operator's 
security planning and response documents are better prepared to 
initiate timely responsive actions to mitigate consequences and work 
with first responders.
    This rulemaking is part of TSA's commitment to risk-based security 
and how it implicates policy decisions, resource commitments, and 
expectations. Passengers traveling through a higher-risk area or system 
(whether by bus or train) should be able to expect the same level of 
security regardless of the carrier. Communities in HTUAs should expect 
that the freight trains carrying RSSM \18\ are operated by employees 
with a common baseline of security training, regardless of who owns or 
operates the train. The result is

[[Page 91341]]

a proposed rule that bases applicability primarily on the location 
where the transportation is operated (rather than constructs of 
ownership) and scope of employees to be trained on the functions they 
perform (rather than titles in position descriptions).
---------------------------------------------------------------------------

    \18\ As previously noted, TSA is not proposing to modify these 
terms as defined in current 49 CFR 1580.3.
---------------------------------------------------------------------------

    For these reasons, TSA proposes this regulation requiring owner/
operators to implement employee security training programs for 
employees serving in security-sensitive positions in higher-risk 
operations. TSA explains aspects of the proposed rule more fully in 
section III of this NPRM.

B. Statutory Authorities

    The security of the Nation's transportation systems is vital to the 
economic health and security of the United States. Ensuring 
transportation security while promoting the movement of legitimate 
travelers and commerce is a critical counter-terrorism mission assigned 
to TSA.
    Since its creation following the attacks of September 11, 2001, TSA 
has had broad statutory authority to assess a security risk for any 
mode of transportation, develop security measures for dealing with that 
risk, and enforce compliance with those measures.\19\ This includes 
broad regulatory authority, which enables TSA to issue, rescind, and 
revise regulations as necessary to carry out its transportation 
security functions.\20\
---------------------------------------------------------------------------

    \19\ See supra, n. 2.
    \20\ 49 U.S.C. 114(l)(1).
---------------------------------------------------------------------------

    Congress has determined that a regulation is necessary for owner/
operators of public transportation systems, passenger railroads, 
freight railroads, and OTRBs to provide security training to their 
frontline employees. As part of the 9/11 Act,\21\ Congress mandated 
that DHS use its authority to issue regulations and included in the 
statute minimum requirements for employees to be trained, subjects of 
training, and procedures for the submission and approval of training 
programs.\22\ This NPRM proposes to implement these provisions.
---------------------------------------------------------------------------

    \21\ Public Law 110-53, 121 Stat. 266 (Aug. 3, 2007).
    \22\ See 6 U.S.C. 1137, 1167, and 1184.
---------------------------------------------------------------------------

    The 9/11 Act includes a requirement to include ``[l]ive situational 
training exercises'' as part of its security training regulations.\23\ 
As part of the Homeland Security Exercise and Evaluation Program 
(HSEEP), DHS describes the benefit of exercises ``to test and validate 
plans and capabilities.'' \24\ While testing the effectiveness of 
training is important, the HSEEP focuses on the need to test 
effectiveness of the overall plan--a process that reveals any 
weaknesses in training. TSA has determined the intent of requiring 
exercises would be better met if owner/operators were required to test 
the effectiveness of their security plans--which would include testing 
employee understanding and capabilities related to their roles, 
responsibilities, protocols, and procedures. Therefore, TSA has decided 
to address this element in a separate rulemaking that will meet related 
9/11 Act provisions for security planning.\25\
---------------------------------------------------------------------------

    \23\ See 6 U.S.C. 1137(c)(7), 1167(c)(8), and 1184(c)(8).
    \24\ See DHS, ``Homeland Security Exercise and Evaluation 
Program (HSEEP)'' (April 2013), available at https://www.fema.gov/media-library-data/20130726-1914-25045-8890/hseep_apr13_.pdf.
    \25\ See requirements in 6 U.S.C. 1134 (public transportation), 
1162 (railroads), and 1181 (OTRBs).
---------------------------------------------------------------------------

    Finally, the 9/11 Act also requires DHS to define the term 
``security-sensitive material'' as it relates to materials transported 
in commerce that pose ``a significant risk to national security . . . 
due to the potential use of the material in an act of terrorism.'' \26\ 
The 9/11 Act states that the term must include specific, identified 
materials.\27\ TSA has previously identified ``security-sensitive 
materials'' transported by freight railroad carriers as ``Rail 
Security-Sensitive Materials'' (RSSM).\28\ As further discussed in 
section III.A.2 of this NPRM, TSA is proposing materials to be 
identified as ``Transportation Security-Sensitive Materials (TSSM).''
---------------------------------------------------------------------------

    \26\ 6 U.S.C. 1151(13).
    \27\ Materials to be included are Class 7 radioactive materials, 
Division 1.1, 1.2, or 1.3 explosives, materials poisonous or toxic 
by inhalation, including Division 2.3 gases and Division 6.1 
materials, and select agents or toxins regulated by the Centers for 
Disease Control and Prevention under 42 CFR part 73.
    \28\ See 49 CFR 1580.3 and 1580.100(b).
---------------------------------------------------------------------------

C. Rule Organization

    Implementing requirements in the 9/11 Act for surface 
transportation regulations necessitates making other changes to TSA's 
regulations found in title 49 of the CFR. Some of these changes are 
technical revisions or additions, such as consolidating definitions 
used in multiple parts of TSA's regulations into part 1500 and adding 
cross-references to the new regulatory requirements as relevant for 
investigations (part 1503) and protection of SSI (part 1520).
    The most significant changes are to subchapter D, which TSA 
proposes to rename ``Maritime and Surface Transportation Security.'' 
Subchapter D currently contains requirements related to security threat 
assessments (STAs) (parts 1570 and 1572) and rail security (1580). TSA 
is proposing to significantly reorganize and augment parts 1570 and 
1580, and add parts 1582 (PTPR) and 1584 (Highway and Motor Carriers).
    Many portions of the proposed rule are common to PTPR, freight, and 
OTRB operations. These are included in 49 CFR part 1570. Eliminating 
duplication of these requirements across multiple sections of TSA's 
regulations reduces unintended inconsistencies, both now and over time 
to the extent there are any amendments made to these regulations in the 
future. Because of these modifications, other organizational changes 
are being made to part 1570--including moving definitions that have 
applicability across multiple parts of TSA's regulations to part 1500 
(discussed more fully in part III.A of this NPRM) and consolidating 
provisions related to security threat assessments into a new subpart D. 
The STA provisions are being moved but are otherwise unmodified. As a 
result, the substance of these provisions is not part of this notice 
and comment rulemaking.
    TSA includes proposed requirements adapted to reflect the unique 
aspects of each mode in mode-specific parts of 49 CFR Chapter XII, 
Subchapter D--Maritime and Surface Transportation Security. Part 1580 
would be revised to focus on freight railroads. Sections in current 
part 1580 applicable to PTPR systems would be moved to a new part 1582. 
TSA also proposes creating a new part 1584, which would include the 
requirements for OTRB.
    With the exception of the following, provisions of current 49 CFR 
part 1580, Rail Transportation Security, applicable to freight 
railroads would be reorganized without substantive change. TSA proposes 
to move some provisions to part 1570--this revision would include the 
security coordinator and reporting requirements (which are being 
updated and clarified, and extended to include higher-risk buses).\29\ 
Other provisions, such as ``chain of custody'' provisions for RSSMs, 
would be reorganized within part 1580 because of this proposed rule. 
Finally, current Appendix A to part 1580 would be modified to remove 
outdated references. Table 2 provides a distribution table for changes 
to current 49 CFR part 1580. To the extent sections are being moved, 
but not revised, they are not part of this notice and comment 
rulemaking.
---------------------------------------------------------------------------

    \29\ These modifications are discussed in section III.C. of this 
NPRM.

[[Page 91342]]



              Table 2--49 CFR Part 1580 Distribution Table
------------------------------------------------------------------------
              Former section                       New section(s)
------------------------------------------------------------------------
1580.1....................................  1570.1, 1580.1, and 1582.1.
1580.3....................................  1570.3, 1580.3, and 1582.3.
1580.5....................................  1570.9.
1580.100..................................  1500.3, 1580.101.
1580.101..................................  1570.201.
1580.103..................................  1580.203.
1580.105..................................  1570.203.
1580.107..................................  1580.205.
1580.109..................................  1580.5 and 1582.5.
1580.111..................................  1580.207.
1580.200..................................  1582.101.
1580.201..................................  1570.201.
1580.203..................................  1570.203.
------------------------------------------------------------------------

III. Proposed Rule

A. Amendments to Part 1500

1. General Terms
    Consistent with the proposed rule's organization, TSA includes 
proposed definitions for terms relevant to several subchapters of TSA 
regulations, beyond the requirements of subchapter D, in part 1500. 
Terms relevant to several parts of subchapter D would be added to Sec.  
1570.3. Terms uniquely relevant to each mode would be included in the 
relevant parts (part 1580 (freight), part 1582 (PTPR), and part 1584 
(OTRB)).
    Many of the proposed definitions are identical, or nearly 
identical, to definitions codified in current 49 CFR part 1580. Some 
definitions are taken from the 9/11 Act. Other definitions are derived 
from existing Federal regulatory programs, particularly programs 
administered by DOT. A few definitions are based on industry sources. 
TSA's purpose is to use existing definitions that regulated parties are 
familiar with to the extent that the definitions are consistent with 
the 9/11 Act and the purposes of this NPRM. Where no existing 
definition is appropriate, TSA's subject matter experts developed the 
definition based upon the generally accepted and known use of terms 
within each of the modes subject to this proposed regulation. Table 3 
provides additional information on the terms that would be added to 
part 1500.

         Table 3--Explanation of Proposed Terms and Definitions
------------------------------------------------------------------------
           Summary of change                       Explanation
------------------------------------------------------------------------
Propose modifying definition of          This term is used in proposed
 ``Administrator''.                       sections regarding procedures
                                          for requesting alternative
                                          measures or challenges to
                                          required modifications. The
                                          definition is being updated to
                                          reflect TSA's transition to a
                                          DHS component.
Propose adding a definition for          This term is used in the
 ``Authorized representative''.           definition of ``Employee.'' It
                                          is intended to ensure that any
                                          ``authorized representatives''
                                          performing security-sensitive
                                          functions for an owner/
                                          operator receives the required
                                          security training, even if
                                          they are not considered a
                                          direct employee. More
                                          information can be found in
                                          the discussion of employees
                                          required to be trained in
                                          preamble section III.E.
Propose adding a definition for ``Bus''  This term is used in several
                                          other terms defined in this
                                          proposed rule. TSA's review of
                                          DOT regulations identified
                                          several definitions for this
                                          term. The definition developed
                                          by TSA for the purposes of
                                          subchapter D is a composite of
                                          DOT's definitions adopted for
                                          TSA's purposes. While it is a
                                          broad definition on its own,
                                          the other terms in which it is
                                          used limit its application.
Propose adding a definition of ``Bus     This term is used as part of
 transit system''.                        the scope of what is intended
                                          by, and included within, the
                                          definition of public
                                          transportation. Consistent
                                          with the scope of other
                                          commuter transit systems, the
                                          definition is based upon an
                                          explanation of what
                                          constitutes ``urban rapid
                                          transit service'' in 49 CFR
                                          part 209, Appendix A.
Propose adding a definition for          This term is used as part of
 ``Commuter bus system''.                 the scope of what is intended
                                          by, and included within, the
                                          definition of public
                                          transportation. Consistent
                                          with the scope of other
                                          commuter transit systems, the
                                          definition is based upon the
                                          Federal Railroad
                                          Administration's (FRA's)
                                          explanation of ``commuter
                                          service'' for rail in 49 CFR
                                          part 209, and the Federal
                                          Motor Carrier Safety
                                          Administration's (FMCSA's)
                                          definition of ``commuter
                                          service'' in 49 CFR
                                          374.303(g).
As part of reorganization of current 49  This term is used as part of
 CFR part 1580, propose moving            the scope of what is intended
 definition of ``Commuter passenger       by, and included within, the
 train service'' from 49 CFR 1580.3.      definition of public
                                          transportation.
Propose moving definition of ``DHS''     This term has general
 from 49 CFR 1520.3.                      applicability to several parts
                                          of TSA's regulations beyond
                                          the provisions in 49 CFR part
                                          1520.
Propose moving definition of ``DOT''     This term has general
 from 49 CFR 1520.3.                      applicability to several parts
                                          of TSA's regulations beyond
                                          the provisions in 49 CFR part
                                          1520.
Proposed adding definition for ``Fixed-  Used within the scope of OTRB
 route service''.                         owner/operators subject to the
                                          proposed regulation (see
                                          proposed 49 CFR 1570.101 and
                                          1584.1), this term is based on
                                          the definition of a fixed-
                                          route system found in 49 CFR
                                          37.3.
Propose moving definition of ``General   Part of reorganization of
 railroad system of transportation''      current 49 CFR part 1580. This
 from 49 CFR 1580.3.                      proposed rule does not change
                                          the definition.
Propose moving definition of             Part of reorganization of
 ``Hazardous Material'' from 49 CFR       current 49 CFR part 1580. This
 1580.3.                                  proposed rule does not change
                                          the definition.
Propose moving definition of ``Heavy     Part of reorganization of
 rail transit'' from 49 CFR 1580.3.       current 49 CFR part 1580. This
                                          proposed rule does not change
                                          the definition.
Propose adding a definition of ``Host    This term, which is consistent
 railroad''.                              with the definition in 49 CFR
                                          236.1003, is used within the
                                          scope of this proposed rule
                                          relating to operations by
                                          railroad carriers. More
                                          information can be found in
                                          the preamble discussion in
                                          section III.F.1.

[[Page 91343]]

 
Propose moving definition of             Part of reorganization of
 ``Improvised explosive device (IED)''    current 49 CFR part 1580. This
 from 49 CFR 1580.3.                      proposed rule does not change
                                          the definition.
Propose moving definition of             Part of reorganization of
 ``Intercity passenger train service''    current 49 CFR part 1580. This
 from 49 CFR 1580.3.                      proposed rule does not change
                                          the definition.
Propose moving definition of ``Light     Part of reorganization of
 rail transit'' from 49 CFR 1580.3.       current 49 CFR part 1580. This
                                          proposed rule does not change
                                          the definition.
Propose adding a definition of ``Motor   Used throughout this proposed
 vehicle''.                               rule, TSA has determined that
                                          there is no consistent
                                          definition of ``motor
                                          vehicle'' within federal
                                          regulations. TSA has reviewed
                                          various DOT regulations and
                                          relies primarily on 49 CFR
                                          390.5 for this definition as
                                          most applicable to this
                                          proposed regulation, choosing
                                          a definition that is inclusive
                                          with limitations provided in
                                          the relevant applicability
                                          sections.
Propose adding a definition for ``Over-  This term, the definition of
 the-Road Bus (OTRB)''.                   which is consistent with 6
                                          U.S.C. 1151(4), is used within
                                          other definitions and the
                                          scope of this proposed rule
                                          relating to over-the-road bus
                                          owners. More information can
                                          be found in the preamble
                                          discussion in section III.F.3.
Propose moving definition of ``owner/    Used in other definitions and
 operator'' from 49 CFR 1570.3 and        throughout the proposed rule,
 modifying to eliminate cross-reference   the definition of this term is
 to title 33 of the CFR.                  a modification of the current
                                          definition of ``owner/
                                          operator'' that affects 49
                                          CFR, subchapter D. The
                                          modifications remove outdated
                                          references to make it the term
                                          appropriate for the broader
                                          scope of transportation
                                          regulated by TSA.
Propose moving definition of             Part of reorganization of
 ``Passenger car'' from 49 CFR 1580.3     current 49 CFR part 1580. TSA
 and adding ``rail'' to the term to       is proposing to insert the
 read, ``passenger rail car''.            word ``rail'' between
                                          ``passenger'' and ``car'' to
                                          avoid any confusion between
                                          rail and motor vehicle
                                          conveyances.
Propose adding a definition of           Used both in the scope of
 ``Passenger railroad carrier''.          proposed subpart B of 49 CFR
                                          part 1570 (Security
                                          Coordinator and Reporting
                                          Requirements) and the scope of
                                          the training rule (proposed 49
                                          CFR part 1582), this term is
                                          also used in the context of
                                          host railroad operations. More
                                          information can be found in
                                          the discussion in III.F.2. The
                                          definition is based on the
                                          definition for this term found
                                          in 49 CFR 239.7.
Propose moving definition of             Part of reorganization of
 ``Passenger train'' from 49 CFR 1580.3.  current 49 CFR part 1580. This
                                          proposed rule does not change
                                          the definition.
Propose moving definition of ``Private   Part of reorganization of
 rail car'' from 49 CFR 1580.3.           current 49 CFR part 1580. This
                                          proposed rule does not change
                                          the definition.
Propose adding a definition of ``Public  Used within other terms, this
 transportation''.                        definition is based primarily
                                          on 49 U.S.C. 5302(14). Where
                                          the statute uses a definition
                                          that is characterized by what
                                          is excluded, TSA's definition
                                          focuses on what is included.
Propose adding a definition of ``Public  This term is used to define the
 transportation agency''.                 scope of owner/operators
                                          subject to the proposed rule.
                                          See proposed subpart B to 49
                                          CFR parts 1570 and 1582. See
                                          also the preamble discussion
                                          in section III.F.2 for more
                                          information. (The 9/11 Act
                                          defines a ``public
                                          transportation agency'' as a
                                          publicly owned operator of
                                          public transportation eligible
                                          to receive Federal assistance
                                          under Chapter 53 of Title 49,
                                          United States Code.''). TSA
                                          reviewed the requirements of
                                          that statute in developing
                                          this definition. As noted
                                          above, the definition of
                                          ``public transportation'' is
                                          based on 49 U.S.C. 5302(14).
Propose moving definition of ``Rail      Part of reorganization of
 hazardous materials receiver'' from 49   current 49 CFR part 1580. This
 CFR 1580.3.                              proposed rule does not change
                                          the definition.
Propose moving definition of ``Rail      Part of reorganization of
 hazardous materials shipper'' from 49    current 49 CFR part 1580. As
 CFR 1580.3, with a non-significant       proposed, the definition of
 amendment.                               ``offers or offeror'' in 49
                                          CFR 1580.3 would be deleted
                                          and a reference to the DOT
                                          definition for ``person who
                                          offers or offeror'' would be
                                          incorporated into the
                                          definition of ``rail security-
                                          sensitive material.''
Propose moving definition of ``Rail      Part of reorganization of
 secure area'' from 49 CFR 1580.3.        current 49 CFR part 1580. This
                                          proposed rule does not change
                                          the definition.
Propose moving definition of ``Rail      This term has general
 transit facility'' from 49 CFR 1520.3    applicability to several parts
 and 1580.3.                              of TSA's regulations beyond
                                          the provisions in 49 CFR part
                                          1520.
Propose moving definition of ``Rail      Part of reorganization of
 transit system or `Rail Fixed Guideway   current 49 CFR part 1580. This
 System' '' from 49 CFR 1580.3 to         proposed rule does not change
 proposed 1570.3.                         the definition.
Propose moving definition of ``Railroad  Part of reorganization of
 carrier'' from 49 CFR 1580.3.            current 49 CFR part 1580. This
                                          proposed rule does not change
                                          the definition.
Propose moving definition of             Part of reorganization of
 ``Railroad'' from 49 CFR 1580.3 and      current 49 CFR part 1580. This
 modifying it to define ``Railroad        proposed rule does not
 transportation''.                        significantly change the
                                          definition.
Propose moving definition of ``Record''  This term has general
 from 49 CFR 1520.3.                      applicability to several parts
                                          of TSA's regulations beyond
                                          the provisions in 49 CFR part
                                          1520.
Propose adding definition of             This term has general
 ``Sensitive Security Information         applicability to several parts
 consistent with 49 CFR 1520.3 to         of TSA's regulations beyond
 1570.3.                                  the provisions in 49 CFR parts
                                          1520 and 1570.
Propose moving definition of ``State''   This term has general
 from 49 CFR 1570.3.                      applicability to several parts
                                          of TSA's regulations beyond
                                          the provisions in 49 CFR parts
                                          1520 and 1570.

[[Page 91344]]

 
Propose adding definition of             The term is used in the context
 ``Transportation security equipment      of the proposed requirement
 and systems''.                           for security-sensitive
                                          employees to be trained on use
                                          of security equipment and
                                          systems. See for example,
                                          proposed 49 CFR
                                          1580.155(c)(1). TSA's subject
                                          matter experts have developed
                                          this definition based on their
                                          work with the modes in
                                          conducting assessments and
                                          developing voluntary security
                                          action items.
Propose moving definition of ``Tourist,  Part of the reorganization of
 scenic, historic, or excursion           current 49 CFR part 1580. This
 operation'' from 49 CFR 1580.3.          proposed rule does not change
                                          the definition.
Propose moving definition of             Part of the reorganization of
 ``Transit'' from 49 CFR 1580.3 with      current 49 CFR part 1580. TSA
 modifications to reflect broader scope   proposes modifying this term
 of this proposed rule.                   to reflect the multimodal
                                          scope of the proposed training
                                          rule and have the term apply
                                          across all the modes.
Propose moving definition of             Part of the reorganization of
 ``Transportation or transport'' from     current 49 CFR part 1580. TSA
 49 CFR 1580.3 with modifications to      proposes modifying this term
 reflect broader scope of this proposed   to reflect the multimodal
 rule.                                    scope of the proposed training
                                          rule and have the term apply
                                          across all the modes.
Propose moving definition of             Part of the reorganization of
 ``Transportation facility'' from 49      current 49 CFR part 1580. TSA
 CFR 1580.3 with modifications to         proposes modifying this term
 reflect broader scope of this proposed   to reflect the multimodal
 rule.                                    scope of the proposed training
                                          rule and have the term apply
                                          across all the modes.
Propose adding definition of             The definition is included to
 ``Transportation Security-Sensitive      satisfy 9/11 Act requirements.
 Materials (TSSM)''.                      See 6 U.S.C. 1151(13). The
                                          term is defined in proposed 49
                                          CFR 1570.3. More information
                                          can be found in the preamble
                                          discussion of the TSSM list in
                                          section III.A.2.
Propose moving definition of ``TSA''     This term has general
 from 49 CFR 1520.3.                      applicability to several parts
                                          of TSA's regulations beyond
                                          the provisions in 49 CFR part
                                          1520.
Propose moving definition of             This term is being modified to
 ``vulnerability assessment'' from 49     streamline terminology rather
 CFR 1520.3.                              than enumerating subcategories
                                          within each mode. It is being
                                          moved to 49 CFR part 1500 as
                                          it has relevance beyond the
                                          provisions in part 1520.
------------------------------------------------------------------------

2. Transportation Security-Sensitive Materials
    The 9/11 Act included a requirement for DHS to define ``security-
sensitive material.'' ``Security-sensitive material'' is defined as ``a 
material, or group or class of material, in a particular amount and 
form that the Secretary [of Homeland Security], in consultation with 
the Secretary of Transportation, determines, through rulemaking with 
opportunity for public comment, poses a significant risk to national 
security while being transported in commerce due to the potential use 
of the material in an act of terrorism.'' \30\ TSA has met the 
requirements of the 9/11 Act related to rail through its definition of 
RSSMs under current 49 CFR part 1580.\31\
---------------------------------------------------------------------------

    \30\ 6 U.S.C. 1151(13).
    \31\ See 49 CFR 1580.3 and 1580.100(b). See also discussion in 
73 FR 72130 at 72134 (Nov. 26, 2008).
---------------------------------------------------------------------------

    In March of 2010, DOT's Pipeline and Hazardous Materials Safety 
Administration (PHMSA) issued a final rule: ``Hazardous Materials: 
Risk-Based Adjustment of Transportation Security Plan Requirements.'' 
\32\ This PHMSA final rule amended PHMSA's security requirements for 
hazardous material (hazmat) transportation under 49 CFR part 172 of the 
Hazardous Material Regulations (HMR),\33\ applicable to freight 
railroad carriers, motor carriers, and shippers and receivers of 
hazmat. In addition to amendments to security planning requirements, 
the PHMSA final rule provided a revised list of hazardous materials for 
which a security plan is required. DOT worked closely with TSA to align 
the proposed lists of materials subject to their security programs with 
ongoing efforts by TSA. The materials considered included certain 
explosives, compressed gases and flammable liquids, poisonous gases and 
materials, corrosive materials, radioactive materials, and chemicals 
listed by the Chemical Weapons Convention. There were also requests to 
PHMSA to harmonize the list of materials for which security plans are 
required with the list of materials designated as high consequence 
dangerous goods for which enhanced security measures are recommended in 
the United Nations Model Regulations on the Transport of Dangerous 
Goods (UN Recommendations). Discussions regarding the materials 
identified in the PHMSA regulations can be found in the preambles to 
their relevant rulemakings.\34\
---------------------------------------------------------------------------

    \32\ 75 FR 10974 (Mar. 9, 2010). Additional information is 
included in the preamble to the related NPRM. See 73 FR 52558 (Sept. 
9, 2008).
    \33\ These regulations are also referred to as HM-232.
    \34\ See supra, n. 32.
---------------------------------------------------------------------------

    TSA proposes to adopt the PHMSA list for purposes of defining TSSM. 
This approach avoids unnecessary duplication and ensures consistent 
alignment of the materials meeting this standard in Federal 
regulations. A discussion regarding the materials in the list can be 
found in the preamble to PHMSA's final rule.\35\
---------------------------------------------------------------------------

    \35\ 75 FR at 10977.
---------------------------------------------------------------------------

B. Amendments to Part 1503

    TSA is proposing minor amendments to part 1503 (Investigative and 
Enforcement Procedures) as necessary to conform these regulations to 
changes made by the proposed rule. In Sec.  1503.101(b), the scope of 
statutory provisions is amended to add authorities in title 6 U.S.C. 
that are administered by the TSA Administrator--which are relevant to 
this proposed rule. These are conforming amendments with no cost 
impact.

C. Amendments to Part 1520

    TSA is also proposing to modify part 1520 (Protection of Sensitive 
Security Information). TSA is required to promulgate regulations 
governing the protection of information obtained or developed in 
carrying out security under the authority of ATSA \36\ if public 
disclosure of that information could be detrimental to transportation 
security. TSA's current SSI regulation, 49 CFR part 1520, establishes 
certain requirements for the recognition, identification, handling, and 
dissemination of SSI, including restrictions on disclosure and civil

[[Page 91345]]

penalties for violations of those restrictions. DOT has nearly 
identical SSI authority (49 U.S.C. 40119) and a nearly identical SSI 
regulation (49 CFR part 15).\37\
---------------------------------------------------------------------------

    \36\ See 49 U.S.C. 114(r).
    \37\ For more information on these regulations, see 69 FR 28078 
(May 18, 2004).
---------------------------------------------------------------------------

    Because TSA is expanding the scope of its regulatory requirements 
in order to fulfill the mandates of the 9/11 Act, it is necessary to 
conform the SSI provisions to include these transportation security-
related requirements. The proposed amendments are limited to: (1) 
Eliminating unnecessary terms from part 1520 that are added to part 
1500 and (2) replacing the limiting term ``rail transportation security 
requirement'' with ``surface transportation security requirement.'' In 
some places, such as the definition of ``vulnerability assessment'' in 
Sec.  1520.3, TSA is proposing to streamline a lengthy description of 
types of transportation to simply state ``aviation, maritime, or 
surface transportation.''
    The impact of these minor revisions should also be minimal. Under 
Sec.  1520.7(j), any person who has access to SSI is required to 
protect it according to the requirements of the regulation. While some 
of the proposed population that would be affected by this rule has not 
previously been subject to TSA regulations, most of them have 
previously received SSI information from TSA, as well as training on 
the proper handling of SSI, and have procedures in place to ensure the 
requirements of the regulation are met.\38\
---------------------------------------------------------------------------

    \38\ Publicly available information on proper handling of SSI is 
available on TSA's Web site at www.tsa.gov.
---------------------------------------------------------------------------

    TSA's regulations for SSI have a counterpart in DOT regulations 
under 49 CFR part 15. Any comments received on these proposed 
amendments will be shared with DOT. As these are parallel rules, 
assuming there are changes to part 1520 adopted as part of this notice 
and comment rulemaking, DOT may subsequently make similar changes to 
part 15. We invite comments on the proposed changes to part 1520, and 
we will share with DOT any comments received on potential changes to 
part 15. We also invite comments on this process for making changes to 
both parts.

D. Amendments to Part 1570

1. Overview of Changes and Structure
    TSA is proposing to divide part 1570 into four subparts: (1) 
Subpart A would cover general requirements applicable to all aspects of 
subchapter D to chapter XII of title 49; (2) subpart B provides the 
general framework for security programs; (3) subpart C covers 
operational requirements; and (4) subpart D would move and consolidate 
general provisions related to security threat assessments (STAs) which 
are more specifically addressed in part 1572. As previously discussed, 
mode--specific requirements are contained in subsequent parts. Because 
of the significant restructuring of part 1570, the proposed rule text 
includes the entirety of the revision--not just the parts that would be 
added because of this rulemaking. This includes terms applicable to the 
STAs required by part 1572, as well as related STA provisions that TSA 
proposes moving to new subpart D.
2. Subpart A--General
Terms and Definitions (Sec.  1570.3)
    As previously indicated, TSA is proposing to move several terms 
from Sec.  1570.3 to Sec.  1500.3 as part of a general effort to 
streamline TSA's regulations by consolidating terms used in multiple 
parts. In addition, TSA is proposing to add the terms identified in 
Table 4 to Sec.  1570.3 as they are used in multiple sections of 
subchapter D to chapter XII of title 49.

         Table 4--Explanation of Proposed Terms and Definitions
------------------------------------------------------------------------
           Summary of change                       Explanation
------------------------------------------------------------------------
Propose adding definition of             This term is used in the
 ``Contractor''.                          definition of ``employee'' for
                                          purposes of this subchapter
                                          and is based on a definition
                                          of contractor used in DOT
                                          regulations, see, e.g., 49 CFR
                                          655.4.
Propose adding definition for            This term is used in several
 ``Employee''.                            definitions, most notably, the
                                          definition of ``security-
                                          sensitive employee,'' which is
                                          the term used to define the
                                          scope of individuals who must
                                          be trained under the proposed
                                          rule (see discussion in III.E)
                                          and the requirements of the
                                          training program. See proposed
                                          definition of ``security-
                                          sensitive employee'' in 49 CFR
                                          1580.3, 1582.3, and 1584.3. It
                                          is also used in sections
                                          regarding responsibility for
                                          compliance (proposed 49 CFR
                                          1570.13), and terms used for
                                          ``chain of custody''
                                          requirements in proposed 49
                                          CFR 1580.3 (currently 49 CFR
                                          1580.107).
Propose adding definition of             This term is used in the
 ``Immediate supervisor''.                definition of ``Employee.'' It
                                          is intended to ensure that any
                                          ``immediate supervisors''
                                          performing security-sensitive
                                          functions for an owner/
                                          operator receive the required
                                          security training. It is also
                                          intended to limit the layers
                                          of management that must
                                          receive security training to
                                          those who have an actual nexus
                                          to transportation security.
                                          More information can be found
                                          in the discussion of employees
                                          required to be trained in
                                          preamble section III.E.
Propose adding definition of ``Security- This term is used in provisions
 sensitive employee''.                    of part 1570 as part of the
                                          proposed security training
                                          requirements. The definition
                                          provides a signal to find the
                                          appropriate mode-specific
                                          definitions in 49 CFR parts
                                          1580, 1582, and 1584.
Propose adding definition of ``Security- This term is used in provisions
 sensitive job function''.                of part 1570 as part of the
                                          proposed security training
                                          requirements. The definition
                                          provides a signal to find the
                                          appropriate mode-specific
                                          definitions in 49 CFR parts
                                          1580, 1582 and 1584.
------------------------------------------------------------------------


[[Page 91346]]

Security Responsibilities for Employees and Other Persons (Sec.  
1570.7)
    In proposed Sec.  1570.7, TSA is seeking to make its regulations 
regarding the responsibility for compliance consistent for all modes. 
Under 49 U.S.C. 114(f), TSA is required to enforce security related 
regulations and requirements and oversee the implementation of security 
measures for all modes of transportation.\39\ As with the similar 
aviation regulation, the obligation for compliance is not limited to 
owner/operators specifically referenced under applicability provisions. 
Any person may be held to have violated these proposed rules, including 
contractors who provide service to owner/operators and the employees of 
such contractors. For example, a contractor who is authorized by an 
owner/operator to provide security training to individuals performing 
security-sensitive functions on the owner/operator's behalf would be 
expected to fulfill all of the responsibilities under these three parts 
with respect to such training. Similarly, contractors would also be 
subject to inspection for compliance with this proposed rule and 
enforcement actions when appropriate (see following discussion on 
proposed Sec.  1570.9 for more information on TSA's investigatory and 
enforcement authority).
---------------------------------------------------------------------------

    \39\ See 49 U.S.C. 114(f)(7) and (11). A similar provision 
applicable to aviation employees and other related persons is in 49 
CFR 1540.105(a)(1) and (b).
---------------------------------------------------------------------------

Compliance, Inspection, and Enforcement (Sec.  1570.9)
    TSA is mandated to: (1) Enforce its regulations and requirements; 
(2) oversee the implementation and ensure the adequacy of security 
measures; and (3) inspect, maintain, and test security facilities, 
equipment, and systems for all modes of transportation.\40\ This 
mandate applies even in the absence of regulations stating the 
authority, but TSA has chosen to include a restatement of its authority 
in its regulations. The statute specifically requires TSA to--
---------------------------------------------------------------------------

    \40\ See 49 U.S.C. 114(f).
---------------------------------------------------------------------------

     Assess threats to transportation;
     Enforce security-related regulations and requirements;
     Inspect, maintain, and test security of facilities, 
equipment, and systems;
     Ensure the adequacy of security measures for the 
transportation of cargo;
     Oversee the implementation, and ensure the adequacy, of 
security measures at airports and other transportation facilities;
     Require background checks for airport security screening 
personnel, individuals with access to secure areas of airports, and 
other transportation security personnel; and
     Carry out such other duties, and exercise such other 
powers, relating to transportation security as the Administrator 
considers appropriate, to the extent authorized by law.
    While current part 1570 includes a provision stating TSA's 
compliance, inspection, and enforcement authority, it is not as 
detailed as what TSA has promulgated in more recent regulations.\41\ 
Therefore, TSA is proposing to transfer the text of current Sec.  
1580.5 to subpart A as proposed Sec.  1570.9, with minor modifications 
to reflect the addition of certain bus operations that have previously 
been unregulated by TSA.\42\
---------------------------------------------------------------------------

    \41\ Compare current Sec.  1570.11 with current Sec.  1580.5. 
The provision in part 1580 is also consistent with 49 CFR 1542.5, 
1544.3. 1546.3, 1548.3, and 1549.3.
    \42\ A more detailed discussion of current Sec.  1580.5, still 
relevant to the proposed section, can be found in the preamble for 
current part 1580. See 71 FR 76852 (Dec. 12, 2006) (NPRM) and 73 FR 
72130 (Nov. 26, 2008) (Final Rule).
---------------------------------------------------------------------------

3. Subpart B--Security Programs
    As previously noted, TSA intends to consolidate and avoid 
duplication of requirements in its regulations by placing all of the 
security program requirements that are consistent across all modes in 
subpart B. These include: (1) Submission, review, and approval of the 
program; (2) procedures for amending the program; (3) the training 
schedule (including initial and recurrent training, previous training, 
relation to other training, and failure to train); and (4) 
recordkeeping. Proposed requirements for which employees must be 
trained and content of the program are found in the proposed revisions 
to part 1580 (freight rail) and new parts 1582 (PTPR) and 1584 (OTRB).
Program Content (Sec.  1570.103)
    Under the statutory requirements, TSA must issue regulations 
mandating security training for owner/operators of public 
transportation agencies, railroads, and OTRBs.\43\ In proposing these 
regulations, TSA assumes that Congress intended the requirement to 
provide for the use of ``existing procedures, protocols, and standards 
to satisfy the regulatory requirements'' for vulnerability assessments 
and security plans apply equally to security training.\44\ Proposed 
Sec.  1570.3 implements these requirements by stating that each owner/
operator required to have a security program under proposed parts 1580, 
1582, and 1584 must address all of the identified requirements. In 
addition, the proposed section implements the requirement to allow for 
use of existing programs by allowing the owner/operators to include 
these existing programs as an appendix. The owner/operators would be 
required to cross-reference the relevant portions of the appendix or 
TSA could assume it is all part of the security program and enforce it 
as such.
---------------------------------------------------------------------------

    \43\ See 6 U.S.C. 1137, 1167, and 1184.
    \44\ See 6 U.S.C. 1162(j) and 1181(i) (use of existing 
procedures, protocols, and standards to satisfy regulatory 
requirements).
---------------------------------------------------------------------------

    To minimize costs of compliance, TSA may identify pre-existing or 
widely-available training programs that meet some or all of this 
proposed rule's requirements. If owner/operators decide to use a 
program already determined by TSA to meet the proposed rules 
requirements, the owner/operator must notify TSA of the program name, 
presenter, modifications made to the training material since the 
program was approved by TSA, and the last date of modification. If TSA 
has already determined the program meets some or all of the 
requirements for the proposed rule and is applicable to the owner/
operator's operations, it would be unnecessary for the owner/operator 
to submit a copy of the program to TSA for approval or include it in 
the appendix.
Responsibility for Determinations (Sec.  1570.105)
    As part of this rulemaking, TSA is proposing to apply the 
requirements to the highest-risk operations within the three modes 
identified by the 9/11 Act. As part of the surface security 
requirements in the 9/11 Act, TSA is required to develop risk 
tiers.\45\ The criteria used for determining the highest-risk tier for 
each mode is discussed in more detail in section III.F of this NPRM. 
The text of proposed Sec.  1570.105(a) informs owner/operators that TSA 
has determined the applicability criteria, but it is the owner/
operator's responsibility to determine whether their operations meet 
the criteria.
---------------------------------------------------------------------------

    \45\ For public transportation, 6 U.S.C. 1137(e) states that any 
public transportation agency that receives a grant under 6 U.S.C. 
1135 shall be required to develop and implement a training program 
pursuant to this section. The grant program implemented under sec. 
1135 relies on high-risk determinations. See also 6 U.S.C. 1162(a) 
and (h) and 1181(a) and (h) (Secretary shall identify risk tiers for 
freight railroads and OTRB and apply regulatory requirements to 
those at the highest-risk).
---------------------------------------------------------------------------

    The proposed rule would require owner/operators to notify TSA 
within 30 days of the effective date of the final rule if they meet the 
criteria for applicability. In addition to publishing the regulatory 
requirements in the Federal Register, TSA will work with

[[Page 91347]]

the relevant associations for each of the modes to ensure their 
memberships are apprised of the requirements. TSA will identify the 
form and manner of notification in the final rule consistent with cost-
effective methodologies at that time. Because the proposed rule would 
require owner/operators to determine whether the criteria apply, TSA 
could bring an enforcement action against an owner/operator that meets 
the criteria, but has failed to comply with the requirements.
    The obligation to self-determine applicability also applies to new 
and existing operations (those commencing after publication of the 
final rule). They would be required to notify TSA no later than 90 
calendar days before commencing operations or implementing 
modifications that would put them within the applicability of the 
requirements.
Recognition of Previous Training (Sec.  1570.107)
    As previously noted, TSA is required to allow use of existing 
programs to satisfy the security program requirements implemented as a 
result of 9/11 Act's provisions.\46\ Under proposed Sec.  1570.107, an 
owner/operator could rely on previous training that occurred within the 
identified periods for initial or recurrent training. In order to use 
previous training, the owner/operator would need to validate the 
training provided satisfies the requirements of this proposed rule--
including records of training, curriculum, and appropriateness for the 
employee and owner/operator's operations.
---------------------------------------------------------------------------

    \46\ See 6 U.S.C. 1162(j) and 1181(i) (use of existing 
procedures, protocols, and standards to satisfy regulatory 
requirements).
---------------------------------------------------------------------------

Security Training Program Submission, Review, and Approval (Sec.  
1570.109)
    The 9/11 Act's requirements include specific deadlines for 
submission of programs and TSA's review.\47\ Proposed Sec.  1570.109 
identifies the required deadlines for submitting security training 
programs and TSA approval.
---------------------------------------------------------------------------

    \47\ See 6 U.S.C. 1137(d)(1) and (2), 1167(d)(1) and (2), and 
1184(d)(1) and (2) (must submit program 90 days from effective date, 
TSA must approve within 60 days of receipt or notify of need for 
revisions).
---------------------------------------------------------------------------

    In general, not later than 90 days from the effective date of the 
final rule, owner/operators would be required to submit programs to TSA 
in a form and manner prescribed by TSA. Owner/operators commencing new 
businesses or operations that would make them subject to this proposed 
rule would be required to submit their security training programs to 
TSA no less than 60 days before commencing operations. In the final 
rule, TSA will provide details for submission (encouraging use of a 
secure Web site or other electronic submissions). TSA assumes 
submission would likely be by email or mail service, but requests 
comments on preferences. Consistent with requirements of the 9/11 Act, 
TSA would review the programs within 60 days of receipt and either 
approve them or specify changes that would be needed for approval.\48\ 
If TSA requires changes, the owner/operator would be required to submit 
a modified training program that meets TSA's specifications within 30 
days of notification by TSA of the needed changes. The section includes 
the availability to request reconsideration of any TSA-required 
modifications. TSA provides an analysis of burden and estimated costs 
associated with this information collection in section V.A. of this 
preamble and the draft OMB 83-I Supporting Statement for its 
information collection request, which is available in the docket for 
this rulemaking.
---------------------------------------------------------------------------

    \48\ See 6 U.S.C. 1137(d)(1) and (2), 1167(d)(1) and (2), and 
1184(d)(1) and (2) (TSA must approve within 60 days of receipt or 
notify of need for revisions).
---------------------------------------------------------------------------

Initial training (Sec.  1570.111(a))
    Consistent with the 9/11 Act's requirements, TSA proposes that 
existing employees must be trained within one year of TSA's approval of 
the program.\49\ As further required by the 9/11 Act, initial training 
for new employees or those transitioning to a covered job function (as 
identified in proposed Appendix B to parts 1580 (freight rail), 1582 
(PTPR), and 1584 (OTRB), must occur within the first 60 days of the 
date an employee begins to perform a security-sensitive function.\50\
---------------------------------------------------------------------------

    \49\ See 6 U.S.C. 1137(d)(3), 1167(d)(3), and 1184(d)(3) (no 
later than 1 year after approval of security training program, 
owner/operator must have trained all covered employees).
    \50\ This is a mandatory requirement for railroads and OTRB 
companies. See 6 U.S.C. 1167(d)(3) and 1184(d)(3) (New employees 
must be trained within first 60 days of employment).
---------------------------------------------------------------------------

    During the consultation process at the initial stages of this 
rulemaking, some stakeholders objected to a one-year deadline for 
completion of initial training. While the 9/11 Act does not provide for 
flexibility on the initial training schedule, TSA has attempted to 
address these concerns through provisions on recurrent and previous 
training (as discussed in section III.D.3 of this NPRM). In addition, 
TSA is proposing to include a section allowing regulated parties to 
request an extension if they cannot meet the required training 
schedule.\51\
---------------------------------------------------------------------------

    \51\ See Sec.  1570.115(c) of this proposed rule.
---------------------------------------------------------------------------

    Proposed Sec.  1570.111(a)(3) is included to address the situation 
of non-permanent employees. TSA recognizes that some individuals may be 
intermittently employed as contractors or representatives to perform 
security-sensitive functions; they might not perform these functions 
for 60 or more consecutive calendar days. For example, an employee may 
function as a maintenance worker for a 30-day period and then, at a 
later date, perform that function for another period of 30 days or 
longer. This may also include individuals who are employed by multiple 
owner/operators, such as multiple-employer drivers.\52\ The proposed 
rule would require that such individuals receive training within 60 
calendar days after employment that meets the definition of a security-
sensitive employee.\53\
---------------------------------------------------------------------------

    \52\ Such as individuals meeting the definition of ``multiple-
employer driver'' in the Federal Motor Carrier Safety Administration 
(FMCSA) regulations at 49 CFR 390.5.
    \53\ See discussion of ``security-sensitive employees'' in 
section III.E. of this NPRM.
---------------------------------------------------------------------------

    In general, this means that an employee would need to be trained 
within 60 days of beginning permanent employment in a position that may 
perform a security-sensitive function, whether full or part-time. If, 
however, an individual is employed on an intermittent or non-permanent 
basis, such as a contractor who is employed in a position that may 
perform a security-sensitive function for short durations, then the 
training would need to take place before the individual's total time of 
employment by the owner/operator equals sixty calendar days within a 
consecutive twelve-month period. TSA recognizes that some owner/
operators may address this requirement by requiring training for all 
regular contractors or other individuals employed for short, but 
regular durations. TSA requests comments on other options for 
determining accumulated days of employment and for ensuring owner/
operators do not engage in employment practices or use of contractors 
to avoid the requirements of this proposed rule.
    As previously noted, the proposed rule includes a provision 
regarding use of previous training (see discussion on proposed Sec.  
1570.107). TSA is aware of stakeholder concerns regarding the schedule 
for initial training, but TSA is also aware that many of the affected 
owner/operators have already implemented initial employee security 
training--frequently through the use of

[[Page 91348]]

grant funds provided by DHS for that purpose.\54\ TSA invites comments 
on these requirements as they appear in the proposed rule.
---------------------------------------------------------------------------

    \54\ Congressional appropriations to FTA fund course offerings 
to public transportation agencies that meet some of the requirements 
in this proposed rule. Similarly, appropriations through DHS fund 
the provision of courses in prevention and response that are 
available to PTPR agencies. Further, FTA and FEMA courses that may 
meet portions of this proposed rule are listed among the approved 
vendors and programs for use of TSGP awards.
---------------------------------------------------------------------------

    In meeting the initial training schedule, TSA expects that many 
owner/operators will rely on the provisions in proposed Sec.  1570.107, 
which provides standards for accepting previous training. Under this 
section of the proposed rule, TSA would allow ``training credit'' to be 
given for employees who received training that satisfies the 
requirements of the proposed rule within one year before its effective 
date.
    This may include emergency preparedness plans that railroads 
connected with the operation of passenger trains must implement to 
address such subjects as communication, employee training and 
qualification, joint operations, tunnel safety, liaison with emergency 
responders, on-board emergency equipment, and passenger safety 
information, as well as policies that transit agencies implement to 
ensure safety promotion to support the execution of the Transit Agency 
Safety Plan by all employees, agents, and contractors for the rail 
fixed guideway public transportation system.\55\ See discussion of 
these training programs in section III.I. of this NPRM. Similarly, 
public transportation agencies may have been providing training through 
funds granted under the TSGP.
---------------------------------------------------------------------------

    \55\ Id.
---------------------------------------------------------------------------

    The recordkeeping provisions of the proposed rule require an owner/
operator to provide current and former employees with documentation 
upon request of any training completed to meet the requirements of this 
rule.\56\ Options for compliance with this requirement could include 
providing employees with certificates to validate completed training.
---------------------------------------------------------------------------

    \56\ See Sec.  1570.121 of the proposed rule.
---------------------------------------------------------------------------

    This proposed requirement anticipates situations where an employee 
may have received training from a previous owner/operator, as well as 
industry practices where employees may work for multiple owner/
operators (such as commercial drivers operating OTRBs). If an owner/
operator can validate that an employee has received the required 
training within the specified timeframe, the training would not need to 
be repeated. Because it would be the obligation of the current owner/
operator to ensure that all training requirements are met, that owner/
operator would be responsible for ensuring that any previous training 
courses satisfy the proposed rule's requirements and documenting that 
the training was received within the required timeframe.
    Finally, there may be situations where ``dual-hatted'' or other 
specific-function employees are required to receive security training 
from other sources as part of their jobs, such as railroad police 
officers employed by the owner/operator. As indicated above, it is the 
obligation of the owner/operator to ensure and document the training, 
including training received under these circumstances.
Recurrent Training (Sec.  1570.111(b))
    Recurrent training is essential for maintaining a high level of 
security awareness. The 9/11 Act recognizes this by requiring routine 
and ongoing training for public transportation employees.\57\ Congress 
has left it to the discretion of TSA to determine the appropriate 
schedule for recurrent training and to require a similar schedule for 
railroad and OTRB employees.\58\
---------------------------------------------------------------------------

    \57\ See 6 U.S.C. 1137(f).
    \58\ See 6 U.S.C. 1137(c)(11), 1167(c)(12), and 1184(c)(12).
---------------------------------------------------------------------------

    TSA believes annual recurrent training is essential for 
transportation employees to maintain a high level of awareness, 
competency, and currency with overall changes in security posture 
within the surface transportation environment. TSA's decision is 
consistent with several key considerations, including: (1) Other TSA 
regulations requiring training, as well as similar training required 
for TSA employees; (2) the difficulty of learning, developing, and 
demonstrating security awareness in the dynamic aspects of the surface 
transportation environment, and (3) industry recommended guidelines for 
security awareness training.
    TSA requires annual training for aviation workers. For example, 
regulations applicable to Ground Security Coordinators used by aircraft 
operators specifically require annual training.\59\ Other aviation 
workers are required to receive annual recurrent training as part of 
the approved security program (including aircraft operators, indirect 
air carriers, air cargo, etc.).\60\
---------------------------------------------------------------------------

    \59\ See 49 CFR 1544.233.
    \60\ The relevant security program requirements are under 49 CFR 
1544.233, 1544.235, 1544.407, 1548.5, and 1549.103.
---------------------------------------------------------------------------

    TSA's decision to require annual training is supported by the 
Difficulty-Importance-Frequency (DIF) model \61\ that TSA uses for 
determining training requirements for its own employees.\62\ The DIF 
model uses three design criteria: Difficulty, importance, and 
frequency.
---------------------------------------------------------------------------

    \61\ Bill Melton & J. Bahlis, ``ADVISOR Enterprise Difficulty-
Importance-Frequency (DIF) Model Fact Sheet'', BNH Expert Software 
Inc. (February 23, 2011), available at https://www.bnhexpertsoft.com/english/products/advent/ADVISOR_DIF_Model.pdf. DIF is a standard 
instructional design tool used by a variety of users including the 
Department of Defense (DOD), the Department of Energy (DOE), and 
private sector education and healthcare providers, to determine 
training priority and frequency of training.
    \62\ The proposed schedule is consistent with TSA's security 
awareness training for its own employees--including annual training 
on operational security (OPSEC), responding to active shooter 
incidents, and social engineering that could undermine security of 
information systems.
---------------------------------------------------------------------------

    TSA's subject matter experts responsible for TSA-related training 
determined that measuring the proposed security training program 
against these standards supports annual training as: (1) The difficulty 
of learning surface transportation security awareness related 
information is at the medium/moderately difficult range because it 
requires decision making when applying what one has learned; (2) the 
importance of conducting this security training is at the high/very 
important range because the cost of failure is high and would cause 
damage and losses in the event of an attack; and (3) the frequency of 
how often the task would be performed is within medium range.
    TSA's decision is also supported by the American Public 
Transportation Association (APTA) and their recommendations for 
security training: Security Awareness Training for Transit 
Employees.\63\ Developed in collaboration and consultation with TSA and 
transportation industry stakeholders, the recommended practice provides 
minimum guidelines for security awareness training for all transit 
employees to strengthen transit system security. APTA ``recommends that 
all transit employees be refreshed on transit security awareness 
objectives annually, in an abbreviated method at least . . . to reflect 
advancements or modifications to criminal and terrorist activities and 
reinforce the security awareness training that employees received 
initially.''
---------------------------------------------------------------------------

    \63\ APTA Security Risk Management Working Group., ``Security 
Awareness Training for Transit Employees'' (March 2012), APTA-SS-
SRM-RP-005-12.
---------------------------------------------------------------------------

    TSA does not find it necessary to include the ``abbreviated 
method'' option used by APTA as part of the proposed rule for two 
reasons. First, the

[[Page 91349]]

First ObserverTM program, discussed more fully in section 
III.J. of this NPRM, will meet most of the training requirements in 
approximately one hour. Having reviewed a wide variety of programs that 
could be used to meet elements of the 9/11 Act's requirements, TSA is 
not aware of any other existing material that could meet all of the 
proposed requirements in such an abbreviated period.\64\ To the extent 
owner/operators intend to continue to use their existing training 
program to meet the regulatory requirements, they may want to consider 
using First ObserverTM as an abbreviated form of recurrent 
training.
---------------------------------------------------------------------------

    \64\ As part of the 2013 Notice, TSA included a matrix in the 
docket of training programs that meet elements of the 9/11 Act's 
requirements. The matrix is available in the docket for the 2013 
Notice at: https://www.regulations.gov/ (search for ''TSA-2013-0005-
0084''). Of the 20 programs listed, none of them addressed all of 
the 9/11 Act requirements.
---------------------------------------------------------------------------

    Second, owner/operators could request to use some other type of 
abbreviated security training as an alternative measure for compliance. 
Owner/operators may request to use alternative measures as part of the 
interactive and iterative process TSA intends to use for approval and 
review of required security programs, as detailed in proposed 49 CFR 
1570.117. Under this proposed section, the owner/operator must 
establish that the alternative is in the best interest of the public 
and transportation security. When applied to recurrent training, TSA 
may require validation that the expected baseline of security awareness 
is reached and maintained with the abbreviated program. For example, 
the owner/operator may propose abbreviated training for employees who 
can pass a pre-test.
    TSA is aware that an annual recurrent training requirement could 
present challenges for owner/operators who must also meet other 
regulatory training requirements. For example, FRA requires a two-year 
recurrent training schedule for the emergency preparedness training 
required under 49 CFR part 239 (emergency response and evacuation for 
rail passengers). The security training required by PHMSA under 49 CFR 
part 172 (securing transportation of hazardous materials) is on a 
three-year recurrent training cycle. As TSA does not control these 
training schedules, we cannot harmonize all of them through this 
rulemaking. To the extent, however, that owner/operators must comply 
with these other training requirements, they may be able to use them as 
part of their program to meet the meet recurrent training requirements. 
TSA is interested in comments regarding options for harmonizing 
training schedules and for adding efficiencies with other relevant 
regulatory requirements.
    While TSA is proposing annual recurrent training, a three-year 
recurrent cycle is included as a programmatic alternative. The results 
of the cost analysis for this alternative can be found in chapter III 
section K of the Regulatory Impact Analysis (RIA) for this rulemaking, 
which is included in the public docket.
Amendments to the Security Program (Sec. Sec.  1570.113 and 1570.115)
    Allowing owner/operators to revise or amend their programs, as 
proposed in Sec.  1570.113, is a subset of addressing the 9/11 Act's 
requirements for implementation and submission or programs.\65\ It is 
also consistent with TSA's statutory authority to allow exemptions from 
regulatory requirements.\66\ Proposed Sec.  1570.113 includes 
procedures allowing an owner/operator to submit a request to TSA to 
amend its program and the standard for TSA's approval of that request. 
The proposed section identifies appropriate reasons for amending 
programs, such as changes to an operating environment that could 
include new equipment or changes in station construction. If the 
operating environment changes, it is reasonable to expect that some 
aspects of the security training program would also need to be revised. 
TSA may approve an amendment if it is in the interest of public and 
transportation security and meets the required security standards. TSA 
could ask for additional information or time in order to makes its 
determination.
---------------------------------------------------------------------------

    \65\ See 6 U.S.C. 1137(d) (public transportation), 1167(d) 
(railroads), and 1184(d) (OTRB).
    \66\ See 49 U.S.C. 114(q) (Under Secretary may grant exemptions 
from regulatory requirements).
---------------------------------------------------------------------------

    Similarly, TSA may need to require amendments in the interest of 
the public and transportation security. The 9/11 Act specifically 
provides that TSA must update the requirements, as appropriate, ``to 
reflect new or changing security threats'' and owner/operators shall 
change their programs and retrain employees as necessary within a 
reasonable time.\67\ As indicated in proposed Sec.  1570.115, TSA could 
require owner/operators to revise their training based on emerging 
threats or methods for addressing emerging threats. For example, the 
curriculum requirements identified in the 9/11 Act do not address 
training to respond to active shooter incidents. Following several 
active shooter incidents, including one that resulted in the death of a 
Transportation Security Officer in Los Angeles, Congress prioritized 
the need for this type of training.\68\ As with other requirements 
imposed by TSA, the owner/operator could request a petition for 
reconsideration of TSA-required amendments.
---------------------------------------------------------------------------

    \67\ See 6 U.S.C. 1137(d)(4) and 1167(d)(4) and 1184(d)(4).
    \68\ See Gerardo Hernandez Airport Security Act of 2015, Public 
Law 114-50, 159 Stat. 490 (Sept. 24, 2015).
---------------------------------------------------------------------------

Alternative Measures (Sec.  1570.117)
    The proposed rule includes procedures allowing for an owner/
operator to submit a request to use alternative measures to satisfy all 
of some of the requirements of subchapter D and the standard for TSA to 
approve such a request. For example, the owner/operator could request 
to extend the time periods for submitting its training program or for 
training all of its security-sensitive employees. In reviewing such a 
request, TSA would expect the owner/operator to demonstrate good cause 
for the extension. Under this provision, an owner/operator could 
request a waiver from some or all of the regulatory requirements. TSA 
could grant such a request under the authority 49 U.S.C. 114(q), which 
provides the TSA Administrator with authority to consider and grant 
requests from an owner/operator for a waiver from all or some of the 
regulatory requirements. For example, a freight railroad may meet the 
criteria for applicability, but the operations that trigger 
applicability may be a de minimis part of its overall business 
operations. In such a situation, the owner/operator might consider 
requesting either a complete waiver or an alternative that limits the 
requirements to a more discrete part of its business. Proposed Sec.  
1570.117 would include the procedures for requesting such a waiver, 
procedures for requesting the use of alternative measures, and 
identification of the types of information TSA would need in order to 
make a decision to grant such requests. In general, TSA would need to 
consider factors, such as risk associated with the type of operation, 
any relevant threat information, and any other factors relevant to 
potential risk to the public and transportation security.
Petitions for Reconsideration (Sec.  1570.119)
    Proposed Sec.  1570.119 describes the review and petition process 
for TSA's reconsideration when it denies a request for amendment, 
waiver, or alternative measures--as well as a TSA requirement to modify 
or amend a

[[Page 91350]]

program. If an owner/operator challenges the decision, the owner/
operator would be required to submit a written petition for 
reconsideration within the time frame identified in the applicable 
section.\69\ The petition would need to include a statement, with 
supporting documentation, explaining why the owner/operator believes 
the reason for the denial or for the amendment, as applicable, is 
incorrect. If the owner/operator requested the amendment, the results 
of the reconsideration could be confirmation of TSA's previous denial 
or approval of the proposed amendment. If the issue involves a TSA 
required amendment, the results of the reconsideration could be 
withdrawal, affirmation, or modification of the amendment. TSA would 
consider whether a disposition pursuant to proposed 49 CFR 1570.119 
would constitute a final agency action for purposes of review under 49 
U.S.C. 46110.
---------------------------------------------------------------------------

    \69\ The proposed rule would require petitions for 
reconsideration to be submitted no later than 30 days of a TSA 
requirement to modify under Sec.  1570.109, denial of an owner/
operator-requested amendment under Sec.  1570.111, or denial of a 
request for waiver or alternative measures under Sec.  1570.117; 
submission would be required within 15 days for a TSA-required 
amendment under Sec.  1570.113.
---------------------------------------------------------------------------

Recordkeeping Requirements (Sec.  1570.121)
    TSA proposes that owner/operators create and maintain lists of 
their security-sensitive employees and when they received training that 
meets the requirements of the proposed rule. Specifically, records 
would need to include each trained employee's name, job title or 
function, date of hiring, and date and course information on the most 
recent security training that each employee received. Records for 
individual employees would need to reflect the training courses 
completed and date of completion. Training records for each employee of 
initial and recurrent training would need to be maintained by owner/
operators for no less than five years from the date of the training and 
available at any location(s) specified in the security training program 
approved by TSA.
    The proposed rule provides flexibility to owner/operators to decide 
whether to maintain the records in electronic format provided that (1) 
any electronic records system used is designed to prevent tampering, 
loss of data, or corruption of records, and (2) paper copies of 
records, and any amendments to those records, would be made available 
to TSA upon request for inspection or copying. Whether the records are 
kept in electronic or other form, the employee must be provided with 
proof of training upon request, at any time during the five-year 
recordkeeping period without regard to the requestor's current status 
as an employee of that entity. As discussed above in ``Initial training 
(Sec.  1570.111(a)),'' owner/operators may meet this requirement to 
provide proof of training by providing a certificate or other similar 
documentation to the employee upon completion of training. In order for 
TSA to allow any owner/operator to rely upon previous security training 
to satisfy the requirements of this proposed rule, it is critical that 
employees be able to validate whether they received previous training.
    TSA assumes training records are unlikely to include SSI, but 
nonetheless provides a reminder in the proposed section that any SSI 
maintained as a result of these recordkeeping requirements must be 
maintained consistent with the standards in 49 CFR part 1520. For 
example, an owner/operator may decide to keep a copy of the content of 
the training program with the employee files (which is not required by 
the proposed rule), if the curriculum contains SSI information, any 
file it is in would need to be stored as required by the SSI 
regulations. Owner/operators needing additional information about 
appropriately maintaining SSI may contact TSA for assistance and/or 
find information on TSA's Web site.\70\
---------------------------------------------------------------------------

    \70\ See https://www.tsa.gov/for-industry/sensitive-security-information.
---------------------------------------------------------------------------

4. Subpart C--Operations
    Under current regulations (49 CFR part 1580), TSA requires freight 
and passenger railroad carriers, rail transit systems, rail hazardous 
materials shippers, and certain rail hazardous materials receivers to 
appoint ``rail security coordinators'' \71\ (RSCs) and report 
significant security concerns to TSA.\72\ The RSC, serve as the 
security liaisons to TSA, providing a single point of contact for 
receiving communications and inquiries from TSA concerning threat 
information or security procedures, and coordinating responses with 
appropriate law enforcement and emergency response agencies. The 
information reported to TSA provides information from the frontline of 
rail transportation that can be used to identify developing threats 
based on consolidated reporting and trend analysis. Because of the 
benefits of this requirement to transportation security, TSA is 
proposing to extend these requirements to the modes of transportation 
covered by this proposed rule that are not currently subject to the 
requirements of 49 CFR part 1580.
---------------------------------------------------------------------------

    \71\ See 49 CFR 1580.101 and 1580.201.
    \72\ See 49 CFR 1580. 105 and 1580.203.
---------------------------------------------------------------------------

Security Coordinator Requirements (Sec.  1570.201)
    As previously noted, TSA currently requires security coordinators 
for rail operations including freight, passenger, and public 
transportation. In addition to mandating security coordinators for 
railroads, the 9/11 Act also requires security coordinators for OTRB 
companies.\73\ Consistent with this mandate, TSA proposes to extend the 
requirement to appoint a primary and at least one alternate security 
coordinator for OTRB companies and the bus operations of PTPR owner/
operators (with a limited impact as most public transportation bus 
agencies are part of a larger system that is required to have a 
security coordinator under current 49 CFR part 1580). This would be 
accomplished by moving the provision from part 1580 to subpart C of the 
proposed rule and eliminating rail-specific terms from the text.
---------------------------------------------------------------------------

    \73\ See 6 U.S.C. 1162(e)(1)(A) (``Identification of a security 
coordinator having authority--(i) to implement security actions 
under the plan; (ii) to coordinate security improvements; (iii) to 
receive immediate communications from appropriate Federal officials 
regarding railroad security'').
---------------------------------------------------------------------------

    Security coordinators are a vital part of transportation security, 
providing TSA and other government agencies with an identified point of 
contact with access to company leadership and knowledge of the owner/
operators operations, in the event it is necessary to convey extremely 
time-sensitive information about threats or security procedures to an 
owner/operator, particularly in situations requiring frequent 
information updates. The security coordinator and alternate provide TSA 
with a contact in a position to understand security problems; 
immediately raise issues with, or transmit information to, corporate or 
system leadership; and recognize when emergency response action is 
appropriate. The individuals must be accessible to TSA 24 hours per 
day, 7 days per week.
    The proposed rule does not change the expectation that the security 
coordinator and alternate be appointed at the headquarters level. This 
proposed rule does not require the security coordinator or alternate to 
be a dedicated position staffed by an individual who has no other 
primary or additional duties. This proposed rule, however, does require 
that the owner/operator have a designated individual

[[Page 91351]]

that TSA may reach at all times. The proposed rule would require the 
following information for both the security coordinator and alternate: 
Name, title, telephone number(s), and email address. Any change in this 
information would have to be provided to TSA within seven days of the 
change taking effect.
    As previously noted, this is not a new requirement for owner/
operators of railroads, including the rail transit operations of PTPR 
owner/operators. If an owner/operator subject to this proposed rule has 
provided the required information for primary and alternate RSCs to TSA 
in the past, it would not have to take further action to meet the 
requirement.\74\ This is the case for passenger rail carriers, freight 
railroad carriers, and rail transit systems operated by public 
transportation agencies.
---------------------------------------------------------------------------

    \74\ The requirement to inform TSA of any changes is not 
modified by this proposed rulemaking. Therefore, those currently 
covered by the security coordinator and reporting requirements under 
current 49 CFR part 1580 must report information regarding changes 
to the names, titles, telephone numbers, and email addresses of the 
RSCs and alternate RSCs to TSA within seven calendar days of the 
change taking effect.
---------------------------------------------------------------------------

Extension and Modification of Requirement To Report Security Concerns 
(Sec.  1570.203)
    TSA is proposing to make two changes to its existing requirements 
in part 1580 to report security concerns to TSA.\75\ As with the 
security coordinator requirement, TSA proposes to move and consolidate 
the requirement into proposed Sec.  1570.203 and extend it to bus 
operations.\76\
---------------------------------------------------------------------------

    \75\ See current 49 CFR 1580.105 and 1580.203.
    \76\ This extension is within TSA's discretion to require other 
actions or procedures determined to be appropriate to address the 
security of public transportation and OTRB operations. See 6 U.S.C. 
1134(c)(2)(I) and 1181(e)(1)(H).
---------------------------------------------------------------------------

    TSA is also proposing to modify the security concerns to be 
reported to address a need for clarification and align with other 
relevant standards. Since publication of 49 CFR part 1580, some 
stakeholders have asked TSA for clarification of the events they are 
required to report pursuant to 49 CFR 1580.105 and 1580.203. 
Additionally, in December 2012, the U.S. Government Accountability 
Office (GAO) published a report on passenger rail security.\77\ In the 
report, GAO stated that TSA has inconsistently overseen and enforced 
its rail security incident reporting requirement because the agency 
does not have guidance published, leading to considerable variation in 
the types and number of incidents reported. The GAO recommended that 
the agency develop guidance on the types of incidents that should be 
reported and this guidance should be disseminated to TSA inspectors and 
regulated entities, including rail and transit agencies. Pending this 
rulemaking, TSA provided information to the railroads and transit 
agencies subject to the requirements of part 1580 to provide more 
examples about the types of incidents that should be reported.
---------------------------------------------------------------------------

    \77\ See GAO, ``Passenger Rail Security, Consistent Incident 
Reporting and Analysis Needed to Achieve Program Objectives,'' GAO-
13-20 (December 2012).
---------------------------------------------------------------------------

    TSA is also modifying the list of reportable significant security 
concerns to be more consistent with the Nationwide Suspicious Activity 
Reporting (SAR) Initiative (NSI). The NSI is a partnership between 
Federal, State, local, tribal, and territorial law enforcement that 
``establishes a national capacity for gathering, documenting, 
processing, analyzing and sharing SAR information . . . in a manner 
that rigorously protects the privacy and civil liberties of 
Americans.'' \78\ The NSI defines ``suspicious activity'' as ``observed 
behavior reasonably indicative of pre-operational planning associated 
with terrorism or other criminal activity.'' \79\
---------------------------------------------------------------------------

    \78\ See Nationwide SAR Initiative (NSI), ``About the NSI'' 
(accessed Nov. 3, 2016), available at https://nsi.ncirc.gov/about_nsi.aspx.
    \79\ Id.
---------------------------------------------------------------------------

    The NSI implements a standardized, integrated approach to 
gathering, documenting, processing, analyzing, and sharing information 
about suspicious activity that is potentially terrorism-related. In 
applying this approach, standards have been developed, setting criteria 
for the types of activities that warrant reporting as suspicious and 
potentially terrorism-related. These criteria recognize the capability 
of law enforcement and security professionals to apply their experience 
and expertise to identify significant security concerns by focusing on 
the nature of the incidents and the context in which they occur. The 
standardized approach among law enforcement officers and security 
officials with surface transportation entities produces more 
informative reports that can more effectively focus investigative 
efforts and intelligence analysis for potential trends and indicators 
of terrorism-related activity.
    Thus, TSA intends to ensure clarity by incorporating the examples 
previously provided to industry and consistency by aligning its 
regulations with the concepts of the NSI. The proposed list of 
reportable incidents can be found in proposed Appendix A to part 1570 
and includes not only a list of incidents, but descriptions and 
examples to assist regulated parties in making a determination of 
whether an incident fits within the reporting requirements.
    Finally, TSA is proposing to modify the schedule for reporting 
incidents. Currently the regulation requires immediate reporting to 
TSA. If, however, there is an immediate threat, the first priority is 
to notify and work with first responders. Therefore, TSA is proposing 
to remove the necessity for immediacy and, instead, require 
notification within 24 hours of the incident (see proposed 49 CFR 
1570.203(a)). This will enable TSA to obtain timely information without 
undermining the ability of the owner/operator to appropriately handle a 
situation requiring their full attention.
Examples for Reporting Information (Sec.  1570.203(b))
    As previously noted, TSA has almost a decade of experience with 
incidents reported by railroads under current 49 CFR part 1580. Based 
on this experience, TSA recognizes that its ability to analyze the data 
and improve the quality of information disseminated back to its 
stakeholders is proportional to the quality of information it receives. 
Proposed Sec.  1570.203(b) is consistent with the previous reporting 
requirements, which reflected the need for detailed and verified 
information from individual owner/operators to enhance TSA's ability to 
provide timely and useful information products to all of the relevant 
stakeholders. While not included in the rule text, Table 5 is being 
provided to assist security coordinators and other responsible 
officials to understand TSA's expectations for the types of information 
that are needed in order to meet the standards of Sec.  1570.203(b).

[[Page 91352]]



  Table 5--Examples of Reporting Information Required by Proposed Sec.
                               1570.203(c)
------------------------------------------------------------------------
Reporting requirements in proposed Sec.
               1570.203(c)                           Examples
------------------------------------------------------------------------
(1) The name of the reporting             Company
 individual and contact information,      Representative: Joe BLOGGS.
 including a telephone number or e-mail   Company: ABC Rail Road
 address.                                 Company.
                                          Address: XXXXX, XX
                                          (Street), XXXXX (City), XX
                                          (State), XXXXX (ZIP).
                                          Phone: (111) 123-1234.
                                          POC Email:
                                          Reporting.Official@ABCRR.com.
(2) The affected freight or passenger     Locomotive: ABCRR,
 train, transit vehicle, motor vehicle,   Reporting Marks.
 station, terminal, rail hazardous        Locomotive Number
 materials facility, or other facility    1234.
 or infrastructure, including             Rail Car: ABCRR
 identifying information and current      Railcar Number XXXX 001234.
 location.                                Train: ABCRR Train
                                          Number XXX of XX, etc.
                                          Facility: ABCRR (Rail
                                          Yard, Subway Station,
                                          Passenger Station, Storage
                                          Yard, Repair Facility, etc.)
                                          and facility physical address.
                                          Right of Way: Mile
                                          Post Marker, Sub-division, and
                                          physical address (as much as
                                          known).
(3) Scheduled origination and             ABCRR, Northern
 termination locations for the affected   Corridor Express-Boston to New
 freight or passenger train, transit      York, XYZ Line, via X, Y and Z
 vehicle, or motor vehicle, including     Cities. Train Number XXX of XX
 departure and designation city and       is currently located at: MP
 route.                                   123.12, XXX Sub-division, XXXX
                                          (City), XX (State).
                                          Transit Vehicle: ABCRR
                                          LRV Number XXXXX etc. Route:
                                          XXX North Corridor. Is
                                          currently located at XXXX Line
                                          Section or XXX Station,
                                          Street, City, State, ZIP.
(4) Description of the threat,            At XXXX hours, January
 incident, or activity, including who     01, 2020.
 has been notified and what action has    ABCRR Police Sergeant,
 been taken.                              Joe BLOGGS, badge number XXXX,
                                          ABCRR Police Department
                                          (ABCPD) reported the
                                          following: At WWWW hours,
                                          January 01, 2020, a suspicious
                                          person (described as a white
                                          male, approximately 6'0''
                                          tall, 190 lbs., blonde hair,
                                          approximately 35 to 40 years
                                          of age, wearing a long black
                                          knee[dash]length coat, blue
                                          jeans, red sneakers, and a
                                          XXXX ball club baseball hat)
                                          was detected adjacent to the
                                          ticket vending machine at the
                                          street level entrance to the
                                          XXst Street and YYYYY Avenue,
                                          Station, XXXX (City), XX
                                          (State). The person was deemed
                                          suspicious because although
                                          the temperature at the time
                                          was 85 degrees, he was wearing
                                          a knee[dash]length heavy black
                                          coat. The individual was
                                          sweating and exhibited
                                          nervousness when security
                                          officials were present (the
                                          individual looked away every
                                          time a security official
                                          appeared, so as to not reveal
                                          his face). The individual had
                                          a black ``Traveler,''
                                          ``Expandable'' suitcase with
                                          him (estimated measurements:
                                          36'' W X 24''H X 12'' D) with
                                          a red piece of ribbon tied to
                                          the handle. At WWW5 hours, the
                                          individual rapidly departed
                                          the area when a security
                                          official began to approach
                                          him, leaving the black
                                          suitcase behind. A review of
                                          the Closed-circuit television
                                          (CCTV) surveillance system
                                          determined the individual had
                                          arrived at the station at VV30
                                          hours in a Red, 4-door, Land
                                          Rover, VA License Plate
                                          XX123XXXX, which was parked
                                          adjacent to the XXXXX. Closed-
                                          circuit television revealed
                                          the vehicle was being driven
                                          by a white female with
                                          shoulder length blonde hair,
                                          approximately 35 years of age.
                                          A check of the VA DOT License
                                          registry revealed the vehicle
                                          is registered to Joe DOE, DOB:
                                          XX/XX/XXXX, POB: XXXXX (City),
                                          XX (State) and Jane (NEE:
                                          SMITH) DOE, DOB: XX/XX/XXXX,
                                          POB: XXXXX (City), XX (State)
                                          of 1234 West Disobedience
                                          Street, Anytown, VA 202XX,
                                          Phone Number: (XXX) XXX-XXXX.
                                          A check of the VA driver's
                                          license registry revealed
                                          similar/matching descriptions
                                          of Joe and Jane DOE to those
                                          persons identified during the
                                          incident. At ZZZZ hours, a
                                          XXXX City Police Explosive
                                          Ordnance Demolition (EOD) team
                                          conducted an examination of
                                          the black suitcase with x-ray
                                          equipment and determined the
                                          suitcase contained an unknown
                                          device comprised of wiring and
                                          circuitry. Explosive Ordinance
                                          Disposal (EOD) disrupted the
                                          suitcase, which yielded
                                          negative secondary results.
                                          EOD's examination of the
                                          suitcase's contents revealed
                                          limited amounts of women's
                                          clothing and what appeared to
                                          be the inner workings of a
                                          radio. At ZZZ1 hours, the
                                          scene was cleared by XXXX City
                                          Police EOD Sergeant Jeff
                                          BOMBGARTEN, badge number XXXX
                                          who secured the suitcase and
                                          its contents and transported
                                          them away from the facility.
(5) The names and other available         Witness: Joe SMITH,
 biographical data, and/or descriptions   DOB: XX/XX/XXXX, POB: XXXX
 (including vehicle or license plate      City, XX State. Address:
 information) of individuals or           XXXXX, XX Street, XXXX City,
 vehicles known or suspected to be        XX State, Phone Number (XXX)
 involved in the threat, incident, or     XXX-XXXX, ABCRR, XXXX
 activity.                                (Address), (XXX) XXX-XXXX.
                                          Security: Fred
                                          ARRESTER, Sergeant, XXXX
                                          (City) Police Department,
                                          Badge # XXXX, Phone Number:
                                          (XXX) XXX-XXXX.
                                          Suspected Associate:
                                          Mrs. Jane DOE.

[[Page 91353]]

 
                                          DOB: XX/XX/XXXX, POB:
                                          XXXX City, XX State. Address:
                                          XXXXX, XX (Street), XXXX
                                          (City), XX (State), Phone
                                          Number (XXX) XXX-XXXX, ABCRR,
                                          XXXX (Address), (XXX) XXX-
                                          XXXX.
(6) The source of any threat              Jane DOE, DOB: XX/XX/
 information.                             XXXX, POB: XXXX (City), XX
                                          (State). Address: XXXXX, XX
                                          (Street), XXXX (City), XX
                                          (State), Phone Number (XXX)
                                          XXX-XXXX, ABCRR, XXXX
                                          (Address), (XXX) XXX-XXXX.
------------------------------------------------------------------------

5. Subpart D--Security Threat Assessments
    As previously noted, TSA is including the full text of revised part 
1570 as it would look with the proposed changes--including three 
sections related to STAs generally unaffected by this rulemaking. As 
part of this rulemaking, TSA would move all sections of current part 
1570 limited to STAs to a new subpart D, to consist of Sec. Sec.  
1570.301 (formerly Sec.  1570.7--fraudulent use or manufacture; 
responsibilities of persons), 1570.303 (formerly Sec.  1570.9--
inspection of credential); and 1570.305 (formerly Sec.  1570.13--false 
statements regarding security background checks by public 
transportation agency or railroad carrier). Only the last provision 
(Sec.  1570.305) has been revised, with revisions limited to removing 
definitions for terms that have been added elsewhere as part of this 
rulemaking.

E. Security-Sensitive Employees (Sec. Sec.  1580.3, 1582.3, and 1584.3)

    As part of requiring security training for frontline employees of 
railroads, PTPR, and OTRB owner/operators-the 9/11 Act provided 
definitions for ``frontline employee'' within each mode of 
transportation.\80\ For the reasons discussed below, TSA is proposing 
to use the term ``security-sensitive employees,'' with specific 
definitions of the term for freight rail, PTPR, and OTRB operations. 
These proposed definitions, which would appear in Sec. Sec.  1580.3 
(freight rail), 1582.3 (PTPR), and 1584.3 (OTRB), would need to be used 
by owner/operators to determine which employees must receive security 
training.
---------------------------------------------------------------------------

    \80\ See 6 U.S.C. 1151(6) (railroads), 6 U.S.C. 1131(4) (public 
transportation), and 6 U.S.C. 1151(5) (OTRB and railroad frontline 
employees, respectively).
---------------------------------------------------------------------------

    TSA's proposed definition began with an analysis of the employees 
listed in the 9/11 Act's definitions of ``frontline employees'' and 
whether there are any other employees who may be in a position to spot 
suspicious activity because of where they work, their interaction with 
the public, or their access to information (such as cleaning the 
restrooms, selling tickets and providing assistance to passengers, 
maintaining equipment and operations in vulnerable areas, or operating 
a train or bus). TSA also considered who would need to know how to 
report or respond to these potential threats. The only gap identified 
between the employees stipulated in the 9/11 Act and those that would 
fall under the discretionary category are those who have specific 
responsibilities under any security plan the organization may have. 
While most of these individuals are likely identified in other 
categories, from a security perspective it is essential that there are 
no gaps, particularly where individuals may have responsibility for 
responding to a terrorist-related emergency.
    As a result of this analysis, TSA proposes that employees who 
perform functions with a direct nexus to, or impact on, transportation 
security be designated as ``security-sensitive employees'' based on 
their job functions. While TSA has proposed a specific list of job 
functions relevant to the mode, these roughly fall into similar 
categories. Table 6 aligns these categories with the definitions of 
frontline employee in the 9/11 Act.

 Table 6--Comparison of Security Training NPRM Proposed Categories for ``Security-Sensitive Employees'' to 9/11
                         Act Definitions of ``Frontline Employees'' Who Must Be Trained
----------------------------------------------------------------------------------------------------------------
                                                      9/11 Act--Definitions of frontline employees
                                      --------------------------------------------------------------------------
Proposed rule--security-sensitive job      6 U.S.C. 1151(6)     6 U.S.C. 1131(4) Public
              functions                   Railroad frontline         transportation       6 U.S.C. 1151(5) OTRB
                                              employees          frontline  employees *    frontline employees
----------------------------------------------------------------------------------------------------------------
A. Operating a vehicle...............  Locomotive engineers,    Transit vehicle driver   Drivers.
                                        conductors, trainmen,    or operator.
                                        and other onboard
                                        employees.
B. Inspecting and maintaining          Maintenance and          Maintenance and          Maintenance and
 vehicles.                              maintenance support      maintenance support      maintenance support
                                        personnel, and bridge    employee.                personnel.
                                        tenders.
C. Inspecting or maintaining building  .......................  .......................  .......................
 or transportation infrastructure.
D. Controlling dispatch or movement    Dispatchers............  Dispatchers............  Dispatchers.
 of a vehicle.
E. Providing security of the owner/    Security personnel.....  Security employee, or    Security personnel.
 operator's equipment and property.                              transit police.

[[Page 91354]]

 
F. Loading or unloading cargo or       Locomotive engineers,    Station attendant,       Ticket agents [and]
 baggage and/or.                        conductors, and other    customer service         other terminal
G. Interacting with travelling public   onboard employees.       employee, and any        employees.
 (on board a vehicle or within a                                 other employee who has
 transportation facility).                                       direct contact with
                                                                 riders on a regular
                                                                 basis.
H. Complying with security programs    Any other employees of   Any other employee of a  Other employees of an
 or measures, including those           railroad carriers that   public transportation    over-the-road bus
 required by federal law (a catch-all   the Secretary            agency that the          operator or terminal
 category that would include a small    determines should        Secretary determines     owner or operator that
 number of employees such as security   receive security         should receive           the Secretary
 coordinators and any other             training.                security training.       determines should
 individuals who may have                                                                 receive security
 responsibility for carrying out                                                          training.
 aspects of the owner/operator's
 security program or measures who are
 not otherwise identified in the
 previous categories).
----------------------------------------------------------------------------------------------------------------
* Definition of 1151(6) applies to passenger rail operations.

    In general, TSA proposes to define mode-specific ``security-
sensitive employees'' as employees performing one of the security-
sensitive job functions identified in a proposed appendix for each 
part. The definition of ``employee'' in proposed Sec.  1570.3 includes 
immediate supervisors, contractors, and other authorized 
representatives. The intent is that anyone who performs a security-
sensitive function must have the training, including managers, 
supervisors, or others who perform the function or who so directly 
supervise the performance of a function that their nexus to the job 
function is equivalent to the employee. For example, a yardmaster in 
freight railroad operations would be considered a security-sensitive 
employee because he or she directs security-sensitive functions, even 
if not in the direct management chain of all individuals performing 
those functions. At the same time, individuals within a corporate 
structure who neither perform a security-sensitive function nor have 
direct management responsibilities over individuals who do are unlikely 
to have a position within the corporation with a significant nexus to 
transportation. To the extent there are such individuals in the 
management structure, they would not be considered ``security-
sensitive'' employees.
    In choosing the term ``security-sensitive employee,'' TSA 
recognized the relationship of this proposed rule to other regulatory 
requirements applicable to the population covered by this proposed 
rule. The Department of Transportation uses the terms ``safety-
sensitive function'' and ``safety-sensitive employees'' in its 
regulations to identify employees whose functions require special 
measures to ensure (emphasis added) safety, such as drug and alcohol 
testing and rules governing hours of service.\81\ TSA proposes using 
the term ``security-sensitive'' to identify employees whose job 
functions require special measures to enhance (emphasis added) 
security.
---------------------------------------------------------------------------

    \81\ See 49 CFR 40.1; see also 49 U.S.C. 20140, 21101-21108, 49 
CFR parts 219 and 228, 49 CFR 382.107 (motor carriers), and 49 CFR 
655.4 (public transportation).
---------------------------------------------------------------------------

    The scope of security-sensitive employees is broader than safety-
sensitive employees. In other words, having analyzed the job functions 
that are regulated as safety-sensitive, TSA has determined that while 
there are some security-sensitive employees that may not be in safety-
sensitive employees, there are no safety-sensitive employees that are 
not also security-sensitive employees. In the rail context, owner/
operators have already identified employees in safety-sensitive 
positions because they are covered by the Federal hours of service laws 
\82\ during a duty tour. Therefore, TSA proposes to include any rail 
employee subject to the Federal hours of service laws (49 U.S.C. 211) 
in the designation of security-sensitive employees to reduce the 
regulatory impact of identifying these individuals. To further reduce 
the impact of these proposed training requirements, TSA and DOT 
anticipate that owner/operators will provide training sessions that 
meet the requirements of DOT and the proposed requirements of TSA.
---------------------------------------------------------------------------

    \82\ 49 U.S.C. 21101 et seq. The relevant definitions are 
included in 49 U.S.C. 21101.
---------------------------------------------------------------------------

    TSA also recognizes that each mode covered by the NPRM has unique 
operating environments and functions. To address unique aspects of each 
mode, the security-sensitive functions are identified in mode-specific 
tables within the proposed rule.\83\ These tables provide general 
categories and accompanying modal-specific security-sensitive 
functions. All employees performing ``security-sensitive functions'' as 
described in the appendices must be trained. The table in proposed part 
1580 Appendix B is unique in that it includes examples of the job 
titles related to these functions based on historic use of these terms 
for railroads. The job titles, however, are provided solely as a 
resource to help understand the functions described; whether an 
employee must be trained is based upon the function, not the job title.
---------------------------------------------------------------------------

    \83\ See proposed Appendices B to parts 1580 (freight railroad), 
1582 (passenger railroad and public transportation), and 1584 
(OTRB).
---------------------------------------------------------------------------

    TSA encourages owner/operators to consider other employees within a 
corporate structure who may not be performing a security-sensitive 
function as identified in the proposed rule, but who could provide an 
additional layer of security if they received security training. 
Furthermore, if an owner/operator identifies positions or functions not 
listed by TSA as security-sensitive, but which have the nexus to 
transportation security that is intended to be covered by the proposed 
rule, TSA would encourage the owner/operator to identify and include 
those employees within its security training program.
    Finally, TSA is aware that some freight rail employees identified 
as

[[Page 91355]]

``security-sensitive'' may also be considered ``hazmat employees'' and, 
therefore, subject to security training under 49 CFR 172.704 (these 
provisions are part of the hazardous materials regulations promulgated 
by PHMSA). It is not, however, a one-to-one correlation as determining 
which employees should be identified as ``security-sensitive'' for 
purposes of receiving training under this proposed rule is not the same 
analysis as that conducted for determining if an individual meets the 
definition of ``hazmat employees'' who must receive training under the 
PHMSA rule. As a result, there may be some overlap, but the group of 
individual employees that must be trained under the separate rules is 
unlikely to be identical. The effect of the overlap on training 
requirements is further discussed in section III.G of this NPRM.

F. Security Programs--Applicability (Sec. Sec.  1580.301, 1582.301, and 
1584.301)

    As previously noted, the 9/11 Act mandates regulations requiring 
security training for frontline employees of public transportation 
agencies (6 U.S.C. 1137); railroads (6 U.S.C. 1167); and OTRBs (6 
U.S.C. 1184). In implementing these requirements, TSA considered the 
operations and security risks associated with each mode identified in 
the 9/11 Act. This analysis determined risk consistent with DHS's 
official definition of risk as the ``potential for an adverse outcome 
assessed as a function of threats, vulnerabilities, and consequences 
associated with an incident, event, or occurrence.'' \84\ As TSA 
focuses on the risk associated with acts of terrorism, this analysis 
considers threat as informed by intelligence, potential consequences of 
a terrorist attack, and inherent vulnerabilities in transportation 
systems and operations.
---------------------------------------------------------------------------

    \84\ DHS Risk Lexicon, 2010 Edition, at 27.
---------------------------------------------------------------------------

    In general, the security training requirements of this proposed 
rule would apply to owner/operators \85\ with operations that meet the 
criteria identified in Sec. Sec.  1580.301, 1582.301, and 1584.301. 
From a counter-terrorism perspective, TSA has determined that less than 
300 out of approximately 10,000 surface transportation operations meet 
this criteria. Consistent with its commitment to a risk-based approach 
to transportation security, the proposed rule would only apply to these 
higher-risk operations. Nonetheless, TSA also encourages lower-risk 
operations to implement security training programs consistent with the 
requirements in this proposed rule.
---------------------------------------------------------------------------

    \85\ See proposed definition of ``owner/operator'' in Sec.  
1500.3 and discussion of terms in section III.A.1, Table 3, of this 
NPRM.
---------------------------------------------------------------------------

    While the proposed criteria assume general similarities for 
operations within each mode, TSA recognizes that not all owner/
operators have similar corporate structures and that there are many 
considerations affecting organizational decisions. TSA considered an 
applicability determination that would require a parent corporation to 
provide security training to its employees if one subsidiary triggered 
the requirements. But there may be some owner/operators that are 
subsidiaries of subsidiaries to a parent company that have no other 
transportation-related assets. Recognizing these variations in 
corporate structure, TSA is proposing to limit the requirements to the 
level of the subsidiary whose operations would trigger applicability. 
During the review and approval process, TSA would work with owner/
operators in an effort to address any compliance issues based on 
corporate structure. For example, owner/operator A may be organized to 
make each regional area a separate subsidiary. As such, only the 
subsidiary that meets the applicability requirements would be required 
to develop a security training program. Owner/operator B may be a 
single entity for purposes of corporate-legal structure, with branches 
rather than subsidiaries providing service on specific routes. Under 
the rule, the entire corporation would be subject to the requirements 
based on the operations of one route. In this situation, owner/operator 
A could choose to submit a proposed alternative that would apply the 
requirements to branches and a handful of headquarters or other 
regional employees that provide them operational support. The 
submission requirements and procedures for requesting alternative 
measures are discussed in section III.D.3 of this NPRM.
    The following section describes how TSA considered each of these 
risk elements in determining applicability for the proposed rule.
1. Freight Railroad
    Approximately 574 freight railroads operate on the general railroad 
system of transportation in the United States.\86\ The general railroad 
system of transportation is a shared rail network in which multiple 
railroad operators may use the same tracks for multiple purposes. Thus, 
a very small railroad operator may be using the same tracks as a large 
operator, and a freight railroad will often operate on the same tracks 
as a passenger rail operator. The geographic scope of this mode 
includes railroads operating on nearly 140,000 miles of track 
throughout North America.\87\ The freight rail system transports 40 
percent of intercity freight volume and approximately one-third of U.S. 
exports to ports and other distribution centers.\88\ Commodities and 
products include consumer goods, agriculture and food products, motor 
vehicles, coal, chemicals, paper and lumber, and other commodities 
including ores, petroleum, and minerals.\89\ In addition, freight rail 
lines are used for the operation of most of the commuter and intercity 
passenger railroads outside of the northeast corridor and freight rail 
personnel are sometimes used, on a contractual basis, to operate 
passenger trains.
---------------------------------------------------------------------------

    \86\ Under 49 CFR part 209, Appendix A, the ``general railroad 
system of transportation'' is defined as ``the network of standard 
gage track over which goods may be transported throughout the nation 
and passengers may travel between cities and within metropolitan and 
suburban areas.''
    \87\ Association of American Railroads (AAR), ``Railroad Facts, 
2014 Edition'' at pgs. 3 and 5 (2014).
    \88\ Id.
    \89\ Id.
---------------------------------------------------------------------------

    Class I railroads \90\ account for 69 percent of U.S. freight rail 
mileage and 90 percent of the employees. They are the only providers of 
intercity freight rail transportation, supporting major economic 
sectors in 44 states. Outside of the Northeast Corridor, Amtrak is 
dependent on Class I railroads for its operations--over 70 percent of 
Amtrak's routes operate on track owned by other railroads.\91\
---------------------------------------------------------------------------

    \90\ TSA is not modifying the definition of ``Class I'' in 
current 49 CFR part 1580, which incorporates by reference the 
Surface Transportation Board's classification of railroads based on 
annual operating revenues. The following are currently designated as 
Class I railroads: BNSF Railway, CSX Transportation, Grand Trunk 
Corporation, Kansas City Southern Railway, Norfolk Southern Combined 
Railroad Subsidiaries, Soo Line Corporation, and Union Pacific 
Railroad.
    \91\ See DeGood, Kevin, ``Understanding Amtrak and the 
Importance of Passenger Rail in the United States'' (posted June 4, 
2015), available at https://www.americanprogress.org/issues/economy/report/2015/06/04/114298/understanding-amtrak-and-the-importance-of-passenger-rail-in-the-united-states/. See also Amtrak, ``A Message 
from Amtrak Regarding On-Time Performance'' (posted Feb. 8, 2015), 
available at https://blog.amtrak.com/2015/02/message-amtrak-regarding-time-performance/.
---------------------------------------------------------------------------

Threat
    Intelligence reviews of various attacks worldwide, as well as 
analysis of seized documents and the interrogation of captured and 
arrested suspects, reveal historic interest in carrying out attacks on 
railroad systems. For freight rail, the threat is greatest for 
shipments of RSSM, such as poison or toxic inhalation hazards (TIH), 
which could be directly

[[Page 91356]]

targeted or used as a weapon of mass effect with devastating physical 
and psychological consequences. Materials designated as RSSM are a 
subset of hazardous materials designated by PHMSA under 49 CFR 
172.800(b).\92\
---------------------------------------------------------------------------

    \92\ TSA is proposing to adopt the list in 49 CFR 172.800(b) for 
purposes of meeting the requirement in sec. 1501 of the 9/11 Act to 
define transportation-related security-sensitive materials. This 
definition is discussed in section III.A.2 of this NPRM.
---------------------------------------------------------------------------

Vulnerability
    The diversity and expanse of the North American railroad system 
presents a unique preparedness challenge related to preventing, 
responding to, and recovering from potentially devastating effects. The 
rail network is vast and the owner/operators vary in size and 
communities served. Numerous passenger and commuter rail systems 
throughout the country operate at least partially over tracks or 
rights-of-way owned by freight railroads.
Consequences
    The interdependency of the railroad infrastructure--bridges, 
tunnels, dispatch and control centers, tracks, signals, and switches--
means that threats and incidents affecting one railroad could impact 
many others on the general railroad system of transportation. A 
successful terrorist attack on the U.S. rail system could affect the 
functioning of private businesses and the government, and cause 
cascading effects far beyond the targeted physical location. Such an 
attack could result in significant losses in terms of human casualties, 
property destruction, and economic effects, as well as damage to public 
morale and confidence. Disruption or delay of rail service would also 
have adverse impacts on other sectors. For example, freight railroads 
have a critical role in the support of the energy sector and are 
responsible for the transportation of more than 70 percent of all U.S. 
coal shipments. They are also a critical part of the supply chain for 
military weapons and supplies. While railroads have been able to 
quickly respond to delays caused by natural disasters, such as the 2013 
flooding in Colorado that washed-out tracks and delayed coal shipments 
and Amtrak service, this requires rerouting and can cause significant 
over-crowding and delays on lines used to move passengers and cargo 
pending restoration of damaged infrastructure.\93\ Similarly, the 
release of TIH or other materials designated as RSSM could be 
catastrophic if it occurs in a metropolitan area or near critical 
resources that could be contaminated by the release.
---------------------------------------------------------------------------

    \93\ See ``Colorado floods wash out tracks, delay coal 
shipments, Amtrak service,'' The Denver Post (Sept. 16, 2013), 
available at https://www.denverpost.com/2013/09/16/colorado-floods-wash-out-tracks-delay-coal-shipments-amtrak-service/.
---------------------------------------------------------------------------

Risk Determination
    TSA has determined that the highest-risk freight railroads are 
those designated as Class I based on their revenue (over $72.9 billion 
in 2013) and the Nation's dependence on these systems to move both 
freight in support of critical sectors and passengers. Similarly, there 
are other shortlines (also known as Class II or Class III railroads) 
that are also higher-risk because they transport RSSM through HTUAs. 
Finally, to the extent the preceding does not capture freight railroads 
hosting higher-risk passenger railroads, the hosting relationship and 
dual use of infrastructure puts such railroads into the higher-risk 
category.
Proposed Applicability
    Based on this risk determination, TSA is proposing to cover a 
railroad if it is designated as Class I, transports RSSM in one or more 
of the areas listed in current Appendix A to 49 CFR part 1580, or hosts 
a higher-risk rail operation (including freight railroads and the 
intercity or commuter systems identified in proposed Sec.  1582.101). 
This would cover approximately 36 freight railroads.
    In proposing this applicability, TSA recognizes that joint 
operations are common within this industry and include agreements such 
as allowing another railroad carrier to operate over track it does not 
own.\94\ In these situations, the ``host railroad'' that owns the track 
exercises operational control of the movement of trains of the other 
railroads (the ``tenant'' railroads) while they are using that 
track.\95\ Under the proposed rule, both the host and tenant railroads 
would be required to have a training program that appropriately 
addresses the ramifications of the hosting relationship. For example, 
the host railroad's training program would need to address the 
operational considerations of the hosting relationship, such as 
training dispatchers on their role and responsibilities in halting the 
tenant railroad's operations over a segment of track that has just been 
destroyed by an IED. Similarly, a tenant railroad subject to the 
security training requirements of proposed 49 CFR part 1582 (PTPR), 
would need to address the operational considerations of the hosting 
relationship, such as instructing its train and engine employees on the 
proper communication procedures to follow when informing the host 
railroad of a suspicious package blocking the track. Under either 
example, the host and tenant railroad owner/operators would only be 
responsible for training their own employees.
---------------------------------------------------------------------------

    \94\ TSA's use of this term in this proposed rule is consistent 
with industry's general understanding of its meaning and 49 CFR 
239.7, which defines ``joint operations'' as ``rail operations 
conducted by more than one railroad on the same track, except as 
necessary for the purpose of interchange, regardless of whether such 
operations are the result of: (1) Contractual arrangements between 
the railroads; (2) Order of a government agency or a court of law: 
or (3) Any other legally binding directive.''
    \95\ In recognition of these situations, TSA is proposing to add 
a definition of the term ``host railroad'' to 49 CFR 1500.3. The 
term ``host railroad'' is defined to mean ``a railroad that has 
effective control over a segment of track.''
---------------------------------------------------------------------------

    TSA also understands that some commuter passenger train services 
are owned by public transportation agencies, but operated by private 
companies (such as freight railroad carriers). This is not a hosting 
relationship. In this situation, TSA would consider the freight 
railroad carrier (the private company) to be a contractor of the PTPR 
owner/operator (the owner/operator of the passenger train service). TSA 
would hold the PTPR owner/operator primarily responsible for compliance 
and for ensuring that all security-sensitive employees receive the 
required training, whether they are employed directly by the PTPR 
owner/operator or contractor. In other words, the PTPR owner/operator 
would have the obligation to train the freight railroad carrier's 
employees that are performing security-sensitive functions related to 
the passenger train service. To the extent the contract between the 
PTPR owner/operator and the freight railroad includes a provision for 
the freight railroad to train its own employees, such training would 
need to be documented in the PTPR owner/operator's security training 
program. TSA would expect the passenger operation to clearly state in 
its security training program, as part of the submission process under 
proposed 49 CFR 1570.109, that the freight railroad carrier would 
conduct the training and provide the required information on that 
training.
Alternative Considered
    TSA considered expanding the applicability of the proposed rule to 
a broader scope of owner/operators that would be responsible for 
developing their own security training program. The parameters for this 
alternative population include all freight railroad owner/operators 
operating within, or through, any geographic areas

[[Page 91357]]

designated for purposes of the FY 2015 Urban Area Security Initiative 
(UASI) Program regions. TSA estimates that this alternative would cover 
a total of 69 freight railroads in 26 metropolitan areas. TSA estimates 
that this alternative would have a cost of approximately $91.99 million 
for freight railroad owner/operators over a 10-year period (at a 7 
percent discount rate). The basis for the estimates of benefits and 
costs are included in the RIA for this rulemaking, which is included in 
the public docket.
    TSA rejected this alternative because the agency has determined 
that the proposed applicability aligns with its commitment to risk-
based security policy and outcomes-based regulation. TSA has 
consistently recognized the security risks associated with transport of 
RSSM through the areas identified in Appendix A to current 49 CFR part 
1580. The security basis for identifying these areas has not changed. 
Furthermore, expanding beyond the proposed applicability was 
unnecessary to gain the intended security benefits as it would not 
represent a corresponding expansion of employees trained since 90 
percent of railroad employees would receive training as a result of the 
proposed rule's applicability. Additionally, when compared to the ten-
year costs of the proposed applicability rule for freight railroad 
owner/operators ($90.74 million at 7 percent), this alternative would 
result in $1.25 million in additional costs.
2. Public Transportation and Passenger Railroads
    There are more than 7,000 PTPR systems operating in the United 
States.\96\ As part of an intermodal system of transportation, commuter 
passenger railroads provide critical regional services, such as between 
a central city and adjacent suburbs during morning and evening peak 
periods, as well as connecting to other modes of transportation through 
multimodal systems and within multimodal infrastructures. Since 1995, 
public transit ridership is up 39 percent, outpacing population growth, 
which is up 21 percent, and vehicle miles traveled (VMT), which is up 
25 percent.\97\ While passenger railroads primarily operate on the same 
track as freight railroads, they have many similarities to public 
transportation because of the operational concerns related to 
transporting people. Amtrak operates the Nation's primary intercity 
passenger rail service over a 22,000-mile network (primarily over 
leased, freight railroad tracks), serving more than 500 stations in 46 
states and the District of Columbia. Many of these stations are 
multimodal transportation facilities located in higher-risk areas.
---------------------------------------------------------------------------

    \96\ APTA, ``2014 Public Transportation Fact Book,'' 65th 
Edition, at 6, (Nov. 2014), available at https://www.apta.com/resources/statistics/Documents/FactBook/2014-APTA-Fact-Book.pdf.
    \97\ See ``Quick Facts'' on APTA's Web site as of Jan. 27, 2016, 
available at https://www.apta.com/mediacenter/ptbenefits/Pages/default.aspx.
---------------------------------------------------------------------------

Threat
    Based on incidents in other countries, TSA assesses that terrorists 
view PTPR systems as attractive targets because they carry large 
numbers of people, are open and easily accessible to the public, are 
critical to regional transportation systems, and are vital to local 
economies. Terrorists have targeted rail and bus systems overseas. 
Notable incidents include the sarin gas attacks on the Tokyo subway 
system in April 1995; the multiple detonations of IEDs left on commuter 
trains in Madrid in March 2004; the multiple suicide attacks employing 
IEDs on the London Underground and a double-decker bus in London in 
July 2005; the multiple detonations of IEDs on commuter trains in the 
greater Mumbai area in July 2006; and, the double suicide attacks and 
two incidents of IED detonations in Dagestan and Moscow, respectively, 
in March, June, and August 2010.
    TSA's Office of Intelligence and Analysis assesses with high 
confidence that terrorists remain intent on perpetrating attacks 
against this mode. In the period between January 1 and December 31, 
2014, there were 144 reported attacks on mass transit systems overseas. 
Of these attacks, 76 targeted buses and associated infrastructure and 
68 targeted mass transit and passenger rail systems and associated 
infrastructure.
Vulnerability
    Attributes of PTPR systems essential to their efficiency also 
create potential security vulnerabilities that terrorists seek to 
exploit. Unlike strict access controls applicable to air transport, the 
public transportation system's multiple stops and interchanges lead to 
high passenger turnover, which is difficult to monitor effectively. In 
addition, the broad geographical coverage of passenger rail networks 
provides numerous options for access and getaway and affords the 
ability to use the system itself as the means to reach the location to 
conduct the attack.
Consequences
    A potential terrorist attack on a public transportation center in a 
major metropolitan area can result in a large number of victims, both 
killed and wounded, as well as significant infrastructure damage. Rail 
system bombings in Madrid, London, and Mumbai--all involving use of 
multiple IEDs--are tragic reminders of this reality. Attacks could be 
isolated, having minimal effect on the total operating system, or could 
result in a major impact that has national implications: an attack on 
an intercity passenger railroad operating on the general system of 
transportation could potentially shut down railroad operation support 
for specific sectors. The disruption of any portion of the operation 
can confuse the public, directly affect businesses, and lead to panic. 
Attacks on multiple portions of a PTPR system exacerbate these impacts.
Risk Determination
    In the context of resource allocations under the Transit Security 
Grant Program (TSGP), DHS has determined the highest transit-specific 
risk areas and transit systems using a model approved by the Secretary 
and vetted by Congress.\98\ DHS has consistently considered several 
factors when determining risk for PTPR, including credible and specific 
international and domestic terrorist threats based on information 
provided by the intelligence community, system and infrastructure 
vulnerabilities, and consequences primarily in terms of the impact on 
the mission. As the mission of PTPR systems is to transport people, the 
consequences include the potential for devastating casualties.\99\ TSA 
believes this model is an appropriate method for determining 
applicability for purposes of this rulemaking.
---------------------------------------------------------------------------

    \98\ Federal Emergency Management Agency (FEMA) Grant Programs 
Directorate, ``Risk Methodology, Fiscal Year 2015 Report to 
Congress, Calculating Risk for the FY 2015 DHS Preparedness Grant 
Programs'' (December 21, 2015).
    \99\ Id. at 25-26.
---------------------------------------------------------------------------

    An analysis of the transit-specific risk scores developed using the 
DHS method indicates a natural and significant break in the risk curve 
(delta between risk scores of one urban area to the next) between the 
top eight regions with the highest transit-specific risk and the 
others.\100\ When combined, these areas represent over 94 percent of 
the total transit-specific risk to all urban areas across the Nation. 
Within each of these areas, DHS has identified the systems with the 
highest-risk based on considerations related to ridership, location of 
services provided (use of the same stations and stops), and

[[Page 91358]]

relationship between feeder and primary systems.
---------------------------------------------------------------------------

    \100\ This analysis is based on SSI and/or classified 
intelligence information. As a result, TSA may not share details of 
the information or the analysis.
---------------------------------------------------------------------------

Proposed Applicability
    Using this criteria, TSA is proposing to apply the requirements of 
this proposed rule to the systems identified in proposed 49 CFR part 
1582, Appendix A. These 47 PTPR systems (46 PTPR plus Amtrak) are the 
systems with the highest risk operating in the eight regions with the 
highest transit-specific risk. Applying the rule's requirements to 
these 47 PTPR systems, corresponds to enhanced security for more than 
80 percent of all PTPR passengers.
    TSA is also proposing to apply the requirements to any PTPR owner/
operator that hosts a high-risk freight railroad as identified in 
proposed Sec.  1580.101. The reasons previously discussed for the 
parallel applicability to freight railroads in a hosting relationship 
with a high-risk passenger railroad apply equally to passenger 
railroads hosting high-risk freight railroads.
Alternative Considered
    TSA considered expanding the applicability of a security training 
program to a broader scope of owner/operators. The parameters for this 
alternative population include all PTPR operations within or through a 
UASI region. TSA estimates that this alternative would cover a total of 
253 PTPR owner/operators in 26 metropolitan areas. TSA estimates that 
this alternative would have a cost of approximately $127.88 million for 
PTPR owner/operators over a 10-year period (at a 7 percent discount 
rate). The basis for the estimates of benefits and costs are included 
in the RIA for this rulemaking, which is included in the public docket.
    TSA rejected this alternative because the agency has determined 
that the proposed applicability aligns with its commitment to risk-
based security policy and outcomes-based regulation. The risk analysis 
used for developing the TSGP funding allocations begins with 
identification of the UASI regions and then takes into consideration 
unique aspects of PTPR operations within that UASI in light of known 
risks. To adopt the UASI designations for applicability would ignore 
the second, critical step of the analysis used for TSGP allocations. By 
linking applicability to those agencies that have historically and 
consistently been designated as highest-risk for purposes of TSGP 
funding allocation, the proposed applicability links the greatest 
regulatory burden to those systems that the Federal government has 
determined merit the greatest funding allocations to address security. 
The majority of the funding under the TSGP goes to the highest-risk 
regions to ensure the greater risk is being addressed (94 percent in FY 
15 and 95 percent in FY 14).
    Based on these considerations, the negative impact of a broader 
regulatory requirement would not have a corresponding benefit to 
security--especially recognizing that the systems covered under the 
proposed applicability transport 80 percent of the PTPR ridership. 
Additionally, when compared to the ten-year costs of the proposed 
applicability rule for PTPR owner/operators ($53.14 million at 7%), 
this alternative would result in $74.74 million in additional costs.
3. Over-the-Road Buses
    Highways are the largest and most prevalent component of the 
Nation's transportation network. Virtually every location within the 
continental United States is accessible by highway. The system today 
encompasses more than four million miles of roadway on which more than 
600,000 bridges and 650 tunnels offer possible chokepoints. Within that 
system, commercial buses offer the most cost-effective intercity 
transportation to thousands of communities. For many people, fixed-
route, intercity bus service is the only alternative to private 
vehicles.
    It is estimated that there are over 3,300 private OTRB owner/
operators operating approximately 29,000 buses and employing over 
118,000 people in full and part-time jobs within the United 
States.\101\ These owner/operators primarily conduct interstate 
operations that include wholly-owned bus terminals, shared terminals 
with other transportation modes (such as passenger rail), or pre-
determined pick-up and drop-off locations (which may not be on the 
owner/operator's property).
---------------------------------------------------------------------------

    \101\ For purposes of this discussion, an OTRB is considered the 
same as a motorcoach, which is consistent with the industry's 
interchangeable use of this term. For example, the Motorcoach Census 
2015, commissioned by the American Bus Association (ABA), states: 
``a motorcoach, or over-the-road bus (OTRB), is defined as a vehicle 
designed for long-distance transportation of passengers, 
characterized by integral construction with an elevated passenger 
deck located over a baggage compartment. It is at least 35 feet in 
length with a capacity of more than 30 passengers . . . . This 
definition of a motorcoach excludes the typical city transit bus 
city sightseeing buses, such as double-decker buses and trolleys.'' 
See ABA, ``Motorcoach Census 2015,'' at 7 (Feb. 11, 2016), available 
at https://www.buses.org/assets/images/uploads/general/Motorcoach%20Census%202015.pdf.
---------------------------------------------------------------------------

    In general, OTRBs have an average capacity of 55-60 passengers per 
bus and carry approximately 751 million passengers annually to 
thousands of destinations within the United States and to/from Canada 
and Mexico. Destinations include urban areas and passenger transfer 
points with close proximity to many of the most iconic and valuable 
sites in the Nation.
Threat
    According to TSA's intelligence analysts and subject matter 
experts, buses represent attractive targets for terrorists, especially 
as it relates to hijacking, because they can be used as a vehicle-borne 
improvised explosive device (VBIED), provide the potential for large 
numbers of casualties, or could serve as a source for hostages. While 
there has not been a terrorist attack against a bus in the United 
States, threats and terrorist actions against motor coaches have 
occurred in other nations, including Israel, Spain, and the United 
Kingdom. As the Volpe National Transportation Systems Center noted, the 
industry provides terrorists with a ``physically dispersed, easily 
accessed, high volume, target rich environment with potential for mass 
casualties.'' \102\ Over-the-Road Buses ``serve all large metropolitan 
areas and travel in close proximity to some of the nation's most 
visible and populated sites, such as sporting events, major tourist 
attractions, and national landmarks.'' \103\
---------------------------------------------------------------------------

    \102\ Volpe National Transportation Systems Center, ``Security 
Enhancement Study for the U.S. Motorcoach Industry,'' at vii (May 
2003), available at https://ntl.bts.gov/lib/55000/55200/55204/Security_enhancement_motorcoach_industry_exec_summ.pdf.
    \103\ Id.
---------------------------------------------------------------------------

    TSA identifies that the most likely threat would be represented by 
an IED brought aboard by a passenger or delivered by another vehicle in 
close proximity to the OTRB. There is also the potential threat of an 
attacker intent on capturing control of the bus and using it as a 
delivery system for a weapon of mass destruction against a high-value 
destination. Terrorists with access to this type of vehicle could use 
its capacity to transport as much as 12 tons of explosives. Coupled 
with the use of such vehicles in urban centers and in daily proximity 
to high-value buildings or venues, an OTRB could serve as a VBIED.
Vulnerability
    Over-the-Road Buses travel on open roads, often on scheduled and 
predictable routes, with only a driver and passengers. While OTRBs are 
used to transport large volumes of passengers and baggage (either in 
the under-floor storage area or accessible to the

[[Page 91359]]

passenger), most owner/operators do not screen passengers and baggage 
for threats. Furthermore, OTRBs generally have large cargo compartments 
that can be reached without boarding the bus. As previously noted, a 
high number of OTRBs operate in urban settings and have the ability to 
gain close proximity to high-profile targets and highly-populated 
areas. These operations are vulnerable to a potential terrorist--
providing frequent and predictable access to a vehicle that could 
either be targeted or exploited by an individual with malicious intent: 
It is relatively easy to perform reconnaissance, purchase a ticket, and 
travel anonymously with baggage that does not undergo screening.
Consequences
    The consequence of a successful attack on an individual OTRB in a 
remote location is assumed to be the loss of the vehicle and many of 
its passengers. The same vehicle as a VBIED aimed at a high-value 
target is much greater. The National Counterterrorism Center (NCTC) 
states that one VBIED containing 4,000 kg of homemade explosives is 
equivalent to 200 pipe bombs or 20 suicide vests.\104\
---------------------------------------------------------------------------

    \104\ See ``TNT EQUIVALENTS'' at https://www.nctc.gov/site/methods.html#sarin.
---------------------------------------------------------------------------

Risk Determination
    While it is possible an OTRB could be the target of a terrorist 
attack, it is more likely that an OTRB would be used to deliver an IED, 
making the bus a VBIED that could be used to target an urban area. This 
risk determination reflects that a terrorist could obtain access to a 
large vehicle by simply purchasing a ticket for a fixed-route OTRB 
travelling to the target region (with specific knowledge of where the 
bus would transfer passengers and any close proximity that could 
provide to other targets).
    Because the risk involving an OTRB as a VBIED is primarily to the 
targeted urban area, TSA relied on a risk model developed by DHS to 
determine highest-risk urban areas for the UASI grant program.\105\ 
This model has been approved by the Secretary of Homeland Security and 
vetted by Congress as an appropriate method to determine risk to an 
individual city or urban area. As with PTPR, there is a natural and 
significant break in the risk curve (delta of risk scores or one urban 
area to the next).
---------------------------------------------------------------------------

    \105\ The UASI program is intended to assist ``high-threat, 
high-density Urban Areas in efforts to build and sustain the 
capabilities necessary to prevent, protect against, mitigate, 
respond to, and recover from acts of terrorism.'' See DHS, ``Notice 
of Funding Opportunity: Fiscal Year 2015 Homeland Security Grant 
Program,'' at 2 (FY 15 UASI Allocations), available at https://www.fema.gov/media-library-data/1429291822887-7f203c9296fde6160b727475532c7796/FY2015HSGP_NOFO_v3.pdf. See also 
supra, at n. 98.
---------------------------------------------------------------------------

Proposed Applicability
    TSA proposes to apply the requirements of this rule to owner/
operators providing fixed-route service in the 10 areas identified in 
proposed 49 CFR part 1584, Appendix A.\106\ These 10 areas are those 
that receive the highest funding allocation under the FY 2015 UASI 
grant program. UASI funds are allocated based on a risk methodology 
employed by DHS and Federal Emergency Management Agency (FEMA). 
Together, these 10 urban areas were allocated 88 percent of total UASI 
funds based on risk to these 10 regions.\107\
---------------------------------------------------------------------------

    \106\ ``Fixed-route service'' is defined in proposed Sec.  
1500.3 to mean, ``the provision of transportation service by private 
entities operated a long a prescribed route according to a fixed 
schedule.''
    \107\ See FY 2015 UASI Allocations, supra n.105.
---------------------------------------------------------------------------

    The determining factor for whether a fixed-route OTRB owner/
operator is within the scope of the proposed rule is not where they are 
headquartered, but where they provide service. In proposing this 
applicability, TSA considered factors that could make an OTRB a 
potential target for a terrorist attack, including its visibility (the 
size of its operations), the extent to which its schedule is publicly 
available, whether or not it is relatively easy for unknown individuals 
to board the bus, and whether the bus would have ease of access to 
high-consequence locations.
    TSA is aware that some private companies provide commuter services 
that may trigger applicability of the proposed rule. Diagram A provides 
a flowchart to assist with determining if the proposed rule would 
apply.

[[Page 91360]]

[GRAPHIC] [TIFF OMITTED] TP16DE16.013

TSA estimates that the applicability of the proposed rule would apply 
to approximately 202 OTRB owner/operators.
Alternative Considered
    TSA considered expanding the applicability of a security training 
program to OTRB owner/operators operating within or through one or more 
of the UASI regions. TSA estimates that this alternative would cover a 
total of 403 owner/operators in 26 metropolitan areas in year one of 
the regulation. TSA estimates that this alternative would have a cost 
of approximately $22.09 million for OTRB owner/operators over a 10-year 
period (at a 7 percent discount rate). The basis for the estimates of 
benefits and costs are included in the RIA for this rulemaking, which 
is included in the public docket.
    TSA rejected this alternative because the agency has determined 
that the proposed rule better aligns with its commitment to risk-based 
security policy and outcomes-based regulation. As previously noted, 
while it is possible an OTRB could be the target of a terrorist attack, 
it is more likely that an OTRB would be used to deliver an IED-making 
the bus a VBIED that could be used to target an urban area. While there 
are more UASI regions than those covered by the proposed rule, the 
areas identified in proposed Appendix A to part 1584 represent those 
with the highest-risk. Additionally, when compared to the ten-year 
costs of the proposed applicability rule for OTRB owner/operators 
($12.08 million at 7 percent), this alternative would result in $10.01 
million in additional costs.
4. Foreign Owner/Operators
    While the proposed applicability provisions for security training 
do not specifically reference foreign owner/operators,\108\ the 
employees who must be trained include any employee performing a 
security-sensitive function ``in the United States or in direct support 
of the common carriage of persons or property between a place in the 
United States and any place outside the United States.'' \109\ 
Therefore, the training requirements of this proposed rule would apply 
equally to domestic owner/operators and foreign owner/operators with 
employees performing covered functions within the United States or in 
support of operations within the United States. For example, if a 
Canadian OTRB owner/operator has fixed-route service that begins at a 
point in Canada and transits through an area identified in proposed 
part 1584, Appendix A before concluding at a point in Mexico, any 
employees operating that bus providing maintenance or inspection 
services, providing dispatch information, or performing any other 
security-sensitive function for that bus affecting its operations 
within the United States would need to be trained and the owner/
operator would need to submit a training plan to TSA for approval. 
Where the function is being performed, in essence whether the employee 
is performing the security-sensitive function at a location in Canada 
or along the route in the United States, is irrelevant.
---------------------------------------------------------------------------

    \108\ See proposed Sec. Sec.  1580.101 (freight railroads), 
1582.101 (PTPR), and 1584.101 (OTRBs).
    \109\ See proposed Sec. Sec.  1580.3 (freight railroads), 1582.3 
(PTPR), and 1584.3 (OTRBs).
---------------------------------------------------------------------------

    In addition, while foreign owner/operators providing service in the 
United States would be required to have a security coordinator and 
alternate, foreign owner/operators would only be required to report 
potential threats and significant security concerns for operations in 
the United States or transportation to, from, or within the

[[Page 91361]]

United States. Foreign freight railroad owner/operators currently meet 
this requirement under the requirements of current 49 CFR part 1580. 
This approach is also consistent with that taken by the FRA.
5. Preemption
    While current 49 CFR part 1580 includes a preemption provision, 
which will be carried over to the proposed revisions of part 1580 and 
addition of part 1582, that provision is based upon the specific 
statutory preemption in 49 U.S.C. 20106. There is no similar statutory 
provision for the other modes of transportation covered by this 
proposed rule. Therefore, TSA has not included preemption provisions 
for the other modes. Furthermore, based on TSA's experience with the 
implementation of 49 CFR part 1580 since it was finalized in 2008, it 
has not become aware of any State, local, or tribal laws, regulations, 
or orders that would be inconsistent with the provisions of this NPRM 
nor were any concerns raised during the consultations discussed in 
section IV of this NPRM. TSA invites comments about specific laws, 
regulations, or orders that commenters believe would conflict with the 
provisions of the proposed rule.

G. Security Program General Requirements (Sec. Sec.  1580.113, 
1582.113, and 1584.113)

    Under proposed Sec. Sec.  1580.113, 1582.113, and 1584.113 owner/
operators identified in Sec. Sec.  1580.101, 1582.101, and 1584.101 
would be required to adopt and implement a security training program 
that meets the requirements of the relevant subparts. TSA is 
deliberately proposing that owner/operators be required to ``adopt and 
implement'' rather than ``develop and implement'' training programs 
because TSA is aware that relevant training curriculum may already 
exist that aligns with most, if not all, of the curriculum 
requirements--including resources developed by TSA (which will be 
further discussed in section III.I and J. of this NPRM).
1. Information About the Owner/Operator
    This section includes proposed requirements for the content of the 
program to be submitted to TSA, including information regarding the 
owner/operator (paragraphs (b)(1) and (2)), scope of training (for 
example, number of employees to be trained by job function) (paragraph 
(b)(3)), implementation schedule for the training program (paragraph 
(b)(4)) consistent with the requirements of proposed Sec.  1570.111, 
and location of training records (paragraph (b)(5)) consistent with the 
requirements in proposed Sec.  1570.121.
2. Information on How Training Will Be Provided
    Proposed paragraphs (b)(6) through (9) require general information 
on the curriculum to be used to meet the training requirements, such as 
lesson plans, objectives, and modes of delivery. As previously noted, 
TSA is aware that some owner/operators would seek approval to use 
existing training programs, implemented to comply with other Federal 
requirements or other standards, to satisfy some or all of the 
requirements of this NPRM. Under proposed paragraph (b)(6), the 
curriculum or lesson plan for that program would need to be included in 
the training program submitted for TSA approval.
    For example, an owner/operator may have provided training on topics 
similar to those in the proposed rule to meet programs implemented to 
fulfill the HMR, such as those in 49 CFR part 172, or FRA safety/
evacuation training.\110\ In the training program submitted to TSA for 
approval, owner/operators using any of these training programs to meet 
the requirements of the proposed rule would also need to explain how 
the training programs selected meet TSA's requirements and are 
appropriate for the particular owner/operator. During review, TSA may 
need to request additional information from the owner/operator in order 
to determine if the courses selected meet this rule's requirements.
---------------------------------------------------------------------------

    \110\ See 49 CFR part 239.
---------------------------------------------------------------------------

3. Ensuring Supervision of Untrained Employees and Providing Notice of 
Changes Affecting Training
    Proposed paragraphs (b)(7) and (8) would require owner/operators to 
provide information on their plans for addressing specific requirements 
in Sec. Sec.  1580.115, 1582.115, and 1584.115. These include plans for 
ensuring untrained employees are properly supervised (as required by 
proposed Sec. Sec.  1580.115(a), 1582.115(a), and 1584.115(a)) and 
notifying employees of any changes that affect their training. For 
example, under proposed Sec.  1580.115(c) (similar provisions exist in 
Sec. Sec.  1582.115(c) and 1584.115(c)), employees must be trained on 
their responsibilities under the owner/operator's security plans and/or 
programs. If the security plans and/or programs change, the employee 
must be notified of how that change would affect the information they 
were provided during previously provided training. This would not 
affect the timing of recurrent training unless affected employees are 
required to participate in training courses as part of updates to the 
security program.
4. Methods for Determining Effectiveness of Training
    Proposed paragraph (b)(9) would require owner/operators to include 
in their training program a method for measuring the effectiveness of 
their training program. TSA would afford flexibility to each individual 
owner/operator to measure effectiveness of their security training 
program using methods and criteria appropriate for their operations. 
TSA does not prescribe the method in the proposed rule, but does 
propose that every training program specify the manner and method by 
which the effectiveness of the training program would be evaluated by 
the owner/operator. For example, TSA expects that some owner/operators 
would choose to administer a form of written test or evaluation to 
gauge their employees' level of knowledge, while others may rely upon 
operational tests conducted by supervisors to determine employees are 
being trained effectively.
    Similarly, TSA is not proposing to prescribe conditions for a pass/
fail policy that may be associated with post-training testing. While 
individual companies may elect to enforce pass/fail criteria with 
associated personnel actions, TSA is neither requiring this nor 
recommending a specified maximum number of times that an individual may 
take a test or evaluation to demonstrate knowledge and competency. As 
previously noted, the standards proposed by an owner/operator for 
determining training efficacy may affect TSA's approval of any 
alternative measures for compliance. TSA requests comments on this 
issue to further inform a final rule.
5. Relation to Other Training
    TSA is proposing paragraph (c) in recognition that many owner/
operators covered by this proposed rule are subject to training 
requirements under regulations of DOT that overlap with the training 
content identified in the 9/11 Act's requirements. For example, an 
owner/operator may have provided training on topics similar to those in 
the proposed rule to meet programs implemented under DOT hazardous 
material regulations,\111\ FRA safety/

[[Page 91362]]

evacuation training,\112\ or Federal Transit Administration (FTA) 
Safety Management System training provided under a rail fixed guideway 
public transportation system's Transit Agency Safety Plan.\113\ Other 
training programs are addressed in section III.I of this NPRM.
---------------------------------------------------------------------------

    \111\ See, e.g., 49 CFR part 172.
    \112\ See 49 CFR part 239.
    \113\ See 49 CFR 674.29 and Appendix A to part 674.
---------------------------------------------------------------------------

    TSA does not expect owner/operators to duplicate training. If they 
are already subject to requirements to provide similar training, they 
can use that training to satisfy TSA's requirements. To the extent that 
an owner/operator intends to use existing training programs implemented 
to comply with other Federal requirements or other standards in order 
to satisfy some or all of the requirements of this NPRM, the program 
submitted to TSA for approval would need to identify how the other 
training would be used to satisfy TSA's requirements, such as the 
curriculum or lesson plan for that program.
    Proposed paragraph (c)(2) requires an index to be provided if the 
owner/operator chooses to submit all or part of an existing security 
training program to TSA for approval. The index would need to be 
organized in the same sequence as the content requirements in 
Sec. Sec.  1580.115, 1582.115, and 1584.115. Indexing is a necessary 
requirement if TSA is to provide flexibility for owner/operators to use 
existing training programs to satisfy this proposed rule. TSA may 
request additional information on the program through the review and 
approval process.

H. Security Training and Knowledge for Security-Sensitive Employees 
(Sec. Sec.  1580.115, 1582.115, and 1584.115)

1. Training Required for Security-Sensitive Employees
    Any owner/operator required to have a security training program 
under Sec. Sec.  1580.101, 1582.101, or 1584.101, must provide security 
training to its security-sensitive employees. Consistent with the 
definition of employee in Sec.  1570.3, this requirement applies to any 
direct employee, contractor, employee of a contractor, or other 
authorized person who is compensated for performing a security-
sensitive function on behalf of or for the benefit of the owner/
operator. For example, if an OTRB owner/operator does not employ any 
drivers directly, but uses drivers under contract, those drivers would 
need to be trained. Similarly, if an owner/operator has chosen to 
combine dispatch services with two affiliates of its parent 
corporation, the owner/operator required to provide security training 
to its direct employees would also be required to provide security 
training to any dispatchers providing services for its fleet.
    In some circumstances, security-sensitive functions may be 
performed by individuals not within the definition of ``employee'' for 
purposes of this NPRM. For example, police officers employed by a local 
law enforcement agency may be routinely patrolling the owner/operator's 
premises and/or operations. They would not be subject to the proposed 
rule unless there is a contractual relationship for the law enforcement 
agency to provide that service and the law enforcement officer is 
assigned to that location. In situations where the owner/operator has a 
dedicated police or security force, the members of that force assigned 
to work at the facility would need to have security training consistent 
with that required for other employees. For those situations where 
those personnel are not required to be trained, TSA would encourage law 
enforcement personnel regularly assigned to patrols at that location to 
receive the same training as the employees to enhance communication and 
cooperation in response to potential threats.
2. Limits on Use of Untrained Employees
    If a security-sensitive employee does not receive the required 
security training, under the proposed rule, that employee would be 
prohibited from performing a security-sensitive function unless he or 
she is under the direct supervision of a security-sensitive employee 
who has met the training requirements. While TSA is not defining the 
word ``direct,'' TSA would expect the supervisor to be located in 
reasonable proximity to the employee to supervise actions and provide 
the necessary level of security awareness and response capabilities. 
Further, even if an employee is directly supervised, TSA proposes to 
impose a 60-day limit for the amount of time that an employee may 
perform a security-sensitive function without receiving training. After 
60 days, the proposed rule would require the owner/operator to remove 
the employee from a security-sensitive function; the owner/operator 
would, of course, retain the discretion to reassign the individual to 
other non-security-sensitive job functions.
3. Knowledge Required
    Consistent with other TSA regulations,\114\ TSA is proposing to 
require a training program that focuses on the specific knowledge 
provided to security-sensitive employees. The proposed rule affords 
flexibility for owner/operators to develop and implement a program that 
addresses the required components of the security training program in 
the context of their operational environments.
---------------------------------------------------------------------------

    \114\ See, e.g., 49 CFR 1548.11 (Training and knowledge for 
individuals with security-related duties) applicable to indirect air 
carriers).
---------------------------------------------------------------------------

    In developing the requirements, TSA considered the specifically 
enumerated subjects in the 9/11 Act, other Federal regulatory 
requirements, and curriculum elements already being provided by owner/
operators (based on information obtained as part of TSA's ongoing 
interaction with its stakeholders). TSA has organized these 
requirements into four broad categories: prepare, observe, assess, and 
respond. As noted in Diagram B below, all statutorily required program 
elements are included within these broad categories. For purposes of 
this discussion and Diagram B, the statutory requirements will be 
referenced as PT # (``PT'' aligns to 6 U.S.C. 1137 and the # with the 
relevant section in 1137(c)--for example, PT # 1 corresponds to 6 
U.S.C. 1137(c)(1)); RR # (``RR'' aligns with requirements in 6 U.S.C. 
1167 and the # with the relevant sections of 1167(c)); and OTRB # 
(``OTRB'' aligns with requirements in 6 U.S.C. 1184 and the # with the 
relevant section in 1184(c)). Other existing training that could be 
relevant to each of the categories is also identified in Diagram B as 
it could be useful to owner/operators in identifying existing training 
that could be used to satisfy the proposed regulatory requirements.
    The ``prepare'' category is intended to address training that may 
be specifically relevant to a particular job function. For example, an 
appropriate method for self-defense (as required by PT 3, RR 3, and 
OTRB 3) could vary based upon an employee's job and extent to which he 
or she interacts with the public. Similarly, an employee's role in 
operating and maintaining security equipment (as required by PT 10, RR 
11, and OTRB 11) varies based upon the responsibilities of the 
employee.
    The ``prepare'' category would also address training on discharging 
any security responsibilities that security-sensitive employees may 
have under a security plan or measure. This proposed rule does not 
require any owner/operator to adopt or implement a

[[Page 91363]]

security plan or measures. TSA is aware, however, that many owner/
operators have security plans or measures that they developed 
voluntarily, to comply with federal requirements, or to qualify for 
Federal grants. To the extent these plans or procedures exist, 
employees must be trained in order to ensure these plans or measures 
are effective. Similar to the threat and incident prevention and 
response training, this portion of the training program would need to 
be tailored to the specific operation. TSA intends for training 
provided under this category to satisfy requirements for in-depth 
security training for ``hazmat employees'' as required by 49 CFR 
172.704(a)(5). For freight railroads, the requirements in proposed 
Sec.  1580.115(c) include providing training on chain of custody and 
control requirements, as appropriate. This additional training is 
relevant to ensuring appropriate procedures are followed to comply with 
the security requirements in proposed subpart C to part 1580 (which 
contains the requirements in current Sec. Sec.  1580.103 and 1580.107).
    The ``observe'' category is intended to provide knowledge to 
increase a security-sensitive employee's observational skills. This 
category would address behavior recognition requirements of the 9/11 
Act (PT 6, RR 6 and OTRB 6)--encompassing an understanding of unusual 
or abnormal behavior that should trigger a response by employees 
because of the potential that the behavior may indicate a threat to 
transportation security. It also addresses a requirement to be able to 
recognize dangerous or suspicious items, behavior, or situations 
(required by PT 8, RR 9, and OTRB 9). In general, this training focuses 
on recognizing the difference between what is normal for the 
operational environment and abnormalities that could indicate terrorist 
planning or imminent attack. Training delivered should teach the 
employees that suspicious activity is a combination of actions and 
individual behaviors that appear strange, inconsistent, or out of the 
ordinary for the employee's work environment. In most instances, it 
will not be a single factor, but a combination of factors taking place 
at a particular time and place, that will accurately identify a 
suspicious individual or act.
    The ``assess'' category requires providing knowledge of how to 
determine if what is observed requires a response and what those 
appropriate responses may be. TSA is aware that some stakeholders 
provide training that includes tools to help employees assess the 
seriousness of a threat. This category addresses requirements in the 9/
11 Act (PT 1, RR1, and OTRB 1) as well as the security awareness 
training required for ``hazmat employees'' under 49 CFR 172.704(e)(4).
    The ``respond'' category includes training on security incident 
responses--including how to appropriately report a security threat, 
interact with the public and first responders at the scene of threat or 
incident, applicable uses of self-defense devices or protective 
equipment, and communication with passengers. This category addresses 
several elements of the 9/11 Act relating to communication and 
coordination (PT 2, RR 2, and OTRB 2), use of personal protective 
devices or equipment (PT 4, RR 4, and OTRB 4), evacuation procedures 
(PT 5, RR 5, and OTRB 5), responses to terrorist threats or incidents 
(PT 6, RR 7, and OTRB 7), and understanding procedures for interacting 
with responders (PT 9, RR 10, and OTRB 10). This category also 
addresses elements of security awareness training required by 49 CFR 
172.704(a)(4). To the extent owner/operators need to provide training 
on specific self-defense devices or protective equipment, TSA has not 
calculated these costs as it assumes this is a standard part of any 
operation before providing such devices or equipment to individuals and 
would not be a cost of this rule. Based on feedback received in 
consultation with stakeholders, TSA considered whether to tailor 
particular training requirements to specific job functions. It may be 
argued, for example, that training elements relevant to employees who 
encounter the public are not necessary for mechanics or other employees 
performing non-public functions. TSA believes, however, that there 
should be a common level of proficiency among security-sensitive 
employees of the covered entities; training in security awareness and 
behavior recognition is appropriate for all employees.
    At the same time, security-sensitive employees must be aware of 
their particular responsibility in preventing or responding to a threat 
or incident prevention and response and adequately trained to fulfill 
their roles. TSA recognizes that owner/operators may integrate into 
their required security training programs varying levels of training 
for particular categories of employees or job functions to meet the 
objectives of their overall security strategy or plan. TSA encourages 
continuation of these practices as long as the security training 
program meets the core requirements proposed in this rulemaking.
    Diagram B identifies the type of training covered within each of 
these categories by reference to the considerations that led to their 
development.

[[Page 91364]]

[GRAPHIC] [TIFF OMITTED] TP16DE16.014

I. Other Security Training Programs

    The 9/11 Act includes requirements for TSA to consider ``any 
current security training requirements or best practices'' before 
issuing security training regulations.\115\ As discussed above and 
indicated in Diagram B, TSA has taken current Federal regulations, 
guidance, and other practices affecting transportation security into 
consideration and has crafted this proposed rule to be consistent with 
those regulations and practices where they meet the requirements of the 
9/11 Act and the objectives of this rulemaking. In addition, TSA has 
been consulting with DOT to avoid potential inconsistencies and 
unnecessary duplication as a result of this proposed rule.
---------------------------------------------------------------------------

    \115\ See 6 U.S.C. 1167(a) and 1184(a).
---------------------------------------------------------------------------

    Many of the owner/operators required to provide security training 
under this regulation have been providing security training either 
under the requirements of training programs discussed in this section 
or using materials developed and/or approved by TSA for other purposes. 
A range of courses including those sponsored by TSA and other Federal 
agencies, such as FTA, Federal Emergency Management Agency (FEMA), and 
PHMSA, provide a means for covered entities to coordinate training for 
their employees in many of the elements stipulated in the proposed 
rule. For example, the training program this proposed rule would 
require is consistent with, and builds upon, security training programs 
that PTPR owner/operators have implemented through courses sponsored by 
FTA, TSA, and FEMA, including guidance provided to PTPR owner/operators 
to fast track grant applications for security training funding. In many 
cases, agencies have secured third-party training through funds awarded 
on projects approved under the TSGP administered by DHS. These 
government-sponsored and third-party courses would remain as approved 
options to the extent they adequately address the elements required in 
the final rule. As in the past, TSA would provide lists of approved 
courses to PTPR owner/operators subject to the regulatory requirements.
    As discussed in section III.D.3 (recognition of previous training) 
of this NPRM, an owner/operator may rely on this training to satisfy 
the training requirements of the proposed rule to the extent the 
training program they submit includes the curriculum and an explanation 
of how the previous training meets TSA's requirements and is 
appropriate for the particular owner/operator. TSA anticipates that for 
many owner/operators, the training discussed above would meet most of 
the requirements. It is likely, however, that additional training would 
be needed for some of the knowledge required by the ``prepare'' 
category of training in proposed Sec. Sec.  1580.115(c), 1582.115(c), 
and 1584.115(c). The following section discusses some of the programs 
and requirements that are relevant to these considerations.
1. Federal Railroad Administration Safety Training Requirements
    Passenger railroad employee training programs already comply with 
FRA safety standards requiring the preparation, adoption, and 
implementation of emergency preparedness plans by railroads connected 
with the operation of passenger trains (including freight carriers 
hosting passenger rail

[[Page 91365]]

operations).\116\ The FRA defines an ``emergency'' as an unexpected 
event related to the operation of passenger train service involving a 
significant threat to the safety or health of one or more persons 
requiring immediate action, and includes a security situation.\117\ 
Under the regulations in 49 CFR part 239, each affected railroad is 
required to instruct its employees on the provisions of its plan. 
Emergency preparedness plans must address such subjects as 
communication (including on-board crewmember notification of the 
control center and passengers about the nature of the emergency and 
control center personnel notification of outside emergency responders 
and adjacent rail modes of transportation), passenger evacuation in 
emergency situations, employee training and qualification, joint 
operations, tunnel safety, liaison with emergency responders, on-board 
emergency equipment, and passenger safety information. FRA also 
requires full-scale emergency simulations for passenger trains. In 
general, the FRA has found few failures to provide the required 
training. In FY 2014, there was a single recommended violation for 
failure to meet the requirements of 49 CFR 239.7.\118\
---------------------------------------------------------------------------

    \116\ See 49 CFR part 239.
    \117\ See 49 CFR 239.7.
    \118\ See FRA, ``Fiscal Year 2014 Enforcement Report,'' at 3. 
This is an annual report published by FRA summarizing settled claims 
for civil penalty violations of Federal railroad safety and 
hazardous materials statues, regulations and orders during Federal 
Fiscal Year 2014 and is available is available under Enforcement & 
Litigation on FRA's Web site at https://www.fra.dot.gov/eLib.
---------------------------------------------------------------------------

    As stated in Sec. Sec.  1580.113(c) and 1582.113(c) of the proposed 
rule, TSA recognizes that the training required by 49 CFR 239.7 may be 
combined with other training to partially or fully meet or exceed 
requirements under proposed Sec. Sec.  1580.115(f) or 1582.115(f) and 
would not expect owner/operators to duplicate this training. TSA would 
work in cooperation with the FRA to validate that the owner/operators 
have provided the training as represented in any programs submitted to 
TSA for approval. As previously noted, the training program required 
under this proposed rule would need to clearly describe and identify 
the training and how it is being used to satisfy the requirements of 
the TSA regulation.
2. Federal Transit Administration Safety Requirements
    Under 49 CFR part 659, the FTA manages State Safety Oversight for 
Rail Fixed Guideway Systems.\119\ Currently, part 659 requires States 
to oversee the safety and security of rail fixed guideway systems 
operating in their jurisdictions through designated Oversight Agencies 
(OAs). The OAs must require the operator of the rail fixed guideway 
system to develop and implement a written system safety program plan 
and a written system security plan as separate products. Each covered 
system must base its Transit Agency Safety Plan on an adequate Safety 
Management System (SMS), and include an adequate means of safety 
promotion to support the execution of the plan by all employees, 
agents, and contractors.\120\
---------------------------------------------------------------------------

    \119\ On March 16, 2016, the FTA published a final rule for 
State safety oversight of rail fixed guideway public transportation 
systems not regulated by the FRA that replaces the current State 
Safety Oversight (SSO) rule in 49 CFR part 659. See State Safety 
Oversight; Final Rule, 81 FR 14229 (Mar. 16, 2016) (adding part 674 
to title 49 of the CFR). The FTA will rescind the current SSO rule 
no later than April 15, 2019. SSO Agencies and rail transit agencies 
(RTAs) will continue to comply with the current SSO rule until they 
come into compliance with the new regulations. The FTA omitted 
System Security Plans from its final rule, noting, ``TSA . . . has 
the prerogative and responsibility for all rulemakings on security 
in public transportation.'' Id. at 14233.
    \120\ See 49 CFR 674.29 and Appendix A to part 674.
---------------------------------------------------------------------------

    The Safety Promotion component of the SMS includes safety 
communication, which requires a combination of training and 
communication of safety information to employees to heighten the 
efficiency and effectiveness of the transit agency's SMS, and typically 
includes training on the mechanism for employees to report safety 
concerns.\121\ Safety communication is intended to ensure that 
personnel are aware of the SMS and their role within it, and receive 
safety-critical information in an effective and timely manner.\122\
---------------------------------------------------------------------------

    \121\ Id.
    \122\ Id.
---------------------------------------------------------------------------

    Additionally, the OAs must require covered transit agencies to 
conduct annual reviews of both their system safety program plans and 
system security plans. Further, the OAs must require covered agencies 
to develop and document a process for the performance of on-going 
internal safety and security reviews in their system safety program 
plans. Finally, the OAs themselves must conduct on-site reviews of 
system safety program plan and system security plan implementation.
3. OTRB Safety Requirements
    The FMCSA has not issued regulations regarding OTRB owner/operators 
to provide training to their employees on evacuation procedures. In its 
2012 update to the ``Motorcoach Safety Action Plan,'' FMCSA noted its 
commitment to examining ``ways to convey safety information to 
passengers and improve evacuation for a diverse population.'' It is 
important to recognize that in the OTRB environment, the only employee 
of the owner/operator on the bus may be the driver. Focusing on what 
the driver can do, FMCSA published guidance in 2007 to the industry 
recommending providing pre-trip safety information to passengers. FMCSA 
also distributed safety brochures, posters, and an audio compact disc 
(CD) based on the guidance that contains safety announcements regarding 
emergency egress that can be broadcast. The original CD was in English 
and FMCSA subsequently translated it in six other languages.\123\ To 
the extent an owner/operator has provided training related to this 
issue pursuant to FMCSA recommendations, they could provide information 
on this training and their use of it to TSA as part its security 
training program submission.
---------------------------------------------------------------------------

    \123\ U.S. Department of Transportation, ``Motorcoach Safety 
Action Plan:2012 Update,'' at 29 (Dec. 2012), FMCSA-ADO-13-001. See 
id. at 42-43 for additional information on ongoing initiatives of 
FMCSA on this issue.
---------------------------------------------------------------------------

4. Hazardous Materials Regulations
a. Overlap With DOT Regulations Regarding Transportation of Hazardous 
Materials
    Both DOT and DHS have responsibility regarding the transportation 
of hazardous materials. TSA is the lead Federal entity for 
transportation security, including hazardous materials and pipeline 
security, while PHMSA has responsibility for promulgating and enforcing 
regulations and administering a national program of safety, including 
security, in multimodal hazmat transportation.\124\ As part of a 
Memorandum of Understanding (MOU) between these agencies to coordinate 
on activities related to their respective missions, TSA and PHMSA 
agreed to coordinate in the development of standards, regulations, 
guidelines, or directives and to build on existing standards when it is 
determined that the adequacy of existing standards needs to be 
addressed.\125\ Consistent with that agreement, TSA and PHMSA have 
coordinated regarding PHMSA's security regulations and on this NPRM.

[[Page 91366]]

A copy of the MOU is available in the docket for this rulemaking.
---------------------------------------------------------------------------

    \124\ See ``Annex to the Memorandum of Understanding Between the 
Department of Homeland Security and the Department of Transportation 
Concerning Transportation Security Administration and Pipeline and 
Hazardous Materials Safety Administration Cooperation on Pipeline 
and Hazardous Materials Transportation Security,'' at secs. III.b. 
and III.c. (August 2006).
    \125\ Id. at sec. II.
---------------------------------------------------------------------------

    For the purposes of this rulemaking, it is important to recognize 
that PHMSA's security requirements for hazmat transportation apply to 
freight railroad carriers, motor carriers, and shippers and receivers 
of hazmat. Within these populations, PHMSA regulations require all 
individuals within the definition of ``hazmat employee'' to receive 
training in security awareness.\126\ The HMR also requires hazmat 
employers who offer for transportation or who transport a subset of 
hazardous materials in specific quantities to develop security 
plans.\127\ In addition, any hazmat employer required to have a 
security plan must provide in-depth security training to its 
employees.\128\
---------------------------------------------------------------------------

    \126\ 49 CFR 172.704(a)(4). See 49 CFR 171.8 for definition of 
``hazmat employee.''
    \127\ 49 CFR 172.800 and 172.802.
    \128\ Whether a hazmat employer is required to have a security 
plan, and therefore provide in-depth security training, is 
determined by whether they transport any of the materials identified 
in 49 CFR 172.800.
---------------------------------------------------------------------------

    Specifically, the HMR require training of hazmat employees in: (1) 
Familiarity with the general provisions of the HMR and recognizing and 
identifying hazardous materials; (2) knowledge of specific HMR 
requirements applicable to functions performed; and (3) knowledge of 
emergency response information, self-protection measures, and accident 
prevention methods. The in-depth security training requirements include 
training on: (1) Awareness of the security issues associated with 
hazardous materials transportation and possible methods to enhance 
transportation security; and (2) the owner/operator's security 
objectives, specific security procedures, employee responsibilities, 
actions to be taken in the event of a security breach, and the 
organizational security structure.\129\
---------------------------------------------------------------------------

    \129\ Id.
---------------------------------------------------------------------------

    TSA's proposed rule would apply to a subset of those entities 
required to have security training programs under the HMR. Within the 
population subject to both the HMR and TSA's proposed rule, employees 
to be trained also differs. PHMSA applies the definition of ``hazmat 
employee'' used for their safety regulations,\130\ while TSA's proposed 
rule applies to employees whose functions are determined by TSA to be 
``security-sensitive.'' Data is not available to precisely determine 
the extent of overlap. For the subset of the HMR population also within 
the scope of TSA's proposed rule, TSA's proposed training requirements 
go beyond the baseline required by PHMSA. Diagram B includes references 
to the HMR requirements.
---------------------------------------------------------------------------

    \130\ 49 CFR 171.8.
---------------------------------------------------------------------------

    PHMSA has reviewed TSA's proposed requirements and agrees that 
owner/operators subject to its rule who meet TSA's proposed 
requirements would also satisfy the corresponding provisions in PHMSA's 
security training requirements. PHMSA's regulations state that training 
conducted by owner/operators to comply with security training programs 
required by other Federal agencies may be used to satisfy their hazmat 
employee training to the extent that such training addresses the 
training components specified for hazmat employee training.\131\
---------------------------------------------------------------------------

    \131\ 49 CFR 172.704(b).
---------------------------------------------------------------------------

b. Inspections and Enforcement
    TSA recognizes that stakeholders may be concerned about the 
potential overlap between PHMSA's regulations and TSA's proposed 
regulations. For example, under its Secure Contact Review program, the 
FRA audits railroads and evaluates their compliance with security plans 
and security training as mandated by the PHMSA regulations. Federal 
Railroad Administration inspectors are given authority to write 
citations for an owner/operator's failure to properly comply with the 
requirements. PHMSA also conducts periodic compliance investigations 
and its inspectors are given authority to write citations for failure 
to properly comply with the requirements.\132\
---------------------------------------------------------------------------

    \132\ See 75 FR 10974 (Mar. 9, 2010). See also 49 CFR 107.301 et 
seq.
---------------------------------------------------------------------------

    PHMSA recognizes TSA's lead role and regulatory responsibilities in 
the secure transport of hazmat. After summarizing TSA's authorities in 
its preamble to the final rule amending the HMR, PHMSA stated:

 When PHMSA adopted its security regulations, it was stated that these 
regulations were `the first step in what may be a series of rulemakings 
to address the security of hazardous materials shipments.' 68 FR 14511. 
PHMSA noted in the NPRM that TSA `is developing regulations that are 
likely to impose additional requirements beyond those established in 
this final rule' and stated that it would `consult and coordinate with 
TSA concerning security-related hazardous materials transportation 
    regulations . . . .TSA intends to promulgate additional 
regulations for railroad carriers and other modes of surface 
transportation that will require them to submit vulnerability 
assessments and security plans to DHS for review and approval, as 
well as to develop and implement security training programs for 
employees performing security-sensitive functions to prepare for 
potential security threats and conditions. The security plan 
requirements established by the HMR are to be used as a baseline for 
security planning. When TSA regulations are issued, the PHMSA 
security plan and security training requirements for regulated 
parties that will be subject to the TSA regulations will be 
reevaluated and revised as appropriate.\133\
---------------------------------------------------------------------------

    \133\ 75 FR at 10976.

    DHS and DOT are committed to coordinating on the oversight of 
security-related training for carriers of RSSM. Consistent with the MOU 
previously discussed, PHMSA's Final Rule revising the HMR acknowledged 
---------------------------------------------------------------------------
the agreement between the agencies:

    If, in the course of an inspection of a railroad or motor 
carrier or a rail or highway hazardous material shipper or receiver, 
TSA identifies evidence of non-compliance with a DOT safety or 
security regulation, TSA will provide the information to FRA (for 
rail) or FMCSA (for motor carriers) and PHMSA for appropriate 
action. Similarly, since DOT does not have the authority to enforce 
TSA security requirements, if a DOT inspector identifies evidence of 
non-compliance with a TSA security regulation or identifies other 
security deficiencies, DOT will provide the information to TSA for 
appropriate action.\134\
---------------------------------------------------------------------------

    \134\ Id. at 10977.

TSA has committed to DOT to do the same.

c. Overlap With Other DHS Regulations

    Parts of TSA's current regulations for rail security include 
requirements applicable to certain shippers and receivers of hazardous 
materials.\135\ While TSA is not modifying its existing requirements 
for shippers and receivers as part of this proposed rule, it is also 
not proposing to apply the security training requirements to shippers 
and receivers.
---------------------------------------------------------------------------

    \135\ See scope identified in current Sec.  1580.1.
---------------------------------------------------------------------------

    This is consistent with TSA's intent to avoid any overlap with 
regulations promulgated by the National Protection and Programs 
Directorate (NPPD) of DHS for the security of certain high-risk 
chemical facilities in the United States.\136\ NPPD has previously 
recognized that certain aspects of its authorities \137\ are concurrent 
and overlapping with TSA due to the transportation of these chemicals 
by rail, but stated that it does not presently plan to screen railroad 
facilities for inclusion in the CFATS program (although the Department 
reserved the right to reevaluate possible scope at a

[[Page 91367]]

future date).\138\ TSA and NPPD, continue to work closely together to 
ensure that the efforts directed at these facilities are coordinated 
and consistent.
---------------------------------------------------------------------------

    \136\ Promulgated under the authority of sec. 550 of the 
Department of Homeland Security Appropriations Act, 2007 (2007 DHS 
Appropriations Act), Public Law 109-295, 120 Stat. 1355 (Oct. 4, 
2006).
    \137\ See id.
    \138\ See 72 FR 17729, 17698-17699 (Apr. 9, 2007) (IFR for 
CFATS).
---------------------------------------------------------------------------

    While facility security training and transportation security 
training have unique differences and shall be considered as separate 
issues, TSA's subject matter experts have reviewed the training 
requirements of CFATS RBPS 11 and determined that they meet or exceed 
the requirements considered necessary by TSA for secure transportation 
of the identified chemicals. There would be no additional security 
benefit from extending the training requirements of this proposed rule 
to entities subject to CFATS. This determination was considered as part 
of TSA's decision not to include shippers and receivers of hazardous 
materials within the scope of this proposed rule.

J. Training Resources

    As previously discussed, TSA is aware that many owner/operators 
that would be subject to this proposed rule already provide security 
training to their employees that may meet the proposed requirements. To 
further reduce the burden to owner/operators who do not have an 
existing training program or whose program does not include all of the 
required content, TSA is expanding existing resources that will be made 
available to owner/operators at no cost. Owner/operators would be able 
to use these expanded resources, described below, to meet the content 
requirements of Sec. Sec.  1580.115, 1582.115, and 1584.115 of the 
proposed rule.
First ObserverTM
    First ObserverTM is a national training program 
initially created through a grant from DHS to raise security awareness 
for highway modes.\139\ It was designed to provide transportation 
professionals with information that will enable them to observe 
effectively, assess and report suspicious individuals, vehicles, 
packages, and/or objects. The program has been used to teach thousands 
of highway transportation professionals to actively participate in 
recognizing suspicious activities and reporting them through 
appropriate mechanisms.
---------------------------------------------------------------------------

    \139\ ``First ObserverTM'' refers to the current 
program and any future expansion or changes to the program.
---------------------------------------------------------------------------

    TSA is expanding the program to be relevant to other modes of 
surface transportation, including freight railroads, passenger 
railroads, and public transportation systems. The First 
ObserverTM Program is undergoing extensive revision and TSA 
is ensuring the content of all revised First ObserverTM 
products will ultimately meet the security training requirements set 
forth in a final rule. At this time, TSA does not anticipate that First 
ObserverTM will satisfy the requirement to provide employer 
specific training to security-sensitive employees with responsibility 
under their employer's specific security programs or measures--
addressed under the ``Prepare'' component of training--as this is 
company-specific training. TSA does, however, anticipate that the 
SMARToolbox, discussed below, may provide resources needed to reduce 
costs for this aspect of the proposed training.
    To ensure the expanded program is relevant to all of the modes of 
transportation covered by this proposed rule, TSA sought to obtain 
input from its stakeholders and will continue with this effort. For 
example, while this rulemaking was under development, a meeting of the 
joint industry-government panel operating as the Transit Policing and 
Security Peer Advisory Group (PAG) \140\ looked at available training 
programs in light of what the 9/11 Act specified as required training 
for public transportation.\141\ For purposes of the discussion on the 
9/11 Act's requirements, the FTA's representatives included a course 
curriculum developer. The group produced a comprehensive matrix that 
included standards and criteria needed to meet the training elements 
required by the 9/11 Act as well as suggested learning objectives to 
assist in the creation of lesson plans. The intent was to provide a 
resource that could be used by transit agencies to: (1) Review their 
existing training programs and close any gaps; (2) develop new 
programs; or (3) evaluate commercial courses. The panel also pre-
screened a selection of available courses that could be used for 
training that met all of the elements identified in the 9/11 Act. The 
standards and criteria developed by this group feeds into the 
considerations identified in Diagram B. This exercise also supports 
TSA's assumption that most of the owner/operators that would be 
affected by this proposed rule already have training programs in place 
that would substantially comply with the proposed rule's requirements.
---------------------------------------------------------------------------

    \140\ The PAG shares expertise and guidance among TSA, transit 
police chiefs, and security directors. The group meets by 
teleconference with TSA at least once a month to discuss relevant 
issues involving transit security and anti-terrorism approaches.
    \141\ See 6 U.S.C. 1137(c).
---------------------------------------------------------------------------

SMARToolbox
    As with the general security training content, TSA is aware that 
many owner/operators already provide training to prepare security-
sensitive employees for their specific responsibilities under their 
company's security plan as required by proposed Sec. Sec.  1580.115(c), 
1582.115(c), and 1584.115(c). For example, any owner/operator subject 
to the security training requirements of 49 CFR part 172 is required to 
provide in-depth training on company-specific measures under 49 CFR 
172.704(a)(5). This population overlaps with most of the freight 
railroad population that would be subject to this proposed rule.
    For those that do not currently provide this type of training, TSA 
has resources available to reduce the burden. In particular, TSA 
encourages owner/operators to use the SMARToolbox--an industry-led 
initiative supported by TSA--as a resource presenting a broad range of 
security measures that peer agencies have identified as valuable to 
their organization. A searchable, modifiable database allows for 
various specified searches--making it easy for the users to find 
information relevant to their specific needs. SMARToolbox includes 
measures gathered from publically available sources as well as from 
discussions amongst industry representatives at a variety of 
stakeholder events. As part of this rulemaking effort, TSA has ensured 
the SMARToolbox includes information relevant to this training 
requirement.

K. Programmatic Alternatives

    In addition to the applicability alternatives discussed in section 
III.F. of this NPRM, TSA has also considered other programmatic 
alternatives. In general, these alternatives eliminated aspects of the 
proposed rule that are within TSA's discretion, or even necessary parts 
of implementing the statutory requirements, but not directly mandated 
by the 9/11 Act.
    Table 7 identifies these provisions relevant to each mode.

[[Page 91368]]



       Table 7--Identification of Programmatic Requirements Eliminated or Modified in Alternative Analysis
----------------------------------------------------------------------------------------------------------------
                                                Freight rail     PTPR (Rail)       PTPR (Bus)         OTRB)
----------------------------------------------------------------------------------------------------------------
Recordkeeping...............................               X                X                X                X
Training on chain of custody requirements...               X   ...............  ...............  ...............
Security coordinators and alternates........  ...............  ...............               X   ...............
Reporting security incidents................  ...............  ...............               X                X
Annual recurrent training (replaced with 3                 X                X                X                X
 year cycle)................................
----------------------------------------------------------------------------------------------------------------

    In determining the implications of these alternatives, TSA 
continues to assume that owner/operators would use First 
ObserverTM to meet the requirements--or to fill any gaps in 
their current training programs. In most cases, the programmatic 
alternatives assume elimination of the requirement. For recurrent 
training, the alternative assumes recurrent training would occur every 
three years rather than annually (since there is not a statutory 
requirement for how often covered security sensitive employees must be 
trained, TSA sets the minimum interval of recurrent training to once 
every three years as opposed to the annual training TSA is requiring in 
the proposed rule). Based on these assumptions, these alternatives 
would have an estimated cost of approximately--
     $25.27 million for freight railroad owner/operators over a 
10-year period (at a 7 percent discount rate).
     $18.50 million for PTPR owner/operators over a 10-year 
period (at a 7 percent discount rate).
     $5.85 million for OTRB owner/operators over a 10-year 
period (at a 7 percent discount rate).

The basis for the estimates of benefits and costs is set forth in the 
RIA for this rulemaking, which is included in the public docket.
    TSA rejected these alternatives because the agency has determined 
that the proposed rule better aligns with its commitment to risk-based 
security policy and outcomes-based regulation. While recordkeeping is 
not specifically stated as a requirement in the 9/11 Act, it is a 
necessary part of enforcing any regulatory requirement. TSA also 
believes requiring owner/operators to maintain records of training and 
provide proof of training to current and former employees upon request 
can reduce costs of training based upon the recognition given to prior 
training. Chain of custody is a critical requirement for freight 
railroads to ensure security during the transportation of RSSM. TSA 
believes it is essential for employees with responsibility to perform 
requirements identified in part 1580 related to chain of custody be 
trained on how to perform those requirements as part of their security 
training curriculum. To inconsistently apply the requirement for 
security coordinators and reporting of security incidents for high-risk 
entities could create significant gaps in the information obtained and 
shared--creating unnecessary security vulnerabilities. TSA discusses 
its basis for requiring annual training in section III.D.3 of this 
NPRM.

IV. Stakeholder Consultations

    The 9/11 Act directed TSA to consult with major stakeholders during 
the development of this NPRM.\142\ The categories of stakeholders to be 
included in these consultations consist of industry representatives, 
first responders, terrorism experts, and, nonprofit employee labor 
organizations. As discussed below, TSA has complied with these 
requirements through meetings with stakeholders before drafting of this 
proposed rule began, requests for comments submitted through 
associations, as well as a targeted request for additional input 
through a Notice published in the Federal Register.
---------------------------------------------------------------------------

    \142\ See 6 U.S.C. 1137(b), 1167(b), and 1184(b).
---------------------------------------------------------------------------

    As noted, TSA published a notice in the Federal Register requesting 
the public to provide comments and data on employee security training 
programs and planned security training exercises currently provided by 
owner/operators of freight railroads, passenger railroads, public 
transportation systems (excluding ferries), and OTRBs.\143\ TSA 
received a few responsive comments from trade associations, public 
agencies, and private companies that helped TSA to understand the 
current ``baseline'' training environment for freight rail, PTPR, and 
OTRB employees. As the limited information received provided data 
relevant to the economic impact of this proposed rule, it is discussed 
more fully in the RIA for this rulemaking, which can be found in the 
docket.
---------------------------------------------------------------------------

    \143\ See 78 FR 35945 (June 14, 2013).
---------------------------------------------------------------------------

    TSA has taken stakeholder comments into consideration in developing 
the NPRM. The text below describes stakeholder outreach TSA has 
conducted.

A. Multi-Modal Outreach

    In September and October of 2009, TSA reached out to 
representatives of the constituencies mandated by 6 U.S.C. 1137, 1167, 
and 1184. These stakeholders included representatives of State, local, 
and tribal governmental authorities; first responders; security and 
terrorism experts; appropriate labor organizations; and organizations 
representing the elderly and disabled.
    On September 14, 2009, TSA reached out to representatives of the 
following stakeholder groups by transmitting a letter and summary 
document outlining the key statutory requirements of the NPRM and 
requesting their comments: TSA/Office of Civil Rights and Liberties; 
Homeland Security Institute; Mineta Transportation Institute; FEMA/
United States Fire Administration/National Fire Programs; International 
Association of Chiefs of Police; National Sheriffs Association; 
National Emergency Medical Services Association; Commercial Vehicle 
Safety Alliance; State, Local, Tribal, and Territorial Government 
Coordinating Council (GCC); and DHS/National Protection and Programs 
Directorate/Intergovernmental Programs.

B. Freight Rail

    TSA conducted meetings and conference calls with representatives of 
the freight railroad industry, including trade associations 
representing railroad carriers and shippers of hazardous materials. 
Class I carriers as well as short line and regional railroads 
participated in these consultations. TSA also met with representatives 
from two rail labor organizations. In addition, TSA met with members of 
the AAR in November 2009 to discuss the proposed security training.
    The AAR has stated that ``TSA regulation of security training for 
railroad employees is unnecessary'' \144\

[[Page 91369]]

because most freight rail hazmat employees already receive training in 
compliance with the PHMSA, which requires freight rail employees who 
perform HAZMAT functions to ``receive training that provides an 
awareness of security risks associated with hazardous materials 
transportation . . . this training must also include a component 
covering how to recognize and respond to possible security threats.'' 
\145\ The AAR affirms this and explicitly states in its comments that 
``railroads provide security awareness training to their front line 
employees and have done so for many years'' and employees have to take 
recurrent training every three years, at minimum.\146\ The American 
Short Line and Regional Railroad Association also submitted comments 
and stated that, with regards to its members, the current level of 
``[t]raining involves looking for suspicious persons, items[, w]hat 
IEDs may look like[, and h]ow to handle different situations . . . .'' 
\147\
---------------------------------------------------------------------------

    \144\ ``Comments of the Association of American Railroads'' 
(Docket ID: TSA-2013-0005-0116), available at https://www.regulations.gov/. Input the Docket ID ``TSA-2013-0005-0116'' 
into the blue ``Search'' field.
    \145\ 49 CFR 172.704(a)(4).
    \146\ Id. (citing 49 CFR 172.704(a)(4)).
    \147\ ``Comments of the American Short Line and Regional 
Railroad Association'' (Docket ID: TSA-2013-0005-0124), available at 
https://www.regulations.gov/. Input the Docket ID ``TSA-2013-0005-
0124'' into the blue ``Search'' field.
---------------------------------------------------------------------------

    TSA's freight rail subject matter experts confirmed that higher-
risk freight railroad owner/operators currently provide training to 
their security-sensitive employees on the procedures on chain of 
custody control requirements-based on the compliance rates for current 
49 CFR 1580.107. This information leads TSA to conclude that all 
freight rail owner/operators affected by the proposed rule that 
transport RSSM provide training to their employees on, at minimum, 
security awareness; employee- and company-specific security program and 
measures; and chain of custody and control requirements.

C. Public Transportation and Passenger Rail

    TSA consulted with industry representatives, governmental 
authorities, security experts, first responders, and employee 
representatives through the Transit, Commuter and Long Distance Rail 
GCC,\148\ the Mass Transit Sector Coordinating Council (SCC),\149\ and 
PAG.\150\
---------------------------------------------------------------------------

    \148\ The Commuter and Long Distance Rail GCC includes 
representatives from TSA, other DHS components, the FTA, and the 
FBI.
    \149\ The Mass Transit SCC is a representative group for the 
mass transit and passenger rail community formed in accordance with 
the National Infrastructure Protection Plan to advance the public-
private partnership for mass transit and passenger rail security. 
Its membership includes senior executives, law enforcement chiefs, 
and security directors for mass transit and passenger rail agencies 
of varying sizes, locations, and system types as well as 
representatives of APTA, the Community Transportation Association of 
America, and the Amalgamated Transit Union.
    \150\ As previously noted, see supra, n. 140, the PAG brings 
together the expertise of some 15 law enforcement chiefs and 
security directors from mass transit and passenger rail systems 
across the Nation of varying location, size, and system type as a 
consultative forum with extensive experience to facilitate 
development and implementation of effective security programs. To 
advance these purposes, the Group, which formed in November 2006, 
convenes with TSA officials in monthly teleconferences. Membership 
in the PAG consists of the law enforcement chiefs or security 
directors of public transportation agencies in large metropolitan 
areas, as well as Amtrak. In addition to Amtrak, the following 
agencies are members of the PAG: Metro Transit of Harris County, 
Texas (Houston Area), Massachusetts Bay Transportation Authority; 
New York Metropolitan Transportation Authority; New York Police 
Department--Transit Bureau; New Jersey Transit; Southeast 
Pennsylvania Transportation Authority; Washington Metropolitan Area 
Transit Authority; Metropolitan Atlanta Rapid Transit Authority; 
Chicago Transit Authority; Dallas Area Rapid Transit; Denver 
Regional Transportation District; King County Metro Transit (Seattle 
Area); Bay Area Rapid Transit; and Los Angeles County Sheriff's 
Department.
---------------------------------------------------------------------------

    TSA initiated consultations in October 2007 by explaining the 
planned approach in a joint meeting with the SCC and via a 
teleconference with the PAG. Participants at both forums were advised 
that a summary of the developing concepts and considerations for the 
security training program rulemaking would be prepared and provided to 
them for review and feedback. In preparing the summary, TSA coordinated 
with the membership of the GCC. The summary was completed in November 
2007. Dissemination to the SCC and PAG for review and comment occurred 
in December 2007 and January 2008. TSA received feedback in February 
and March 2008.
    A second round of consultations with the SCC and PAG occurred 
during October and November 2009. At that time, the consultations 
expanded to include additional law enforcement chiefs and security 
directors, specifically those not previously consulted to participate 
in the semi-annual Transit Safety and Security Roundtables.\151\
---------------------------------------------------------------------------

    \151\ TSA, FTA, and FEMA host semi-annual Transit Safety and 
Security Roundtables with the law enforcement chiefs and security 
directors of the largest 50 mass transit and passenger rail systems 
(by passenger volume) and Amtrak. These agencies account for more 
than 80 percent of all users of public transportation services 
nationally. The three-day sessions employ a workshop format to 
address specific issues pertaining to terrorism prevention and 
response. The collective expertise fosters the development of 
collaborative security solutions, informs setting of priorities for 
security programs, and advances the strategic priority of elevating 
the baseline level of security throughout the mass transit and 
passenger rail mode.
---------------------------------------------------------------------------

    In its general comments in response to the 2013 Notice, APTA 
asserted that ``the elements of the 9/11 Act are already addressed 
within the scope of security training programs throughout the public 
transportation industry.'' \152\ The American Public Transportation 
Association cited training required by 49 CFR 239.101 as evidence that 
they meet certain portions of the 9/11 Act. As noted in section III.G.1 
of this NPRM, 49 CFR part 239 (also known as the ``Passenger Train 
Emergency Preparedness Rule'') has a training requirement for rail 
equipment familiarization, situational awareness, coordination of 
functions, and `hands-on' instruction concerning the location, 
function, and operation of on-board emergency equipment.\153\ These 
requirements, which align with some of those in TSA's proposed rule, 
apply to many of the public transportation modes affected by the 
proposed rule (intercity passenger rail and commuter rail). Individual 
public transportation agencies--including a few that would be affected 
by the proposed rule-also provided comments on the type of training 
they currently implement for frontline employees. This training 
includes programs on security awareness and employee- and company-
specific training on their own security programs and measures (which 
employees have to take every two years). All of this information has 
led TSA to conclude that some PTPR owner/operators, either in 
compliance with other security rules or because the owner/operator 
makes security a priority, invest in security training for their 
frontline employees and, at minimum, cover the topics of security 
awareness, and employee- and company-specific security program and 
measures.
---------------------------------------------------------------------------

    \152\ APTA, ``RE: Docket No. TSA-2013-0005'' (Docket ID: TSA-
2013-0005-0114), available at https://www.regulations.gov/. Input 
the Docket ID ``TSA-2013-0005-0114'' into the blue ``Search'' field.
    \153\ Id.
---------------------------------------------------------------------------

D. Over-the-Road Buses

    TSA conducted a meeting with industry stakeholders in November 
2007. In July 2009, TSA met again with industry representatives. During 
the 2007 consultations, industry stakeholders included large motorcoach

[[Page 91370]]

operators and trade associations representing both large and small 
operators. In July 2009, TSA again met with representatives of the OTRB 
community and presented a series of issues on which TSA sought their 
individual opinions.
    In its response to the 2013 Notice, the American Bus Association 
(ABA) \154\ described the importance of the OTRB Security Grant Program 
in providing financial assistance to the industry for implementing 
security measures, such as equipment and training.\155\ According to 
the ABA, nearly 10 percent of the funding from the OTRB Security Grant 
Program went to security training. The OTRB Security Grant Program has 
since been discontinued and the ABA states that some security upgrades 
were not enacted because:
---------------------------------------------------------------------------

    \154\ The ABA describes itself as a trade association that is 
``home to some 850 bus operating companies and over 3,000 other 
companies, organizations and partnerships involved in providing 
transportation, tour and travel services to the traveling public.'' 
See ``Comments of the American Bus Association'' (Docket ID: TSA-
2013-0005-0119), available at https://www.regulations.gov/. Input 
the Docket ID ``TSA-2013-0005-0119'' into the blue ``Search'' field.
    \155\ Id.

    [T]he private bus industry was largely unable to pay for such 
upgrades. The inability to pay is a function of the small business 
nature of the industry, the huge number of bus operators with few 
resources and the inability of bus passengers to absorb any fare 
increases that could be used to pay for security upgrades.\156\
---------------------------------------------------------------------------

    \156\ Id.

    The ABA states that despite this loss in funding, two of the major 
private OTRB companies currently use ``Operation Secure Transport''--an 
OTRB-specific version of First ObserverTM--to train their 
``front line'' employees. This is validated by the comments provided by 
the private companies themselves. Additionally, according to comments 
from the OTRB Working Group of the Highway Motor Carrier SCC, ``all [of 
its] PAG members have supplied training to front line employees using 
Highway Watch, First ObserverTM, or Cat Eyes training.'' 
\157\ This group includes a third, major OTRB company. All of this 
information has led TSA to conclude that, at minimum, three of the 
larger OTRB companies currently use First ObserverTM to 
train their ``front line'' employees.
---------------------------------------------------------------------------

    \157\ Id.
---------------------------------------------------------------------------

E. Labor Unions

    In addition to inviting participation of labor union 
representatives in many of the mode-specific meetings, TSA also met 
specifically with labor unions as part of its stakeholder consultation 
process. In December 2007, TSA met with representatives of several 
labor unions. On November 3, 2009, TSA met with representatives from 
the Transportation Trades Department of the American Federation of 
Labor and Congress of Industrial Organizations, the International 
Brotherhood of Teamsters, the Brotherhood of Locomotive Engineers and 
the Amalgamated Transit Union to discuss the surface training issues.

V. Rulemaking Analyses and Notices

A. Paperwork Reduction Act

    The Paperwork Reduction Act of 1995 (PRA) \158\ requires that TSA 
consider the impact of paperwork and other information collection 
burdens imposed on the public and, under the provisions of PRA sec. 
3507(d), obtain approval from the OMB for each collection of 
information it conducts, sponsors, or requires through regulations.
---------------------------------------------------------------------------

    \158\ 44 U.S.C. 3501 et seq.
---------------------------------------------------------------------------

    Under OMB Control No. 1652-0051, OMB has approved a related 
information collection request for contact information for RSCs and 
alternate RSCs, as well as the reporting of significant security 
concerns by freight railroad carriers, passenger rail road carriers, 
and rail transit systems.
    This proposed rule contains new information collection activities 
subject to the PRA. Accordingly, TSA has submitted the following 
information requirements to OMB for its review. The OMB 83-I Supporting 
Statement for this information collection request is available in the 
docket for this rulemaking.
    Title: Security Training Programs for Surface Mode Employees.
    Summary: This proposed rule would require the following information 
collections:
    First, owner/operators identified in 49 CFR 1580.101, 1582.101, and 
1584.101 would be required to submit to TSA for approval a security 
training program for security-sensitive employees that meets the 
requirements of subpart B of 49 CFR part 1580, subpart B of 49 CFR part 
1582, and subpart B of 49 CFR part 1584.
    Second, respondents would be required to retain individual training 
records on security-sensitive employees at the location(s) specified in 
each respondent's respective security training program, and make such 
records available to TSA upon request.
    Third, the public transportation bus systems and OTRB owner/
operators to whom the proposed rule applies would be required to report 
significant security concerns, which includes incidents, suspicious 
activities, and/or threat information.
    Finally, the owner/operators to whom the proposed rule applies 
would be required to make their operations and records available for 
announced or unannounced inspections that would assess compliance with 
the NPRM.
    Use of: This proposal would support the information needs to 
evaluate security training programs against requirements set forth in 
the NPRM. Recordkeeping requirements would be used to verify employee 
training is in compliance with the proposed rule. Security coordinator 
information would support respondent communications with TSA concerning 
intelligence information, security related activities, and incident or 
threat response with appropriate law enforcement and emergency response 
agencies. The reporting of significant security concerns would support 
the analysis of trends and indicators of developing threats and 
potential terrorist activity. Finally, information collected through 
inspections would be used to enforce compliance with the proposed 
requirements.
    Respondents (including number of): The likely respondents to this 
information collection are the owners and/or operators of covered 
surface modes, which are estimated to incur approximately 1,374,501 
responses over the next 3 years (including 449,067 freight railroad 
responses; 673,033 PTPR responses; and 252,401 OTRB company responses), 
which amounts to an average annual cost of $657,370.
    Frequency: TSA estimates that following initial submission, 
security training programs would need to be periodically updated as 
appropriate. Security training records would need to be updated after 
each training occurrence. Security coordinator information would need 
to be updated as appropriate. Significant security concerns would be 
reported as they occur. TSA estimates inspections for compliance would 
occur at a rate of one inspection per year per owner/operator.
    Annual Burden Estimate: The average yearly burden for security 
training program development and submission, security coordinator 
submission, employee training documentation recordkeeping, and incident 
reporting is estimated to be 1,518 hours for freight railroads; 2,147 
hours for PTPRs; and 4,247 hours for OTRB companies. The total average 
annual time burden estimate is approximately 7,912 hours. Table 8 shows 
the information collections and corresponding hour

[[Page 91371]]

burdens for entities falling under the requirements of the proposed 
rule.

                                                              Table 8--PRA Hours of Burden
--------------------------------------------------------------------------------------------------------------------------------------------------------
                                                             Time per                   Number of responses                                   Average
                       Collection                            response    ------------------------------------------------   3-Year time     annual time
                                                              (hours)         Year 1          Year 2          Year 3          burden          burden
--------------------------------------------------------------------------------------------------------------------------------------------------------
                                              Initial Security Training Program Development and Submission
--------------------------------------------------------------------------------------------------------------------------------------------------------
Freight Rail............................................              52              36               0               0           1,872             624
PTPR....................................................              52              47               0               0           2,444             815
OTRB (Large to Medium)..................................              32              28               0               1             928             309
OTRB (Small)............................................              16             174               3               3           2,883             961
--------------------------------------------------------------------------------------------------------------------------------------------------------
                                              Modified Security Training Program Development and Submission
--------------------------------------------------------------------------------------------------------------------------------------------------------
Freight Rail............................................              25              32               0               0             810             270
PTPR....................................................              25              21               0               0             518             173
OTRB (Large to Medium)..................................              16              25               0               0             418             139
OTRB (Small)............................................               8             157               3               3           1,297             432
--------------------------------------------------------------------------------------------------------------------------------------------------------
                                                       Security Coordinator Information Submission
--------------------------------------------------------------------------------------------------------------------------------------------------------
PTPR....................................................             0.5              52               8               8              35              12
OTRB....................................................             0.5             459             178             181             409             136
--------------------------------------------------------------------------------------------------------------------------------------------------------
                                                      Employee Training Documentation Recordkeeping
--------------------------------------------------------------------------------------------------------------------------------------------------------
Freight Rail............................................           0.004         148,992         149,665         150,341           1,871             624
PTPR....................................................           0.004         219,437         219,646         219,856           2,746             915
OTRB....................................................           0.004          41,300          41,824          42,355             523             174
--------------------------------------------------------------------------------------------------------------------------------------------------------
                                                                   Incident Reporting
--------------------------------------------------------------------------------------------------------------------------------------------------------
PTPR....................................................            0.05           4,652           4,652           4,652             698             233
OTRB....................................................            0.05          41,173          41,898          42,635           6,285           2,095
                                                         -----------------------------------------------------------------------------------------------
    Total Burden (responses)............................  ..............  ..............  ..............  ..............       1,374,501  ..............
                                                         -----------------------------------------------------------------------------------------------
    Total Burden (hours)................................  ..............  ..............  ..............  ..............          23,735           7,912
--------------------------------------------------------------------------------------------------------------------------------------------------------

    TSA is soliciting comments to--
    (1) Evaluate whether the proposed information requirement is 
necessary for the proper performance of the functions of the agency, 
including whether the information would have practical utility;
    (2) Evaluate the accuracy of the agency's estimate of the burden;
    (3) Enhance the quality, utility, and clarity of the information to 
be collected; and
    (4) Minimize the burden of the collection of information on those 
who are to respond, including using appropriate automated, electronic, 
mechanical, or other technological collection techniques or other forms 
of information technology.
    Individuals and organizations may submit comments on the 
information collection requirements by February 14, 2017. Direct the 
comments to the address listed in the ADDRESSES section of this 
document, and email your comments to OMB using the following address: 
OIRA_submission@omb.eop.gov. A comment to OMB is most effective if OMB 
receives it within 30 days of publication. TSA will publish the OMB 
control number for this information collection in the Federal Register 
after OMB approves it.
    As provided by the PRA, as amended, an agency may not conduct or 
sponsor, and a person is not required to respond to, a collection of 
information unless it displays a currently valid OMB control number.

B. Economic Impact Analyses

1. Regulatory Impact Analysis Summary
    Changes to Federal regulations must undergo several economic 
analyses. First, Executive Order (E.O.) 12866, Regulatory Planning and 
Review,\159\ as supplemented by E.O. 13563, Improving Regulation and 
Regulatory Review,\160\ directs each Federal agency to propose or adopt 
a regulation only upon a reasoned determination that the benefits of 
the intended regulation justify its costs. Second, the Regulatory 
Flexibility Act of 1980 (RFA) \161\ requires agencies to consider the 
economic impact of regulatory changes on small entities. Third, the 
Trade Agreement Act of 1979 \162\ prohibits agencies from setting 
standards that create unnecessary obstacles to the foreign commerce of 
the United States. Fourth, the Unfunded Mandates Reform Act of 1995 
\163\ (UMRA) requires agencies to prepare a written assessment of the 
costs, benefits, and other effects of proposed or final rules that 
include a Federal mandate likely to result in the expenditure by State, 
local, or tribal governments, in the aggregate, or by the private 
sector, of $100 million or more annually (adjusted for inflation).
---------------------------------------------------------------------------

    \159\ 58 FR 51735 (Oct. 4, 1993).
    \160\ 76 FR 3821 (Jan. 21, 2011).
    \161\ Public Law 96-354, 94 Stat. 1164 (Sept. 19, 1980) 
(codified at 5 U.S.C. 601 et seq., as amended by the Small Business 
Regulatory Enforcement Fairness Act of 1996 (SBREFA)).
    \162\ Public Law 96-39, 93 Stat. 144 (July 26, 1979) (codified 
at 19 U.S.C. 2531-2533).
    \163\ Public Law 104-4, 109 Stat. 66 (Mar. 22, 1995) (codified 
at 2 U.S.C. 1181-1538).

---------------------------------------------------------------------------

[[Page 91372]]

2. Executive Orders 12866 and 13563 Assessments
    Executive Orders 12866 and 13563 direct agencies to assess the 
costs and benefits of available regulatory alternatives and, if 
regulation is necessary, to select regulatory approaches that maximize 
net benefits (including potential economic, environmental, public 
health and safety effects, distributive impacts, and equity). Executive 
Order 13563 emphasizes the importance of quantifying both costs and 
benefits, of reducing costs, of harmonizing rules, and of promoting 
flexibility.
    In conducting these analyses, TSA has determined:
    1. This rulemaking is a ``significant regulatory action,'' although 
not an economically significant regulatory action, under sec. 3(f) of 
E.O. 12866. Accordingly, the Office of Management and Budget (OMB) has 
reviewed this NPRM.
    2. TSA has prepared an Initial Regulatory Flexibility Analysis 
(IRFA), which suggests this rulemaking would have a significant impact 
on a substantial number of small entities.
    3. This rulemaking would not constitute a barrier to international 
trade.
    4. This rulemaking does not impose an unfunded mandate on State, 
local, or tribal governments, or on the private sector under UMRA.
    TSA has prepared an analysis of its estimated costs and benefits, 
summarized in the following paragraphs. The OMB Circular A-4 Accounting 
Statement for this proposed rule is in section V.C. When estimating the 
cost of a rulemaking, agencies typically estimate future expected costs 
imposed by a regulation over a period of analysis. For this rule's 
period of analysis, TSA uses a 10-year period of analysis to estimate 
the initial and recurring costs of the regulated surface mode owner/
operators and new owner/operators that are expected due to industry 
growth.
    TSA concluded the following about the current, or baseline, 
training environment for freight rail, public transportation and 
passenger railroad (PTPR), and OTRB employees (see section 1.9 of the 
RIA placed in the docket for further detailed information on the 
current baseline):
    There are 574 U.S. freight rail owners/operators and are composed 
of 7 Class I, 21 Class II, and 546 Class III railroads.\164\ A total of 
36 (7 Class I, 8 Class II, and 21 Class III) out of the 574 U.S. 
freight rail owner/operators carry RSSM through an HTUA and would be 
affected by the proposed rule.\165\ These 36 freight rail owner/
operators provide security awareness \166\ and chain of custody and 
control \167\ trainings to their employees. These trainings address two 
of the required elements of security training required by the proposed 
rule in Sec.  1580.115 (Security training and knowledge for security-
sensitive employees: Prepare and Assess). Additionally, freight rail 
owner/operators are already required to comply with the requirements to 
assign security coordinators and report significant security concerns 
to TSA under current 49 CFR 1580. Table 9 below displays the 
requirements of the proposed rule for freight rail. The check marked 
items in the table represent existing requirements under PHMSA 49 CFR 
172.704 and 1580.107, therefore do not represent additional burden to 
the freight rail owners/operators.
---------------------------------------------------------------------------

    \164\ AAR, ``Railroad Facts, 2015 Edition,'' at 3 (2015).
    \165\ TSA used its railcar tracking system that monitors toxic 
inhalant hazard cars, the Toxic Inhalation Hazard Risk Reduction 
Verification System, (TIHRRVS) to identify freight rail owner/
operators.
    \166\ As required by PHMSA 49 CFR 172.704.
    \167\ In place because of the chain of custody requirement in 49 
CFR 1580.107.
[GRAPHIC] [TIFF OMITTED] TP16DE16.015

    There are more than 7,100 public transportation organizations.\168\ 
Of these, 47 PTPR owner/operators \169\ fall within the applicability 
of the proposed rule. Twenty-four of these 47 PTPR owner/operators 
effectively provide training to their employees on security awareness 
and employee- and company-specific security programs and measures.\170\ 
These trainings address two of the required elements of security 
training required by the proposed rule in Sec.  1582.115 (Security 
training and knowledge for security-sensitive employees: Prepare and 
Assess). Additionally, 23 PTPR owner/operators are already required to 
comply with the requirements to assign security coordinators and report 
significant security concerns to TSA under current 49 CFR 1580. Table 
10 below displays the requirements of the proposed rule for PTPRs. The 
check marked items in the table represent existing requirements under 
49 CFR 1580 and, therefore do not represent additional burden to the 
freight rail owners/operators.
---------------------------------------------------------------------------

    \168\ APTA, ``2014 Public Transportation Fact Book'' (Nov. 
2014), available at https://www.apta.com/resources/statistics/Documents/FactBook/2014-APTA-Fact-Book.pdf.
    \169\ TSA elicited and used input from SMEs in its Surface 
Division, combined with data from the Federal Transit 
Administration's (FTA) National Transit Database (NTD) to identify 
the 47 PTPR owner/operators.
    \170\ Agencies identified using latest evaluation from TSA's 
BASE assessment. Information on BASE assessment can be found here: 
https://www.tsa.gov/news/top-stories/2015/09/21/transit-agencies-earn-high-ratings-through-base-program.

---------------------------------------------------------------------------

[[Page 91373]]

[GRAPHIC] [TIFF OMITTED] TP16DE16.016

    There are 3,741 U.S. companies in the motorcoach industry.\171\ Of 
these, 202 of them \172\ fall within the applicability of the proposed 
rule. Three of the 202 are large OTRB companies that currently use the 
TSA-supplied First ObserverTM program, which covers a 
majority of the 9/11 Act security training requirements, to train their 
employees. This training addresses three of the security training 
elements of this proposed rule Sec.  1584.115 (Security training and 
knowledge for security-sensitive employees: Observe, Assess, and 
Respond). Table 11 displays the requirements of this proposed rule for 
OTRB owner/operators. The check marked items in the table represent the 
training components already covered by the First ObserverTM 
program and, therefore do not represent additional burden to the ORTB 
owners/operators currently using this program compared to the ``no-
action'' baseline.\173\ In Appendix A of the RIA, however, TSA has also 
monetized the cost of their current participation in First 
ObserverTM. TSA estimated this cost at $0.36 million to 
these owner/operators over 10 years (discounted at 7 percent).\174\
---------------------------------------------------------------------------

    \171\ American Bus Association Foundation, ``Motorcoach Census 
2014'' (Mar. 12, 2015), available at https://www.buses.org/assets/images/uploads/general/Report%20-%20Census2013data.pdf.
    \172\ TSA relied on a variety of sources to identify the 202 
owner/operators: TSA Intercity Bus Security Grant Program (IBSGP) 
applications, the American Intercity Bus Riders Association (AIBRA) 
intercity bus service operator list, consultations with ABA, and 
Internet research of Web sites like GotoBus.com and other publicly 
available sources of information.
    \173\ OMB, ``Circular A-4,'' at 2 (Sept. 17, 2003), available at 
https://www.whitehouse.gov/sites/default/files/omb/assets/regulatory_matters_pdf/a-4.pdf (``Benefits and costs are defined in 
comparison with a clearly stated alternative. This normally will be 
a `no action' baseline: What the world will be like if the proposed 
rule is not adopted.'').
    \174\ OMB also requires TSA to consider a ``pre-statute'' 
baseline. Id. at 16. Costs of First ObserverTM have 
accrued since passage of the 9/11 Act and are part of this ``pre-
statute'' baseline.
[GRAPHIC] [TIFF OMITTED] TP16DE16.017

    TSA summarizes the costs of the proposed rule to be borne by four 
affected parties: Freight railroad owner/operators, PTPR owner/
operators, OTRB owner/operators, and TSA. As displayed in Table 12, TSA 
estimates

[[Page 91374]]

the 10-year total cost of this proposed rule to be $222.80 million 
undiscounted, $190.45 million discounted at 3 percent, and $157.27 
million discounted at 7 percent. The costs to industry (all three 
surface modes) comprise approximately 99 percent of the total costs of 
the rule; and the remaining costs are incurred by TSA.

                                                   Table 12--Total Cost of the Proposed Rule by Entity
                                                                      [$ millions]
--------------------------------------------------------------------------------------------------------------------------------------------------------
                                                                                                                     Total proposed rule cost
                                                                                                         -----------------------------------------------
                  Year                     Freight rail        PTPR            OTRB             TSA                        Discounted at   Discounted at
                                                                                                           Undiscounted         3%              7%
--------------------------------------------------------------------------------------------------------------------------------------------------------
1.......................................          $14.51           $9.29           $2.04           $0.52          $26.35          $25.59          $24.63
2.......................................           14.37            5.84            1.62            0.12           21.95           20.69           19.17
3.......................................            8.68            9.06            1.47            0.13           19.33           17.69           15.78
4.......................................           14.50            5.85            1.66            0.13           22.13           19.67           16.89
5.......................................           14.56            9.08            1.68            0.13           25.45           21.95           18.15
6.......................................            8.93            6.00            1.82            0.18           16.93           14.18           11.28
7.......................................           14.69            9.10            1.73            0.13           25.65           20.86           15.98
8.......................................           14.76            5.87            1.76            0.14           22.66           17.78           13.11
9.......................................            8.92            9.11            1.60            0.14           19.76           15.15           10.75
10......................................           14.89            5.88            1.80            0.14           22.71           16.91           11.55
                                         ---------------------------------------------------------------------------------------------------------------
    Total...............................          128.80           75.08           17.17            1.75          222.80          190.45          157.27
    Annualized..........................  ..............  ..............  ..............  ..............  ..............           22.33           22.39
--------------------------------------------------------------------------------------------------------------------------------------------------------
Note: Totals may not add due to rounding.

    TSA estimates the 10-year costs to the freight railroad industry to 
be $128.80 million undiscounted, $110.00 million discounted at 3 
percent, and $90.74 million discounted at 7 percent, as displayed by 
cost categories in Table 13.
[GRAPHIC] [TIFF OMITTED] TP16DE16.018

    TSA estimates the 10-year costs to the PTPR industry to be $75.08 
million undiscounted, $64.26 million discounted at 3 percent, and 
$53.14 million discounted at 7 percent, as displayed by cost categories 
in Table 14.

[[Page 91375]]

[GRAPHIC] [TIFF OMITTED] TP16DE16.019

    TSA estimates the 10-year costs to the OTRB industry to be $17.17 
million undiscounted, $14.65 million discounted at 3 percent, and 
$12.08 million discounted at 7 percent, as displayed by cost categories 
in Table 15.
[GRAPHIC] [TIFF OMITTED] TP16DE16.020

    TSA estimates the 10-year costs to TSA to be $1.75 million 
undiscounted, $1.54 million discounted at 3 percent, and $1.31 million 
discounted at 7 percent, as displayed by cost categories in Table 16.

[[Page 91376]]

[GRAPHIC] [TIFF OMITTED] TP16DE16.021

    The proposed rule would enhance surface transportation security by 
reducing vulnerability to terrorist attacks in four different ways. 
First, the surface transportation employees in each of the three 
covered modes would be trained to identify security vulnerabilities. 
Second, these surface transportation employees would be better trained 
to recognize potentially threatening behavior and properly report that 
information. Third, these surface employees would be trained to respond 
to incidents, thereby mitigating the consequences of an attack. 
Finally, the covered surface transportation owner/operators would be 
required to report significant security concerns to TSA so that TSA can 
analyze potential threats across all modes.
    While training is not an absolute deterrent for terrorists intent 
on carrying out attacks on surface modes of transportation, TSA expects 
the probability of success for such attacks to decrease if security-
sensitive employees within these transportation modes are trained in 
the elements required under the proposed rule.
    TSA uses a break-even analysis to frame the relationship between 
the potential benefits of the proposed rule and the costs of 
implementing the rule. When it is not possible to quantify or monetize 
a majority of the incremental benefits of a regulation, OMB recommends 
conducting a threshold, or ``break-even'' analysis. According to OMB 
Circular No. A-4, ``Regulatory Analysis,'' such an analysis answers the 
question ``How small could the value of the non-qualified benefits be 
(or how large would the value of the non-quantified costs need to be) 
before the rule would yield zero net benefits?'' \175\
---------------------------------------------------------------------------

    \175\ See id.
---------------------------------------------------------------------------

    To conduct the break-even analysis, TSA evaluates three composite 
scenarios for each the three modes covered by the proposed rule. For 
each scenario, TSA calculates a total monetary consequence from an 
estimated statistical value of the human casualties and capital 
replacement resulting from the attack (see Section 4.3 of the Surface 
Training Program for Surface Mode Employees Regulatory Impact Analysis 
for a more detailed description of these calculations however many 
assumptions regarding specific terrorist attacks scenarios are SSI and 
cannot be publically released).
    Table 17 presents the composite or weighted average of direct 
consequences from a successful attack on each mode.

[[Page 91377]]

[GRAPHIC] [TIFF OMITTED] TP16DE16.022

    TSA compared the estimated direct monetary costs of an attack to 
the annualized cost (discounted at 7 percent) to industry and TSA from 
the proposed rule for each mode to estimate how often an attack of that 
nature would need to be averted for the expected benefits to equal 
estimated costs. Table 18 presents the results of the break-even 
analysis for each mode. For example, Table 18 shows that if the freight 
rail training requirements in this rule prevents one freight rail 
terrorist attack every 96 years, this rule ``breaks-even'' (the 
benefits equal the costs).
---------------------------------------------------------------------------

    \176\ As explained in the RIA in the docket, to monetize 
injuries, TSA used two approaches (depending on whether the injury 
was due to exposure to hazardous chemicals). To monetize ``non-
chemical'' injuries, TSA uses guidance from the Department of 
Transportation for valuing injuries based on the Abbreviated Injury 
Scale. To monetize chemical-related injuries, TSA obtained 
information on the cost of medical treatment for poisoning injuries.
    \177\ Total Direct Consequences = (Deaths x $9.1 million VSL) + 
(Severe injuries x $2.42 million) + (Moderate injuries x $0.43 
million) + (Severe chemical injuries x $42,462) + (Moderate chemical 
injuries x $1,563) + Public property loss + Private property loss + 
Rescue and clean-up cost.
---------------------------------------------------------------------------

    The break-even analysis does not include the difficult to quantify 
indirect costs of an attack or the macroeconomic impacts that could 
occur due to a major attack. In addition to the direct impacts of a 
terrorist attack in terms of lost life and property, there are other 
more indirect impacts that are difficult to measure. As noted by Cass 
Sunstein in the Laws of Fear, ``. . . fear is a real social cost, and 
it is likely to lead to other social costs.'' \178\ In addition, 
Ackerman and Heinzerling state ``. . . terrorism `works' through the 
fear and demoralization caused by uncontrollable uncertainty.'' \179\ 
As devastating as the direct impacts of a successful terrorist attack 
can be in terms of the immediate loss of life and property, avoiding 
the impacts of the more difficult to measure indirect effects are also 
substantial benefits of preventing a terrorist attack.
---------------------------------------------------------------------------

    \178\ Cass R. Sunstein, ``Laws of Fear,'' at 127 (2005).
    \179\ Frank Ackerman and Lisa Heinzerling, ``Priceless On 
Knowing the Price of Everything and the Value of Nothing,'' at 136 
(2004).

                                      Table 18--Break-Even Analysis Results
                                                  [$ millions]
----------------------------------------------------------------------------------------------------------------
                                                   Weighted
                                                average direct    Annualized
                     Modes                        costs of a      cost of the       Breakeven averted attack
                                                  successful     proposed rule        frequency  c = a / b
                                                   attack  a       at 7%  b
----------------------------------------------------------------------------------------------------------------
Freight Rail..................................       $1,218.92          $12.94  One attack every 94 years.
PTPR..........................................          613.19            7.60  One attack every 81 years.
OTRB..........................................          679.02            1.86  One attack every 365 years.
----------------------------------------------------------------------------------------------------------------
Note: Totals may not add due to rounding.

3. OMB A-4 Statement
    The OMB A-4 Accounting Statement (in Table 19) presents annualized 
costs and qualitative benefits of the proposed rule.

[[Page 91378]]



                                    Table 19--OMB A-4 $ Accounting Statement
                                          [in $ millions, 2015 dollars]
----------------------------------------------------------------------------------------------------------------
                                                                                              Source citation
           Category             Primary  estimate   Minimum  estimate   Maximum  estimate       (final RIA,
                                                                                              preamble, etc.)
----------------------------------------------------------------------------------------------------------------
                                  Benefits ($ millions)
----------------------------------------------------------------------------------------------------------------
Annualized monetized benefits  ..................  ..................  ..................  NPRM RIA.
 (discount rate in
 parentheses).
                              ------------------------------------------------------------
Unquantified benefits........     The requirements proposed in this rule, if finalized,    NPRM RIA.
                                   produce benefits by reducing security risks through
                                  training security-sensitive surface mode employees to
                                 identify and/or mitigate an attempted terrorist attack.
----------------------------------------------------------------------------------------------------------------
                                    Costs ($ millions)
----------------------------------------------------------------------------------------------------------------
Annualized monetized costs     (7%) $22.39         ..................  ..................  NPRM RIA.
 (discount rate in             (3%) $22.33
 parentheses).
Annualized quantified, but     0                   0                   0                   NPRM RIA.
 unmonetized, costs.
                              ------------------------------------------------------------
Qualitative costs                                          N/A                             NPRM RIA.
 (unquantified).
----------------------------------------------------------------------------------------------------------------
                                        Transfers
----------------------------------------------------------------------------------------------------------------
Annualized monetized           0                   0                   0                   NPRM RIA.
 transfers: ``on budget''.
From whom to whom?...........  N/A                 N/A                 N/A                 None.
Annualized monetized           0                   0                   0                   NPRM RIA.
 transfers: ``off-budget''.
From whom to whom?...........  N/A                 N/A                 N/A                 None.
----------------------------------------------------------------------------------------------------------------
   Miscellaneous Analyses/                               Effects                           Source Citation (NPRM
           Category                                                                         RIA, preamble,
                                                                                            etc.).
----------------------------------------------------------------------------------------------------------------
Effects on State, local, and/                             None                             NPRM RIA.
 or tribal governments.
Effects on small businesses..                         Prepared IRFA                        IRFA.
Effects on wages.............                             None                             None.
Effects on growth............                             None                             None.
----------------------------------------------------------------------------------------------------------------

4. Alternatives Considered
    In addition to the proposed rule, TSA also considered two 
alternative policies. As discussed in section III.K of this NPRM, the 
first alternative (Alternative 1) only includes requirements that are 
statutory according to the 9/11 Act.\180\ The second alternative 
(Alternative 2) expands the population of owners/operators to all who 
operate within the UASI--which includes the entire metropolitan 
statistical area--and requires them to develop their own training 
program. This would be the case if First Observer PlusTM 
were not made available to owner/operators or if the owners/operators 
would not adopt First Observer PlusTM. This alternative was 
considered in the early stages of this proposed rule when the First 
ObserverTM program was still in development. Notionally, an 
owner/operator-developed training program would provide a marginal 
increase in effectiveness over a ``one size fits all'' training program 
because it would be customized to the individual owner/operator and 
take into account the unique security and structural characteristics 
inherent in a large and complicated system like a transportation 
network.
---------------------------------------------------------------------------

    \180\ Table 59 in the RIA found in the docket provides a 
section-by section analysis of which regulatory provisions are 
statutorily required and which provisions are discretionary.
---------------------------------------------------------------------------

    Though not the least costly option, TSA selects the proposed rule 
as its preferred alternative because TSA recommends that all surface 
mode employees be refreshed on their security training objectives 
annually, in an abbreviated method at the very least. TSA recognizes 
recurrent training as essential to maintaining a high level of security 
awareness. The 9/11 Act recognizes this as well by requiring routine 
and ongoing training for public transportation employees. Congress has 
left it to the discretion of TSA to determine the appropriate schedule 
for recurrent training. TSA believes that annual training is essential 
for maintaining a high level of security awareness among surface 
transportation employees. TSA's goal is to ensure the expected baseline 
of security awareness is reached and maintained across the higher-risk 
systems and will work with the owner/operators as necessary to ensure 
that goal is accomplished.
    Additionally, the affected population for the proposed rule (and 
Alternative 1) is based on a risk assessment on these modes of 
transportation (for more detail see preamble section III.B.). TSA 
reviewed the scope of the relevant industries and the security risks 
associated with each. This assessment considers not only threat (as 
informed by intelligence), but also the potential consequences of a 
terrorist attack on a system or vehicle(s) and the vulnerabilities 
inherent in the design and/or operation of these systems and vehicles. 
Both the proposed rule and Alternative 1 target higher-risk areas or 
transportation systems as opposed to Alternative 2, which covers a 
broader population and sets its parameters by other industry 
characteristics. The reasons for rejecting Alternative 2 are discussed 
in section III.D. of this NPRM. For these reasons, TSA has chosen the 
proposed rule as its preferred alternative. Table 20 presents a

[[Page 91379]]

comparison of the costs by cost component for industry and TSA for the 
proposed rule and both alternatives.
[GRAPHIC] [TIFF OMITTED] TP16DE16.023


[[Page 91380]]


[GRAPHIC] [TIFF OMITTED] TP16DE16.024

5. Regulatory Flexibility Assessment
    The Regulatory Flexibility Act (RFA) of 1980 requires agencies to 
consider the impacts of their rules on small entities. TSA performed an 
Initial Regulatory Flexibility Analysis (IRFA) to analyze the impact to 
small entities affected by the proposed rule. See the RIA in the docket 
for the full IRFA. A summary of the RFA is below.
    Under the RFA, the term ``small entities'' comprises small 
businesses, not-for-profit organizations that are independently owned 
and operated and are not dominant in their fields, and small 
governmental jurisdictions with populations of less than 50,000. 
Individuals and States are not considered ``small entities'' based on 
the definitions in the RFA (5 U.S.C. 601).
    The PTPR owner/operators affected by this proposed rule are not 
considered small because they are either owned/operated by governmental 
jurisdictions that exceed the RFA population threshold of 50,000 or a 
business that exceeds the SBA size threshold. Only freight rail and 
OTRB owner/operators have small entities that may be affected by the 
proposed rule. TSA uses the Small Business Administration's (SBA) size 
standards to identify that 13 freight rail owner/operators affected by 
the proposed rule are considered a small business. TSA calculates that 
proposed rule's requirements are estimated to cost $68.78 per employee 
and $6,068.49 per entity to these freight rail owner/operators. Of 
these 13 small freight rail owner/operators, TSA estimates that only 
one of them would have an impact to revenue greater that 1 percent. For 
OTRBs, TSA uses SBA's threshold to estimate that 174 OTRB owner/
operators affected by the proposed rule are considered a small 
business. TSA calculates that the proposed rule's requirements are 
estimated to cost $33.41 per employee and $3,347.67 per entity to these 
OTRB owner/operators. Of these 174 small OTRB owner/operators, TSA 
estimates that 20 of them would have an impact to revenue greater than 
1 percent.
    TSA considered two alternative policies in addition to the proposed 
rule. As discussed in section III.K of this NPRM and section 5.1 of the 
RIA, the first alternative (Alternative 1) only includes requirements 
that are statutory according to the 9/11 Act. This alternative would 
remain applicable to the same population of the proposed rule, but 
would only require owner/operators to train security-sensitive 
employees according to statutory guidelines set in the 9/11 Act. In 
Alternative 1, recurrent training is required only once every three 
years--similar to other training requirements of transportation modes--
because the 9/11 Act does not require annual recurrent training as TSA 
does in the proposed rule.
    As discussed in section III.F(1)(2)(3) of this NPRM (Alternatives 
Considered) and section 5.2 of the RIA, the second alternative 
(Alternative 2) expands the population of owners/operators to all who 
operate within the UASI--which includes the entire metropolitan 
statistical area-and requires them to develop their own training 
program. TSA considered Alternative 2 while the First 
ObserverTM program was still in development.
    TSA chose the proposed rule as its preferred alternative, thus 
rejecting Alternative 1, because TSA recommends that all surface mode 
employees be refreshed on their security training objectives annually. 
TSA recognizes recurrent training as essential to maintaining a high 
level of security awareness. TSA's objective is to ensure the expected 
baseline of security

[[Page 91381]]

awareness is reached and maintained across the higher-risk systems and 
will work with the owner/operators as necessary to ensure that goal is 
accomplished. TSA has met this objective by developing First Observer 
PlusTM. TSA intends for the training content in First 
Observer PlusTM to align with most of the regulatory 
requirements in a final rule. This resource will be provided free to 
owner/operators so that they may comply with the proposed rule at 
minimized costs.
    Additionally, the affected population for the proposed rule (and 
Alternative 1) is based on a risk assessment on these modes of 
transportation (for more detail see section III.B of this NPRM). TSA 
reviewed the scope of the relevant industries and the security risks 
associated with each. This assessment considers not only threat (as 
informed by intelligence), but also the potential consequences of a 
terrorist attack on a system or vehicle(s) and the vulnerabilities 
inherent in the design and/or operation of these systems and vehicles. 
Both the proposed rule and Alternative 1 target higher-risk areas or 
transportation systems as opposed to Alternative 2, which covers a 
broader population and sets its parameters by other industry 
characteristics. Alternative 2 leads to higher costs to small entities 
not necessarily considered higher-risk. TSA rejected Alternative 2 
because the agency has determined that the proposed rule better aligns 
with its commitment to risk-based security policy and outcomes-based 
regulation and because it would impose a higher cost to small entities 
outside the higher-risk profile.
    TSA invites all interested parties to submit data and information 
regarding the potential economic impact on small entities that would 
result from the adoption of the proposed requirements in the proposed 
rule.
6. International Trade Impact Assessment
    The Trade Agreement Act of 1979 prohibits Federal agencies from 
establishing any standards or engaging in related activities that 
create unnecessary obstacles to the foreign commerce of the United 
States. Legitimate domestic objectives, such as safety, are not 
considered unnecessary obstacles. The statute also requires 
consideration of international standards and, where appropriate, that 
they be the basis for U.S. standards. TSA has assessed the potential 
effect of this proposed rule and has determined that it would have only 
a domestic impact and therefore no effect on any trade-sensitive 
activity.
7. Unfunded Mandates Assessment
    The Unfunded Mandates Reform Act of 1995 (UMRA) is intended, among 
other things, to curb the practice of imposing unfunded Federal 
mandates on State, local, and tribal governments. Title II of the UMRA 
requires each Federal agency to prepare a written statement assessing 
the effects of any Federal mandate in a proposed or final agency rule 
that may result in a $100 million or more expenditure (adjusted 
annually for inflation) in any one year by State, local, and tribal 
governments, in the aggregate, or by the private sector; such a mandate 
is deemed to be a ``significant regulatory action.''
    This proposed rule does not contain such a mandate. The 
requirements of Title II of the UMRA, therefore, do not apply and TSA 
has not prepared a statement.

C. Executive Order 13132, Federalism

    TSA has analyzed this rulemaking under the principles and criteria 
of Executive Order 13132, Federalism. We determined that this action 
would not have a substantial direct effect on the States, on the 
relationship between the National Government and the States, or on the 
distribution of power and responsibilities among the various levels of 
government, and therefore would not have federalism implications.

D. Environmental Analysis

    TSA has reviewed this rulemaking for purposes of the National 
Environmental Policy Act of 1969 (NEPA) (42 U.S.C. 4321-4347) and has 
determined that this action will not have a significant effect on the 
human environment. This action is covered by categorical exclusion 
(CATEX) number A3(b) in DHS Management Directive 023-01 (formerly 
Management Directive 5100.1), Environmental Planning Program, which 
guides TSA compliance with NEPA.

E. Energy Impact Analysis

    The energy impact of this rulemaking has been assessed in 
accordance with the Energy Policy and Conservation Act (EPCA), Public 
Law 94-163, as amended (42 U.S.C. 6362). TSA has determined that this 
rulemaking is not a major regulatory action under the provisions of the 
EPCA.

List of Subjects

49 CFR Part 1500

    Air carriers, Air transportation, Aircraft, Airports, Bus transit 
systems, Commuter bus systems, Law enforcement officer, Maritime 
carriers, Over-the-Road buses, Public transportation, Rail hazardous 
materials receivers, Rail hazardous materials shippers, Rail transit 
systems, Railroad carriers, Railroad safety, Railroads, Reporting and 
recordkeeping requirements, Security measures, Transportation facility, 
Vessels.

49 CFR Part 1520

    Air carriers, Air transportation, Aircraft, Airports, Bus transit 
systems, Commuter bus systems, Law enforcement officer, Maritime 
carriers, Over-the-Road buses, Public transportation, Rail hazardous 
materials receivers, Rail hazardous materials shippers, Rail transit 
systems, Railroad carriers, Railroad safety, Railroads, Reporting and 
recordkeeping requirements, Security measures, Transportation facility, 
Vessels.

49 CFR Part 1570

    Commuter bus systems, Crime, Fraud, Hazardous materials 
transportation, Motor carriers, Over-the-Road bus safety, Over-the-Road 
buses, Public transportation, Public transportation safety, Rail 
hazardous materials receivers, Rail hazardous materials shippers, Rail 
transit systems, Railroad carriers, Railroad safety, Railroads, 
Reporting and recordkeeping requirements, Security measures, 
Transportation facility, Transportation Security-Sensitive Materials.

49 CFR Part 1580

    Hazardous materials transportation, Rail hazardous materials 
receivers, Rail hazardous materials shippers, Railroad carriers, 
Railroad safety, Railroads, Reporting and recordkeeping requirements, 
Security measures.

49 CFR Part 1582

    Public transportation, Public transportation safety, Railroad 
carriers, Railroad safety, Railroads, Rail transit systems, Reporting 
and recordkeeping requirements, Security measures.

49 CFR Part 1584

    Over-the-Road bus safety, Over-the-Road buses, Reporting and 
recordkeeping requirements, Security measures.

The Proposed Amendments

    For the reasons set forth in the preamble, the Transportation 
Security Administration proposes to amend Chapter XII, of Title 49, 
Code of Federal Regulations to read as follows:

[[Page 91382]]

SUBCHAPTER A--ADMINISTRATIVE AND PROCEDURAL RULES

PART 1500--APPLICABILITY, TERMS, AND ABBREVIATIONS

0
1. The authority citation for part 1500 is revised to read as follows:

    Authority:  6 U.S.C. 1137, 1151, 1167, and 1184; 49 U.S.C. 114, 
5103, 40113, 44901-44907, 44913-44914, 44916-44918, 44935-44936, 
44942, 46105.

0
2. Revise Sec.  1500.3 to read as follows:


Sec.  1500.3  Terms and abbreviations used in this chapter.

    As used in this chapter:
    Administrator means the Assistant Secretary for Homeland Security, 
Transportation Security Administration (Assistant Secretary), who is 
the highest-ranking TSA official, or his or her designee. Administrator 
also means the Under Secretary of Transportation for Security 
identified in 49 U.S.C. 114(b).
    Authorized representative means any individual who is not a direct 
employee of a person regulated under this title, but is authorized to 
act on that person's behalf to perform measures required under the 
Transportation Security Regulations, or a TSA security program. For 
purposes of this subchapter, the term ``authorized representative'' 
includes agents, contractors, and subcontractors, and employees of the 
same.
    Bus means any of several types of motor vehicles used by public or 
private entities to provide transportation service for passengers.
    Bus transit system means a public transportation system providing 
frequent transportation service (not limited to morning and evening 
peak travel times) for the primary purpose of moving passengers between 
bus stops, often through multiple connections (a bus transit system 
does not become a commuter bus system even if its primary purpose is 
the transportation of commuters). This term does not include tourist, 
scenic, historic, or excursion operations.
    Commuter bus system means a system providing passenger service 
primarily during morning and evening peak periods, between an urban 
area and more distant outlying communities in a greater metropolitan 
area. This term does not include tourist, scenic, historic, or 
excursion operations.
    Commuter passenger train service means ``train, commuter'' as 
defined in 49 CFR 238.5, and includes service provided by diesel or 
electric powered locomotives and railroad passenger cars to serve an 
urban area, its suburbs, and more distant outlying communities in the 
greater metropolitan area. A commuter passenger train service is part 
of the general railroad system of transportation regardless of whether 
it is physically connected to other railroads.
    DHS means the Department of Homeland Security and any directorate, 
bureau, or other component within the Department of Homeland Security, 
including the United States Coast Guard.
    DOT means the Department of Transportation and any operating 
administration, entity, or office within the Department of 
Transportation.
    Fixed-route service means the provision of transportation service 
by private entities operated along a prescribed route according to a 
fixed schedule.
    General railroad system of transportation means ``the network of 
standard gauge track over which goods may be transported throughout the 
nation and passengers may travel between cities and within metropolitan 
and suburban areas'' as defined in Appendix A to 49 CFR part 209.
    Hazardous material means ``hazardous material'' as defined in 49 
CFR 171.8.
    Heavy rail transit means service provided by self-propelled 
electric railcars, typically drawing power from a third rail, operating 
in separate rights-of-way in multiple cars; also referred to as 
subways, metros or regional rail.
    Host railroad means a railroad that has effective control over a 
segment of track.
    Improvised explosive device (IED) means a device fabricated in an 
improvised manner that incorporates explosives or destructive, lethal, 
noxious, pyrotechnic, or incendiary chemicals in its design, and 
generally includes a power supply, a switch or timer, and a detonator 
or initiator.
    Intercity passenger train service means both ``train, long-distance 
intercity passenger'' and ``train, short-distance intercity passenger'' 
as defined in 49 CFR 238.5.
    Light rail transit means service provided by self-propelled 
electric railcars, typically drawing power from an overhead wire, 
operating in either exclusive or non-exclusive rights-of-way in single 
or multiple cars, with shorter distance trips, and frequent stops; also 
referred to as streetcars, trolleys, and trams.
    Motor vehicle means a vehicle, machine, tractor, trailer, or 
semitrailer propelled or drawn by mechanical power and used upon the 
highways in the transportation of passengers or property, or any 
combination thereof, but does not include any vehicle, locomotive, or 
car operated exclusively on a rail or rails, or a trolley bus operated 
by electric power derived from a fixed overhead wire, furnishing local 
passenger transportation similar to street-railway service.
    Over-the-Road Bus (OTRB) means a bus characterized by an elevated 
passenger deck located over a baggage compartment.
    Owner/operator means any person that owns, or maintains operational 
control over, any transportation infrastructure asset, facility, or 
system regulated under this title, including airport operator, aircraft 
operator, foreign air carrier, indirect air carrier, certified cargo 
screening facility, flight school within the meaning of 49 CFR 
1552.1(b), motor vehicle, public transportation agency, or railroad 
carrier. For purposes of a maritime facility or a vessel, owner/
operator has the same meaning as defined in 33 CFR 101.105.
    Passenger rail car means rail rolling equipment intended to provide 
transportation for members of the general public and includes a self-
propelled rail car designed to carry passengers, baggage, mail, or 
express. This term includes a rail passenger coach, cab car, and a 
Multiple Unit (MU) locomotive. In the context of articulated equipment, 
``passenger rail car'' means that segment of the rail rolling equipment 
located between two trucks. This term does not include a private rail 
car.
    Passenger railroad carrier means a railroad carrier that provides 
transportation to persons (other than employees, contractors, or 
persons riding equipment to observe or monitor railroad operations) by 
railroad in intercity passenger service or commuter or other short-haul 
passenger service in a metropolitan or suburban area.
    Passenger train means a train that transports or is available to 
transport members of the general public.
    Person means an individual, corporation, company, association, 
firm, partnership, society, joint-stock company, or governmental 
authority. It includes a trustee, receiver, assignee, successor, or 
similar representative of any of them.
    Private rail car means rail rolling equipment that is used only for 
excursion, recreational, or private transportation purposes. A private 
rail car is not a passenger rail car.
    Public transportation means transportation provided to the general 
public by a regular and continuing general or specific transportation 
vehicle that is owned or operated by a

[[Page 91383]]

public transportation agency, including providing one or more of the 
following types of passenger transportation:
    (1) Intercity or commuter passenger train service or other short-
haul railroad passenger service in a metropolitan or suburban area (as 
described by 49 U.S.C. 20102(1)).
    (2) Heavy or light rail transit service, whether on or off the 
general railroad system of transportation.
    (3) An automated guideway, cable car, inclined plane, funicular, or 
monorail system.
    (4) Bus transit or commuter bus service.
    Public transportation agency means any publicly-owned or operated 
provider of regular and continuing public transportation.
    Rail hazardous materials receiver means any owner/operator of a 
fixed-site facility that has a physical connection to the general 
railroad system of transportation and receives or unloads from 
transportation in commerce by rail one or more of the categories and 
quantities of rail security-sensitive materials identified in 49 CFR 
1580.3, but does not include the owner/operator of a facility owned or 
operated by a department, agency or instrumentality of the Federal 
government.
    Rail hazardous materials shipper means the owner/operator of any 
fixed-site facility that has a physical connection to the general 
railroad system of transportation and offers (as defined in the 
definition of ``person who offers or offeror'' in 49 CFR 171.8), 
prepares or loads for transportation by rail one or more of the 
categories and quantities of rail security-sensitive materials as 
identified in 49 CFR 1580.3, but does not include the owner/operator of 
a facility owned or operated by a department, agency or instrumentality 
of the Federal government.
    Rail secure area means a secure location(s) identified by a rail 
hazardous materials shipper or rail hazardous materials receiver where 
security-related pre-transportation or transportation functions are 
performed or rail cars containing the categories and quantities of rail 
security-sensitive materials are prepared, loaded, stored, and/or 
unloaded.
    Rail transit facility means rail transit stations, terminals, and 
locations at which rail transit infrastructure assets are stored, 
command and control operations are performed, or maintenance is 
performed. The term also includes rail yards, crew management centers, 
dispatching centers, transportation terminals and stations, fueling 
centers, and telecommunication centers.
    Rail transit system or ``Rail Fixed Guideway System'' means any 
light, heavy, or rapid rail system, monorail, inclined plane, 
funicular, cable car, trolley, or automated guideway that traditionally 
does not operate on track that is part of the general railroad system 
of transportation.
    Railroad carrier means an owner/operator providing railroad 
transportation.
    Railroad transportation means any form of non-highway ground 
transportation that runs on rails or electromagnetic guideways, 
including (1) commuter or other short-haul rail passenger service in a 
metropolitan or suburban area and (2) high speed ground transportation 
systems that connect metropolitan areas, without regard to whether 
those systems use new technologies not associated with traditional 
railroads. Such term includes rail transit service operating on track 
that is part of the general railroad system of transportation but does 
not include rapid transit operations in an urban area that are not 
connected to the general railroad system of transportation.
    Record includes any means by which information is preserved, 
irrespective of format, including a book, paper, drawing, map, 
recording, tape, film, photograph, machine-readable material, and any 
information stored in an electronic format. The term record also 
includes any draft, proposed, or recommended change to any record.
    Sensitive security information (SSI) means information that is 
described in and must be managed in accordance with 49 CFR part 1520.
    State means a State of the United States and the District of 
Columbia.
    Tourist, scenic, historic, or excursion operation means a railroad 
or bus operation that carries passengers, often using antiquated 
equipment, with the conveyance of the passengers to a particular 
destination not being the principal purpose. Train or bus movements of 
new passenger equipment for demonstration purposes are not tourist, 
scenic, historic, or excursion operations.
    Transit means mass transportation by a conveyance that provides 
regular and continuing general or special transportation to the public, 
but does not include school bus, charter, or sightseeing 
transportation. Rail transit may occur on or off the general railroad 
system of transportation.
    Transportation or transport means the movement of property 
including loading, unloading, and storage. Transportation or transport 
also includes the movement of people, boarding, and disembarking 
incident to that movement.
    Transportation facility means a location at which transportation 
cargo, equipment or infrastructure assets are stored, equipment is 
transferred between conveyances and/or modes of transportation, 
transportation command and control operations are performed, or 
maintenance operations are performed. The term also includes, but is 
not limited to, passenger stations and terminals (including any fixed 
facility at which passengers are picked-up or discharged), vehicle 
storage buildings or yards, crew management centers, dispatching 
centers, fueling centers, and telecommunication centers.
    Transportation security equipment and systems means items, both 
integrated into a system and stand-alone, used by owner/operators to 
enhance capabilities to detect, deter, prevent, or respond to a threat 
or incident, including, but not limited to, video surveillance, 
explosives detection, radiological detection, intrusion detection, 
motion detection, and security screening.
    Transportation Security Regulations (TSR) means the regulations 
issued by the Transportation Security Administration, in title 49 of 
the Code of Federal Regulations, chapter XII, which includes parts 1500 
through 1699.
    Transportation Security-Sensitive Material (TSSM) means hazardous 
materials identified in 49 CFR 172.800(b).
    TSA means the Transportation Security Administration.
    United States, in a geographical sense, means the States of the 
United States, the District of Columbia, and territories and 
possessions of the United States, including the territorial sea and the 
overlying airspace.
    Vulnerability assessment includes any review, audit, or other 
examination of the security of a transportation system, infrastructure 
asset, or a transportation-related automated system or network to 
determine its vulnerability to unlawful interference, whether during 
the conception, planning, design, construction, operation, or 
decommissioning phase. A vulnerability assessment includes the 
methodology for the assessment, the results of the assessment, and any 
proposed, recommended, or directed actions or countermeasures to 
address security concerns.

[[Page 91384]]

PART 1503--INVESTIGATIVE AND ENFORCEMENT PROCEDURES

0
3. The authority citation for part 1503 continues to read as follows:

    Authority: 6 U.S.C. 1142; 18 U.S.C. 6002; 28 U.S.C. 2461 (note); 
49 U.S.C. 114, 20109, 31105, 40113-40114, 40119, 44901-44907, 46101-
46107, 46109-46110, 46301, 46305, 46311, 46313-46314.

Subpart B--Scope of Investigative and Enforcement Procedures

0
4. In Sec.  1503.101 revise paragraphs (b)(1) and (b)(2), and add 
paragraph (b)(3) to read as follows:


Sec.  1503.101  TSA requirements.

* * * * *
    (b) * * *
    (1) Those provisions of title 49 U.S.C. administered by the 
Administrator;
    (2) 46 U.S.C. chapter 701; and
    (3) Those provisions of title 6 U.S.C. administered by the 
Administrator.

SUBCHAPTER B--SECURITY RULES FOR ALL MODES OF TRANSPORTATION

PART 1520--PROTECTION OF SENSITIVE SECURITY INFORMATION

0
5. The authority citation for part 1520 continues to read as follows:

    Authority: 46 U.S.C. 70102-70106, 70117; 49 U.S.C. 114, 40113, 
44901-44907, 44913-44914, 44916-44918, 44935-44936, 44942, 46105.


Sec.  1520.3  [Amended]

0
6. In Sec.  1520.3 remove the definitions for ``DHS, ``DOT'', ``Rail 
facility'', ``Rail hazardous materials receiver'', ``Rail hazardous 
materials shipper, ``Rail transit facility'', ``Rail transit system or 
Rail Fixed Guideway System'', ``Railroad'', ``Record'', and 
``Vulnerability assessment''.
0
7. In Sec.  1520.5 revise paragraphs (b)(1), (b)(6)(i), (b)(8) 
introductory text, (b)(10), (b)(12) introductory text, and (b)(15) to 
read as follows:


Sec.  1520.5  Sensitive security information.

* * * * *
    (b) * * *
    (1) Security programs, security plans, and contingency plans. Any 
security program, security plan, or security contingency plan issued, 
established, required, received, or approved by DHS or DOT, including 
any comments, instructions, or implementing guidance, including--
    (i) Any aircraft operator, airport operator, fixed base operator, 
or air cargo security program, or security contingency plan under this 
chapter;
    (ii) Any vessel, maritime facility, or port area security plan 
required or directed under Federal law;
    (iii) Any national or area security plan prepared under 46 U.S.C. 
70103;
    (iv) Any security incident response plan established under 46 
U.S.C. 70104, and
    (v) Any security program or plan required under subchapter D of 
this title.
* * * * *
    (6) * * *
    (i) Details of any aviation, maritime, or surface transportation 
inspection, or any investigation or an alleged violation of aviation, 
maritime, or surface transportation security requirements of Federal 
law, that could reveal a security vulnerability, including the identity 
of the Federal special agent or other Federal employee who conducted 
the inspection or investigation, and including any recommendations 
concerning the inspection or investigation.
* * * * *
    (8) Security measures. Specific details of aviation, maritime, or 
surface transportation security measures, both operational and 
technical, whether applied directly by the Federal government or 
another person, including the following:
* * * * *
    (10) Security training materials. Records created or obtained for 
the purpose of training persons employed by, contracted with, or acting 
for the Federal government or another person to carry out aviation, 
maritime, or surface transportation security measures required or 
recommended by DHS or DOT.
* * * * *
    (12) Critical transportation infrastructure asset information. Any 
list identifying systems or assets, whether physical or virtual, so 
vital to the aviation, maritime, or surface transportation that the 
incapacity or destruction of such assets would have a debilitating 
impact on transportation security, if the list is--
* * * * *
    (15) Research and development. Information obtained or developed in 
the conduct of research related to aviation, maritime, or surface 
transportation, where such research is approved, accepted, funded, 
recommended, or directed by DHS or DOT, including research results.
* * * * *
0
8. In Sec.  1520.7 revise paragraph (n) to read as follows:


Sec.  1520.7   Covered persons.

* * * * *
    (n) Each owner/operator of maritime or surface transportation 
subject to the requirements of subchapter D of this chapter.
0
9. Revise the heading for subchapter D to read as follows:

SUBCHAPTER D--MARITIME AND SURFACE TRANSPORTATION SECURITY

0
10. Revise part 1570 to read as follows:

PART 1570--GENERAL RULES

Subpart A--General
Sec.
1570.1 Scope.
1570.3 Terms used in this subchapter.
1570.5 Fraud and intentional falsification of records.
1570.7 Security responsibilities of employees and other persons.
1570.9 Compliance, inspection, and enforcement.
Subpart B--Security Programs
Sec.
1570.101 Scope.
1570.103 Content.
1570.105 Responsibility for Determinations.
1570.107 Recognition of prior or established security measures or 
programs.
1570.109 Submission and approval.
1570.111 Implementation schedules.
1570.113 Amendments requested by owner/operator.
1570.115 Amendments required by TSA.
1570.117 Alternative measures.
1572.119 Petitions for reconsideration.
1570.121 Recordkeeping and availability.
Subpart C--Operations
Sec.
1570.201 Security Coordinator.
1570.203 Reporting significant security concerns.
Subpart D--Security Threat Assessments
Sec.
1570.301 Fraudulent use or manufacture; responsibilities of persons.
1570.303 Inspection of credential.
1570.305 False statements regarding security background checks by 
public transportation agency or railroad carrier.

Appendix A to Part 1570--Reporting Of Significant Security Concerns

    Authority: 6 U.S.C. 469, 1134, 1137, 1143, 1151, 1162, 1167, 
1170, 1181 and 1184; 18 U.S.C. 842, 845; 46 U.S.C. 70105; 49 U.S.C. 
114, 5103a, 40113, and 46105.

Subpart A--General


Sec.  1570.1  Scope.

    This part applies to any person involved in maritime or surface 
transportation as specified in this subchapter.


Sec.  1570.3  Terms used in this subchapter.

    In addition to the definitions in Sec. Sec.  1500.3, 1500.5, and 
1503.202 of subchapter A, the following terms are used in this 
subchapter:

[[Page 91385]]

    Adjudicate means to make an administrative determination of whether 
an applicant meets the standards in this subchapter, based on the 
merits of the issues raised.
    Alien means any person not a citizen or national of the United 
States.
    Alien registration number means the number issued by the U.S. 
Department of Homeland Security (DHS) to an individual when he or she 
becomes a lawful permanent resident of the United States or attains 
other lawful, non-citizen status.
    Applicant means a person who has applied for one of the security 
threat assessments identified in this subchapter.
    Commercial driver's license (CDL) is used as defined in 49 CFR 
383.5.
    Contractor means a person or organization that provides a service 
for an owner/operator regulated under this subchapter consistent with a 
specific understanding or arrangement. The understanding can be a 
written contract or an informal arrangement that reflects an ongoing 
relationship between the parties.
    Convicted means any plea of guilty or nolo contendere, or any 
finding of guilt, except when the finding of guilt is subsequently 
overturned on appeal, pardoned, or expunged. For purposes of this 
subchapter, a conviction is expunged when the conviction is removed 
from the individual's criminal history record and there are no legal 
disabilities or restrictions associated with the expunged conviction, 
other than the fact that the conviction may be used for sentencing 
purposes for subsequent convictions. In addition, where an individual 
is allowed to withdraw an original plea of guilty or nolo contendere 
and enter a plea of not guilty and the case is subsequently dismissed, 
the individual is no longer considered to have a conviction for 
purposes of this subchapter.
    Determination of No Security Threat means an administrative 
determination by TSA that an individual does not pose a security threat 
warranting denial of an HME or a TWIC.
    Employee means an individual who is engaged or compensated by an 
owner/operator regulated under this subchapter, or by a contractor to 
an owner/operator regulated under this subchapter. The term includes 
direct employees, contractor employees, authorized representatives, 
immediate supervisors, and individuals who are self-employed.
    Federal Maritime Security Coordinator (FMSC) has the same meaning 
as defined in 46 U.S.C. 70103(a)(2)(G); is the Captain of the Port 
(COTP) exercising authority for the COTP zones described in 33 CFR part 
3, and is the Port Facility Security Officer as described in the 
International Ship and Port Facility Security (ISPS) Code, part A.
    Final Determination of Threat Assessment means a final 
administrative determination by TSA, including the resolution of 
related appeals, that an individual poses a security threat warranting 
denial of an HME or a TWIC.
    Hazardous materials endorsement (HME) means the authorization for 
an individual to transport hazardous materials in commerce, an 
indication of which must be on the individual's commercial driver's 
license, as provided in the Federal Motor Carrier Safety Administration 
(FMCSA) regulations in 49 CFR part 383.
    Immediate supervisor means a manager, supervisor, or agent of the 
owner/operator to the extent the individual (a) performs the work of a 
security-sensitive employee or (b) supervises and otherwise directs the 
performance of a security-sensitive employee.
    Imprisoned or imprisonment means confined to a prison, jail, or 
institution for the criminally insane, on a full-time basis, pursuant 
to a sentence imposed as the result of a criminal conviction or finding 
of not guilty by reason of insanity. Time spent confined or restricted 
to a half-way house, treatment facility, or similar institution, 
pursuant to a sentence imposed as the result of a criminal conviction 
or finding of not guilty by reason of insanity, does not constitute 
imprisonment for purposes of this rule.
    Incarceration means confined or otherwise restricted to a jail-type 
institution, half-way house, treatment facility, or another institution 
on a full or part-time basis, pursuant to a sentence imposed as the 
result of a criminal conviction or finding of not guilty by reason of 
insanity.
    Initial Determination of Threat Assessment means an initial 
administrative determination by TSA that an applicant poses a security 
threat warranting denial of an HME or a TWIC.
    Initial Determination of Threat Assessment and Immediate Revocation 
means an initial administrative determination that an individual poses 
a security threat that warrants immediate revocation of an HME or 
invalidation of a TWIC. In the case of an HME, the State must 
immediately revoke the HME if TSA issues an Initial Determination of 
Threat Assessment and Immediate Revocation. In the case of a TWIC, TSA 
invalidates the TWIC when TSA issues an Initial Determination of Threat 
Assessment and Immediate Revocation.
    Invalidate means the action TSA takes to make a credential 
inoperative when it is reported as lost, stolen, damaged, no longer 
needed, or when TSA determines an applicant does not meet the security 
threat assessment standards of 49 CFR part 1572.
    Lawful permanent resident means an alien lawfully admitted for 
permanent residence, as defined in 8 U.S.C. 1101(a)(20).
    Maritime facility has the same meaning as ``facility'' together 
with ``OCS facility'' (Outer Continental Shelf facility), as defined in 
33 CFR 101.105.
    Mental health facility means a mental institution, mental hospital, 
sanitarium, psychiatric facility, and any other facility that provides 
diagnoses by licensed professionals of mental retardation or mental 
illness, including a psychiatric ward in a general hospital.
    National of the United States means a citizen of the United States, 
or a person who, though not a citizen, owes permanent allegiance to the 
United States, as defined in 8 U.S.C. 1101(a)(22), and includes 
American Samoa and Swains Island.
    Revocation means the termination, deactivation, rescission, 
invalidation, cancellation, or withdrawal of the privileges and duties 
conferred by an HME or TWIC, when TSA determines an applicant does not 
meet the security threat assessment standards of 49 CFR part 1572.
    Secure area means the area on board a vessel or at a facility or 
outer continental shelf facility, over which the owner/operator has 
implemented security measures for access control, as defined by a Coast 
Guard approved security plan. It does not include passenger access 
areas or public access areas, as those terms are defined in 33 CFR 
104.106 and 105.106 respectively. Vessels operating under the waivers 
provided for at 46 U.S.C. 8103(b)(3)(A) or (B) have no secure areas. 
Facilities subject to 33 CFR chapter I, subchapter H, part 105 may, 
with approval of the Coast Guard, designate only those portions of 
their facility that are directly connected to maritime transportation 
or are at risk of being involved in a transportation security incident 
as their secure areas.
    Security threat means an individual whom TSA determines or suspects 
of posing a threat to national security; to transportation security; or 
of terrorism.
    Security-sensitive employee, for purposes of this part, means 
``security sensitive employee'' as defined in Sec. Sec.  1580.3, 
1582.3, or 1584.3 of this title.

[[Page 91386]]

    Security-sensitive job function, for purposes of this part, means a 
job function identified in Appendix B to part 1580, Appendix B to part 
1582, and Appendix B to part 1584 of this title.
    Transportation Worker Identification Credential (TWIC) means a 
Federal biometric credential, issued to an individual, when TSA 
determines that the individual does not pose a security threat.
    Withdrawal of Initial Determination of Threat Assessment is the 
document that TSA issues after issuing an Initial Determination of 
Security Threat, when TSA determines that an individual does not pose a 
security threat that warrants denial of an HME or TWIC.


Sec.  1570.5  Fraud and intentional falsification of records.

    No person may make, cause to be made, attempt, or cause to attempt 
any of the following:
    (a) Any fraudulent or intentionally false statement in any record 
or report that is kept, made, or used to show compliance with the 
subchapter, or exercise any privileges under this subchapter.
    (b) Any reproduction or alteration, for fraudulent purpose, of any 
record, report, security program, access medium, or identification 
medium issued under this subchapter or pursuant to standards in this 
subchapter.


Sec.  1570.7  Security responsibilities of employees and other persons.

    (a) No person may--
    (1) Tamper or interfere with, compromise, modify, attempt to 
circumvent, or cause another person to tamper or interfere with, 
compromise, modify, or attempt to circumvent any security measure 
implemented under this subchapter.
    (2) Enter, or be present within, a secured or restricted area 
without complying with the security measures applied as required under 
this subchapter to control access to, or presence or movement in, such 
areas.
    (3) Use, allow to be used, or cause to be used, any approved access 
medium or identification medium that authorizes the access, presence, 
or movement of persons or vehicles in secured or restricted areas in 
any other manner than that for which it was issued by the appropriate 
authority to meet the requirements of this subchapter.
    (b) The provisions of paragraph (a) of this section do not apply to 
conducting inspections or tests to determine compliance with this 
subchapter authorized by--
    (1) TSA and DHS officials working with TSA; or
    (2) The owner/operator when acting in accordance with the 
procedures described in a security plan and/or program approved by TSA.


Sec.  1570.9  Compliance, inspection, and enforcement.

    (a) Each person subject to any of the requirements of this 
subchapter, must allow TSA and other authorized DHS officials, at any 
time and in a reasonable manner, without advance notice, to enter, 
assess, inspect, and test property, facilities, equipment, and 
operations; and to view, inspect, and copy records, as necessary to 
carry out TSA's security-related statutory or regulatory authorities, 
including its authority to--
    (1) Assess threats to transportation.
    (2) Enforce security-related laws, regulations, directives, and 
requirements.
    (3) Inspect, maintain, and test the security of facilities, 
equipment, and systems.
    (4) Ensure the adequacy of security measures for the transportation 
of passengers and cargo.
    (5) Oversee the implementation, and ensure the adequacy, of 
security measures for the owner/operator's conveyances and vehicles, at 
transportation facilities and infrastructure and other assets related 
to transportation.
    (6) Review security plans and/or programs.
    (7) Determine compliance with any requirements in this chapter.
    (8) Carry out such other duties, and exercise such other powers, 
relating to transportation security, as the Administrator for TSA 
considers appropriate, to the extent authorized by law.
    (b) At the request of TSA, each owner/operator subject to the 
requirements of this subchapter must provide evidence of compliance 
with this chapter, including copies of records.
    (c) TSA and other authorized DHS officials, may enter, without 
advance notice, and be present within any area or within any vehicle or 
conveyance, terminal, or other facility covered by this chapter without 
access media or identification media issued or approved by an owner/
operator covered by this chapter in order to inspect or test 
compliance, or perform other such duties as TSA may direct.
    (d) TSA inspectors and other authorized DHS officials working with 
TSA will, on request, present their credentials for examination, but 
the credentials may not be photocopied or otherwise reproduced.

Subpart B--Security Programs


Sec.  1570.101  Scope.

    The requirements of this subpart address general security program 
requirements applicable to each owner/operator required to have a 
security program under subpart B to 49 CFR parts 1580, 1582, and 1584.


Sec.  1570.103  Content.

    (a) Security program. Except as otherwise approved by TSA, each 
owner/operator required to have a security program must address each of 
the security program requirements identified in subpart B to 49 CFR 
parts 1580, 1582, and 1584.
    (b) Use of appendices. The owner/operator may comply with the 
requirements referenced in paragraph (a) of this section by including 
in its security program, as an appendix, any document that contains the 
information required by the applicable subpart B, including procedures, 
protocols or memorandums of understanding related to external agency 
response to security incidents or events. The appendix must be 
referenced in the corresponding section(s) of the security program.


Sec.  1570.105  Responsibility for Determinations.

    (a) Higher-risk operations. While TSA has determined the criteria 
for applicability of the requirements in subpart B to 49 CFR parts 
1580, 1582, and 1584 based on risk-assessments for freight railroad, 
public transportation system, passenger railroad, or over-the-road 
(OTRB) owner/operators are required to determine if the applicability 
requirements apply to them using the criteria identified in 49 CFR 
1580.101, 1582.101, and 1584.101. Owner/operators are required to 
notify TSA of applicability within 30 days of [Insert effective date of 
final rule in the Federal Register].
    (b) New or modified operations. If an owner/operator commences new 
operations or modifies existing operations after [Insert date of 
publication of final rule in the Federal Register], that person is 
responsible for determining whether the new or modified operations 
would meet the applicability determinations in subpart B to 49 CFR 
parts 1580, 1582, or 1584 and must notify TSA no later than 90 calendar 
days before commencing operations or implementing modifications.


Sec.  1570.107  Recognition of prior or established security measures 
or programs.

    Previously provided security training may be credited towards 
satisfying the

[[Page 91387]]

requirements of this subchapter provided the owner/operator--
    (a) Obtains a complete record of such training and validates the 
training meets requirements of Sec. Sec.  1580.115, 1582.115, or 
1584.115 of this subchapter as it relates to the function of the 
individual security-sensitive employee and the training was provided 
within the schedule required for recurrent training.
    (b) Retains a record of such training in compliance with the 
requirements of Sec.  1570.121 of this part.


Sec.  1570.109  Submission and approval.

    (a) Submission of security program. Each owner/operator required 
under parts 1580, 1582, or 1584 of this subchapter to adopt and carry 
out a security program must submit it to TSA for approval in a form and 
manner prescribed by TSA.
    (b) Security training deadlines. Except as otherwise directed by 
TSA, each owner/operator required under subpart B to parts 1580, 1582, 
or 1584 of this subchapter to develop a security training program 
must--
    (1) Submit its program to TSA for approval no later than 90 
calendar days after [insert effective date of final rule in the Federal 
Register].
    (2) If commencing or modifying operations so as to be subject to 
the requirements of subpart B to 49 CFR parts 1580, 1582, or 1584 after 
[Insert effective date of final rule in the Federal Register], submit a 
training program to TSA no later than 90 calendar days before 
commencing new or modified operations.
    (c) TSA approval. (1) No later than 60 calendar days after 
receiving the proposed security program required by subpart B to 49 CFR 
parts 1580, 1582, and 1584, TSA will either approve the program or 
provide the owner/operator with written notice to modify the program to 
comply with the applicable requirements of this subchapter. TSA will 
notify the owner/operator if it needs an extension of time to approve 
the program or provide the owner/operator with written notice to modify 
the program to comply with the applicable requirements of this 
subchapter.
    (2) Notice to modify. If TSA provides the owner/operator with 
written notice to modify the security program to comply with the 
applicable requirements of this subchapter, the owner/operator must 
provide a modified security program to TSA for approval within the 
timeframe specified by TSA.
    (3) TSA may request additional information, and the owner/operator 
must provide the information within the time period TSA prescribes. The 
60-day period for TSA approval or modification will begin when the 
owner/operator provides the additional information.
    (g) Petition for reconsideration. Within 30 days of receiving the 
notice to modify, the owner/operator may file a petition for 
reconsideration under Sec.  1570.119 of this part.


Sec.  1570.111  Implementation schedules.

    (a) Initial security training. (1) Once TSA approves an owner/
operator's security training program, the owner/operator must provide 
initial security training to a security-sensitive employee--
    (2) No later than one year after the date of approval if the 
employee is employed to perform a security-sensitive function on the 
date TSA approves the program.
    (3) No later than 60 calendar days after the employee first 
performs a security-sensitive job function if performance of a 
security-sensitive job function is initiated after TSA approves the 
program.
    (4) No later than the 60th calendar day of employment performing a 
security-sensitive function, aggregated over a consecutive 12-month 
period, if the security-sensitive job function is performed 
intermittently.
    (b) Recurrent security training. Each owner/operator must provide 
annual recurrent security training to each employee performing a 
security-sensitive job function not later than the anniversary calendar 
month of the employee's initial security training. If the owner/
operator provides the recurrent security training in the month of, the 
month before, or the month after it is due, the employee is considered 
to have taken the training in the month it is due. Recurrent training 
must use the most recent iteration of any training materials submitted 
to, and approved by, TSA.
    (c) Extensions of time. TSA may grant an extension of time for 
implementing a security program identified in subpart B to parts 1580, 
1582, and 1584 of this subchapter upon a showing of good cause. The 
owner/operator must request the extension of time in writing and TSA 
must receive the request within a reasonable time before the due date 
to be extended; an owner/operator may request an extension after the 
expiration of a due date by sending a written request describing why 
the failure to meet the due date was excusable. TSA will respond to the 
request in writing.


Sec.  1570.113  Amendments requested by owner/operator.

    (a) Requirement to request amendment. Each owner/operator required 
under parts 1580, 1582, or 1584 of this subchapter to adopt and carry 
out a security program must submit a request to amend its security 
program if, after approval, changes expected to have a duration of 60 
calendar days or more have occurred to the--
    (1) Ownership or control of the operations; and/or
    (2) Measures, training, or staffing described in the security 
program.
    (b) Schedule for requesting amendment. The owner/operator must file 
the request for an amendment with TSA no later than 45 calendar days 
before the proposed amendment takes effect, unless TSA allows a shorter 
time period.
    (c) TSA approval. (1) Within 30 calendar days after receiving a 
proposed amendment, TSA will, in writing, either approve or deny the 
request to amend. TSA will notify the owner/operator if it needs an 
extension of time to consider the proposed amendment.
    (2) TSA may approve an amendment to a security program if TSA 
determines that it is in the interest of the public and transportation 
security and the proposed amendment provides the level of security 
required under this subchapter. TSA may request additional information 
from the owner/operator before rendering a decision.
    (d) No later than 30 calendar days after receiving a denial, the 
owner/operator may file a petition for reconsideration under Sec.  
1570.119 of this part.


Sec.  1570.115  Amendments required by TSA.

    (a) Notification of requirement to amend. TSA may require 
amendments to a security program in the interest of the public and 
transportation security, including any new information about emerging 
threats, or methods for addressing emerging threats, as follows:
    (1) TSA will notify the owner/operator of the proposed amendment, 
fixing a period of not less than 30 calendar days within which the 
owner/operator may submit written information, views, and arguments on 
the amendment.
    (2) After TSA considers all relevant material received, TSA will 
notify the owner/operator of any amendment adopted or rescind the 
notice.
    (b) Effective date of amendment. If TSA adopts the amendment, it 
becomes effective not less than 30 calendar days after the owner/
operator receives the notice of amendment, unless the owner/

[[Page 91388]]

operator disagrees with the proposed amendment and files a petition for 
reconsideration under Sec.  1570.119 of this part no later than 15 
calendar days before the effective date of the amendment. A timely 
petition for reconsideration stays the effective date of the amendment.
    (c) Emergency amendments. If TSA determines that there is an 
emergency requiring immediate action in the interest of the public or 
transportation security, TSA may issue an amendment, without the prior 
notice and comment procedures in paragraph (a) of this section, 
effective without stay on the date the covered owner/operator receives 
notice of it. In such a case, TSA will incorporate in the notice a 
brief statement of the reasons and findings for the amendment to be 
adopted. The owner/operator may file a petition for reconsideration 
under Sec.  1570.119 of this part; however, this does not stay the 
effective date of the emergency amendment.


Sec.  1570.117  Alternative measures.

    (a) If in TSA's judgment, the overall security of transportation 
provided by an owner/operator subject to the requirements of 49 CFR 
parts 1580, 1582, or 1584 are not diminished, TSA may approve 
alternative measures.
    (b) Each owner/operator requesting alternative measures must file 
the request for approval in a form and manner prescribed by TSA. The 
filing of such a request does not affect the owner/operator's 
responsibility for compliance while the request is being considered.
    (c) TSA may request additional information, and the owner/operator 
must provide the information within the time period TSA prescribes. 
Within 30 calendar days after receiving a request for alternative 
measures and all requested information, TSA will, in writing, either 
approve or deny the request.
    (d) If TSA finds that the use of the alternative measures is in the 
interest of the public and transportation security, it may grant the 
request subject to any conditions TSA deems necessary. In considering 
the request for alternative measures, TSA will review all relevant 
factors including--
    (1) The risks associated with the type of operation, for example, 
whether the owner/operator transports hazardous materials or passengers 
within a high threat urban area, whether the owner/operator transports 
passengers and the volume of passengers transported, or whether the 
owner/operator hosts a passenger operation.
    (2) Any relevant threat information.
    (3) Other circumstances concerning potential risk to the public and 
transportation security.
    (e) No later than 30 calendar days after receiving a denial, the 
owner/operator may petition for reconsideration under Sec.  1570.119 of 
this part.


Sec.  1570.119  Petitions for reconsideration.

    (1) If an owner/operator seeks to petition for reconsideration of a 
determination, required modification, denial of a request for amendment 
by the owner/operator, denial to rescind a TSA-required amendment, or 
denial of an alternative measure, the owner/operator must submit a 
written petition for reconsideration that includes a statement and any 
supporting documentation explaining why the owner/operator believes 
TSA's decision is incorrect.
    (2) Upon review of the petition for reconsideration, the 
Administrator or designee will dispose of the petition by affirming, 
modifying, or rescinding its previous decision. This is considered a 
final agency action.


Sec.  1570.121   Recordkeeping and availability.

    (a) Retention. Each owner/operator required to have a security 
program under subpart B to parts 1580, 1582, and 1584 of this 
subchapter must--
    (1) Retain security training records for each individual trained 
for no less than five years from the date of training that, at a 
minimum--
    (i) Includes employee's full name, job title or function, date of 
hire, and date of initial and recurrent security training; and
    (ii) Identifies the date, course name, course length, and list of 
topics addressed for the security training most recently provided in 
each of the areas required under Sec. Sec.  1580.115, 1582.115, and 
1584.115 of this subchapter.
    (2) Retain records of initial and recurrent security training for 
no less than five years from the date of training.
    (3) Provide records to current and former employees upon request 
and at no charge as necessary to provide proof of training.
    (b) Electronic records. Each owner/operator required to retain 
records under this section may keep them in electronic form. An owner/
operator may maintain and transfer records through electronic 
transmission, storage, and retrieval provided that the electronic 
system provides for the maintenance of records as originally submitted 
without corruption, loss of data, or tampering.
    (c) Protection of SSI. Each owner/operator must restrict the 
distribution, disclosure, and availability of security sensitive 
information, as identified in part 1520 of this chapter, to persons 
with a need to know. The owner/operator must refer requests for such 
information by other persons to TSA.
    (d) Availability. Each owner/operator must make the records 
available to TSA upon request for inspection and copying.

Subpart C--Operations


Sec.  1570.201  Security Coordinator.

    (a) Except as provided in paragraph (b) of this section, each 
owner/operator identified in Sec. Sec.  1580.1, 1582.1, and 1584.101 of 
this subchapter must designate and use a primary and at least one 
alternate Security Coordinator.
    (b) An owner/operator described in Sec.  1580.101(a)(5) or Sec.  
1582.101(a)(4) of this subchapter must designate and use a primary and 
at least one alternate Security Coordinator, only if notified by TSA in 
writing that a threat exists concerning that type of operation.
    (c) The Security Coordinator and alternate(s) must be appointed at 
the corporate level.
    (d) Each owner/operator required to have a Security Coordinator 
must provide in writing to TSA the names, U.S. citizenship status, 
titles, phone number(s), and email address(es) of the Security 
Coordinator and alternate Security Coordinator(s) within 7 calendar 
days of the effective date of this rule, commencement of operations, or 
change in any of the information required by this section.
    (e) Each owner/operator required to have a Security Coordinator 
must ensure that at least one Security Coordinator--
    (1) Serves as the primary contact for intelligence information and 
security-related activities and communications with TSA. Any individual 
designated as a Security Coordinator may perform other duties in 
addition to those described in this section.
    (2) Is accessible to TSA on a 24-hours a day, 7 days a week basis.
    (3) Coordinates security practices and procedures internally and 
with appropriate law enforcement and emergency response agencies.


Sec.  1570.203  Reporting significant security concerns.

    (a) Each owner/operator identified in Sec. Sec.  1580.1, 1582.1, 
and 1584.101 of this subchapter must report, within 24 hours of initial 
discovery, any potential threats and significant security concerns 
involving transportation-related operations in the United States or 
transportation to, from, or within the United States as soon as 
possible by the methods prescribed by TSA.

[[Page 91389]]

    (b) Potential threats or significant security concerns encompass 
incidents, suspicious activities, and threat information including, but 
not limited to, the categories of reportable events listed in Appendix 
A to this part.
    (c) Information reported must include the following, as available 
and applicable:
    (1) The name of the reporting individual and contact information, 
including a telephone number or email address.
    (2) The affected freight or passenger train, transit vehicle, motor 
vehicle, station, terminal, rail hazardous materials facility, or other 
facility or infrastructure, including identifying information and 
current location.
    (3) Scheduled origination and termination locations for the 
affected freight or passenger train, transit vehicle, or motor 
vehicle--including departure and destination city and route.
    (4) Description of the threat, incident, or activity, including who 
has been notified and what action has been taken.
    (5) The names, other available biographical data, and/or 
descriptions (including vehicle or license plate information) of 
individuals or motor vehicles known or suspected to be involved in the 
threat, incident, or activity.
    (6) The source of any threat information.

Subpart D--Security Threat Assessments


Sec.  1570.301  Fraudulent use or manufacture; responsibilities of 
persons.

    (a) No person may use or attempt to use a credential, security 
threat assessment, access control medium, or identification medium 
issued or conducted under this subchapter that was issued or conducted 
for another person.
    (b) No person may make, produce, use or attempt to use a false or 
fraudulently created access control medium, identification medium or 
security threat assessment issued or conducted under this subchapter.
    (c) No person may tamper or interfere with, compromise, modify, 
attempt to circumvent, or circumvent TWIC access control procedures.
    (d) No person may cause or attempt to cause another person to 
violate paragraphs (a)-(c) of this section.


Sec.  1570.303  Inspection of credential.

    (a) Each person who has been issued or possesses a TWIC must 
present the TWIC for inspection upon a request from TSA, the Coast 
Guard, or other authorized DHS representative; an authorized 
representative of the National Transportation Safety Board; or a 
Federal, State, or local law enforcement officer.
    (b) Each person who has been issued or who possesses a TWIC must 
allow his or her TWIC to be read by a reader and must submit his or her 
reference biometric, such as a fingerprint, and any other required 
information, such as a PIN, to the reader, upon a request from TSA, the 
Coast Guard, other authorized DHS representative; or a Federal, State, 
or local law enforcement officer.


Sec.  1570.305  False statements regarding security background checks 
by public transportation agency or railroad carrier.

    (a) Scope. This section implements sections 1414(e) (6 U.S.C. 1143) 
and 1522(e) (6 U.S.C. 1170) of the ``Implementing Recommendations of 
the 9/11 Commission Act of 2007,'' Public Law 110-53 (121 Stat. 266, 
Aug. 3, 2007).
    (b) Definitions. In addition to the terms in Sec. Sec.  1500.3, 
1500.5, and 1503.202 of subchapter A and Sec.  1570.3 of subchapter D 
of this chapter, the following terms apply to this part:
    Covered individual means an employee of a public transportation 
agency or a contractor or subcontractor of a public transportation 
agency or an employee of a railroad carrier or a contractor or 
subcontractor of a railroad carrier.
    Security background check means reviewing the following for the 
purpose of identifying individuals who may pose a threat to 
transportation security, national security, or of terrorism:
    (1) Relevant criminal history databases.
    (2) In the case of an alien (as defined in sec. 101 of the 
Immigration and Nationality Act (8 U.S.C. 1101(a)(3)), the relevant 
databases to determine the status of the alien under the immigration 
laws of the United States.
    (3) Other relevant information or databases, as determined by the 
Secretary of Homeland Security.
    (c) Prohibitions. (1) A public transportation agency or a 
contractor or subcontractor of a public transportation agency may not 
knowingly misrepresent to an employee or other relevant person, 
including an arbiter involved in a labor arbitration, the scope, 
application, or meaning of any rules, regulations, directives, or 
guidance issued by the Secretary of Homeland Security related to 
security background check requirements for covered individuals when 
conducting a security background check.
    (2) A railroad carrier or a contractor or subcontractor of a 
railroad carrier may not knowingly misrepresent to an employee or other 
relevant person, including an arbiter involved in a labor arbitration, 
the scope, application, or meaning of any rules, regulations, 
directives, or guidance issued by the Secretary of Homeland Security 
related to security background check requirements for covered 
individuals when conducting a security background check.

Appendix A to Part 1570--Reporting of Significant Security Concerns

 
------------------------------------------------------------------------
           Category                           Description
------------------------------------------------------------------------
Breach, Attempted Intrusion,   Unauthorized personnel attempting to or
 and/or Interference.           actually entering a restricted area or
                                secure site relating to a transportation
                                facility or conveyance owned, operated,
                                or used by an owner/operator subject to
                                this part. This includes individuals
                                entering or attempting to enter by
                                impersonation of authorized personnel
                                (for example, police/security, janitor,
                                vehicle owner/operator). Activity that
                                could interfere with the ability of
                                employees to perform duties to the
                                extent that security is threatened.
Misrepresentation............  Presenting false, or misusing, insignia,
                                documents, and/or identification, to
                                misrepresent one's affiliation with an
                                owner/operator subject to this part to
                                cover possible illicit activity that may
                                pose a risk to transportation security.
Theft, Loss, and/or Diversion  Stealing or diverting identification
                                media or badges, uniforms, vehicles,
                                keys, tools capable of compromising
                                track integrity, portable derails,
                                technology, or classified or sensitive
                                security information documents which are
                                proprietary to the facility or
                                conveyance owned, operated, or used by
                                an owner/operator subject to this part.

[[Page 91390]]

 
Sabotage, Tampering, and/or    Damaging, manipulating, or defeating
 Vandalism.                     safety and security appliances in
                                connection with a facility,
                                infrastructure, conveyance, or routing
                                mechanism, resulting in the compromised
                                use or the temporary or permanent loss
                                of use of the facility, infrastructure,
                                conveyance or routing mechanism. Placing
                                or attaching a foreign object to a rail
                                car(s).
Cyber Attack.................  Compromising, or attempting to compromise
                                or disrupt the information/technology
                                infrastructure of an owner/operator
                                subject to this part.
Expressed or Implied Threat..  Communicating a spoken or written threat
                                to damage or compromise a facility/
                                infrastructure/conveyance owned,
                                operated, or used by an owner/operator
                                subject to this part (for example, a
                                bomb threat or active shooter).
Eliciting Information........  Questioning that may pose a risk to
                                transportation or national security,
                                such as asking one or more employees of
                                an owner/operator subject to this part
                                about particular facets of a facility's
                                conveyance's purpose, operations, or
                                security procedures.
Testing or Probing of          Deliberate interactions with employees of
 Security.                      an owner/operator subject to this part
                                or challenges to facilities or systems
                                owned, operated, or used by an owner/
                                operator subject to this part that
                                reveal physical, personnel, or cyber
                                security capabilities.
Photography..................  Taking photographs or video of
                                facilities, conveyances, or
                                infrastructure owned, operated, or used
                                by an owner/operator subject to this
                                part in a manner that may pose a risk to
                                transportation or national security.
                                Examples include taking photographs or
                                video of infrequently used access
                                points, personnel performing security
                                functions (for example, patrols, badge/
                                vehicle checking), or security-related
                                equipment (for example, perimeter
                                fencing, security cameras).
Observation or Surveillance..  Demonstrating unusual interest in
                                facilities or loitering near
                                conveyances, railcar routing appliances
                                or any potentially critical
                                infrastructure owned or operated by an
                                owner/operator subject to this part in a
                                manner that may pose a risk to
                                transportation or national security.
                                Examples include observation through
                                binoculars, taking notes, or attempting
                                to measure distances.
Materials Acquisition and/or   Acquisition and/or storage by an employee
 Storage.                       of an owner/operator subject to this
                                part of materials such as cell phones,
                                pagers, fuel, chemicals, toxic
                                materials, and/or timers that may pose a
                                risk to transportation or national
                                security (for example, storage of
                                chemicals not needed by an employee for
                                the performance of his or her job
                                duties).
Weapons Discovery, Discharge,  Weapons or explosives in or around a
 or Seizure.                    facility, conveyance, or infrastructure
                                of an owner/operator subject to this
                                part that may present a risk to
                                transportation or national security (for
                                example, discovery of weapons
                                inconsistent with the type or quantity
                                traditionally used by company security
                                personnel).
Suspicious Items or Activity.  Discovery or observation of suspicious
                                items, activity or behavior in or around
                                a facility, conveyance, or
                                infrastructure of an owner/operator
                                subject to this part that results in the
                                disruption or termination of operations
                                (for example, halting the operation of a
                                conveyance while law enforcement
                                personnel investigate a suspicious bag,
                                briefcase, or package).
------------------------------------------------------------------------

0
11. Revise part 1580 to read as follows:

PART 1580--FREIGHT RAIL TRANSPORTATION SECURITY

Subpart A--General
Sec.
1580.1 Scope.
1580.3 Terms used in this part.
1580.5 Preemptive effect.
Subpart B--Security Programs
Sec.
1580.101 Applicability.
1580.103 [Reserved]
1580.105 [Reserved]
1580.107 [Reserved]
1580.109 [Reserved]
1580.111 [Reserved]
1580.113 Security training program general requirements.
1580.115 Security training and knowledge for security-sensitive 
employees.
Subpart C--Operations
Sec.
1580.201 Applicability.
1580.203 Location and shipping information.
1580.205 Chain of custody and control requirements.
1580.207 Harmonization of federal regulation of nuclear facilities.
Subpart D [Reserved]

Appendix A to Part 1580--High Threat Urban Areas (HTUAs)

Appendix B to Part 1580--Security-Sensitive Job Functions For Freight 
Rail

    Authority: 6 U.S.C. 1162 and 1167; 49 U.S.C. 114.

Subpart A--General


Sec.  1580.1  Scope.

    (a) Except as provided in paragraph (b) of this section, this part 
includes requirements for the following persons. Specific sections in 
this part provide detailed requirements.
    (1) Each freight railroad carrier that operates rolling equipment 
on track that is part of the general railroad system of transportation.
    (2) Each rail hazardous materials shipper.
    (3) Each rail hazardous materials receiver located within an HTUA.
    (4) Each freight railroad carrier serving as a host railroad to a 
freight railroad operation described in paragraph (a)(1) of this 
section or a passenger operation described in Sec.  1582.1 of this 
subchapter.
    (5) Each owner/operator of private rail cars, including business/
office cars and circus trains, on or connected to the general railroad 
system of transportation.
    (b) This part does not apply to a freight railroad carrier that 
operates rolling equipment only on track inside an installation that is 
not part of the general railroad system of transportation.


Sec.  1580.3  Terms used in this part.

    In addition to the terms in Sec. Sec.  1500.3, 1500.5, and 1503.202 
of subchapter A and Sec.  1570.3 of subchapter D of this chapter, the 
following terms apply to this part:
    Class I means Class I as assigned by regulations of the Surface 
Transportation Board (STB) (49 CFR part 1201; General Instructions 1-
1).

[[Page 91391]]

    A rail car is attended if an employee--
    (1) Is physically located on-site in reasonable proximity to the 
rail car;
    (2) Is capable of promptly responding to unauthorized access or 
activity at or near the rail car, including immediately contacting law 
enforcement or other authorities; and
    (3) Immediately responds to any unauthorized access or activity at 
or near the rail car either personally or by contacting law enforcement 
or other authorities.
    Document the transfer means documentation uniquely identifying that 
the rail car was attended during the transfer of custody, including:
    (1) Car initial and number.
    (2) Identification of individuals who attended the transfer (names 
or uniquely identifying employee number).
    (3) Location of transfer.
    (4) Date and time the transfer was completed.
    High threat urban area (HTUA) means, for purposes of this part, an 
area comprising one or more cities and surrounding areas including a 
10-mile buffer zone, as listed in Appendix A to this part 1580.
    Maintains positive control means that the rail hazardous materials 
receiver and the railroad carrier communicate and cooperate with each 
other to provide for the security of the rail car during the physical 
transfer of custody. Attending the rail car is a component of 
maintaining positive control.
    Rail security-sensitive materials (RSSM) means--
    (1) A rail car containing more than 2,268 kg (5,000 lbs.) of a 
Division 1.1, 1.2, or 1.3 (explosive) material, as defined in 49 CFR 
173.50;
    (2) A tank car containing a material poisonous by inhalation as 
defined in 49 CFR 171.8, including anhydrous ammonia, Division 2.3 
gases poisonous by inhalation as set forth in 49 CFR 173.115(c), and 
Division 6.1 liquids meeting the defining criteria in 49 CFR 
173.132(a)(1)(iii) and assigned to hazard zone A or hazard zone B in 
accordance with 49 CFR 173.133(a), excluding residue quantities of 
these materials; and
    (3) A rail car containing a highway route-controlled quantity of a 
Class 7 (radioactive) material, as defined in 49 CFR 173.403.
    Residue means the hazardous material remaining in a packaging, 
including a tank car, after its contents have been unloaded to the 
maximum extent practicable and before the packaging is either refilled 
or cleaned of hazardous material and purged to remove any hazardous 
vapors.
    Security-sensitive employee means an employee who performs--
    (1) Service subject to the Federal hours of service laws (49 U.S.C. 
chapter 211), regardless of whether the employee actually performs such 
service during a particular duty tour; or
    (2) One or more of the security-sensitive job functions identified 
in Appendix B to this part where the security-sensitive function is 
performed in the United States or in direct support of the common 
carriage of persons or property between a place in the United States 
and any place outside of the United States.


Sec.  1580.5  Preemptive effect.

    Under 49 U.S.C. 20106, issuance of the regulations in this 
subchapter preempts any State law, regulation, or order covering the 
same subject matter, except an additional or more stringent law, 
regulation, or order that is necessary to eliminate or reduce an 
essentially local security hazard; that is not incompatible with a law, 
regulation, or order of the U.S. Government; and that does not 
unreasonably burden interstate commerce. For example, under 49 U.S.C. 
20106, issuance of 49 CFR 1580.205 preempts any State or tribal law, 
rule, regulation, order or common law requirement covering the same 
subject matter.

Subpart B--Security Programs


Sec.  1580.101  Applicability.

    This subpart applies to each of the following owner/operators:
    (a) Described in Sec.  1580.1(a)(1) of this part that is a Class I 
freight railroad.
    (b) Described in Sec.  1580.1(a)(1) of this part that transports 
one or more of the categories and quantities of RSSM in an HTUA.
    (c) Described in Sec.  1580.1(a)(4) of this part that serves as a 
host railroad to a freight railroad described in paragraph (a) of (b) 
of this section or a passenger operation described in Sec.  1582.101 of 
this subchapter.


Sec.  1580.103  [Reserved]


Sec.  1580.105  [Reserved]


Sec.  1580.107  [Reserved]


Sec.  1580.109  [Reserved]


Sec.  1580.111  [Reserved]


Sec.  1580.113  Security training program general requirements.

    (a) Security training program required. Each owner/operator 
identified in Sec.  1580.101 of this part is required to adopt and 
carry out a security training program under this subpart.
    (b) General requirements. The security training program must 
include the following information:
    (1) Name of owner/operator.
    (2) Name, title, telephone number, and email address of the primary 
individual to be contacted with regard to review of the security 
training program.
    (3) Number, by specific job function category identified in 
Appendix B to this part, of security-sensitive employees trained or to 
be trained.
    (4) Implementation schedule that identifies a specific date by 
which initial and recurrent security training required by Sec.  
1570.111 of this part will be completed.
    (5) Location where training program records will be maintained.
    (6) Curriculum or lesson plan, learning objectives, and method of 
delivery (such as instructor-led or computer-based training) for each 
course used to meet the requirements of Sec.  1580.115 of this part. 
TSA may request additional information regarding the curriculum during 
the review and approval process.
    (7) Plan for ensuring supervision of untrained security-sensitive 
employees performing functions identified in Appendix B to this part.
    (8) Plan for notifying employees of changes to security measures 
that could change information provided in previously provided training.
    (9) Method(s) for evaluating the effectiveness of the security 
training program in each area required by Sec.  1580.115 of this part.
    (c) Relation to other training. (1) Training conducted by owner/
operators to comply other requirements or standards, such as emergency 
preparedness training required by the Department of Transportation 
(DOT) (49 CFR part 239) or other training for communicating with 
emergency responders to arrange the evacuation of passengers, may be 
combined with and used to satisfy elements of the training requirements 
in this subpart.
    (2) If the owner/operator submits a security training program that 
relies on pre-existing or previous training materials to meet the 
requirements of subpart B, the program submitted for approval must 
include an index, organized in the same sequence as the requirements in 
this subpart.
    (d) Submission and Implementation. The owner/operator must submit 
and implement the security training program in accordance with the 
schedules identified in Sec. Sec.  1570.109 and 1570.111 of this 
subchapter.

[[Page 91392]]

Sec.  1580.115  Security training and knowledge for security-sensitive 
employees.

    (a) Training required for security-sensitive employees. No owner/
operator required to have a security training program under Sec.  
1580.101 of this part may use a security-sensitive employee to perform 
a function identified in Appendix B to this part, unless that 
individual has received training as part of a security training program 
approved by TSA under 49 CFR part 1570, subpart B, or is under the 
direct supervision of a security-sensitive employee who has received 
the training required by this section.
    (b) Limits on use of untrained employees. Notwithstanding paragraph 
(a) of this section, a security-sensitive employee may not perform a 
security-sensitive function for more than sixty (60) calendar days 
without receiving security training.
    (c) Prepare. (1) Each owner/operator must ensure that each of its 
security-sensitive employees with position- or function-specific 
responsibilities under the owner/operator's security program has 
knowledge of how to fulfill those responsibilities in the event of a 
security threat, breach, or incident to ensure--
    (i) Employees with responsibility for transportation security 
equipment and systems are aware of their responsibilities and can 
verify the equipment and systems are operating and properly maintained; 
and
    (ii) Employees with other duties and responsibilities under the 
company's security plans and/or programs, including those required by 
Federal law, know their assignments and the steps or resources needed 
to fulfill them.
    (2) Each employee who performs any security-related functions under 
Sec.  1580.205 of this subpart must be provided training specifically 
applicable to the functions the employee performs. As applicable, this 
training must address--
    (i) Inspecting rail cars for signs of tampering or compromise, 
IEDs, suspicious items, and items that do not belong;
    (ii) Identification of rail cars that contain rail security-
sensitive materials, including the owner/operator's procedures for 
identifying rail security-sensitive material cars on train documents, 
shipping papers, and in computer train/car management systems; and
    (iii) Procedures for completing transfer of custody documentation.
    (d) Observe. Each owner/operator must ensure that each of its 
security-sensitive employees has knowledge of the observational skills 
necessary to recognize--
    (1) Suspicious and/or dangerous items (such as substances, 
packages, or conditions (for example, characteristics of an IED and 
signs of equipment tampering or sabotage);
    (2) Combinations of actions and individual behaviors that appear 
suspicious and/or dangerous, inappropriate, inconsistent, or out of the 
ordinary for the employee's work environment which could indicate a 
threat to transportation security; and
    (3) How a terrorist or someone with malicious intent may attempt to 
gain sensitive information or take advantage of vulnerabilities.
    (e) Assess. Each owner/operator must ensure that each of its 
security-sensitive employees has knowledge necessary to--
    (1) Determine whether the item, individual, behavior, or situation 
requires a response as a potential terrorist threat based on the 
respective transportation environment; and
    (2) Identify appropriate responses based on observations and 
context.
    (f) Respond. Each owner/operator must ensure that each of its 
security-sensitive employees has knowledge of how to--
    (1) Appropriately report a security threat, including knowing how 
and when to report internally to other employees, supervisors, or 
management, and externally to local, state, or federal agencies 
according to the owner/operator's security procedures or other relevant 
plans;
    (2) Interact with the public and first responders at the scene of 
the threat or incident, including communication with passengers on 
evacuation and any specific procedures for individuals with 
disabilities and the elderly; and
    (3) Use any applicable self-defense devices or other protective 
equipment provided to employees by the owner/operator.

Subpart C--Operations


Sec.  1580.201  Applicability.

    This subpart applies to the following:
    (1) Each owner/operator described in paragraph (a)(1) of Sec.  
1580.1 of this part that transports one or more of the categories and 
quantities of rail security-sensitive materials.
    (2) Each owner/operator described in paragraphs (a)(2) and (3) of 
Sec.  1580.1 of this part.


Sec.  1580.203  Location and shipping information.

    (a) General Requirement. Each owner/operator described in Sec.  
1580.201 of this part must have procedures in place to determine the 
location and shipping information for each rail car under its physical 
custody and control that contains one or more of the categories and 
quantities of rail security-sensitive materials.
    (b) Required Information. The location and shipping information 
must include the following:
    (1) The rail car's current location by city, county, and state, 
including, for freight railroad carriers, the railroad milepost, track 
designation, and the time that the rail car's location was determined.
    (2) The rail car's routing, if a freight railroad carrier.
    (3) A list of the total number of rail cars containing rail 
security-sensitive materials, broken down by--
    (i) The shipping name prescribed for the material in column 2 of 
the table in 49 CFR 172.101;
    (ii) The hazard class or division number prescribed for the 
material in column 3 of the table in 49 CFR 172.101; and
    (iii) The identification number prescribed for the material in 
column 4 of the table in 49 CFR 172.101.
    (4) Each rail car's initial and number.
    (5) Whether the rail car is in a train, rail yard, siding, rail 
spur, or rail hazardous materials shipper or receiver facility, 
including the name of the rail yard or siding designation.
    (c) Timing-Class I Freight Railroad Carriers. Upon request by TSA, 
each Class I freight railroad carrier described in paragraph (a) of 
this section must provide the location and shipping information to TSA 
no later than--
    (1) Five minutes if the request applies to a single (one) rail car; 
and
    (2) Thirty minutes if the request concerns multiple rail cars or a 
geographic region.
    (d) Timing-Other than Class I Freight Railroad Carriers. Upon 
request by TSA, all owner/operators described in paragraph (a) of this 
section, other than Class I freight railroad carriers, must provide the 
location and shipping information to TSA no later than 30 minutes, 
regardless of the number of cars covered by the request.
    (e) Method. All owner/operators described in paragraph (a) of this 
section must provide the requested location and shipping information to 
TSA by one of the following methods:
    (1) Electronic data transmission in spreadsheet format.
    (2) Electronic data transmission in Hyper Text Markup Language 
(HTML) format.
    (3) Electronic data transmission in Extensible Markup Language 
(XML).

[[Page 91393]]

    (4) Facsimile transmission of a hard copy spreadsheet in tabular 
format.
    (5) Posting the information to a secure Web site address approved 
by TSA.
    (6) Another format approved by TSA.
    (f) Telephone Number. Each owner/operator described in Sec.  
1580.201 of this part must provide a telephone number for use by TSA to 
request the information required in paragraph (b) of this section.
    (1) The telephone number must be monitored at all times.
    (2) A telephone number that requires a call back (such as an 
answering service, answering machine, or beeper device) does not meet 
the requirements of this paragraph.


Sec.  1580.205  Chain of custody and control requirements.

    (a) Within or outside of an HTUA, rail hazardous materials shipper 
transferring to carrier. Except as provided in paragraph (g) of this 
section, at each location within or outside of an HTUA, a rail 
hazardous materials shipper transferring custody of a rail car 
containing one or more of the categories and quantities of rail 
security-sensitive materials to a freight railroad carrier must do the 
following:
    (1) Physically inspect the rail car before loading for signs of 
tampering, including closures and seals; other signs that the security 
of the car may have been compromised; and suspicious items or items 
that do not belong, including the presence of an improvised explosive 
device.
    (2) Keep the rail car in a rail secure area from the time the 
security inspection required by paragraph (a)(1) of this section or by 
49 CFR 173.31(d), whichever occurs first, until the freight railroad 
carrier takes physical custody of the rail car.
    (3) Document the transfer of custody to the railroad carrier in 
hard copy or electronically.
    (b) Within or outside of an HTUA, carrier receiving from a rail 
hazardous materials shipper. At each location within or outside of an 
HTUA where a freight railroad carrier receives from a rail hazardous 
materials shipper custody of a rail car containing one or more of the 
categories and quantities of rail security-sensitive materials, the 
freight railroad carrier must document the transfer in hard copy or 
electronically and perform the required security inspection in 
accordance with 49 CFR 174.9.
    (c) Within an HTUA, carrier transferring to carrier. Within an 
HTUA, whenever a freight railroad carrier transfers a rail car 
containing one or more of the categories and quantities of rail 
security-sensitive materials to another freight railroad carrier, each 
freight railroad carrier must adopt and carry out procedures to ensure 
that the rail car is not left unattended at any time during the 
physical transfer of custody. These procedures must include the 
receiving freight railroad carrier performing the required security 
inspection in accordance with 49 CFR 174.9. Both the transferring and 
the receiving railroad carrier must document the transfer of custody in 
hard copy or electronically.
    (d) Outside of an HTUA, carrier transferring to carrier. Outside an 
HTUA, whenever a freight railroad carrier transfers a rail car 
containing one or more of the categories and quantities of rail 
security-sensitive materials to another freight railroad carrier, and 
the rail car containing this hazardous material may subsequently enter 
an HTUA, each freight railroad carrier must adopt and carry out 
procedures to ensure that the rail car is not left unattended at any 
time during the physical transfer of custody. These procedures must 
include the receiving railroad carrier performing the required security 
inspection in accordance with 49 CFR 174.9. Both the transferring and 
the receiving railroad carrier must document the transfer of custody in 
hard copy or electronically.
    (e) Within an HTUA, carrier transferring to rail hazardous 
materials receiver. A freight railroad carrier delivering a rail car 
containing one or more of the categories and quantities of rail 
security-sensitive materials to a rail hazardous materials receiver 
located within an HTUA must not leave the rail car unattended in a non-
secure area until the rail hazardous materials receiver accepts custody 
of the rail car. Both the railroad carrier and the rail hazardous 
materials receiver must document the transfer of custody in hard copy 
or electronically.
    (f) Within an HTUA, rail hazardous materials receiver receiving 
from carrier. Except as provided in paragraph (j) of this section, a 
rail hazardous materials receiver located within an HTUA that receives 
a rail car containing one or more of the categories and quantities of 
rail security-sensitive materials from a freight railroad carrier 
must--
    (1) Ensure that the rail hazardous materials receiver or railroad 
carrier maintains positive control of the rail car during the physical 
transfer of custody of the rail car;
    (2) Keep the rail car in a rail secure area until the car is 
unloaded; and
    (3) Document the transfer of custody from the railroad carrier in 
hard copy or electronically.
    (g) Within or outside of an HTUA, rail hazardous materials receiver 
rejecting car. This section does not apply to a rail hazardous 
materials receiver that does not routinely offer, prepare, or load for 
transportation by rail one or more of the categories and quantities of 
rail security-sensitive materials. If such a receiver rejects and 
returns a rail car containing one or more of the categories and 
quantities of rail security-sensitive materials to the originating 
offeror or shipper, the requirements of this section do not apply to 
the receiver. The requirements of this section do apply to any railroad 
carrier to which the receiver transfers custody of the rail car.
    (h) Document retention. Covered entities must maintain the 
documents required under this section for at least 60 calendar days and 
make them available to TSA upon request.
    (i) Rail secure area. The rail hazardous materials shipper and the 
rail hazardous materials receiver must use physical security measures 
to ensure that no unauthorized individual gains access to the rail 
secure area.
    (j) Exemption for rail hazardous materials receivers. A rail 
hazardous materials receiver located within an HTUA may request from 
TSA an exemption from some or all of the requirements of this section 
if the receiver demonstrates that the potential risk from its 
activities is insufficient to warrant compliance with this section. TSA 
will consider all relevant circumstances, including the following:
    (1) The amounts and types of all hazardous materials received.
    (2) The geography of the area surrounding the receiver's facility.
    (3) Proximity to entities that may be attractive targets, including 
other businesses, housing, schools, and hospitals.
    (4) Any information regarding threats to the facility.
    (5) Other circumstances that indicate the potential risk of the 
receiver's facility does not warrant compliance with this section.


Sec.  1580.207  Harmonization of federal regulation of nuclear 
facilities.

    TSA will coordinate activities under this subpart with the Nuclear 
Regulatory Commission (NRC) and the Department of Energy (DOE) with 
respect to regulation of rail hazardous materials shippers and 
receivers that are also licensed or regulated by the NRC or DOE under 
the Atomic Energy Act of 1954, as amended, to maintain consistency with 
the requirements imposed by the NRC and DOE.

Appendix A to Part 1580--High Threat Urban Areas (HTUAs)

[[Page 91394]]



----------------------------------------------------------------------------------------------------------------
                State                         Urban area                        Geographic areas
----------------------------------------------------------------------------------------------------------------
AZ...................................  Phoenix Area...........  Chandler, Gilbert, Glendale, Mesa, Peoria,
                                                                 Phoenix, Scottsdale, Tempe, and a 10-mile
                                                                 buffer extending from the border of the
                                                                 combined area.
CA...................................  Anaheim/Santa Ana Area.  Anaheim, Costa Mesa, Garden Grove, Fullerton,
                                                                 Huntington Beach, Irvine, Orange, Santa Ana,
                                                                 and a 10-mile buffer extending from the border
                                                                 of the combined area.
                                       Bay Area...............  Berkeley, Daly City, Fremont, Hayward, Oakland,
                                                                 Palo Alto, Richmond, San Francisco, San Jose,
                                                                 Santa Clara, Sunnyvale, Vallejo, and a 10-mile
                                                                 buffer extending from the border of the
                                                                 combined area.
                                       Los Angeles/Long Beach   Burbank, Glendale, Inglewood, Long Beach, Los
                                        Area.                    Angeles, Pasadena, Santa Monica, Santa Clarita,
                                                                 Torrance, Simi Valley, Thousand Oaks, and a 10-
                                                                 mile buffer extending from the border of the
                                                                 combined area.
                                       Sacramento Area........  Elk Grove, Sacramento, and a 10-mile buffer
                                                                 extending from the border of the combined area.
                                       San Diego Area.........  Chula Vista, Escondido, and San Diego, and a 10-
                                                                 mile buffer extending from the border of the
                                                                 combined area.
CO...................................  Denver Area............  Arvada, Aurora, Denver, Lakewood, Westminster,
                                                                 Thornton, and a 10-mile buffer extending from
                                                                 the border of the combined area.
DC...................................  National Capital Region  National Capital Region and a 10-mile buffer
                                                                 extending from the border of the combined area.
FL...................................  Fort Lauderdale Area...  Fort Lauderdale, Hollywood, Miami Gardens,
                                                                 Miramar, Pembroke Pines, and a 10-mile buffer
                                                                 extending from the border of the combined area.
                                       Jacksonville Area......  Jacksonville and a 10-mile buffer extending from
                                                                 the city border.
                                       Miami Area.............  Hialeah, Miami, and a 10-mile buffer extending
                                                                 from the border of the combined area.
                                       Orlando Area...........  Orlando and a 10-mile buffer extending from the
                                                                 city border.
                                       Tampa Area.............  Clearwater, St. Petersburg, Tampa, and a 10-mile
                                                                 buffer extending from the border of the
                                                                 combined area.
GA...................................  Atlanta Area...........  Atlanta and a 10-mile buffer extending from the
                                                                 city border.
HI...................................  Honolulu Area..........  Honolulu and a 10-mile buffer extending from the
                                                                 city border.
IL...................................  Chicago Area...........  Chicago and a 10-mile buffer extending from the
                                                                 city border.
IN...................................  Indianapolis Area......  Indianapolis and a 10-mile buffer extending from
                                                                 the city border.
KY...................................  Louisville Area........  Louisville and a 10-mile buffer extending from
                                                                 the city border.
LA...................................  Baton Rouge Area.......  Baton Rouge and a 10-mile buffer extending from
                                                                 the city border.
                                       New Orleans Area.......  New Orleans and a 10-mile buffer extending from
                                                                 the city border.
MA...................................  Boston Area............  Boston, Cambridge, and a 10-mile buffer
                                                                 extending from the border of the combined area.
MD...................................  Baltimore Area.........  Baltimore and a 10-mile buffer extending from
                                                                 the city border.
MI...................................  Detroit Area...........  Detroit, Sterling Heights, Warren, and a 10-mile
                                                                 buffer extending from the border of the
                                                                 combined area.
MN...................................  Twin Cities Area.......  Minneapolis, St. Paul, and a 10-mile buffer
                                                                 extending from the border of the combined
                                                                 entity.
MO...................................  Kansas City Area.......  Independence, Kansas City (MO), Kansas City
                                                                 (KS), Olathe, Overland Park, and a 10-mile
                                                                 buffer extending from the border of the
                                                                 combined area.
                                       St. Louis Area.........  St. Louis and a 10-mile buffer extending from
                                                                 the city border.
NC...................................  Charlotte..............  Charlotte and a 10-mile buffer extending from
                                       Area...................   the city border.
NE...................................  Omaha Area.............  Omaha and a 10-mile buffer extending from the
                                                                 city border.
NJ...................................  Jersey City/Newark Area  Elizabeth, Jersey City, Newark, and a 10-mile
                                                                 buffer extending from the border of the
                                                                 combined area.
NV...................................  Las Vegas Area.........  Las Vegas, North Las Vegas, and a 10-mile buffer
                                                                 extending from the border of the combined
                                                                 entity.
NY...................................  Buffalo Area...........  Buffalo and a 10-mile buffer extending from the
                                                                 city border.
                                       New York City Area.....  New York City, Yonkers, and a 10-mile buffer
                                                                 extending from the border of the combined area.
OH...................................  Cincinnati Area........  Cincinnati and a 10-mile buffer extending from
                                                                 the city border.
                                       Cleveland Area.........  Cleveland and a 10-mile buffer extending from
                                                                 the city border.
                                       Columbus Area..........  Columbus and a 10-mile buffer extending from the
                                                                 city border.
                                       Toledo Area............  Oregon, Toledo, and a 10-mile buffer extending
                                                                 from the border of the combined area.
OK...................................  Oklahoma City Area.....  Norman, Oklahoma and a 10-mile buffer extending
                                                                 from the border of the combined area.
OR...................................  Portland Area..........  Portland, Vancouver, and a 10-mile buffer
                                                                 extending from the border of the combined area.
PA...................................  Philadelphia Area......  Philadelphia and a 10-mile buffer extending from
                                                                 the city border.
                                       Pittsburgh Area........  Pittsburgh and a 10-mile buffer extending from
                                                                 the city border.
TN...................................  Memphis Area...........  Memphis and a 10-mile buffer extending from the
                                                                 city border.
TX...................................  Dallas/Fort Worth/       Arlington, Carrollton, Dallas, Fort Worth,
                                        Arlington Area.          Garland, Grand Prairie, Irving, Mesquite,
                                                                 Plano, and a 10-mile buffer extending from the
                                                                 border of the combined area.
                                       Houston Area...........  Houston, Pasadena, and a 10-mile buffer
                                                                 extending from the border of the combined
                                                                 entity.
                                       San Antonio Area.......  San Antonio and a 10-mile buffer extending from
                                                                 the city border.
WA...................................  Seattle Area...........  Seattle, Bellevue, and a 10-mile buffer
                                                                 extending from the border of the combined area.
WI...................................  Milwaukee Area.........  Milwaukee and a 10-mile buffer extending from
                                                                 the city border.
----------------------------------------------------------------------------------------------------------------

Appendix B to Part 1580--Security-Sensitive Functions for Freight Rail

    This table identifies security-sensitive job functions for owner/
operators regulated under this part. All employees performing security-
sensitive functions are ``security-sensitive employees'' for purposes 
of this rule and must be trained.

[[Page 91395]]



------------------------------------------------------------------------
                                                         Examples of job
                                Security-sensitive job       titles
          Categories             functions for freight    applicable to
                                         rail           these functions*
------------------------------------------------------------------------
A. Operating a vehicle........  1. Employees who
                                 operate or directly
                                 control the movements
                                 of locomotives or
                                 other self-powered
                                 rail vehicles.
                                2. Train conductor,
                                 trainman, brakeman,
                                 or utility employee
                                 or performs
                                 acceptance
                                 inspections, couples
                                 and uncouples rail
                                 cars, applies
                                 handbrakes, or
                                 similar functions.
                                3. Employees covered    Engineer,
                                 under the Federal       conductor.
                                 hours of service laws
                                 as ``train
                                 employees.'' See 49
                                 U.S.C. 21101(5) and
                                 21103.
B. Inspecting and maintaining   Employees who inspect   Carman, car
 vehicles.                       or repair rail cars     repairman, car
                                 and locomotives.        inspector,
                                                         engineer,
                                                         conductor.
C. Inspecting or maintaining    1. Employees who--....  Signalman,
 building or transportation     a. Maintain, install,    signal
 infrastructure.                 or inspect              maintainer,
                                 communications and      trackman, gang
                                 signal equipment.       foreman, bridge
                                                         and building
                                                         laborer,
                                                         roadmaster,
                                                         bridge, and
                                                         building
                                                         inspector/
                                                         operator.
                                b. Maintain, install,
                                 or inspect track and
                                 structures,
                                 including, but not
                                 limited to, bridges,
                                 trestles, and tunnels.
                                2. Employees covered
                                 under the Federal
                                 hours of service laws
                                 as ``signal
                                 employees.'' See 49
                                 U.S.C. 21101(3) and
                                 21104.
D. Controlling dispatch or      1. Employees who--....  Yardmaster,
 movement of a vehicle.         a. Dispatch, direct,     dispatcher,
                                 or control the          block operator,
                                 movement of trains..    bridge
                                                         operator.
                                b. Operate or
                                 supervise the
                                 operations of
                                 moveable bridges..
                                c. Supervise the
                                 activities of train
                                 crews, car movements,
                                 and switching
                                 operations in a yard
                                 or terminal..
                                2. Employees covered
                                 under the Federal
                                 hours of service laws
                                 as ``dispatching
                                 service employees.''
                                 See 49 U.S.C.
                                 21101(2) and 21105.
E. Providing security of the    Employees who provide   Police officer,
 owner/operator's equipment      for the security of     special agent;
 and property.                   the railroad            patrolman;
                                 carrier's equipment     watchman;
                                 and property,           guard.
                                 including acting as a
                                 railroad police
                                 officer (as that term
                                 is defined in 49 CFR
                                 207.2)..
F. Loading or unloading cargo   Includes, but is not    Service track
 or baggage.                     limited to, employees   employee.
                                 that load or unload
                                 hazardous materials.
G. Interacting with travelling  Employees of a freight  Conductor,
 public (on board a vehicle or   railroad operating in   engineer,
 within a transportation         passenger service.      agent.
 facility).
H. Complying with security      1. Employees who serve  Security
 programs or measures,           as security             coordinator,
 including those required by     coordinators            train master,
 federal law.                    designated in Sec.      assistant train
                                 1570.201 of this        master,
                                 subchapter, as well     roadmaster,
                                 as any designated       division
                                 alternates or           roadmaster.
                                 secondary security
                                 coordinators.
                                2. Employees who--....
                                a. Conduct training
                                 and testing of
                                 employees when the
                                 training or testing
                                 is required by TSA's
                                 security regulations..
                                b. Perform inspections
                                 or operations
                                 required by Sec.
                                 1580.205 of this
                                 subchapter..
                                c. Manage or direct
                                 implementation of
                                 security plan
                                 requirements.
------------------------------------------------------------------------
* These job titles are provided solely as a resource to help understand
  the functions described; whether an employee must be trained is based
  upon the function, not the job title.

0
12. Add part 1582 to read as follows:

PART 1582--PUBLIC TRANSPORTATION AND PASSENGER RAILROAD SECURITY

Subpart A--General
Sec.
1582.1 Scope.
1582.3 Terms used in this part.
1582.5 Preemptive effect.
Subpart B--Security Programs
1582.101 Applicability.
1582.103 [Reserved]
1582.105 [Reserved]
1582.107 [Reserved]
1582.109 [Reserved]
1582.111 [Reserved]
1582.113 Security training program general requirements.
1582.115 Security training and knowledge for security-sensitive 
employees.
Subpart C--[Reserved]

Appendix A to Part 1582--Public Transportation Agencies

Appendix B to Part 1582--Security-Sensitive Job Functions For Public 
Transportation and Passenger Railroads

    Authority: 6 U.S.C. 1134 and 1137; 49 U.S.C. 114.

Subpart A--General


Sec.  1582.1   Scope.

    (a) Except as provided in paragraph (b) of this section, this part 
includes requirements for the following persons. Specific sections in 
this part provide detailed requirements.
    (1) Each passenger railroad carrier.
    (2) Each public transportation agency.
    (3) Each operator of a rail transit system that is not operating on 
track that is part of the general railroad system of transportation, 
including heavy rail transit, light rail transit, automated guideway, 
cable car, inclined plane, funicular, and monorail systems.
    (4) Each tourist, scenic, historic, and excursion rail owner/
operator, whether operating on or off the general railroad system of 
transportation.
    (b) This part does not apply to a ferry system required to conduct 
training pursuant to 46 U.S.C. 70103.


Sec.  1582.3   Terms used in this part.

    In addition to the terms in Sec. Sec.  1500.3, 1500.5, and 1503.202 
of subchapter A and Sec.  1570.3 of subchapter D of this chapter, the 
following term applies to this part.
    Security-sensitive employee means an employee whose 
responsibilities for the owner/operator include one or more of the 
security-sensitive job functions identified in Appendix B to this part 
if

[[Page 91396]]

the security-sensitive function is performed in the United States or in 
direct support of the common carriage of persons or property between a 
place in the United States and any place outside of the United States.


Sec.  1582.5  Preemptive effect.

    Under 49 U.S.C. 20106, issuance of the passenger railroad and 
public transportation regulations in this subchapter preempts any State 
law, regulation, or order covering the same subject matter, except an 
additional or more stringent law, regulation, or order that is 
necessary to eliminate or reduce an essentially local security hazard; 
that is not incompatible with a law, regulation, or order of the U.S. 
Government; and that does not unreasonably burden interstate commerce.

Subpart B--Security Programs


Sec.  1582.101   Applicability.

    The requirements of this subpart apply to the following:
    (1) Amtrak (also known as the National Railroad Passenger 
Corporation).
    (2) Each owner/operator identified in Appendix A to this part.
    (3) Each owner/operator described in Sec.  1582.1(a)(1) through (3) 
of this part that serves as a host railroad to a freight operation 
described in Sec.  1580.301 of this subchapter or to a passenger train 
operation described in paragraph (a)(1) or (a)(2) of this section.


Sec.  1582.103   [Reserved]


Sec.  1582.105   [Reserved]


Sec.  1582.107   [Reserved]


Sec.  1582.109   [Reserved]


Sec.  1582.111   [Reserved]


Sec.  1582.113   Security training program general requirements.

    (a) Security training program required. Each owner/operator 
identified in Sec.  1582.101 of this part is required to adopt and 
carry out a security training program under this subpart.
    (b) General requirements. The security training program must 
include the following information:
    (1) Name of owner/operator.
    (2) Name, title, telephone number, and email address of the primary 
individual to be contacted with regard to review of the security 
training program.
    (3) Number, by specific job function category identified in 
Appendix B to this part, of security-sensitive employees trained or to 
be trained.
    (4) Implementation schedule that identifies a specific date by 
which initial and recurrent security training required by Sec.  
1570.111 of this subchapter will be completed.
    (5) Location where training program records will be maintained.
    (6) Curriculum or lesson plan, learning objectives, and method of 
delivery (such as instructor-led or computer-based training) for each 
course used to meet the requirements of Sec.  1582.115 of this part. 
TSA may request additional information regarding the curriculum during 
the review and approval process.
    (7) Plan for ensuring supervision of untrained security-sensitive 
employees performing functions identified in Appendix B to this part.
    (8) Plan for notifying employees of changes to security measures 
that could change information provided in previously provided training.
    (9) Method(s) for evaluating the effectiveness of the security 
training program in each area required by Sec.  1582.115 of this part.
    (c) Relation to other training. (1) Training conducted by owner/
operators to comply other requirements or standards, such as emergency 
preparedness training required by the Department of Transportation 
(DOT) (49 CFR part 239) or other training for communicating with 
emergency responders to arrange the evacuation of passengers, may be 
combined with and used to satisfy elements of the training requirements 
in this subpart.
    (2) If the owner/operator submits a security training program that 
relies on pre-existing or previous training materials to meet the 
requirements of subpart B, the program submitted for approval must 
include an index, organized in the same sequence as the requirements in 
this subpart.
    (d) Submission and Implementation. The owner/operator must submit 
and implement the security training program in accordance with the 
schedules identified in Sec. Sec.  1570.109 and 1570.111 of this 
subchapter.


Sec.  1582.115   Security training and knowledge for security-sensitive 
employees.

    (a) Training required for security-sensitive employees. No owner/
operator required to have a security training program under Sec.  
1582.101 of this part may use a security-sensitive employee to perform 
a function identified in Appendix B to this part unless that individual 
has received training as part of a security training program approved 
by TSA under 49 CFR part 1570, subpart B, or is under the direct 
supervision of a security-sensitive employee who has received the 
training required by this section.
    (b) Limits on use of untrained employees. Notwithstanding paragraph 
(a) of this section, a security-sensitive employee may not perform a 
security-sensitive function for more than sixty (60) calendar days 
without receiving security training.
    (c) Prepare. Each owner/operator must ensure that each of its 
security-sensitive employees with position- or function-specific 
responsibilities under the owner/operator's security program have 
knowledge of how to fulfill those responsibilities in the event of a 
security threat, breach, or incident to ensure--
    (1) Employees with responsibility for transportation security 
equipment and systems are aware of their responsibilities and can 
verify the equipment and systems are operating and properly maintained; 
and
    (2) Employees with other duties and responsibilities under the 
company's security plans and/or programs, including those required by 
Federal law, know their assignments and the steps or resources needed 
to fulfill them.
    (d) Observe. Each owner/operator must ensure that each of its 
security-sensitive employees has knowledge of the observational skills 
necessary to recognize--
    (1) Suspicious and/or dangerous items (such as substances, 
packages, or conditions (for example, characteristics of an IED and 
signs of equipment tampering or sabotage);
    (2) Combinations of actions and individual behaviors that appear 
suspicious and/or dangerous, inappropriate, inconsistent, or out of the 
ordinary for the employee's work environment which could indicate a 
threat to transportation security; and
    (3) How a terrorist or someone with malicious intent may attempt to 
gain sensitive information or take advantage of vulnerabilities.
    (e) Assess. Each owner/operator must ensure that each of its 
security-sensitive employees has knowledge necessary to--
    (1) Determine whether the item, individual, behavior, or situation 
requires a response as a potential terrorist threat based on the 
respective transportation environment; and
    (2) Identify appropriate responses based on observations and 
context.
    (f) Respond. Each owner/operator must ensure that each of its 
security-sensitive employees has knowledge of how to--
    (1) Appropriately report a security threat, including knowing how 
and when to report internally to other

[[Page 91397]]

employees, supervisors, or management, and externally to local, state, 
or federal agencies according to the owner/operator's security 
procedures or other relevant plans;
    (2) Interact with the public and first responders at the scene of 
the threat or incident, including communication with passengers on 
evacuation and any specific procedures for individuals with 
disabilities and the elderly; and
    (3) Use any applicable self-defense devices or other protective 
equipment provided to employees by the owner/operator.

Subpart C [Reserved]

Appendix A to Part 1582--Determinations for Public Transportation and 
Passenger Railroads

------------------------------------------------------------------------
             State                  Urban area            Systems
------------------------------------------------------------------------
CA............................  Bay Area.........  Alameda-Contra Costa
                                                    Transit District (AC
                                                    Transit).
                                                   Altamont Commuter
                                                    Express (ACE).
                                .................  San Francisco Bay
                                                    Area Rapid Transit
                                                    District (BART).
                                .................  Central Contra Costa
                                                    Transit Authority.
                                .................  Golden Gate Bridge,
                                                    Highway and
                                                    Transportation
                                                    District (GGBHTD).
                                .................  Peninsula Corridor
                                                    Joint Powers Board
                                                    (PCJPB) (Caltrain).
                                .................  San Francisco
                                                    Municipal Railway
                                                    (MUNI) (San
                                                    Francisco Municipal
                                                    Transportation
                                                    Agency).
                                .................  San Mateo County
                                                    Transit Authority
                                                    (SamTrans).
                                .................  Santa Clara Valley
                                                    Transportation
                                                    Authority (VTA).
                                .................  Transbay Joint Powers
                                                    Authority.
                                Greater Los        City of Los Angeles
                                 Angeles Area       Department of
                                 (Los Angeles/      Transportation
                                 Long Beach and     (LADOT).
                                 Anaheim/Santa     Foothill Transit.
                                 Ana UASI Areas).  Long Beach Transit
                                                    (LBT).
                                .................  Los Angeles County
                                                    Metropolitan
                                                    Transportation
                                                    Authority (LACMTA).
                                .................  Montebello Bus Lines
                                                    (MBL).
                                .................  Omnitrans (OMNI).
                                .................  Orange County
                                                    Transportation
                                                    Authority (OCTA).
                                .................  Santa Monica's Big
                                                    Blue Bus (Big Blue
                                                    Bus).
                                .................  Southern California
                                                    Regional Rail
                                                    Authority
                                                    (Metrolink).
DC/MD/VA......................  Greater National   Arlington Rapid
                                 Capital Region     Transit.
                                 (National         City of Alexandria
                                 Capital Region     (Alexandria Transit
                                 and Baltimore      Company) (Dash).
                                 UASI Areas).
                                .................  Fairfax County
                                                    Department of
                                                    Transportation--Fair
                                                    fax Connector Bus
                                                    System.
                                .................  Maryland Transit
                                                    Administration
                                                    (MTA).
                                .................  Montgomery County
                                                    Department of
                                                    Transportation (Ride-
                                                    On Montgomery County
                                                    Transit).
                                .................  Potomac and
                                                    Rappahannock
                                                    Transportation
                                                    Commission.
                                .................  Prince George's
                                                    County Department of
                                                    Public Works and
                                                    Transportation (The
                                                    Bus).
                                .................  Virginia Railway
                                                    Express (VRE).
                                .................  Washington
                                                    Metropolitan Area
                                                    Transit Authority
                                                    (WMATA).
GA............................  Atlanta Area.....  Georgia Regional
                                                    Transportation
                                                    Authority (GRTA).
                                                   Metropolitan Atlanta
                                                    Rapid Transit
                                                    Authority (MARTA).
IL/IN.........................  Chicago Area.....  Chicago Transit
                                                    Authority (CTA).
                                .................  Northeast Illinois
                                                    Commuter Railroad
                                                    Corporation (Metra/
                                                    NIRCRC).
                                .................  Northern Indiana
                                                    Commuter
                                                    Transportation
                                                    District (NICTD).
                                .................  PACE Suburban Bus
                                                    Company.
MA............................  Boston Area......  Massachusetts Bay
                                                    Transportation
                                                    Authority (MBTA).
NY/NJ/CT......................  New York City/     Connecticut
                                 Northern New       Department of
                                 Jersey Area (New   Transportation
                                 York City and      (CDOT).
                                 Jersey City/
                                 Newark UASI
                                 Areas).
                                .................  Connecticut Transit
                                                    (Hartford Division
                                                    and New Haven
                                                    Divisions of
                                                    CTTransit).
                                .................  Metropolitan
                                                    Transportation
                                                    Authority (All
                                                    Agencies).
                                .................  New Jersey Transit
                                                    Corp. (NJT).
                                .................  New York City
                                                    Department of
                                                    Transportation.
                                .................  Port Authority of New
                                                    York and New Jersey
                                                    (PANYNJ) (excluding
                                                    ferry).
                                .................  Westchester County
                                                    Department of
                                                    Transportation Bee-
                                                    Line System (The Bee-
                                                    Line System).
PA/NJ.........................  Philadelphia Area  Delaware River Port
                                                    Authority (DRPA)--
                                                    Port Authority
                                                    Transit Corporation
                                                    (PATCO).
                                .................  Delaware Transit
                                                    Corporation (DTC).
                                .................  New Jersey Transit
                                                    Corp. (NJT) (covered
                                                    under NY).
                                .................  Pennsylvania
                                                    Department of
                                                    Transportation.
                                .................  Southeastern
                                                    Pennsylvania
                                                    Transportation
                                                    Authority (SEPTA).
------------------------------------------------------------------------


[[Page 91398]]

Appendix B to Part 1582--Security-Sensitive Job Functions For Public 
Transportation and Passenger Railroads

    This table identifies security-sensitive job functions for owner/
operators regulated under this part. All employees performing security-
sensitive functions are ``security-sensitive employees'' for purposes 
of this rule and must be trained.

------------------------------------------------------------------------
                                  Security-sensitive job functions for
          Categories              public transportation and passenger
                                            railroads (PTPR)
------------------------------------------------------------------------
A. Operating a vehicle.......  1. Employees who--
                               a. Operate or control the movements of
                                trains, other rail vehicles, or transit
                                buses.
                               b. Act as train conductor, trainman,
                                brakeman, or utility employee or
                                performs acceptance inspections, couples
                                and uncouples rail cars, applies
                                handbrakes, or similar functions.
                               2. Employees covered under the Federal
                                hours of service laws as ``train
                                employees.'' See 49 U.S.C. 21101(5) and
                                21103.
B. Inspecting and maintaining  Employees who--
 vehicles.                     1. Perform activities related to the
                                diagnosis, inspection, maintenance,
                                adjustment, repair, or overhaul of
                                electrical or mechanical equipment
                                relating to vehicles, including
                                functions performed by mechanics and
                                automotive technicians.
                               2. Provide cleaning services to vehicles
                                owned, operated, or controlled by an
                                owner/operator regulated under this
                                subchapter.
C. Inspecting or maintaining   Employees who--
 building or transportation    1. Maintain, install, or inspect
 infrastructure.                communication systems and signal
                                equipment related to the delivery of
                                transportation services.
                               2. Maintain, install, or inspect track
                                and structures, including, but not
                                limited to, bridges, trestles, and
                                tunnels.
                               3. Provide cleaning services to stations
                                and terminals owned, operated, or
                                controlled by an owner/operator
                                regulated under this subchapter that are
                                accessible to the general public or
                                passengers.
                               4. Provide maintenance services to
                                stations, terminals, yards, tunnels,
                                bridges, and operation control centers
                                owned, operated, or controlled by an
                                owner/operator regulated under this
                                subchapter.
                               5. Employees covered under the Federal
                                hours of service laws as ``signal
                                employees.'' See 49 U.S.C. 21101(4) and
                                21104.
D. Controlling dispatch or     Employees who--
 movement of a vehicle.        1. Dispatch, report, transport, receive
                                or deliver orders pertaining to specific
                                vehicles, coordination of transportation
                                schedules, tracking of vehicles and
                                equipment.
                               2. Manage day-to-day management delivery
                                of transportation services and the
                                prevention of, response to, and redress
                                of service disruptions.
                               3. Supervise the activities of train
                                crews, car movements, and switching
                                operations in a yard or terminal.
                               4. Dispatch, direct, or control the
                                movement of trains or buses.
                               5. Operate or supervise the operations of
                                moveable bridges.
                               6. Employees covered under the Federal
                                hours of service laws as ``dispatching
                                service employees.'' See 49 U.S.C.
                                21101(2) and 21105.
E. Providing security of the   Employees who--
 owner/operator's equipment    1. Provide for the security of PTPR
 and property.                  equipment and property, including acting
                                as a police officer.
                               2. Patrol and inspect property of an
                                owner/operator regulated under this
                                subchapter to protect the property,
                                personnel, passengers and/or cargo.
F. Loading or unloading cargo  Employees who load, or oversee loading
 or baggage.                    of, property tendered by or on behalf of
                                a passenger on or off of a portion of a
                                train that will be inaccessible to the
                                passenger while the train is in
                                operation.
G. Interacting with            Employees who provide services to
 travelling public (on board    passengers on-board a train or bus,
 a vehicle or within a          including collecting tickets or cash for
 transportation facility).      fares, providing information, and other
                                similar services. Including:
                               1. On-board food or beverage employees.
                               2. Functions on behalf of an owner/
                                operator regulated under this subchapter
                                that require regular interaction with
                                travelling public within a
                                transportation facility, such as ticket
                                agents.
H. Complying with security     1. Employees who serve as security
 programs or measures,          coordinators designated in Sec.
 including those required by    1570.201 of this subchapter, as well as
 federal law.                   any designated alternates or secondary
                                security coordinators.
                               2. Employees who--
                               a. Conduct training and testing of
                                employees when the training or testing
                                is required by TSA's security
                                regulations.
                               b. Manage or direct implementation of
                                security plan requirements.
------------------------------------------------------------------------

0
13. Add part 1584 to read as follows:

PART 1584--HIGHWAY AND MOTOR CARRIERS

Subpart A--General
Sec.
1584.1 Scope.
1584.3 Terms used in this part.
Subpart B--Security Programs
1584.101 Applicability.
1584.103 [Reserved]
1584.105 [Reserved]
1584.107 [Reserved]

[[Page 91399]]

1584.109 [Reserved]
1584.111 [Reserved]
1584.113 Security training program general requirements.
1584.115 Security training and knowledge for security-sensitive 
employees.
Subpart C [Reserved]

Appendix A to Part 1584--Urban Area Determinations for Over-The-Road 
Buses

Appendix B to Part 1584--Security-Sensitive Job Functions For Over-the-
Road Buses

    Authority:  6 U.S.C. 1181 and 1184; 49 U.S.C. 114.

Subpart A--General


Sec.  1584.1  Scope.

    This part includes requirements for persons providing 
transportation by an over-the-road bus (OTRB). Specific sections in 
this part provide detailed requirements.


Sec.  1584.3  Terms used in this part.

    In addition to the terms in Sec. Sec.  1500.3, 1500.5, and 1503.202 
of subchapter A and Sec.  1570.3 of subchapter D of this chapter, the 
following term applies to this part.
    Security-sensitive employee means an employee whose 
responsibilities for the owner/operator include one or more of the 
security-sensitive job functions identified in Appendix B to this part 
where the security-sensitive function is performed in the United States 
or in direct support of the common carriage of persons or property 
between a place in the United States and any place outside of the 
United States.

Subpart B--Security Programs


Sec.  1584.101   Applicability.

    The requirements of this subpart apply to each OTRB owner/operator 
providing fixed-route service that originates, travels through, or ends 
in a geographic location identified in Appendix A to this part.


Sec.  1584.103   [Reserved]


Sec.  1584.105   [Reserved]


Sec.  1584.107   [Reserved]


Sec.  1584.109   [Reserved]


Sec.  1584.111   [Reserved]


Sec.  1584.113  Security training program general requirements.

    (a) Security training program required. Each owner/operator 
identified in Sec.  1584.101 of this part is required to adopt and 
carry out a security training program under this subpart.
    (b) General requirements. The security training program must 
include the following information:
    (1) Name of owner/operator.
    (2) Name, title, telephone number, and email address of the primary 
individual to be contacted with regard to review of the security 
training program.
    (3) Number, by specific job function category identified in 
Appendix B to this part, of security-sensitive employees trained or to 
be trained.
    (4) Implementation schedule that identifies a specific date by 
which initial and recurrent security training required by Sec.  
1570.111 of this subchapter will be completed.
    (5) Location where training program records will be maintained.
    (6) Curriculum or lesson plan, learning objectives, and method of 
delivery (such as instructor-led or computer-based training) for each 
course used to meet the requirements of Sec.  1584.115 of this part. 
TSA may request additional information regarding the curriculum during 
the review and approval process.
    (7) Plan for ensuring supervision of untrained security-sensitive 
employees performing functions identified in Appendix B to this part.
    (8) Plan for notifying employees of changes to security measures 
that could change information provided in previously provided training.
    (9) Method(s) for evaluating the effectiveness of the security 
training program in each area required by Sec.  1584.115 of this part.
    (c) Relation to other training. (1) Training conducted by owner/
operators to comply other requirements or standards may be combined 
with and used to satisfy elements of the training requirements in this 
subpart.
    (2) If the owner/operator submits a security training program that 
relies on pre-existing or previous training materials to meet the 
requirements of subpart B, the program submitted for approval must 
include an index, organized in the same sequence as the requirements in 
this subpart.
    (d) Submission and Implementation. The owner/operator must submit 
and implement the security training program in accordance with the 
schedules identified in Sec. Sec.  1570.109 and 1570.111 of this 
subchapter.


Sec.  1584.115   Security training and knowledge for security-sensitive 
employees.

    (a) Training required for security-sensitive employees. No owner/
operator required to have a security training program under Sec.  
1584.101 of this part may use a security-sensitive employee to perform 
a function identified in Appendix B to this part unless that individual 
has received training as part of a security training program approved 
by TSA under 49 CFR part 1570, subpart B, or is under the direct 
supervision of a security-sensitive employee who has received the 
training required by this section.
    (b) Limits on use of untrained employees. Notwithstanding paragraph 
(a) of this section, a security-sensitive employee may not perform a 
security-sensitive function for more than sixty (60) calendar days 
without receiving security training.
    (c) Prepare. Each owner/operator must ensure that each of its 
security-sensitive employees with position- or function-specific 
responsibilities under the owner/operator's security program have 
knowledge of how to fulfill those responsibilities in the event of a 
security threat, breach, or incident to ensure--
    (1) Employees with responsibility for transportation security 
equipment and systems are aware of their responsibilities and can 
verify the equipment and systems are operating and properly maintained; 
and
    (2) Employees with other duties and responsibilities under the 
company's security plans and/or programs, including those required by 
Federal law, know their assignments and the steps or resources needed 
to fulfill them.
    (d) Observe. Each owner/operator must ensure that each of its 
security-sensitive employees has knowledge of the observational skills 
necessary to recognize--
    (1) Suspicious and/or dangerous items (such as substances, 
packages, or conditions (for example, characteristics of an IED and 
signs of equipment tampering or sabotage);
    (2) Combinations of actions and individual behaviors that appear 
suspicious and/or dangerous, inappropriate, inconsistent, or out of the 
ordinary for the employee's work environment which could indicate a 
threat to transportation security; and
    (3) How a terrorist or someone with malicious intent may attempt to 
gain sensitive information or take advantage of vulnerabilities.
    (e) Assess. Each owner/operator must ensure that each of its 
security-sensitive employees has knowledge necessary to--
    (1) Determine whether the item, individual, behavior, or situation 
requires a response as a potential terrorist threat based on the 
respective transportation environment; and
    (2) Identify appropriate responses based on observations and 
context.
    (f) Respond. Each owner/operator must ensure that each of its 
security-

[[Page 91400]]

sensitive employees has knowledge of how to--
    (1) Appropriately report a security threat, including knowing how 
and when to report internally to other employees, supervisors, or 
management, and externally to local, state, or federal agencies 
according to the owner/operator's security procedures or other relevant 
plans;
    (2) Interact with the public and first responders at the scene of 
the threat or incident, including communication with passengers on 
evacuation and any specific procedures for individuals with 
disabilities and the elderly; and
    (3) Use any applicable self-defense devices or other protective 
equipment provided to employees by the owner/operator.

Subpart C [Reserved]

Appendix A to Part 1584--Urban Area Determinations for Over-the-Road 
Buses

----------------------------------------------------------------------------------------------------------------
                  State                            Urban area                       Geographic areas
----------------------------------------------------------------------------------------------------------------
CA......................................  Anaheim/Los Angeles/Long     Los Angeles and Orange Counties.
                                           Beach/Santa Ana Areas.
                                          San Diego Area.............  San Diego County.
                                          San Francisco Bay Area.....  Alameda, Contra Costa, Marin, San
                                                                        Francisco, and San Mateo Counties.
DC (VA, MD, and WV).....................  National Capital Region....  District of Columbia; Counties of
                                                                        Calvert, Charles, Frederick, Montgomery,
                                                                        and Prince George's, MD; Counties of
                                                                        Arlington, Clarke, Fairfax, Fauquier,
                                                                        Loudoun, Prince William, Spotsylvania,
                                                                        Stafford, and Warren County, VA; Cities
                                                                        of Alexandria, Fairfax, Falls Church,
                                                                        Fredericksburg, Manassas, and Manassas
                                                                        Park City, VA; Jefferson County, WV.
IL/IN...................................  Chicago....................  Counties of Cook, DeKalb, DuPage, Grundy,
                                          Area.......................   Kane, Kendall, Lake, McHenry, and Will,
                                                                        IL; Counties of Jasper, Lake, Newton,
                                                                        and Porter, IN; Kenosha County, WI.
MA......................................  Boston.....................  Counties of Essex, Norfolk, Plymouth,
                                          Area.......................   Suffolk, Middlesex, MA; Counties of
                                                                        Rockingham and Strafford, NH.
NY (NJ and PA)..........................  New York City/Jersey City/   Counties of Bronx, Kings, Nassau, New
                                           Newark Area.                 York, Putnam, Queens, Richmond,
                                                                        Rockland, Suffolk, and Westchester, NY;
                                                                        Counties of Bergen, Essex, Hudson,
                                                                        Hunterdon, Ocean, Middlesex, Monmouth,
                                                                        Morris, Passaic, Somerset, Sussex, and
                                                                        Union, NJ; Pike County, PA.
PA (DE and NJ)..........................  Philadelphia Area/Southern   Counties of Burlington, Camden, and
                                           New Jersey.                  Gloucester, NJ; Counties of Bucks,
                                          Area.......................   Chester, Delaware, Montgomery, and
                                                                        Philadelphia, PA; New Castle County, DE;
                                                                        Cecil County, MD; Salem County, NJ.
TX......................................  Dallas Fort Worth/Arlington  Collin, Dallas, Delta, Denton, Ellis,
                                           Area.                        Hunt, Kaufman, Rockwall, Johnson,
                                                                        Parker, Tarrant, and Wise Counties, TX.
                                          Houston Area...............  Austin, Brazoria, Chambers, Fort Bend,
                                                                        Galveston, Harris, Liberty, Montgomery,
                                                                        San Jacinto, and Waller Counties, TX.
----------------------------------------------------------------------------------------------------------------

Appendix B to Part 1584--Security-Sensitive Job Functions For Over-the-
Road Buses

    This table identifies security-sensitive job functions for owner/
operators regulated under this part. All employees performing security-
sensitive functions are ``security-sensitive employees'' for purposes 
of this rule and must be trained.

------------------------------------------------------------------------
                               Security-sensitive job functions for over-
          Categories                         the-road buses
------------------------------------------------------------------------
A. Operating a vehicle.......  Employees who have a commercial driver's
                                license (CDL) and operate an OTRB.
B. Inspecting and maintaining  Employees who--
 vehicles.                     1. Perform activities related to the
                                diagnosis, inspection, maintenance,
                                adjustment, repair, or overhaul of
                                electrical or mechanical equipment
                                relating to vehicles, including
                                functions performed by mechanics and
                                automotive technicians.
                               2. Does not include cleaning or
                                janitorial activities.
C. Inspecting or maintaining   Employees who--
 building or transportation    1. Provide cleaning services to areas of
 infrastructure.                facilities owned, operated, or
                                controlled by an owner/operator
                                regulated under this subchapter that are
                                accessible to the general public or
                                passengers.
                               2. Provide cleaning services to vehicles
                                owned, operated, or controlled by an
                                owner/operator regulated under this part
                                (does not include vehicle maintenance).
                               3. Provide general building maintenance
                                services to buildings owned, operated,
                                or controlled by an owner/operator
                                regulated under this part.
D. Controlling dispatch or     Employees who--
 movement of a vehicle.        1. Dispatch, report, transport, receive
                                or deliver orders pertaining to specific
                                vehicles, coordination of transportation
                                schedules, tracking of vehicles and
                                equipment.
                               2. Manage day-to-day delivery of
                                transportation services and the
                                prevention of, response to, and redress
                                of disruptions to those services.
                               3. Perform tasks requiring access to or
                                knowledge of specific route information.
E. Providing security of the   Employees who patrol and inspect property
 owner/operator's equipment     of an owner/operator regulated under
 and property.                  this part to protect the property,
                                personnel, passengers and/or cargo.
F. Loading or unloading cargo  Employees who load, or oversee loading
 or baggage.                    of, property tendered by or on behalf of
                                a passenger on or off of a portion of a
                                bus that will be inaccessible to the
                                passenger while the vehicle is in
                                operation.

[[Page 91401]]

 
G. Interacting with            Employees who--
 travelling public (on board   1. Provide services to passengers on-
 a vehicle or within a          board a bus, including collecting
 transportation facility).      tickets or cash for fares, providing
                                information, and other similar services.
                               2. Includes food or beverage employees,
                                tour guides, and functions on behalf of
                                an owner/operator regulated under this
                                part that require regular interaction
                                with travelling public within a
                                transportation facility, such as ticket
                                agents.
H. Complying with security     1. Employees who serve as security
 programs or measures,          coordinators designated in Sec.
 including those required by    1570.201 of this subchapter, as well as
 federal law.                   any designated alternates or secondary
                                security coordinators.
                               2. Employees who--
                               a. Conduct training and testing of
                                employees when the training or testing
                                is required by TSA's security
                                regulations.
                               b. Manage or direct implementation of
                                security plan requirements.
------------------------------------------------------------------------


    Dated: November 18, 2016.
Huban A. Gowadia,
Deputy Administrator.
[FR Doc. 2016-28298 Filed 12-15-16; 8:45 am]
 BILLING CODE 9110-05-P
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.