Survey to Identify and Analyze the Operations Dependencies of Financial Services Sector Critical Functions

ICR 202009-1505-004

OMB: 1505-0265

Federal Form Document

Forms and Documents
Document
Name
Status
Supplementary Document
2020-09-25
Supporting Statement B
2020-09-25
Supporting Statement A
2020-09-25
IC Document Collections
ICR Details
1505-0265 202009-1505-004
Active
TREAS/DO
Survey to Identify and Analyze the Operations Dependencies of Financial Services Sector Critical Functions
New collection (Request for a new OMB Control Number)   No
Emergency 09/28/2020
Approved without change 09/29/2020
Retrieve Notice of Action (NOA) 09/28/2020
  Inventory as of this Action Requested Previously Approved
03/31/2021 6 Months From Approved
50 0 0
3,000 0 0
0 0 0

Pursuant to Executive Order 13636 (EO13636) Improving Critical Infrastructure Cybersecurity and Presidential Policy Directive 21 (PPD 21) Critical Infrastructure Security and Resilience, Treasury serves as the Sector-Specific Agency (SSA) for the financial services sector. Within Treasury, the Office of Cybersecurity and Critical Infrastructure Protection (OCCIP) executes the Department’s SSA responsibilities as part of its mission to enhance the security and resilience of the financial services sector’s critical infrastructure. Further, OCCIP supports the implementation of the National Cyber Strategy as it pertains to financial services cybersecurity. To enable Treasury to fulfill its SSA duties, and given increased cybersecurity risks related to COVID-19 pandemic response, OCCIP seeks to collect and analyze information on cyber threats and vulnerabilities to better understand the cybersecurity risk to the U.S. financial services sector operations and critical infrastructure. OCCIP intends to solicit this information from approximately 50 respondents representing the largest systemically important financial institutions and financial market utilities, which collectively form the backbone of U.S. financial service critical infrastructure. OCCIP is requesting information related to each respondent’s critical functions and processes, including various business lines and intrasector relationships. This information collection will support OCCIP’s efforts to enhance the security and resilience of the financial services sector, and to work collaboratively with industry and interagency partners to mitigate cybersecurity risks that could impact financial services sector operations.
The Department of Treasury (Treasury) is requesting emergency processing of a new collection (OMB 1505-0265) to survey financial institutions to identify security vulnerabilities. Treasury is requesting emergency approval for this information collection to support incident response and continuity of the economy planning in light of the COVID-19 pandemic. Following the declaration of a public health emergency in numerous jurisdictions (including, but not limited to, the New York metropolitan area), the U.S. financial services sector workforce moved to telework to accommodate shelter-in-place orders. This shift to remote operations has introduced new cybersecurity risks and vulnerabilities to financial services critical infrastructure, with the potential to disrupt critical functions and processes that enable the U.S. financial system. Treasury is seeking information from financial services firms regarding their networks, systems, and data to better understand how these firms are interconnected and the vulnerabilities that arise from these connections that, if exploited by a cyber threat actor, could negatively impact the operations of the U.S. financial services sector and the broader U.S. economy. In particular, Treasury has observed increased reports of ransomware attacks against financial services firms and service providers. Therefore, it is critical that Treasury is able to solicit and collect this information in a timely fashion to reduce growing cybersecurity risks to the financial services sector as it maintains remote operations due to COVID-19. Due to the unprecedented COVID-19 emergency situation, Treasury is planning to begin administering these surveys on September 30, 2020. In order to meet this tight deadline, Treasury would like to request a waiver of the requirement to publish a notice seeking public comments during the Office of Management and Budget (OMB) review period and requests OMB approval by September 28, 2020.

EO: EO 13636 Name/Subject of EO: Improving Critical Infrastructure Cybersecurity
  
None

Not associated with rulemaking

No

1
IC Title Form No. Form Name
Financial Services Sector Critical Functions Survey

  Total Approved Previously Approved Change Due to New Statute Change Due to Agency Discretion Change Due to Adjustment in Estimate Change Due to Potential Violation of the PRA
Annual Number of Responses 50 0 0 50 0 0
Annual Time Burden (Hours) 3,000 0 0 3,000 0 0
Annual Cost Burden (Dollars) 0 0 0 0 0 0
Yes
Miscellaneous Actions
No
This is a new collection.

$1,091,000
Yes Part B of Supporting Statement
    No
    No
No
No
No
Yes
Molly Stasko 202 868-2972 molly.stasko@hq.dhs.gov

  No

On behalf of this Federal agency, I certify that the collection of information encompassed by this request complies with 5 CFR 1320.9 and the related provisions of 5 CFR 1320.8(b)(3).
The following is a summary of the topics, regarding the proposed collection of information, that the certification covers:
 
 
 
 
 
 
 
    (i) Why the information is being collected;
    (ii) Use of information;
    (iii) Burden estimate;
    (iv) Nature of response (voluntary, required for a benefit, or mandatory);
    (v) Nature and extent of confidentiality; and
    (vi) Need to display currently valid OMB control number;
 
 
 
If you are unable to certify compliance with any of these provisions, identify the item by leaving the box unchecked and explain the reason in the Supporting Statement.
09/28/2020


© 2024 OMB.report | Privacy Policy