Electric Sector Cybersecurity Risk Management Maturity Initiative

ICR 201203-1910-014

OMB: 1910-5167

Federal Form Document

Forms and Documents
Document
Name
Status
Supplementary Document
2012-05-10
Supporting Statement B
2012-05-10
Supporting Statement A
2012-05-10
Supplementary Document
2012-03-29
Supplementary Document
2012-03-29
IC Document Collections
IC ID
Document
Title
Status
201749 New
ICR Details
1910-5167 201203-1910-014
Historical Active
DOE/DOEOA Samara Moore
Electric Sector Cybersecurity Risk Management Maturity Initiative
New collection (Request for a new OMB Control Number)   No
Emergency 04/17/2012
Approved with change 05/10/2012
Retrieve Notice of Action (NOA) 03/30/2012
In accordance with 5 CFR 1320, the information collection is approved for 6 months. This collection is approved with the following terms of clearance: 1) If DOE decides to continue the use of this collection beyond the approved emergency request expiration date, DOE must resubmit to OMB under the normal PRA clearance process for an extended approval; 2) upon resubmission, DOE is requested to continue to develop instructions for the questionnaire that include additional examples and clarifying language for each domain; and 3) DOE will forward the questionnaire to OMB upon incorporating the OMB control number and expiration date.
  Inventory as of this Action Requested Previously Approved
11/30/2012 6 Months From Approved
17 0 0
136 0 0
0 0 0
The Electric Sector Cybersecurity Risk Management Maturity (ESCRMM) Initiative is a White House initiative designed to measure the cybersecurity risk management capability within the electricity sector. Its primary goal is to develop a common tool to evaluate this capability. The ESCRMM initiative is being led by the Department of Energy (DOE) in partnership with the Department of Homeland Security (DHS) and in collaboration with representatives of asset owners and operators within the electricity sector. The initiative is an important step toward an objective, holistic way to address the electricity sector's cybersecurity risks with an appropriate balance of protection, resilience, and restoration. The initiative brings together existing cybersecurity resources and aligns them with sector-specific and cross-sector cybersecurity strategies. When complete, the initiative will allow both industry and government leaders to better understand the cybersecurity maturity of the sector overall and of the various types of entities operating within the sector, including independently-owned, municipal, and cooperative utilities. It will also enable utilities to communicate cybersecurity capabilities in meaningful terms and prioritize their cybersecurity actions and investments.
"Protecting the electric system from cyber threats and ensuring its resilience are vital to our national security and economic well-being. This is exactly why cybersecurity is one of four key themes in the White House's Policy Framework for a 21st Century Grid."1 The constant escalation of cyber threats against the nation, and in particular critical infrastructure, has created a significant need for information on how owners and operators can invest in and learn from best practices to protect themselves from threats and to increase the resiliency of their systems. Critical Infrastructure Protection is a White House National Security priority. The Electric Sector Cybersecurity Risk Management Maturity Initiative is under development with public and private sector partners to provide this capability to the sector as soon as possible. The initiative pilot, for which the emergency ICR is being requested, will test and validate the model and assessment tool so that it can be revised and improved. The results of the pilot can then be provided to the sector as whole to help them immediately begin to identify areas of their systems and processes where investments or resources can be made or reconfigured to bolster the security of their systems further protecting the reliability of the electric grid from disruptive or costly cyber threats.
US Code: 42 USC 5195c(e) Name of Law: USA Patriot Act of 2001
   US Code: 6 USC 101(9) Name of Law: Homeland Security Act 2002
   US Code: 42 USC 7101 Name of Law: Department of Energy Organization Act
  
None
Not associated with rulemaking
77 FR 62 03/30/2012
No
1
IC Title Form No. Form Name
Electric Sector Cybersecurity Risk Management Maturity Initiative
  Total Approved Previously Approved Change Due to New Statute Change Due to Agency Discretion Change Due to Adjustment in Estimate Change Due to Potential Violation of the PRA
Annual Number of Responses 17 0 0 0 17 0
Annual Time Burden (Hours) 136 0 0 0 136 0
Annual Cost Burden (Dollars) 0 0 0 0 0 0
No
No
$175,000
Yes Part B of Supporting Statement
No
No
No
No
Uncollected
Christina Rouleau 301 903-6227 Christina.Rouleau@hq.doe.gov
  No
On behalf of this Federal agency, I certify that the collection of information encompassed by this request complies with 5 CFR 1320.9 and the related provisions of 5 CFR 1320.8(b)(3).
The following is a summary of the topics, regarding the proposed collection of information, that the certification covers:
 
 
 
 
 
 
 
    (i) Why the information is being collected;
    (ii) Use of information;
    (iii) Burden estimate;
    (iv) Nature of response (voluntary, required for a benefit, or mandatory);
    (v) Nature and extent of confidentiality; and
    (vi) Need to display currently valid OMB control number;
 
 
 
If you are unable to certify compliance with any of these provisions, identify the item by leaving the box unchecked and explain the reason in the Supporting Statement.
03/30/2012
© 2024 OMB.report | Privacy Policy