FERC-725(1B) (OMB Control No. 1902-TBD)
NOPR in Docket No. RM22-3 (issued 1/20/2022; RIN 1902-AF88)
Supporting Statement for
FERC-725(1B), Procedures for Electric Reliability Standards,
as proposed by the NOPR in Docket No. RM22-3
The Federal Energy Regulatory Commission (Commission or FERC) requests that the Office of Management and Budget (OMB) review and approve FERC-725(1B) (Procedures for Electric Reliability Standards) as proposed in the Notice of Proposed Rulemaking (NOPR) in Docket No. RM22-3.1
FERC-725(1B) is a temporary, placeholder information collection number. FERC-725(1B) is being used because the 3-year renewal of FERC-725 (OMB Control No. 1902-0225)2 is pending review at OMB, and only one item per OMB Control No. can be pending review at a time. Otherwise the proposal in Docket No. RM22-3 would be submitted to OMB under FERC-725, as discussed in the NOPR. The reporting requirements (and associated burden) proposed by the NOPR in Docket No. RM22-3 are already covered by the OMB-approved FERC-725.
CIRCUMSTANCES THAT MAKE THE COLLECTION OF INFORMATION NECESSARY
The Energy Policy Act of 2005 added section 215 to the Federal Power Act (FPA),3 enhancing the Commission’s ability to strengthen the reliability of the interstate electric grid. Section 215 of the FPA aids the Commission’s efforts to strengthen the reliability of the interstate grid by granting authority to provide for a system of mandatory Reliability Standards developed by the Electric Reliability Organization (ERO) and reviewed and approved by FERC.
On February 3, 2006, the Commission issued Order No. 6724 certifying a single ERO [the North American Electric Reliability Corporation (NERC)], to oversee the reliability of the United States’ portion of the interconnected North American Bulk-Power System, subject to Commission oversight. The ERO is responsible for developing and enforcing the mandatory Reliability Standards. The Reliability Standards apply to all users, owners and operators of the Bulk-Power System.
The Commission has the authority to approve all ERO actions, to order the ERO to carry out its responsibilities under these statutory provisions, and (as appropriate) to enforce Reliability Standards. The ERO can delegate its enforcement responsibilities to a Regional Entity. Delegation is effective only after the Commission approves the delegation agreement. A Regional Entity can also propose a Reliability Standard to the ERO for submission to the Commission for approval.
More information on FERC’s Electric Reliability program is posted at https://www.ferc.gov.
NOPR in RM22-3. The NOPR in RM22-3 proposes to direct NERC to develop new or modified Reliability Standards that require network security monitoring internal to a Critical Infrastructure Protection (CIP) networked environment (internal network security monitoring or INSM) for high and medium impact Bulk Electric System (BES) Cyber Systems.
HOW, BY WHOM AND FOR WHAT PURPOSE IS THE INFORMATION TO BE USED AND THE CONSEQUENCES OF NOT COLLECTING THE INFORMATION
The FERC-725(1B) will contain the following information collection elements.
Reliability Standards Development:5 Under Section 215 of the FPA, the ERO is charged with developing Reliability Standards. Regional Entities may also develop regional specific standards.
The Commission implements its responsibilities related to FERC-725(1B) [and the related FERC-725] through 18 CFR Part 39.
Without the FERC-725(1B) information proposed in the NOPR in RM22-3, the FERC, ERO, and Regional Entities will not have information to determine what measures should be taken to further ensure the reliability of the nation’s electric grid. The absence of INSM constitutes a gap in the NERC CIP Reliability Standards. Currently, the only locations that require mandatory network security monitoring are the electronic access points at highand medium impact BES Cyber Systems at control centers. Given the increased sophistication of cyberattacks, relying on network perimeter defense and other currently-existing controls leaves trust zones internal to a CIP networked environment vulnerable. For example, ina network without INSM, the attacker who has bypassed all perimeter defenses and has gained access to the network could communicate with and move freely between devices within a trust zone with little likelihood of detection. The attacker could then access the Supervisory Control and Data Acquisition (SCADA) system and control equipment, like circuit breakers, dropping generating resources or load, and potentially causing BES instability or uncontrolled separation.
DESCRIBE ANY CONSIDERATION OF THE USE OF IMPROVED INFORMATION TECHNOLOGY TO REDUCE BURDEN AND THE TECHNICAL OR LEGAL OBSTACLES TO REDUCING BURDEN
All of the information that is reported to the Commission in this collection may be submitted electronically, through the Commission’s eFiling system (as described at http://www.ferc.gov/docs-filing/efiling.asp).
4. DESCRIBE EFFORTS TO IDENTIFY DUPLICATION AND SHOW SPECIFICALLY WHY ANY SIMILAR INFORMATION ALREADY AVAILABLE CANNOT BE USED OR MODIFIED FOR USE FOR THE PURPOSE(S) DESCRIBED IN INSTRUCTION NO. 2.
Filing requirements are periodically reviewed as OMB review dates arise, or as the Commission may deem necessary in carrying out its responsibilities, in order to eliminate duplication and ensure that filing burden is minimized. The Commission believes there are no similar sources of information available that can be used or modified for these purposes.
5. METHODS USED TO MINIMIZE BURDEN IN COLLECTION OF INFORMATION INVOLVING SMALL ENTITIES
We are only proposing to direct NERC, the Commission-certified ERO, to develop modified Reliability Standards that require internal network security monitoring within a trusted Critical Infrastructure Protection networked environment for high and medium impact BES Cyber Systems. NERC is not a small entity.
CONSEQUENCE TO FEDERAL PROGRAM IF COLLECTION WERE CONDUCTED LESS FREQUENTLY
This collection as discussed in the NOPR in RM22-3 focuses on electric reliability reporting requirements that are not currently contained within any Reliability Standards. The Commission approves of these requirements as necessary for the reliable operation of the bulk electric system. Any reduction in frequency may diminish the ability of NERC, Regional Entities, or FERC in maintaining reliability on the bulk electric system.
7. EXPLAIN ANY SPECIAL CIRCUMSTANCES RELATING TO THE INFORMATION
There are no special circumstances related to this collection.
8. DESCRIBE EFFORTS TO CONSULT OUTSIDE THE AGENCY: SUMMARIZE PUBLIC COMMENTS AND THE AGENCY’S RESPONSE TO THESE COMMENTS
The Commission is publishing this NOPR in Docket No. RM22-36 in the Federal Register and requesting public comment.
9. EXPLAIN ANY PAYMENT OR GIFTS TO RESPONDENTS
There are no payments or gifts to respondents.
10. DESCRIBE ANY ASSURANCE OF CONFIDENTIALITY PROVIDED TO RESPONDENTS
The Commission generally does not consider the data to be confidential. However, certain actions have confidentiality provisions which prevent the disclosure of information relating to enforcement actions and Critical Energy/Electric Infrastructure Information (CEII).7 A request for material to be treated as CEII or privileged may be made under 18 CFR Part 388.
18 C.F.R. 388.112 provides that, “any person submitting a document to the Commission may request privileged treatment by claiming that some or all of the information contained in a particular document is exempt from the mandatory public disclosure requirements of the Freedom of Information Act, 5 U.S.C. 552, and should be withheld from public disclosure.”
11. PROVIDE ADDITIONAL JUSTIFICATION FOR ANY QUESTIONS OF A SENSITIVE NATURE, SUCH AS SEXUAL BEHAVIOR AND ATTITUDES, RELIGIOUS BELIEFS, AND OTHER MATTERS THAT ARE COMMONLY CONSIDERED PRIVATE
The Commission does not consider any of the questions to be sensitive or private.
12. ESTIMATED BURDEN OF COLLECTION OF INFORMATION
For the following reasons, we are using placeholders of 1 respondent, 1 response, and 1 burden hour for FERC-725(1B) in order to submit this request to OMB for PRA review.
The reporting requirements and burden for the proposal in Docket No. RM22-3 are already included in FERC-725 under the ERO’s responsibility for Reliability Standards Development.8
Submittal to OMB (of the proposed reporting requirements in the NOPR in Docket RM22-3) through the ROCIS system requires estimated figures for respondent, response, and burden.
To approximate NERC’s cost for the temporary, placeholder FERC-725(1B), we are using the estimated average of $87/hour (for wages and benefits) for 2021 for a FERC employee. Therefore the estimated annual cost of the 1 placeholder burden hour is $87.
ESTIMATE OF TOTAL ANNUAL COST OF BURDEN TO RESPONDENTS
All costs are related to the placeholder burden hour and are discussed in Questions 12 and 15.
14. ESTIMATED ANNUALIZED COST TO FEDERAL GOVERNMENT
|
Number of Employees (FTEs) |
Estimated Annual Federal Cost |
PRA9 Administration Cost |
|
$8,279 |
Data Processing and Analysis [This is covered under FERC-725.] |
0 [This is covered under FERC-725.] |
$0 [This is covered under FERC-725.] |
FERC Total |
|
$8,279 |
The Paperwork Reduction Act (PRA) Administrative Cost (updated June 2021) is the average annual FERC cost associated with preparing, issuing, and submitting materials necessary to comply with the PRA for rulemakings, orders, or any other vehicle used to create, modify, extend, or discontinue an information collection. It also includes the cost of publishing the necessary notices in the Federal Register.
15. REASONS FOR CHANGES IN BURDEN INCLUDING THE NEED FOR ANY INCREASE
As discussed in Question 12, we are using placeholders of 1 respondent, 1 response, and 1 burden hour for FERC-725(1B) in order to submit this request timely to OMB for PRA review.
The burden and requirements for the NOPR in Docket No. RM22-3 are covered by FERC-725. However FERC-725 is currently pending OMB review for the 3-year renewal request (ICR No. 202201-1902-001), so we are using a temporary information collection no., FERC-725(1B), in order to submit the NOPR in Docket No. RM22-3 to OMB timely.
FERC-725(1B) |
Total Request |
Previously Approved |
Change due to Adjustment in Estimate |
Change Due to Agency Discretion |
Annual Number of Responses |
1 |
0 |
0 |
1 |
Annual Time Burden (Hr.) |
1 |
0 |
0 |
1 |
Annual Cost Burden ($) |
87 |
0 |
0 |
87 |
The format, labels, and definitions of the table above follow the ROCIS system’s “ICR Summary of Burden” for the meta-data.
TIME SCHEDULE FOR PUBLICATION OF DATA
There are no plans for tabulation, statistical analysis or publication. The data are used for regulatory purposes only.
17. DISPLAY OF EXPIRATION DATE
The OMB expiration dates are posted on http://www.ferc.gov/docs-filing/info-collections.asp .
EXCEPTIONS TO THE CERTIFICATION STATEMENT
There are no exceptions.
1 The documents in Docket No. RM22-3 are posted in FERC’s eLibrary as follows:
NOPR, at https://elibrary.ferc.gov/eLibrary/filedownload?fileid=4011CD98-DA3A-C01C-94F4-7E7881A00000
News Release, at https://www.ferc.gov/news-events/news/ferc-moves-close-gap-reliability-standards-electric-grid-cyber-systems
Staff Presentation, at https://www.ferc.gov/news-events/news/staff-presentation-notice-proposed-rulemaking-nopr-regarding-internal-network-0 .
2 FERC-725 is an existing Commission information collection, as stated by Title 18 Code of Federal Regulations (CFR), Part 39.
The burden and requirements for the NOPR in Docket No. RM22-3 are covered by FERC-725. However FERC-725 is currently pending OMB review for the 3-year renewal request (in ICR No. 202201-1902-001), so we are using a temporary placeholder information collection no., FERC-725(1B), in order to submit the NOPR in Docket No. RM22-3 to OMB timely.
3 Section 215 was added by the Energy Policy Act of 2005, Pub. L. No. 109-58, 119 Stat. 594 (2005) (codified at 42 USC 16451, et seq.).
4 Rules Concerning Certification of the Electric Reliability Organization; and Procedures for the Establishment, Approval, and Enforcement of Electric Reliability Standards ¶ 31,204 71 FR 8662 (2006) Order on rehearing, 71 FR 19,814 (2006), FERC Statutes and Regulations ¶ 31,212 (2006).
5 ‘Reliability Standards Development’ covers standards development initiated by NERC, the Regional Entities, and industry, as well as standards the Commission may direct NERC to develop or modify.
6 The NOPR was issued 1/20/2022 and posted in eLibrary at https://elibrary.ferc.gov/eLibrary/filedownload?fileid=4011CD98-DA3A-C01C-94F4-7E7881A00000.
The NOPR was published in the Federal Register on January 27, 2022 (87 FR 4173).
7 For more information on the Commission’s CEII program (and submitting and accessing CEII materials), see https://www.ferc.gov/legal/ceii-foia/ceii.asp.
8 The OMB-approved figures for FERC-725 include 21,840 burden hours for standards development by the ERO; the FERC-725 request pending OMB review (ICR No. 202201-1902-001) includes 20,800 hours for standards development by the ERO.
9 Paperwork Reduction Act of 1995 (PRA).
File Type | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
File Modified | 0000-00-00 |
File Created | 2022-01-28 |