In accordance
with 5 CFR 1320, the information collection is approved for 6
months. This collection is approved with the following terms of
clearance: 1) If DOE decides to continue the use of this collection
beyond the approved emergency request expiration date, DOE must
resubmit to OMB under the normal PRA clearance process for an
extended approval; 2) upon resubmission, DOE is requested to
continue to develop instructions for the questionnaire that include
additional examples and clarifying language for each domain; and 3)
DOE will forward the questionnaire to OMB upon incorporating the
OMB control number and expiration date.
Inventory as of this Action
Requested
Previously Approved
11/30/2012
6 Months From Approved
17
0
0
136
0
0
0
0
0
The Electric Sector Cybersecurity Risk
Management Maturity (ESCRMM) Initiative is a White House initiative
designed to measure the cybersecurity risk management capability
within the electricity sector. Its primary goal is to develop a
common tool to evaluate this capability. The ESCRMM initiative is
being led by the Department of Energy (DOE) in partnership with the
Department of Homeland Security (DHS) and in collaboration with
representatives of asset owners and operators within the
electricity sector. The initiative is an important step toward an
objective, holistic way to address the electricity sector's
cybersecurity risks with an appropriate balance of protection,
resilience, and restoration. The initiative brings together
existing cybersecurity resources and aligns them with
sector-specific and cross-sector cybersecurity strategies. When
complete, the initiative will allow both industry and government
leaders to better understand the cybersecurity maturity of the
sector overall and of the various types of entities operating
within the sector, including independently-owned, municipal, and
cooperative utilities. It will also enable utilities to communicate
cybersecurity capabilities in meaningful terms and prioritize their
cybersecurity actions and investments.
"Protecting the electric
system from cyber threats and ensuring its resilience are vital to
our national security and economic well-being. This is exactly why
cybersecurity is one of four key themes in the White House's Policy
Framework for a 21st Century Grid."1 The constant escalation of
cyber threats against the nation, and in particular critical
infrastructure, has created a significant need for information on
how owners and operators can invest in and learn from best
practices to protect themselves from threats and to increase the
resiliency of their systems. Critical Infrastructure Protection is
a White House National Security priority. The Electric Sector
Cybersecurity Risk Management Maturity Initiative is under
development with public and private sector partners to provide this
capability to the sector as soon as possible. The initiative pilot,
for which the emergency ICR is being requested, will test and
validate the model and assessment tool so that it can be revised
and improved. The results of the pilot can then be provided to the
sector as whole to help them immediately begin to identify areas of
their systems and processes where investments or resources can be
made or reconfigured to bolster the security of their systems
further protecting the reliability of the electric grid from
disruptive or costly cyber threats.
US Code:
42
USC 5195c(e) Name of Law: USA Patriot Act of 2001
US Code: 6
USC 101(9) Name of Law: Homeland Security Act 2002
US Code: 42
USC 7101 Name of Law: Department of Energy Organization Act
On behalf of this Federal agency, I certify that
the collection of information encompassed by this request complies
with 5 CFR 1320.9 and the related provisions of 5 CFR
1320.8(b)(3).
The following is a summary of the topics, regarding
the proposed collection of information, that the certification
covers:
(i) Why the information is being collected;
(ii) Use of information;
(iii) Burden estimate;
(iv) Nature of response (voluntary, required for a
benefit, or mandatory);
(v) Nature and extent of confidentiality; and
(vi) Need to display currently valid OMB control
number;
If you are unable to certify compliance with any of
these provisions, identify the item by leaving the box unchecked
and explain the reason in the Supporting Statement.
ESCRMM DRAFT Model 2012-04-05-0906-MSTR-DW.PDF
Supporting Statement B - 5_10_2012.docx
Electric Sector Cybersecurity Risk Management Maturity Initiative