Agency Information Collection Activities: Program Analysis and Evaluation (PA&E) Office, Stakeholder Engagement Division (SED) Convenings Evaluation

AGENCY:

Cybersecurity and Infrastructure Security Agency (CISA), Department of Homeland Security (DHS).

ACTION:

60-Day notice and request for comments; New collection (request for a new OMB control number, 1670-NEW).

SUMMARY:

The Office of the Chief Financial Officer (OCFO)/Program Analysis & Evaluation (PA&E) within Cybersecurity and Infrastructure Security Agency (CISA) submits the following Information Collection Request (ICR) to the Office of Management and Budget (OMB) for review and clearance.

DATES:

Comments are encouraged and will be accepted until November 4, 2024.

ADDRESSES:

You may submit comments, identified by docket number Docket # CISA-2024-0022, by following the instructions below for submitting comment via the Federal eRulemaking Portal at http://www.regulations.gov .

Instructions: All comments received must include the agency name and docket number Docket # CISA-2024-0022. All comments received will be posted without change to http://www.regulations.gov, including any personal information provided.

Docket: For access to the docket to read background documents or comments received, go to http://www.regulations.gov .

SUPPLEMENTARY INFORMATION:

The Foundations for Evidence-Based Policymaking Act of 2018 (Pub. L. 115-435), or the Evidence Act, promotes the use of evidence to inform decision-making and requires federal agencies to undertake activities toward this end. Specifically, the Evidence Act requires agencies to develop Learning Agendas and Annual Evaluation Plans.

The CISA's Learning Agenda questions are documented in the Department of Homeland Security FY 2022-2026 Learning Agenda. In addition, its evaluations are included in the Department's Annual Evaluation Plans, indicating that the Department has recognized those evaluations as “significant.” The Stakeholder Engagement Division (SED) Convenings Evaluation is one such significant evaluation and was included in the Department of Homeland Security FY 2023 Annual Evaluation Plan. CISA's PA&E Division and its evaluation services contractor, Guidehouse, are working together to conduct this study.

SED Convenings Evaluation

Trusted, sustained, and effective partnerships between government and the private sector are the foundation of our collective effort to protect the Nation's critical infrastructure. Critical infrastructure are those assets, systems, and networks that provide functions necessary for our way of life. There are 16 critical infrastructure sectors that are part of a complex, interconnected ecosystem and any threat to these sectors could have potentially debilitating national security, economic, and public health or safety consequences. Securing the nation's cyber and physical infrastructure is a shared responsibility that requires a trusted partner relationship network and well-established communications mechanisms to rapidly synchronize activities to respond to, recover from, and mitigate real world threats and incidents.

SED leads CISA's national and international voluntary partnerships and engagements with critical infrastructure stakeholders while serving as the agency's hub for the shared stakeholder information that unifies CISA's approach to whole-of-nation operational collaboration and information sharing. CISA's voluntary partnership model relies on constant feedback and collaboration with critical infrastructure partners. One mechanism to seek this input is through the various convening activities, including Councils, Boards, and Committees, that CISA manages through SED's Council Management subdivision. These convening mechanisms provide structure and an iterative process for bringing government, industry, and academic partners together to drive whole-of-nation operational collaboration. Other products and services offered to partners include analysis, reports, guidance, trainings, and scenario-based drills developed to help the entire community do their part to raise the security baseline of critical infrastructure's assets, systems, and networks.

This SED Convenings Evaluation will assess the extent to which CISA's convening activities, products, and services (1) provide timely, accurate, and useful information about security and risk resilience, including opportunities for meaningful information exchange between CISA and sector stakeholders; and (2) are accessed and used by stakeholders to enhance their abilities to respond to critical threats and improve strategic decision-making and risk reduction. This study also aims to increase understanding of the best practices for getting stakeholders engaged and building trusted relationships.

This is a new information collection. Information will be collected by CISA PA&E's evaluation services contractor, the Guidehouse team. The potential respondent universe for this evaluation includes individual representatives (approximately 1,000 cyber and physical security, emergency, and business continuity managers) of approximately 300 member organizations from three critical infrastructure sectors [Critical Manufacturing, Commercial Facilities, and Nuclear Reactors, Materials, and Waste (herein referred to as “Nuclear”)]. Those who have served as a representative for less than 3 months will be excluded.

The burden for respondents will be minimized by restricting the survey and interview length, by conducting interviews at times convenient for respondents, and by not requiring record-keeping or written responses on the part of the respondents. Some member organizations may be small businesses. The evaluation team will only request information required for the purposes of the evaluation.

Surveys. The survey will be created and sent using Qualtrics, a professional-grade survey software, in order to minimize burden. Using the email addresses of the representatives provided by the SED sector chiefs, the study team will send a link that participants can use to access and complete the survey using a tablet, smartphone, or laptop. Electronic submission will ensure the maximum response rate while also permitting respondents to complete the survey at a time of their own choosing.

The survey will ask questions about the representatives' member organization (size and type); their satisfaction with CISA's convening activities, products, and services; the types of organizational changes made as a result of CISA's convening activities, products, and services; representatives' suggestions for improvement of CISA's convening activities, products, and services; and perceived quality of relationships and engagements with CISA. The survey is designed so that each sector has a customized link with specific questions for that sector to account for some minor differences in the convenings, products, and services that each sector provides. This will help ensure that the members of each sector are asked questions that are most relevant to them.

Interviews. The study team will also conduct a series of virtual interviews with up to 75 participants who complete the online survey and agree to participate in the interview. The study team plans to conduct the in-depth interviews by telephone or via a web-based conference call platform, such as Microsoft Teams. This format should be less burdensome to study participants than in-person interviews since they do not have to host study team members.

The interviews will ask more in-depth information about representatives' reasons for satisfaction or dissatisfaction with CISA's convening activities, products, and services; types of organizational changes made as a result of CISA's convening activities, products, and services; and the quality of relationships with CISA.

Without collecting this information, CISA will not meet the requirements of the Evidence Act to conduct program evaluations—particularly, this SED evaluation, which was included in the Department of Homeland Security FY 2023 Annual Evaluation Plan as a “significant” evaluation. In addition, without collecting this information, SED, other CISA stakeholder engagement programs, and CISA-at-large will not be able to understand whether and how CISA's convening activities, products, and services provide value and utility for stakeholders to enhance their decision-making and risk reduction. Thus, we will not have the information needed to learn how to improve the planning, execution, and delivery of the convenings, products, and services so that they are more meaningful, relevant, timely, and actionable for stakeholders. Without collecting this information, we will also not be able to assess how to best engage and build trusted relationships with stakeholders, which is needed to identify areas for improvement in how CISA collaborates and interacts with stakeholders to support information exchange within and across sectors.

The Office of Management and Budget is particularly interested in comments which:

1. Evaluate whether the proposed collection of information is necessary for the proper performance of the functions of the agency, including whether the information will have practical utility;

2. Evaluate the accuracy of the agency's estimate of the burden of the proposed collection of information, including the validity of the methodology and assumptions used;

3. Enhance the quality, utility, and clarity of the information to be collected; and

4. Minimize the burden of the collection of information on those who are to respond, including through the use of appropriate automated, electronic, mechanical, or other technological collection techniques or other forms of information technology, e.g., permitting electronic submissions of responses.

Analysis

Agency: Cybersecurity and Infrastructure Security Agency (CISA), Department of Homeland Security (DHS).

Title: Program Analysis and Evaluation (PA&E) Office, Stakeholder Engagement Division (SED) Convenings Evaluation.

OMB Number: 1670-NEW.

Frequency: Once.

Affected Public: General and operations managers of public and private sectors ( e.g., cyber and physical security, emergency, and business continuity managers).

Number of Respondents: 1,000.

Estimated Time per Respondent: 0.17 hrs for 925 respondents (survey only); 1.17 hrs for 75 respondents (survey and interview).

Total Burden Hours: 242.

Annualized Respondent Cost: $21,858.07.

Total Annualized Respondent Out-of-Pocket Cost: $0.

Total Annualized Government Cost: $327,510.00.

[FR Doc. 2024-19974 Filed 9-4-24; 8:45 am]

BILLING CODE 9111-LF-P