84 Fed. Reg. 49290 (Sep. 19, 2019)

Commission Information Collection Activities (Ferc-725b3); Comment Request; Extension

Download PDF

Federal RegisterSep 19, 2019

84 Fed. Reg. 49290 (Sep. 19, 2019)

AGENCY:

Federal Energy Regulatory Commission, DOE.

ACTION:

Notice of information collection and request for comments.

SUMMARY:

In compliance with the requirements of the Paperwork Reduction Act of 1995, the Federal Energy Regulatory Commission (Commission or FERC) is soliciting public comment on the currently-approved information collection FERC-725B3 (Mandatory Reliability Standards for Critical Infrastructure Protection (CIP) Reliability Standards) and submitting the information collection to the Office of Management and Budget (OMB) for review. Any interested person may file comments directly with OMB and should address a copy of those comments to the Commission as explained below. On June 20, 2019, the Commission published a Notice in the Federal Register in Docket No. RD19-3-000 requesting public comments. The Commission received no public comments and is indicating that in the related submittal to OMB.

DATES:

Comments on the collection of information are due October 21, 2019.

ADDRESSES:

Comments filed with OMB, identified by OMB Control No. TBD, should be sent via email to the Office of Information and Regulatory Affairs: oira_submission@omb.gov. Attention: Federal Energy Regulatory Commission Desk Officer.

A copy of the comments should also be sent to the Commission, in Docket No. RD19-3-000, by either of the following methods:

eFiling at Commission's website: http://www.ferc.gov/docs-filing/efiling.asp.
Mail/Hand Delivery/Courier: Federal Energy Regulatory Commission, Secretary of the Commission, 888 First Street NE, Washington, DC 20426.

Instructions: All submissions must be formatted and filed in accordance with submission guidelines at: http://www.ferc.gov/help/submission-guide.asp. For user assistance, contact FERC Online Support by email at ferconlinesupport@ferc.gov, or by phone at: (866) 208-3676 (toll-free), or (202) 502-8659 for TTY.

Docket: Users interested in receiving automatic notification of activity in this docket or in viewing/downloading comments and issuances in this docket may do so at http://www.ferc.gov/docs-filing/docs-filing.asp.

FOR FURTHER INFORMATION CONTACT:

Ellen Brown may be reached by email at DataClearance@FERC.gov, telephone at (202) 502-8663, and fax at (202) 273-0873.

SUPPLEMENTARY INFORMATION:

Title: Mandatory Reliability Standards for Critical Infrastructure Protection [CIP] Reliability Standards.

OMB Control No.: TBD.

Type of Request: Revisions to the information collection, as discussed in Docket No. RD19-3-000.

Abstract: On March 7, 2019, the North American Electric Reliability Corporation (NERC) requested Commission approval of Reliability Standard CIP-008-6 (Cyber Security—Incident Reporting and Response Planning). Reliability Standard CIP-008-6 addresses the Commission's directive in Order No. 848 to develop modifications to the Reliability Standards to require reporting of Cyber Security Incidents that compromise, or attempt to compromise, a Responsible Entity's Electronic Security Perimeter (ESP) or associated Electronic Access Control or Monitoring Systems (EACMS).

Cyber Security Incident Reporting Reliability Standards, Order No. 848, 164 FERC ¶ 61,033 (2018).

Reliability Standard CIP-008-6, among other things, requires Responsible Entities to broaden the mandatory reporting of Cyber Security Incidents to include compromises or attempts to compromise BES Cyber Systems or their associated ESPs or EACMS. Reliability Standard CIP-008-6 will not significantly increase the reporting burden on entities because it builds off the reporting threshold in the previous version of the Reliability Standard, Reliability Standard CIP-008-5.

“Responsible Entities” refers to Balancing Authority, Distribution Provider, Generator Operator, Generator Owner, Reliability Coordinator, Transmission Operator, and Transmission Owner.

Type of Respondents: Balancing Authority, Distribution Provider, Generator Operator, Generator Owner, Reliability Coordinator, Transmission Operator, and Transmission Owner.

Estimate of Annual Burden: The Commission estimates the changes in the annual public reporting burden and cost as indicated below.

Burden is defined as the total time, effort, or financial resources expended by persons to generate, maintain, retain, or disclose or provide information to or for a Federal agency. For further explanation of what is included in the information collection burden, refer to 5 Code of Federal Regulations 1320.3.

For the earlier version of the Reliability Standard retired in Docket No. RD19-3-000, the baseline numbers for respondents, burden, and cost are the same figures as those in Order No. 848. The requirements and burdens from the retired Reliability Standard are continued in Reliability Standard CIP-008-6, plus the additional requirements and burdens as indicated in the table.

RD19-3-000 Commission Letter Order

[Mandatory reliability standards for critical infrastructure protection reliability standards]

	Number of respondents and type of entity	Annual number of responses per respondent	Total number of responses	Average burden and cost per response	Total annual burden hours and total annual cost	Cost per respondent ($)
	(1)	(2)	(1) * (2) = (3)	(4)	(3) * (4) = (5)	(5) ÷ (1)
Update internal procedures to comply with augmented reporting requirements. (one-time) (CIP-008-6 R1-R4)	288	1	288	50 hrs.; $4,050	14,400 hrs.; $1,166,400	$4,050
Annual cyber security incident plan review (ongoing) (CIP-008-6 R2.1)	288	1	288	10 hrs.; $810	2,880 hrs.; $233,280	810
Update cyber security incident plan per review findings (ongoing) (CIP-008-6 R3)	288	1	288	10 hrs.; $810	2,880 hrs.; $233,280	810
Incident reporting burden (ongoing) (CIP-008-6 R4)	288	12	3,456	12 hrs.; $972	3,456 hrs.; $279,936	972
Total (one-time)			288		14,400 hrs.; $1,166,400
Total (ongoing)			4,032		9,216 hrs.; $746,496

There are 1,414 unique registered entities in the NERC compliance registry as of May 24, 2019. Of this total, we estimate that 288 entities will face an increased paperwork burden.

The loaded hourly wage figure (includes benefits) is based on the average of the occupational categories for 2017 found on the Bureau of Labor Statistics website: https://www.bls.gov/oes/2017/may/oessrci.htm .

Legal (Occupation Code: 23-0000): $143.68.

Information Security Analysts (Occupation Code 15-1122): $61.55.

Computer and Information Systems Managers (Occupation Code: 11-3021): $96.51.

Management (Occupation Code: 11-0000): $94.28.

Electrical Engineer (Occupation Code: 17-2071): $66.90.

Management Analyst (Code: 43-0000): $63.32.

These various occupational categories are weighted as follows: [($94.28)(.10) + ($61.55)(.315) + ($66.90)(.02) + ($143.68)(.15) + ($96.51)(.10) + ($63.32)(.315)] = $81.30. The figure is rounded to $81.00 for use in calculating wage figures in this order.

One-time burdens apply in Year 1 only.

Ongoing burdens apply in Year 2 and beyond.

Comments: Comments are invited on: (1) Whether the collection of information is necessary for the proper performance of the functions of the Commission, including whether the information will have practical utility; (2) the accuracy of the agency's estimate of the burden and cost of the collection of information, including the validity of the methodology and assumptions used; (3) ways to enhance the quality, utility and clarity of the information collection; and (4) ways to minimize the burden of the collection of information on those who are to respond, including the use of automated collection techniques or other forms of information technology.

Dated: September 12, 2019.

Kimberly D. Bose,

Secretary.

[FR Doc. 2019-20260 Filed 9-18-19; 8:45 am]

BILLING CODE 6717-01-P