cleanSupporting Statement for RM13-8 Final Rule

cleanSupporting Statement for RM13-8 Final Rule.docx

FERC-725B [RM13-8 Final Rule] Mandatory Reliability Standards for Critical Infrastructure Protection

OMB: 1902-0248

Document [docx]
Download: docx | pdf

FERC-725A, -725B, & -725D (OMB Control Nos. 1902-0244, -0248, & -0247)

Docket No. RM13-8-000, Final Rule issued 11/21/2013

RIN: 1902-AE71

(updated 1/13/2014)


Supporting Statement

FERC-725A, Mandatory Reliability Standards for the Bulk Electric System;

FERC-725B, Mandatory Reliability Standards for Critical Infrastructure Protection;

FERC-725D, Facilities, Design, Connections, and Maintenance Reliability Standards

Modifications due to the Final Rule in RM13-8-000,

Electric Reliability Organization Proposal to Retire Requirements in Reliability Standards”



The Federal Energy Regulatory Commission (Commission or FERC) is requesting that OMB approve the collections as modified by the FERC Final Rule (Order 778, posted on FERC’s website at http://elibrary.ferc.gov/idmws/common/opennat.asp?fileID=13398376 ) in Docket RM13-8 and described in this supporting statement. (Initially, the North American Electric Reliability Organization (NERC, the Commission-approved Electric Reliability Organization [ERO]) requested FERC approval to retire 34 requirements within 19 Reliability Standards.) In this Final Rule, FERC reduces burden by eliminating requirements. The Commission:

approves the retirement of 34 requirements within 19 Reliability Standards identified by the NERC and

withdraws 41 FERC directives that NERC develop modifications to Reliability Standards.


FERC is using a consolidated supporting statement because this final rule affects three separate information collections and their OMB Control numbers. A separate Information Collection Request (ICR) with this consolidated supporting statement is being submitted for each of the affected collections (FERC-725A, -725B, and -725D).


  1. CIRCUMSTANCES THAT MAKE THE COLLECTION OF INFORMATION NECESSARY

This Final Rule eliminates some of the requirements contained within Reliability Standards covered under FERC-725A, -725B, and 725D. The following 34 requirements within 19 Reliability Standards will be retired:

  • BAL-005-0.2b, Requirement R2 – Automatic Generation Control

  • CIP-003-3, -4, Requirement R1.2 – Cyber Security – Security Management Controls1

  • CIP-003-3, -4, Requirements R3, R3.1, R3.2, and R3.3 – Cyber Security – Security Management Controls

  • CIP-003-3, -4, Requirement R4.2 – Cyber Security – Security Management Controls

  • CIP-005-3a, -4a, Requirement R2.6 – Cyber Security – Electronic Security Perimeter(s)

  • CIP-007-3, -4, Requirement R7.3 – Cyber Security – Systems Security Management

  • EOP-005-2, Requirement R3.1 – System Restoration from Blackstart Services

  • FAC-002-1, Requirement R2 – Coordination of Plans for New Facilities

  • FAC-008-3, Requirements R4 and R5 – Facility Ratings

  • FAC-010-2.1, Requirement R5 – System Operating Limits Methodology for the Planning Horizon

  • FAC-011-2.1, Requirement R5 – System Operating Limits Methodology for the Operations Horizon

  • FAC-013-2, Requirement R3 – Assessment of Transfer Capability for the Near-term Transmission Planning Horizon

  • INT-007-1, Requirement R1.2 – Interchange Confirmation

  • IRO-016-1, Requirement R2 – Coordination of Real-Time Activities between Reliability Coordinators

  • NUC-001-2, Requirements R9.1, R9.1.1, R9.1.2, R9.1.3, and R1.9.4 – Nuclear Plant Interface Coordination

  • PRC-010-0, Requirement R2 – Assessment of the Design and Effectiveness of UVLS Programs

  • PRC-022-1, Requirement R2 – Under-Voltage Load Shedding Program Performance

  • VAR-001-2, Requirement R5 – Voltage and Reactive Control


In addition, FERC is withdrawing 41 directives (identified in Attachment A of the Final Rule) requiring that NERC develop modifications to Reliability Standards,.



The following general background provides insight into the existing collections, their genesis and implementation, and the remaining requirements which are not affected by this final rule.


On August 8, 2005, The Electricity Modernization Act of 2005, which is Title XII of the Energy Policy Act of 2005 (EPAct 2005), was enacted into law.2 EPAct 2005 added a new Section 215 to the Federal Power Act (FPA), which requires a Commission-certified Electric Reliability Organization (ERO)3 to develop mandatory and enforceable Reliability Standards, which are subject to Commission review and approval


More specifically, EPAct gave FERC new authorities (codified in 16 USC 824o) including the following (highlighting added).


(b) Jurisdiction and applicability

(1)The Commission shall have jurisdiction, within the United States, over the ERO certified by the Commission under subsection (c) of this section, any regional entities, and all users, owners and operators of the bulk-power system, including but not limited to the entities described in section 824(f) of this title, for purposes of approving reliability standards established under this section and enforcing compliance with this section. All users, owners and operators of the bulk-power system shall comply with reliability standards that take effect under this section.

....

(c) Certification

Following the issuance of a Commission rule under subsection (b)(2) of this section, any person may submit an application to the Commission for certification as the Electric Reliability Organization. The Commission may certify one such ERO if the Commission determines that such ERO—

(1)has the ability to develop and enforce, subject to subsection (e)(2) of this section, reliability standards that provide for an adequate level of reliability of the bulk-power system; and

(2)has established rules that—

(A)assure its independence of the users and owners and operators of the bulk-power system, while assuring fair stakeholder representation in the selection of its directors and balanced decisionmaking in any ERO committee or subordinate organizational structure;

(C)provide fair and impartial procedures for enforcement of reliability standards through the imposition of penalties in accordance with subsection (e) of this section (including limitations on activities, functions, or operations, or other appropriate sanctions);

(D)provide for reasonable notice and opportunity for public comment, due process, openness, and balance of interests in developing reliability standards and otherwise exercising its duties; ….

(d) Reliability standards

(1)The Electric Reliability Organization shall file each reliability standard or modification to a reliability standard that it proposes to be made effective under this section with the Commission.

(2)The Commission may approve, by rule or order, a proposed reliability standard or modification to a reliability standard if it determines that the standard is just, reasonable, not unduly discriminatory or preferential, and in the public interest. The Commission shall give due weight to the technical expertise of the Electric Reliability Organization with respect to the content of a proposed standard or modification to a reliability standard and to the technical expertise of a regional entity organized on an Interconnection-wide basis with respect to a reliability standard to be applicable within that Interconnection, but shall not defer with respect to the effect of a standard on competition. A proposed standard or modification shall take effect upon approval by the Commission.

3)The Electric Reliability Organization shall rebuttably presume that a proposal from a regional entity organized on an Interconnection-wide basis for a reliability standard or modification to a reliability standard to be applicable on an Interconnection-wide basis is just, reasonable, and not unduly discriminatory or preferential, and in the public interest.

(4)The Commission shall remand to the Electric Reliability Organization for further consideration a proposed reliability standard or a modification to a reliability standard that the Commission disapproves in whole or in part.

(5)The Commission, upon its own motion or upon complaint, may order the Electric Reliability Organization to submit to the Commission a proposed reliability standard or a modification to a reliability standard that addresses a specific matter if the Commission considers such a new or modified reliability standard appropriate to carry out this section.....”


If approved by FERC, Reliability Standards may be enforced either by the ERO (subject to Commission oversight), or by the Commission independently.


FERC-725A


On March 16, 2007, in Order No. 693, pursuant to Section 215(d) of the FPA, the Commission approved 83 of 107 proposed Reliability Standards, six of the eight proposed regional differences, and the North American Electric Reliability Corporation (NERC) Glossary of Terms Used in Reliability Standards (NERC Glossary), which includes the standards and information collection requirements in FERC-725A. Since that time, some standards have been added to, modified, or retired from FERC-725A; as some of those original standards have been modified, they have been moved to other ‘FERC-725n’ data collections.


FERC-725B


On January 18, 2008, the Commission issued Order No. 706, which approved the CIP version 1 Standards to address cyber security of the Bulk-Power System.4 In Order No. 706, the Commission approved eight CIP Reliability Standards (CIP-002-1 through CIP-009-1). On April 19, 2012, the Commission issued Order No. 761, which approved the CIP version 4 Standards (CIP-002-4 through CIP-009-4).5 Reliability Standard CIP-002-4 (Critical Cyber Asset Identification) sets forth 17 uniform “bright line” criteria for identifying Critical Assets. The Commission also accepted NERC’s proposed implementation schedule for the CIP version 4 Standards, which are scheduled for full implementation and enforceability beginning April 2014.6


On April 18, 2013, the Commission issued a proposed rule7 in Docket RM13-5, proposing to approve the CIP version 5 standards. In drafting these standards submitted to FERC for approval, NERC stated that it took into consideration 4 years of experience since the first CIP standards were implemented, “as well as FERC directives…developed the proposed CIP Version 5 standards to better protect the reliability of the nation’s Bulk Electric System (“BES”) from cyber-attacks.”8


FERC-725D


On December 27, 2007, the Commission approved the three Facilities Design, Connections and Maintenance (FAC) Reliability Standards that were developed by the NERC and stakeholders and submitted to FERC for approval. In addition, the Commission directed NERC to develop a modification to one of the three Reliability Standards that was approved as mandatory and enforceable.  The Commission also approved a regional difference for the Western Interconnection (administered by the Western Electricity Coordinating Council (WECC)) which is incorporated into FAC-010-1 and FAC-011-1. Lastly, the Commission accepted three new terms for the NERC Glossary of Terms Used in Reliability Standards,9 and sent back another proposed term, and directed NERC to submit modifications to its proposed Violation Risk Factors consistent with the Commission’s prior orders.


On March 20, 2009 (in Docket RM08-11), in Order No. 722,10 the Commission approved three revised Reliability Standards developed by NERC (FAC-010-2, FAC-011-2, and FAC-014-2), which set requirements for the development and communication of system operating limits of the Bulk-Power System for use in the planning and operation horizons.

  1. HOW, BY WHOM, AND FOR WHAT PURPOSE THE INFORMATION IS TO BE USED AND THE CONSEQUENCES OF NOT COLLECTING THE INFORMATION

In general, information collection and record retention requirements related to Reliability Standards are not submitted to, or retained for audit by, FERC. Rather they are submitted to, or retained for audit by, NERC or the Compliance Enforcement Authority, as specified in each individual Reliability Standard.


In the Final Rule in RM13-8, FERC reduces burden by eliminating requirements. The Commission:

  • approves the retirement of 34 requirements (listed in Q1 above and in the Final Rule) within 19 Reliability Standards identified by NERC. The requirements proposed for retirement either: (1) provide little protection for Bulk-Power System reliability or (2) are redundant with other aspects of the Reliability Standards.

  • withdraws 41 FERC directives (identified in Attachment A of the Final Rule) that NERC develop modifications to Reliability Standards. In Order No. 693 and subsequent final rules, the Commission has identified various issues and directed NERC to develop modifications to the Reliability Standards or to take other actions to address those issues. While NERC has addressed many of these directives, over 150 directives remain outstanding. The withdrawal of these 41 FERC directives will enhance the efficiency of the Reliability Standards development process, with little or no impact on Bulk-Power System reliability.


Pursuant to Executive Order 13579, the Commission issued a plan to identify regulations that warrant repeal or modification, or strengthening, complementing, or modernizing where necessary or appropriate. In the Plan, the Commission also stated that it voluntarily and routinely reviews its regulations to ensure that they achieve their intended purpose and do not impose undue burdens on regulated entities or unnecessary costs on those entities or their customers. This Final Rule is a part of the Commission’s ongoing effort to review its requirements and reduce unnecessary burdens by eliminating requirements that are not necessary to the performance of the Commission’s regulatory responsibilities.


The Reliability Standard Requirements that are being retired affect many of the entities currently subject to reliability standards.11 This final rule eliminates information collection requirements, so there are no consequences for not collecting the information.


  1. DESCRIBE ANY CONSIDERATION OF THE USE OF IMPROVED INFORMATION TECHNOLOGY TO REDUCE THE BURDEN AND TECHNICAL OR LEGAL OBSTACLES TO REDUCING BURDEN


This Final Rule in RM13-8 eliminates information collection requirements regardless of the medium or technology used.


(For the remaining requirements not affected by the Final Rule in RM13-8, the use of current or improved technology and the medium are not covered in Reliability Standards, and are therefore left to the discretion of each respondent. We think that nearly all of the respondents are likely to make and keep related records in an electronic format. Each of the eight Regional Entities has a well-established compliance portal for registered entities to electronically submit compliance information and reports. The compliance portals allow documents developed by the registered entities to be attached and uploaded to the Regional Entity’s portal. Compliance data can also be submitted by filling out data forms on the portals. These portals are accessible through an internet browser password protected user interface.)


  1. DESCRIBE EFFORTS TO IDENTIFY DUPLICATION AND SHOW SPECIFICALLY WHY ANY SIMILAR INFORMATION ALREADY AVAILABLE CANNOT BE USED OR MODIFIED FOR USE FOR THE PURPOSE(S) DESCRIBED IN INSTRUCTION NO. 2.


In a March 2012 Order, the Commission accepted, with conditions, NERC’s “Find, Fix, Track and Report” (FFT) initiative. The FFT process, inter alia, provides NERC and the Regional Entities the flexibility to address lower-risk possible violations through an FFT informational filing as opposed to issuing and filing a Notice of Penalty. In addition, the Commission raised the prospect of revising or removing requirements of Reliability Standards that “provide little protection for Bulk-Power System reliability or may be redundant.”12 Specifically, the Commission stated:


The Commission notes that NERC’s FFT initiative is predicated on the view that many violations of requirements currently included in Reliability Standards pose lesser risk to the Bulk-Power System. If so, some current requirements likely provide little protection for Bulk-Power System reliability or may be redundant. The Commission is interested in obtaining views on whether such requirements could be removed from the Reliability Standards with little effect on reliability and an increase in efficiency of the ERO compliance program. If NERC believes that specific Reliability Standards or specific requirements within certain Standards should be revised or removed, we invite NERC to make specific proposals to the Commission identifying the Standards or requirements and setting forth in detail the technical basis for its belief. In addition, or in the alternative, we invite NERC, the Regional Entities and other interested entities to propose appropriate mechanisms to identify and remove from the Commission-approved Reliability Standards unnecessary or redundant requirements. We will not impose a deadline on when these comments should be submitted, but ask that to the extent such comments are submitted NERC, the Regional Entities, and interested entities coordinate to submit their respective comments concurrently.13


In response, NERC initiated a review, referred to as the “P 81 project,” to identify requirements that could be removed from Reliability Standards without impacting the reliability of the Bulk-Power System.

In its February 28, 2013 petition, NERC seeks Commission approval of the retirement of 34 requirements within 19 Reliability Standards. NERC asserts that the 34 requirements proposed for retirement “are redundant or otherwise unnecessary” and that “violations of these requirements … pose a lesser risk to the reliability of the Bulk-Power System.”14


  1. METHODS USED TO MINIMIZE THE BURDEN IN COLLECTION OF INFORMATION INVOLVING SMALL ENTITIES


This Final Rule will reduce burden on large and small entities because it is eliminating unnecessary or redundant Reliability Standard Requirements.


  1. CONSEQUENCE TO FEDERAL PROGRAM IF COLLECTION WERE CONDUCTED LESS FREQUENTLY


In general, information collection requirements in Reliability Standards help maintain reliability on the bulk power system.


The Final Rule is removing unnecessary or redundant requirements. The Commission does not see any real harm or consequence to the bulk power system by removing these redundant or unnecessary requirements from the Reliability Standards.


  1. EXPLAIN ANY SPECIAL CIRCUMSTANCES RELATING TO THE INFORMATION COLLECTION


There are no special circumstances as described in 5 CFR 1320.5(d)(2) related to this Final Rule.


  1. DESCRIBE EFFORTS TO CONSULT OUTSIDE THE AGENCY: SUMMARIZE PUBLIC COMMENTS AND THE AGENCY’S RESPONSE


The ERO process15 to establish (and, in this case, to eliminate Requirements of) Reliability Standards is a collaborative process with the ERO, Regional Entities and other industry stakeholders developing and reviewing drafts, providing comments, and voting. [This process provides several opportunities for review and comment by stakeholders and interested parties.] Then the final proposal is submitted by the ERO to the FERC for review and approval. Upon approval by FERC, the standards are mandatory and enforceable.


In addition, each FERC rulemaking (both proposed and final rules) is published in the Federal Register, thereby providing public utilities and licensees, state commissions, Federal agencies, and other interested parties an opportunity to submit data, views, comments or suggestions concerning the proposed collection of data. The proposed rule was published in the Federal Register on 6/28/2013 (78 FR 38851). The comments received generally were very supportive of the proposed elimination of requirements from the Reliability Standards as well as the proposed FERC withdrawal of 41 FERC directives that NERC develop modifications to Reliability Standards. There were no public comments received that specifically addressed the burden or cost estimates. The public comments are addressed in the Final Rule and are available in FERC’s eLibrary on www.ferc.gov under Docket No. RM13-8.


The Final Rule will be published in the Federal Register.


  1. EXPLAIN ANY PAYMENT OR GIFTS TO RESPONDENTS


The Commission does not make payments or provide gifts for respondents related to this collection.


  1. DESCRIBE ANY ASSURANCE OF CONFIDENTIALITY PROVIDED TO RESPONDENTS


This final rule is eliminating some requirements (within FERC-725A, -725B, and -725D) that are unnecessary or redundant.


For the remaining requirements which are unaffected by this final rule, generally the Compliance Enforcement Authorities monitor and audit; these Authorities are non-FERC. Each Reliability Standard identifies the Compliance Enforcement Authorities and describes the treatment of the records.


On the rare occasion that FERC may receive copies of or obtain access to these records, the Commission has in place procedures to prevent the disclosure of sensitive information, such as the use of protective orders and rules establishing critical energy infrastructure information (CEII). In addition, information provided with a filing may be submitted with a specific request for confidential treatment to the extent permitted by law and considered pursuant to 18 C.F.R. 388.112 of FERC's regulations.


  1. PROVIDE ADDITIONAL JUSTIFICATION FOR ANY QUESTIONS OF A SENSITIVE NATURE


This collection does not include any questions of a sensitive nature that are considered private.


  1. ESTIMATED BURDEN OF COLLECTION OF INFORMATION


FERC-725A. The current burden for the FERC-725A is 1,833,653 hours. FERC 725A contains the information collection requirements for nearly all of the U.S.-wide Reliability Standards. The collection started in 2007 when FERC approved the initial 83 Reliability Standards with an estimated 1,252,680 burden hours annually (OMB approval of 9/28/2007).


Since that time, some standards have been added to, modified, or retired from FERC-725A; as some of those original standards have been modified, they have been moved to other ‘FERC-725n’ data collections.


The Final Rule in RM13-8 reduces the burden in FERC-725A by 4,667 hours.


FERC-725B. The current burden for the FERC-725B is 850,680 hours. These hours are associated with information collections contained in Critical Infrastructure Protection (CIP) Reliability Standards CIP-002-4 through CIP-009-4. This Final Rule reduces the burden in FERC-725B by 1,950 hours.


FERC-725D. The current burden for the FERC-725D is 141,000 hours. These hours are associated with the information collection requirements in three FAC Reliability Standards, FAC-010-2, FAC-011-2, and FAC-014-2. The Final Rule reduces the burden in FERC-725D by 2,020.



  1. ESTIMATE OF THE TOTAL ANNUAL COST BURDEN TO RESPONDENTS


There is no start-up or other non-labor hour cost associated with this Final Rule.


The existing annual record keeping requirements (not related to burden hours) are:16

  • FERC-725A, estimated at $126,725

  • FERC-725B, estimated at $5,444

  • FERC-725D estimated at $55,800.


  1. ESTIMATED ANNUALIZED COST TO FEDERAL GOVERNMENT


The Regional Entities and the ERO do most of the data processing, monitoring, compliance, and auditing work for Reliability Standards. Any involvement by the Commission is covered under the FERC-725 (OMB Control No. 1902-0225) and is not part of this request or package.


The Commission does incur the costs associated with complying with the Paperwork Reduction Act for this rulemaking. FERC estimates the annual cost for this effort to be $2,250 for each rulemaking.17


  1. REASONS FOR CHANGES IN BURDEN INCLUDING THE NEED FOR ANY INCREASE


The Commission approves NERC’s proposal to retire 34 requirements within 19 Reliability Standards, which the Commission estimates will result in an annual total burden reduction of 8,637 hours for the three information collections.


The Commission based its paperwork burden estimates on the NERC compliance registry as of April 30, 2013.18 According to the NERC registry, there are 132 balancing authorities (BA), 544 distribution providers (DP), 898 generator owners (GO), 859 generator operators (GOP), 56 interchange authorities (IA), 515 load serving entities (LSE), 80 planning authorities/planning coordinators (PA or PC), 677 purchasing selling entities (PSE), 21 reliability coordinators (RC), 346 transmission owners (TO), 185 transmission operators (TOP), 185 transmission planners (TP), and 93 transmission service providers (TSP).


The Commission estimates that the burden will be reduced for each requirement as indicated in the chart below, for a total estimated annual reduction in burden of 8,637 hours. (The Commission based the burden reduction estimates on staff experience, knowledge, and expertise; no public comments on the estimated figures were received as a result of the NOPR.)


Reliability Standard, Requirement Number, and FERC Collection Number

Type of Respondents

Number of Respondents19

[A]

Average Reduction in Burden Hours per Respondent per Year
[B]

Estimated Total Annual Reduction in Burden (in hours)

[A X B]

Estimated Total Annual Reduction in Cost
[A X B X $60/ hour
20]

EOP-005-2, R3.1

(FERC-725A)

TOP

185

1

185

$11,100

FAC-008-3, R4

(FERC-725A)

TO, GO

1,151

1

1,151

$69,060

FAC-008-3, R5

(FERC-725A)

TO, GO

1,151

1

1,151

$69,060

FAC-010-2.1, R5

(FERC-725D)

PA

80

20

1,600

$96,000

FAC-011-2, R5

(FERC-725D)

RC

21

20

420

$25,200

FAC-013-2, R3

(FERC-725A)

PC

80

8

640

$38,400

INT-007-1, R1.2

(FERC-725A)

IA

56

20

1,120

$67,200

IRO-016-1, R2

(FERC-725A)

RC

21

20

420

$25,200

CIP-003-3, -4, R1.2

(FERC-725B)

RC, BA, IA, TSP, TO, TOP, GO, GOP,LSE,

325

1

325

$19,500

CIP-003-3, -4, R3, R3.1, R3.2, R3.3

(FERC-725B)

RC, BA, IA, TSP, TO, TOP, GO, GOP,LSE,

325

1

325

$19,500

CIP-005-3, -4, R2.6

(FERC-725B)

RC, BA, IA, TSP, TO, TOP, GO, GOP,LSE,

325

4

1,300

$78,000

Total for FERC-725A




4,667

$280,020

Total for FERC-725B




1,950

$117,000

Total for FERC-725D




2,020

$121,200

Grand Total




8,637

$518,220


Because these requirements were found redundant with other requirements, 21 the above chart does not include:

  • BAL-005-0.2b, Requirement R2

  • CIP-003-3, -4, Requirement R4.2

  • CIP-007-3, -4, Requirement R7.3

  • FAC-002-1, Requirement R2

  • PRC-010-0, Requirement R2

  • PRC-022-1, Requirement R2; and

  • VAR-001-2, Requirement R5.

Since the action required within them is required elsewhere, there is no change in the overall burden in retiring these requirements.


Similarly, NUC-001-2, Requirement R9.1; NUC-001-2, Requirement R9.1.1; NUC-001-2, Requirement R9.1.2; NUC-001-2, Requirement R9.1.3; and NUC-001-2, Requirement R9.1.4 are not included because these requirements require that the applicable entities put boiler plate language into their agreements that is normally included in all legal contracts. 22 Since this action will be taken regardless if it is required by a NERC Reliability Standard, there is no reduction in burden.


We are assuming that the deleted requirements are only a part of the existing responses from respondents for each collection. Hence we are only proposing to remove the burden hours associated with the requirements and not remove any of the respondents.


FERC-725A


The following table shows the burden hour impact of the final rule in relation to the total inventory for the FERC-725A.


FERC-725A

Total Request

Previously Approved (in ICR 201309-1902-002)

Change due to Adjustment in Estimate

Change Due to Agency Discretion

Annual Number of Responses

3,770

3,770

-

-

Annual Time Burden (Hrs.)


1,828,986

1,833,653

-

-4,667

Annual Cost Burden ($)

126,725

126,725

-

-


FERC-725B


The burden reduction is the result of eliminating two requirements in Reliability Standard CIP-003 and one requirement in Reliability Standard CIP-005.


In CIP-003, the Commission eliminates Requirements R1.2, which states that the cyber security policy must be available to all personnel who work with Critical Cyber Assets. NERC explains that the requirement is administrative in nature and that existing training requirements regarding Critical Cyber Assets render this requirement unnecessary.


Also in CIP-003, the Commission eliminates Requirement R3, which states that an entity must document any exceptions it has in conforming with its cyber security policy. NERC says that the reliability purposes of CIP-003 are not affected by removing this requirement. The requirement has to do with managing an exception process to internal corporate documentation and not with exceptions to Reliability Standard requirements.


In CIP-005, the Commission eliminates Requirement R2.6, which states that electronic access control devices shall display an appropriate use banner on the user screen. NERC states that R2.6 is an administrative task that doesn’t support the general purpose of CIP-005. NERC says that the general purpose of CIP-005 is to ensure proper or secure access point configuration and that the appropriate use banner provides little additional protection to Bulk-Power system reliability.

The following table shows the burden hour impact of the final rule in relation to the total inventory for the FERC-725B.


FERC-725B

Total Request

Previously Approved

Change due to Adjustment in Estimate

Change Due to Agency Discretion

Annual Number of Responses

1,501

1,501

-

-

Annual Time Burden (Hrs.)

848,730

850,680

-

-1,950

Annual Cost Burden ($)

5,444

5,444

-

-


FERC-725D


The following table shows the burden hour impact of the final rule in relation to the total inventory for the FERC-725D.


FERC-725D

Total Request

Previously Approved

Change due to Adjustment in Estimate

Change Due to Agency Discretion

Annual Number of Responses

470

470

-

-

Annual Time Burden (Hr)

138,980

141,000

-

-2,020

Annual Cost Burden ($)

55,800

55,800

-

-



  1. TIME SCHEDULE FOR PUBLICATION OF DATA


There are no publications of data as part of this collection.


  1. DISPLAY OF EXPIRATION DATE


It is not appropriate to display the expiration date because the information is not collected on a preformatted form or in any format that would allow for such a display.


  1. EXCEPTIONS TO THE CERTIFICATION STATEMENT


The Commission does not use statistical methods for this collection. Therefore the Commission does not certify that the collection uses statistical methods.


1 NERC explains that although only eight requirements in the Critical Infrastructure Protection (CIP) body of Reliability Standards are proposed for retirement, NERC proposes the retirement of those eight requirements in both CIP versions 3 and 4. Therefore, the total number of CIP requirements proposed for retirement is sixteen.

2 The Energy Policy Act of 2005, Pub. L. No 109-58, Title XII, Subtitle A, 119 Stat. 594, 941 (2005), codified at 16 U.S.C. 824o (2000).

3 FERC certification is addressed in 18CFR Part 39. The application to become an ERO is covered under FERC-725.

4 Mandatory Reliability Standards for Critical Infrastructure Protection, Order No. 706, 122 FERC ¶ 61,040, order on reh’g, Order No. 706-A, 123 FERC ¶ 61,174 (2008), order on clarification, Order No. 706-B, 126 FERC ¶ 61,229 (2009), order on clarification, Order No. 706-C, 127 FERC ¶ 61,273 (2009).

5 Version 4 Critical Infrastructure Protection Reliability Standards, Order No. 761, 77 Fed. Reg. 24,594 (April 25, 2012), 139 FERC ¶ 61,058 (2012); order denying reh’g, 140 FERC ¶ 61,109 (2012).

6 The CIP version 5 Implementation Plan, if approved as proposed on 4/18/2013 in the NOPR in separate and pending Docket RM13-5, would obviate this CIP version 4 schedule.

8 The NERC Petition is available on FERC’s eLibrary system (http://www.ferc.gov/docs-filing/elibrary.asp) by searching in Docket Number RM13-5. The proposed standards are contained in Exhibit A of NERC’s petition.

9 NERC’s current “Glossary of Terms Used in NERC Reliability Standards” is posted on the NERC website at http://www.nerc.com/pa/Stand/Glossary%20of%20Terms/Glossary_of_Terms.pdf .

10 Order 722 is available at http://elibrary.ferc.gov/idmws/common/opennat.asp?fileID=11972055; an order on compliance filing and rehearing (issued 5/19/2011) is posted at http://elibrary.ferc.gov/idmws/common/opennat.asp?fileID=12663912.

11 This includes transmission operators, transmission owners, generator owners, planning authorities, reliability coordinators, interchange authorities, balancing authorities, transmission service providers, generator operators, and load serving entities.

12 March 2012 Order at P 81.

13 Id.

14 NERC Petition at 2.

15 Details of the ERO’s standards process are available on the NERC website in the Standard Process Manual (Version 3, effective 6/26/2013) at http://www.nerc.com/comm/SC/Documents/Appendix_3A_StandardsProcessesManual.pdf . Figure 1 (Process for Developing or Modifying a Reliability Standard) on page 15 of the NERC manual includes a diagram showing the “typical process for a project identified in the Reliability Standards Development Plan that involves a revision to an existing Reliability Standard....”

16 The supporting statement for the NOPR in RM13-8 inadvertently omitted the previous figures for the costs which are not related to burden hours (also called non-labor costs) for the FERC-725B and FERC-725D. Those costs were not affected by the NOPR or this Final Rule in RM13-8 and are included here.

17 This is based on an estimate of work done by the Information Clearance team, other FERC staff, and a small non-labor cost related to publishing material in the Federal Register.

18 The estimates for the retired CIP requirements are based on February 28, 2013 registry data in order to provide consistency with burden estimates provided in the Commission’s recent CIP version 5 Notice of Proposed Rulemaking in Docket No. RM13-5-000.

19 This number was calculated by adding all the applicable entities while removing double counting caused by entities registered under multiple functions.

20 The estimated hourly loaded cost (salary plus benefits) for an engineer is assumed to be $60/hour, based on salaries as reported by the Bureau of Labor Statistics (BLS) (http://bls.gov/oes/current/naics2_22.htm). Loaded costs are BLS rates divided by 0.703 and rounded to the nearest dollar (http://www.bls.gov/news.release/ecec.nr0.htm).

21 The reporting requirements in these standards are part of the FERC-725A information collection.

22 The reporting requirements in this standard are part of the FERC-725F (OMB Control No. 1902-0249) information collection. The rule does not implicate the PRA for the paperwork requirements associated with the FERC-725F.

12


File Typeapplication/vnd.openxmlformats-officedocument.wordprocessingml.document
File TitleSupporting Statement
Authorferc
File Modified0000-00-00
File Created2021-01-28

© 2024 OMB.report | Privacy Policy