FHWA Adoption of Cyber Security Evaluation Tool, 15923-15924 [2024-04616]
Download as PDF
<![CDATA[
Federal Register / Vol. 89, No. 44 / Tuesday, March 5, 2024 / Notices
DEPARTMENT OF TRANSPORTATION
Federal Aviation Administration
[Docket No. FAA–2023–1426]
Agency Information Collection
Activities: Requests for Comments;
Clearance of a Renewed Approval of
Information Collection: Protection of
Voluntarily Submitted Information
Federal Aviation
Administration (FAA), DOT.
ACTION: Notice and request for
comments.
AGENCY:
In accordance with the
Paperwork Reduction Act of 1995, FAA
invites public comments about our
intention to request the Office of
Management and Budget (OMB)
approval to renew an information
collection. The Federal Register Notice
with a 60-day comment period soliciting
comments on the following collection of
information was published on June 23,
2023. The collection involves protection
of voluntarily submitted information.
Part 193 of the Federal Aviation
Administration (FAA) regulations
provides that certain information
submitted to the FAA on a voluntary
basis is not to be disclosed. This part
implements a statutory provision. The
purpose of part 193 is to encourage the
aviation community to voluntarily share
information with the FAA so that the
agency may work cooperatively with
industry to identify modifications to
rules, policies, and procedures needed
to improve safety, security, and
efficiency of the National Airspace
System (NAS). The information
collection associated with part 193 also
supports the Department of
Transportation’s Strategic Goal of Safety
and Security.
DATES: Written comments should be
submitted by April 4, 2024.
ADDRESSES: Written comments and
recommendations for the proposed
information collection should be sent
within 30 days of publication of this
notice to www.reginfo.gov/public/do/
PRAMain. Find this particular
information collection by selecting
‘‘Currently under 30-day Review—Open
for Public Comments’’ or by using the
search function.
FOR FURTHER INFORMATION CONTACT:
Sandra Ray by email at: Sandra.ray@
faa.gov; phone: 412–546–7344
SUPPLEMENTARY INFORMATION:
Public Comments Invited: You are
asked to comment on any aspect of this
information collection, including (a)
Whether the proposed collection of
information is necessary for FAA’s
lotter on DSK11XQN23PROD with NOTICES1
SUMMARY:
VerDate Sep<11>2014
16:50 Mar 04, 2024
Jkt 262001
performance; (b) the accuracy of the
estimated burden; (c) ways for FAA to
enhance the quality, utility and clarity
of the information collection; and (d)
ways that the burden could be
minimized without reducing the quality
of the collected information.
OMB Control Number: 2120–0646.
Title: Protection of Voluntarily
Submitted Information.
Form Numbers: None.
Type of Review: Renewal of an
information collection.
Background: The Federal Register
Notice with a 60-day comment period
soliciting comments on the following
collection of information was published
on June 23, 2023 (88 FR 41185). Part 193
of the FAA regulations provides that
certain information submitted to the
FAA on a voluntary basis is not to be
disclosed. Part 193 implements a
statutory provision. Section 40123 was
added to title 49, United States Code, in
the Federal Aviation Reauthorization
Act of 1996 to encourage people to
voluntarily submit desired information.
Section 40123 allows the Administrator,
through FAA regulations, to protect
from disclosure voluntarily provided
information relating to safety and
security issues.
The purpose of part 193 is to
encourage the aviation community to
voluntarily share information with the
FAA so that the agency may work
cooperatively with industry to identify
modifications to rules, policies, and
procedures needed to improve safety,
security, and efficiency of the National
Airspace System. FAA programs that are
covered under part 193 are Voluntary
Safety Reporting Programs, Air Traffic
and Technical Operations Safety Action
programs, the Aviation Safety Action
Program, and the Voluntary Disclosure
Reporting Program. This rule imposes a
negligible paperwork burden for
certificate holders and fractional
ownership programs that choose to
submit a letter notifying the
Administrator that they wish to
participate in a current program.
The number of respondents has
greatly increased since the initial
approval of this information collection.
In order to accurately reflect the burden
of this information collection going
forward, the FAA has included total
current participants in the programs.
Respondents: 2604.
Frequency: Varies per response type.
Estimated Average Burden per
Response: Varies per response type.
Estimated Total Annual Burden:
493,723 Hours.
PO 00000
Frm 00116
Fmt 4703
Sfmt 4703
15923
Issued in Washington, DC, on February 29,
2024.
Sandra L. Ray,
Aviation Safety Inspector, AFS–260.
[FR Doc. 2024–04576 Filed 3–4–24; 8:45 am]
BILLING CODE 4910–13–P
DEPARTMENT OF TRANSPORTATION
Federal Highway Administration
[FHWA Docket No. FHWA–2024–0005]
FHWA Adoption of Cyber Security
Evaluation Tool
Federal Highway
Administration (FHWA), U.S.
Department of Transportation (DOT).
ACTION: Notice; request for comments.
AGENCY:
Following coordination with
the U.S. Department of Homeland
Security, FHWA announces its proposal
to adopt the Cyber Security Evaluation
Tool (CSET) as a voluntary tool
transportation authorities can use to
assist in identifying, detecting,
protecting against, responding to, and
recovering from cyber incidents. The
FHWA requests comments on its
proposal.
SUMMARY:
Comments must be received on
or before April 19, 2024. Late comments
will be considered to the extent
practicable.
DATES:
All comments should
include the docket number that appears
in the heading of this document and
may be submitted in any of the
following ways:
• Electronically through the Federal
eRulemaking Portal:
www.regulations.gov. This website
allows the public to enter comments on
any Federal Register notice issued by
any agency. Follow the online
instructions for submitting comments.
• Mail: U.S. Department of
Transportation, Docket Operations, M–
30, West Building Ground Floor, Room
W12–140, 1200 New Jersey Avenue SE,
Washington, DC 20590.
• Hand Delivery: U.S. Department of
Transportation, Docket Operations,
West Building Ground Floor, Room
W12–140, 1200 New Jersey Avenue SE,
Washington, DC 20590, between 9 a.m.
and 5 p.m., ET, Monday through Friday,
except Federal holidays.
Instructions: You should identify the
docket number at the beginning of your
comments. Note that all comments
received will be posted without change
to www.regulations.gov, including any
personal information provided. For
more information, you may review the
U.S. Department of Transportation’s
ADDRESSES:
E:\FR\FM\05MRN1.SGM
05MRN1
15924
Federal Register / Vol. 89, No. 44 / Tuesday, March 5, 2024 / Notices
complete Privacy Act Statement
published in the Federal Register on
April 11, 2000 (65 FR 19477).
FOR FURTHER INFORMATION CONTACT: For
questions about this notice, please
contact Mr. Jason Carnes, FHWA
Transportation Security Coordinator
(202) 366–5280, or via email at
Jason.Carnes@dot.gov, Federal Highway
Administration, 1200 New Jersey
Avenue SE, Washington, DC 20590.
Office hours are from 8 a.m. to 4:30
p.m., ET, Monday through Friday,
except Federal holidays.
SUPPLEMENTARY INFORMATION:
Electronic Access
This document may be viewed online
under the docket number noted above
through the Federal eRulemaking portal
at: www.regulations.gov. Electronic
submission and retrieval help and
guidelines are available on the website.
Please follow the online instructions.
An electronic copy of this document
may also be downloaded from the Office
of the Federal Register’s website at:
www.FederalRegister.gov and the U.S.
Government Publishing Office’s website
at: www.GovInfo.gov.
All comments received before the
close of business on the comment
closing date indicated above will be
considered and will be available for
examination in the docket at the above
address. Comments received after the
comment closing date will be filed in
the docket and will be considered to the
extent practicable. In addition to late
comments, FHWA will also continue to
file relevant information in the docket
as it becomes available after the
comment period closing date and
interested persons should continue to
examine the docket for new material.
lotter on DSK11XQN23PROD with NOTICES1
Background
Pursuant to section 11510(b) of the
Bipartisan Infrastructure Law (BIL),
enacted as the Infrastructure Investment
and Jobs Act (Pub. L. 117–58), FHWA is
required to develop a tool to assist
transportation authorities in identifying,
detecting, protecting against, responding
to, and recovering from cyber incidents.
Safety is the top priority of DOT and
FHWA. The FHWA routinely works
closely and collaboratively with Federal
and State agencies whose primary
missions revolve around securing
critical transportation infrastructure.
The FHWA provides subject matter
expertise to those agencies in
identifying potential physical and
cybersecurity threats and appropriate
mitigation efforts. When presented with
physical or cybersecurity questions,
concerns or incidents from State, local,
VerDate Sep<11>2014
16:50 Mar 04, 2024
Jkt 262001
Tribal, and Territorial transportation
authorities, or other stakeholders,
FHWA routinely assists in connecting
these entities to security-focused
government agencies, including the
Transportation Security Administration
(TSA), Cybersecurity and Infrastructure
Security Agency (CISA), and Federal
Bureau of Investigation (FBI).
In accordance with BIL, section
11510(b), FHWA is proposing to adopt
CISA’s CSET as a voluntary tool that
transportation authorities can use to
assist in identifying, detecting,
protecting against, responding to, and
recovering from cyber incidents. The
CISA’s cybersecurity mission is to
defend and secure cyberspace by
leading national efforts to drive national
cyber defense, resilience of national
critical functions, and a robust
technology ecosystem. The FHWA
therefore thinks it is appropriate to
leverage CISA’s expertise instead of
attempting to create a separate and
potentially duplicative tool. The CSET,
developed by CISA, is a comprehensive
software tool designed to assist
organizations in assessing their
cybersecurity posture and developing
structured improvement programs. The
CSET helps organizations evaluate their
cybersecurity practices, identify
vulnerabilities, and prioritize mitigation
efforts by providing a systematic
approach to assess cybersecurity
controls and processes. It offers a range
of modules and questionnaires tailored
to different critical infrastructure
sectors, making it a valuable resource
for organizations seeking to enhance
their cybersecurity resilience through a
well-structured assessment and
development program. The CSET is
available to the public for download at
https://www.cisa.gov/downloading-andinstalling-cset.
In proposing to adopt this voluntary
tool to assist transportation authorities
regarding cyber incidents, FHWA has
coordinated with CISA and TSA, and
consulted with appropriate stakeholders
on the viability and usefulness of the
tool. The feedback received confirmed
that State agencies currently depend on
a diverse array of cybersecurity tools
sourced from multiple stakeholders,
encompassing both public and private
entities. Among these tools, several
States choose to employ the CSET,
while others customize alternative
cybersecurity solutions to align with
their distinct mission requirements. In
addition, many State departments of
transportation employ a variety of tools
encompassing intrusion detection
systems, vulnerability scanners, and
encryption technologies to fortify their
cyber defense postures, reflecting the
PO 00000
Frm 00117
Fmt 4703
Sfmt 4703
complexity and diversity of their
security strategies. The FHWA will
continue to partner with other Federal
Agencies that have the primary statutory
mission to develop security-related
cybersecurity tools to ensure highwayrelated equities are considered and
incorporated appropriately.
Request for Comments
The FHWA requests comments
regarding the Agency’s proposal to
adopt CISA’s CSET as a voluntary tool
transportation authorities can use to
provide assistance regarding cyber
incidents.
Further Proceedings
After considering public comments in
response to this notice, FHWA will
publish a notice in the Federal Register
adopting a final cybersecurity tool.
Authority: Sec. 11510, Pub. L. 117–58,
135 Stat. 592.
Shailen P. Bhatt,
Administrator, Federal Highway
Administration.
[FR Doc. 2024–04616 Filed 3–4–24; 8:45 am]
BILLING CODE 4910–22–P
DEPARTMENT OF TRANSPORTATION
Federal Motor Carrier Safety
Administration
[Docket No. FMCSA–2023–0143]
Truck Leasing Task Force (TLTF);
Notice of Public Meeting
Federal Motor Carrier Safety
Administration (FMCSA), Department
of Transportation (DOT).
ACTION: Notice of public meeting.
AGENCY:
This notice announces a
meeting of the TLTF.
DATES: The meeting will be held on
Thursday, March 21, 2024, from 10
a.m.–12 p.m. and 1–3 p.m. ET. Requests
for accommodations for a disability
must be received by Friday, March 14.
Requests to submit written materials for
consideration during the meeting must
be received no later than Friday, March
14.
ADDRESSES: The meeting will be a
hybrid meeting, with in-person and
virtual access for its entirety. The inperson portion will be held at the MidAmerica Trucking Show (MATS) at the
Kentucky Exposition Center in
Louisville, KY. Please register in
advance of the meeting at
www.fmcsa.dot.gov/tltf. A copy of the
agenda for the entire meeting will be
made available at www.fmcsa.dot.gov/
tltf at least 1 week in advance of the
SUMMARY:
E:\FR\FM\05MRN1.SGM
05MRN1
]]>Agencies
[Federal Register Volume 89, Number 44 (Tuesday, March 5, 2024)]
[Notices]
[Pages 15923-15924]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2024-04616]
-----------------------------------------------------------------------
DEPARTMENT OF TRANSPORTATION
Federal Highway Administration
[FHWA Docket No. FHWA-2024-0005]
FHWA Adoption of Cyber Security Evaluation Tool
AGENCY: Federal Highway Administration (FHWA), U.S. Department of
Transportation (DOT).
ACTION: Notice; request for comments.
-----------------------------------------------------------------------
SUMMARY: Following coordination with the U.S. Department of Homeland
Security, FHWA announces its proposal to adopt the Cyber Security
Evaluation Tool (CSET) as a voluntary tool transportation authorities
can use to assist in identifying, detecting, protecting against,
responding to, and recovering from cyber incidents. The FHWA requests
comments on its proposal.
DATES: Comments must be received on or before April 19, 2024. Late
comments will be considered to the extent practicable.
ADDRESSES: All comments should include the docket number that appears
in the heading of this document and may be submitted in any of the
following ways:
Electronically through the Federal eRulemaking Portal:
www.regulations.gov. This website allows the public to enter comments
on any Federal Register notice issued by any agency. Follow the online
instructions for submitting comments.
Mail: U.S. Department of Transportation, Docket
Operations, M-30, West Building Ground Floor, Room W12-140, 1200 New
Jersey Avenue SE, Washington, DC 20590.
Hand Delivery: U.S. Department of Transportation, Docket
Operations, West Building Ground Floor, Room W12-140, 1200 New Jersey
Avenue SE, Washington, DC 20590, between 9 a.m. and 5 p.m., ET, Monday
through Friday, except Federal holidays.
Instructions: You should identify the docket number at the
beginning of your comments. Note that all comments received will be
posted without change to www.regulations.gov, including any personal
information provided. For more information, you may review the U.S.
Department of Transportation's
[[Page 15924]]
complete Privacy Act Statement published in the Federal Register on
April 11, 2000 (65 FR 19477).
FOR FURTHER INFORMATION CONTACT: For questions about this notice,
please contact Mr. Jason Carnes, FHWA Transportation Security
Coordinator (202) 366-5280, or via email at [email protected],
Federal Highway Administration, 1200 New Jersey Avenue SE, Washington,
DC 20590. Office hours are from 8 a.m. to 4:30 p.m., ET, Monday through
Friday, except Federal holidays.
SUPPLEMENTARY INFORMATION:
Electronic Access
This document may be viewed online under the docket number noted
above through the Federal eRulemaking portal at: www.regulations.gov.
Electronic submission and retrieval help and guidelines are available
on the website. Please follow the online instructions.
An electronic copy of this document may also be downloaded from the
Office of the Federal Register's website at: www.FederalRegister.gov
and the U.S. Government Publishing Office's website at:
www.GovInfo.gov.
All comments received before the close of business on the comment
closing date indicated above will be considered and will be available
for examination in the docket at the above address. Comments received
after the comment closing date will be filed in the docket and will be
considered to the extent practicable. In addition to late comments,
FHWA will also continue to file relevant information in the docket as
it becomes available after the comment period closing date and
interested persons should continue to examine the docket for new
material.
Background
Pursuant to section 11510(b) of the Bipartisan Infrastructure Law
(BIL), enacted as the Infrastructure Investment and Jobs Act (Pub. L.
117-58), FHWA is required to develop a tool to assist transportation
authorities in identifying, detecting, protecting against, responding
to, and recovering from cyber incidents. Safety is the top priority of
DOT and FHWA. The FHWA routinely works closely and collaboratively with
Federal and State agencies whose primary missions revolve around
securing critical transportation infrastructure. The FHWA provides
subject matter expertise to those agencies in identifying potential
physical and cybersecurity threats and appropriate mitigation efforts.
When presented with physical or cybersecurity questions, concerns or
incidents from State, local, Tribal, and Territorial transportation
authorities, or other stakeholders, FHWA routinely assists in
connecting these entities to security-focused government agencies,
including the Transportation Security Administration (TSA),
Cybersecurity and Infrastructure Security Agency (CISA), and Federal
Bureau of Investigation (FBI).
In accordance with BIL, section 11510(b), FHWA is proposing to
adopt CISA's CSET as a voluntary tool that transportation authorities
can use to assist in identifying, detecting, protecting against,
responding to, and recovering from cyber incidents. The CISA's
cybersecurity mission is to defend and secure cyberspace by leading
national efforts to drive national cyber defense, resilience of
national critical functions, and a robust technology ecosystem. The
FHWA therefore thinks it is appropriate to leverage CISA's expertise
instead of attempting to create a separate and potentially duplicative
tool. The CSET, developed by CISA, is a comprehensive software tool
designed to assist organizations in assessing their cybersecurity
posture and developing structured improvement programs. The CSET helps
organizations evaluate their cybersecurity practices, identify
vulnerabilities, and prioritize mitigation efforts by providing a
systematic approach to assess cybersecurity controls and processes. It
offers a range of modules and questionnaires tailored to different
critical infrastructure sectors, making it a valuable resource for
organizations seeking to enhance their cybersecurity resilience through
a well-structured assessment and development program. The CSET is
available to the public for download at https://www.cisa.gov/downloading-and-installing-cset.
In proposing to adopt this voluntary tool to assist transportation
authorities regarding cyber incidents, FHWA has coordinated with CISA
and TSA, and consulted with appropriate stakeholders on the viability
and usefulness of the tool. The feedback received confirmed that State
agencies currently depend on a diverse array of cybersecurity tools
sourced from multiple stakeholders, encompassing both public and
private entities. Among these tools, several States choose to employ
the CSET, while others customize alternative cybersecurity solutions to
align with their distinct mission requirements. In addition, many State
departments of transportation employ a variety of tools encompassing
intrusion detection systems, vulnerability scanners, and encryption
technologies to fortify their cyber defense postures, reflecting the
complexity and diversity of their security strategies. The FHWA will
continue to partner with other Federal Agencies that have the primary
statutory mission to develop security-related cybersecurity tools to
ensure highway-related equities are considered and incorporated
appropriately.
Request for Comments
The FHWA requests comments regarding the Agency's proposal to adopt
CISA's CSET as a voluntary tool transportation authorities can use to
provide assistance regarding cyber incidents.
Further Proceedings
After considering public comments in response to this notice, FHWA
will publish a notice in the Federal Register adopting a final
cybersecurity tool.
Authority: Sec. 11510, Pub. L. 117-58, 135 Stat. 592.
Shailen P. Bhatt,
Administrator, Federal Highway Administration.
[FR Doc. 2024-04616 Filed 3-4-24; 8:45 am]
BILLING CODE 4910-22-P
