U.S. Department of Energy Form DOE-417 |
ELECTRIC EMERGENCY INCIDENT AND DISTURBANCE REPORT |
OMB No. 1901-0288 Approval Expires: XX/XX/XXXX Burden Per Response: 1.8 hours |
|
NOTICE: This report is mandatory under Public Law 93-275. Failure to comply may result in criminal fines, civil penalties and other sanctions as provided by law. For the sanctions and the provisions concerning the confidentiality of information submitted on this form, see General Information portion of the instructions. Title 18 USC 1001 makes it a criminal offense for any person knowingly and willingly to make to any Agency or Department of the United States any false, fictitious, or fraudulent statements as to any matter within its jurisdiction.
|
|||
RESPONSE DUE:
Within 1 hour of the incident, submit Schedule 1 and lines N - S in Schedule 2 as an Emergency Alert report if criteria 1-9 are met. If criterion 2 is met, also submit the Cyber Attributes on line T in Schedule 2. Within 6 hours of the incident, submit Schedule 1 and lines N - S in Schedule 2 as a Normal Report if only criteria 10-13 are met. By the end of the next calendar day after a determination, submit Schedule 1 and lines N – S and the Cyber Attributes on line T in Schedule 2 as an Attempted Cyber Compromise if criterion 14 is met. By the later of 24 hours after the recognition of the incident OR by the end of the next business day submit Schedule 1 and lines N - S in Schedule 2 as a System Report if criteria 15-26 are met. Note: 4:00pm local time will be considered the end of the business day. If multiple criterion are met by an incident, Schedule 1 and any additionally required information (as noted above), must be submitted within timeframe established by the criteria with the shortest reporting timeline.
Submit updates as needed and/or a final report (all of Schedules 1 and 2) within 72 hours of the incident. For criterion 14 only, updates can be submitted within 7 calendar days of a determination of new or changed attribute information.
For NERC reporting entities registered in the United States; NERC has approved that the form DOE-417 meets the submittal requirements for NERC. There may be other applicable regional, state and local reporting requirements.
|
|||
METHODS OF FILING RESPONSE (Retain a completed copy of this form for your files.)
Online: Submit form via online submission at: https://www.oe.netl.doe.gov/OE417/ FAX:
FAX
Form DOE-417 to the following facsimile number: (202) 586-8485.
following telephone number: (202) 586-8100.
|
|||
SCHEDULE 1 -- ALERT CRITERIA (Page 1 of 4) |
|||
Criteria for Filing (Check all that apply) – See Instructions For More Information
|
|||
EMERGENCY ALERT File within 1-Hour
If any box 1-9 on the right is checked, this form must be filed within 1 hour of the incident; check Emergency Alert (for the Alert Status) on Line A below.
|
1. [ ] Physical attack that causes major interruptions or impacts to critical infrastructure facilities or to operations
2. [ ] Reportable Cyber Security Incident
3. [ ] Cyber event that is not a Reportable Cyber Security Incident that causes interruptions of electrical system operations.
4. [ ] Complete operational failure or shut-down of the transmission and/or distribution electrical system
5. [ ] Electrical System Separation (Islanding) where part or parts of a power grid remain(s) operational in an otherwise blacked out area or within the partial failure of an integrated electrical system
6. [ ] Uncontrolled loss of 300 Megawatts or more of firm system loads for 15 minutes or more from a single incident
7. [ ] Firm load shedding of 100 Megawatts or more implemented under emergency operational policy
8. [ ] System-wide voltage reductions of 3 percent or more
9. [ ] Public appeal to reduce the use of electricity for purposes of maintaining the continuity of the Bulk Electric System
|
||
NORMAL REPORT File within 6-Hours
If any box 10-13 on the right is checked AND none of the boxes 1-9 are checked, this form must be filed within 6 hours of the incident; check Normal Report (for the Alert Status) on Line A below.
|
10. [ ] Physical attack that could potentially impact electric power system adequacy or reliability; or vandalism which targets components of any security systems
11. [ ] Cyber event that could potentially impact electric power system adequacy or reliability
12. [ ] Loss of electric service to more than 50,000 customers for 1 hour or more
13. [ ] Fuel supply emergencies that could impact electric power system adequacy or reliability |
|
SCHEDULE 1 -- ALERT CRITERIA -- CONTINUED (Page 2 of 4) |
|
|
||||||||||||||
ATTEMPTED CYBER COMPROMISE File within 1-Day
If box 14 on the right is checked AND none of the boxes 1-13 are checked, this form must be filed by the end of the next calendar day after the determination of the attempted cyber compromise; check Attempted Cyber Compromise (for the Alert Status) on Line A below.
|
14. [ ] Cyber Security Incident that was an attempt to compromise a High or Medium Impact Bulk Electric System Cyber System or their associated Electronic Access Control or Monitoring Systems |
|
|
||||||||||||||
SYSTEM REPORT File within 1-Business Day
If any box 15-26 on the right is checked AND none of the boxes 1-14 are checked, this form must be filed by the later of 24 hours after the recognition of the incident OR by the end of the next business day. Note: 4:00pm local time will be considered the end of the business day. Check System Report (for the Alert Status) on Line A below.
|
15. [ ] Damage or destruction of a Facility within its Reliability Coordinator Area, Balancing Authority Area or Transmission Operator Area that results in action(s) to avoid a Bulk Electric System Emergency.
16. [ ] Damage or destruction of its Facility that results from actual or suspected intentional human action.
17. [ ] Physical threat to its Facility excluding weather or natural disaster related threats, which has the potential to degrade the normal operation of the Facility. Or suspicious device or activity at its Facility.
18. [ ] Physical threat to its Bulk Electric System control center, excluding weather or natural disaster related threats, which has the potential to degrade the normal operation of the control center. Or suspicious device or activity at its Bulk Electric System control center.
19. [ ] Bulk Electric System Emergency resulting in voltage deviation on a Facility; A voltage deviation equal to or greater than 10% of nominal voltage sustained for greater than or equal to 15 continuous minutes.
20. [ ] Uncontrolled loss of 200 Megawatts or more of firm system loads for 15 minutes or more from a single incident for entities with previous year’s peak demand less than or equal to 3,000 Megawatts
21. [ ] Total generation loss, within one minute of: greater than or equal to 2,000 Megawatts in the Eastern or Western Interconnection or greater than or equal to 1,400 Megawatts in the ERCOT Interconnection.
22. [ ] Complete loss of off-site power (LOOP) affecting a nuclear generating station per the Nuclear Plant Interface Requirements.
23. [ ] Unexpected Transmission loss within its area, contrary to design, of three or more Bulk Electric System Facilities caused by a common disturbance (excluding successful automatic reclosing).
24. [ ] Unplanned evacuation from its Bulk Electric System control center facility for 30 continuous minutes or more.
25. [ ] Complete loss of Interpersonal Communication and Alternative Interpersonal Communication capability affecting its staffed Bulk Electric System control center for 30 continuous minutes or more.
26. [ ] Complete loss of monitoring or control capability at its staffed Bulk Electric System control center for 30 continuous minutes or more.
|
|
|||||||||||||||
If significant changes have occurred after filing the initial report, re-file the form with the changes and check Update (for the Alert Status) on Line A below. The form must be re-filed within 72 hours of the incident with the latest information and Final (Alert Status) checked on Line A below, unless updated.
|
|
||||||||||||||||
LINE NO. |
|
|
|
||||||||||||||
A. |
Alert Status (check one) |
Emergency Alert [ ] 1 Hour |
Normal Report [ ] 6 Hours |
Attempted Cyber Compromise [ ] 1 Calendar Day |
System Report [ ] 1 Business Day |
Update [ ] As required |
Final [ ] 72 Hours
|
|
|||||||||
B. |
FOIA Exemption(s) |
Information on Lines C and D of Schedule 1 will not be disclosed to the public to the extent that it satisfies the criteria for exemption under the Freedom of Information Act (FOIA), e.g., exemptions for confidential commercial information and trade secrets, certain information that could endanger the physical safety of an individual, or information designated as Critical Electric Infrastructure Information.
If box 2, 3, 11, or 14 above is checked, identify (by checking all that apply) whether Line C and D combined with box 2, 3, 11, or 14 contains: [ ] Privileged or confidential information, e.g., trade secrets, commercial, or financial information [ ] Critical Electric Infrastructure Information [ ] Other information exempt from FOIA (include a description of the exemption in Schedule 2, on line T)
|
|
||||||||||||||
C. |
Organization Name |
|
|
||||||||||||||
D. |
Address of Principal Business Office |
|
|
||||||||||||||
U.S. Department of Energy Form DOE-417 |
ELECTRIC EMERGENCY INCIDENT AND DISTURBANCE REPORT |
OMB No. 1901-0288 Approval Expires: XX/XX/XXXX Burden Per Response: 1.8 hours |
|||||||||||||||
SCHEDULE 1 -- ALERT NOTICE (Page 3 of 4) |
|||||||||||||||||
|
INCIDENT AND DISTURBANCE DATA |
||||||||||||||||
E. |
Geographic Area(s) Affected (County, State) |
|
|||||||||||||||
F. |
Date/Time Incident Began (mm-dd-yy/hh:mm) using 24-hour clock |
____ - _____ - _____ / _____: _____ [ ] Eastern [ ] Central [ ] Mountain mo dd yy hh mm [ ] Pacific [ ] Alaska [ ] Hawaii |
|||||||||||||||
G. |
Date/Time Incident Ended (mm-dd-yy/ hh:mm) using 24-hour clock |
_____ - _____ - _____ / _____: _____ [ ] Eastern [ ] Central [ ] Mountain mo dd yy hh mm [ ] Pacific [ ] Alaska [ ] Hawaii |
|||||||||||||||
H. |
Did the incident/disturbance originate in your system/area? (check one) |
Yes [ ] |
No [ ] |
Unknown [ ] |
|||||||||||||
I. |
Estimate of Amount of Demand Involved (Peak Megawatts) |
|
Zero [ ] |
Unknown [ ] |
|||||||||||||
J. |
Estimate of Number of Customers Affected |
|
Zero [ ] |
Unknown [ ] |
SCHEDULE 1 – TYPE OF EMERGENCY Check all that apply |
||
K. Cause |
L. Impact |
M. Action Taken |
|
|
|
U.S. Department of Energy Form DOE-417 |
ELECTRIC EMERGENCY INCIDENT AND DISTURBANCE REPORT |
OMB No. 1901-0288 Approval Expires: XX/XX/XXXX Burden Per Response: 1.8 hours |
|||||||||||||||||||
SCHEDULE 2 -- NARRATIVE DESCRIPTION(Page 4 of 4)Information on Schedule 2 will not be disclosed to the public to the extent that it satisfies the criteria for exemption under the Freedom of Information Act (FOIA), e.g., exemptions for confidential commercial information and trade secrets, certain information that could endanger the physical safety of an individual, or information designated as Critical Electric Infrastructure Information.
|
|||||||||||||||||||||
N. FOIA Exemption(s) |
Identify (by checking all that apply) whether Schedule 2 – Narrative Description contains: [ ] Privileged or confidential information, e.g., trade secrets, commercial, or financial information [ ] Critical Electric Infrastructure Information [ ] Other information exempt from FOIA (include a description of the exemption on line T below)
|
||||||||||||||||||||
|
|||||||||||||||||||||
Provide a description of the incident and actions taken to resolve it. Include as appropriate, the cause of the incident/disturbance, change in frequency, mitigation actions taken, equipment damaged, critical infrastructures interrupted, effects on other systems, and preliminary results from any investigations. Be sure to identify: the estimate restoration date, the name of any lost high voltage substations or switchyards, whether there was any electrical system separation (and if there were, what the islanding boundaries were), and the name of the generators and voltage lines that were lost (shown by capacity type and voltage size grouping).
Cyber Attributes: For cyber events, including attempted cyber compromises, provide the following attributes (at a minimum): (1) the functional impact, (2) the attack vector used, and (3) the level of intrusion that was achieved or attempted.
If necessary, copy and attach additional sheets. Equivalent documents, containing this information can be supplied to meet the requirement; this includes the NERC EOP-004 Disturbance Report. Along with the filing of Schedule 2, a final (updated) Schedule 1 needs to be filed. Check the Final box on line A for Alert Status on Schedule 1 and submit this and the completed Schedule 2 no later than 72 hours after detection that a criterion was met.
|
|||||||||||||||||||||
T. Narrative:
|
|||||||||||||||||||||
U. Estimated Restoration Date for all Affected Customers Who Can Receive Power |
_____ - _____ - _____ mo dd yy |
||||||||||||||||||||
V. Name of Assets Impacted |
|
W. Notify NERC, E-ISAC, or DHS CISA Central
|
Select the appropriate box(es) if you approve of all of the information provided on this form being submitted to the North America Electric Reliability Corporation (NERC), the Electricity Information Sharing and Analysis Center (E-ISAC), or DHS CISA Central or their successor(s).
NERC is an entity that is certified by the Federal Energy Regulatory Commission to establish and enforce reliability standards for the bulk power system but that is not part of the Federal Government. The information submitted to NERC, E-ISAC, or CISA Central can be submitted to help fulfill the respondent’s requirements under NERC’s reliability standards.
If approval is given to alert NERC, E-ISAC, or CIOCC, then this form will be emailed to systemawareness@nerc.net, operations@eisac.com, or central.cyber@cisa.dhs.gov when it is submitted to DOE. DOE is not responsible for ensuring the receipt of these emails by NERC, E-ISAC, or CISA Central.
□ Notify NERC | □ Notify E-ISAC | □ Notify CISA Central |
File Type | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
File Title | Form OE-417 |
Author | EMR |
File Modified | 0000-00-00 |
File Created | 2021-01-13 |