In accordance
with 5 CFR 1320, the information collection revisions are approved.
The terms of the previous clearance remain in effect including the
expiration date for this collection, which is June 30, 2015.
Inventory as of this Action
Requested
Previously Approved
06/30/2015
36 Months From Approved
06/30/2015
1,475
0
1,501
1,327,231
0
848,730
0
0
5,444
The information collection
requirements in the CIP Version 5 standards apply to the following
functional entities: balancing authorities, distribution providers,
generator operators, generator owners, interchange coordinators (or
interchange authorities), reliability coordinators, transmission
operators, and transmission owners. Based on the NERC registry,
FERC estimates there are 1,475 entities registered for at least one
of the functions listed above. The cyber security policy, process,
and procedure documentation required by the CIP standards are the
principal components of a cyber-security program. The main use for
the information generated is to achieve and maintain a cyber-secure
operational state, a process which requires vigilant monitoring of
activity against documented policies and procedures. Similarly, the
applicable compliance enforcement authority (regional entity or
NERC) uses the information to measure an entity's compliance with a
given requirement. If the information collection requirements did
not exist then it would be difficult to monitor and enforce
compliance with the standards, which could lead entities to relax
their compliance with the requirements. Also, creating and
maintaining documentation is integral to the task of performing
cyber security, as reflected in the fact that some of the
reliability standards' requirements actually require an entity to
create a document (as opposed to documenting compliance with a
requirement). Without such information collection an entity may
fail to perform actions that may affect the reliability and
security of the grid.
FERC has issued a final rule
which adopts the CIP version 5 Reliability Standards. As discussed
previously, these standards are an improvement over the current
Version 4 standards. The CIP version 5 standards require new and
ongoing paperwork burden. FERC is averaging the estimated burden
hours from the proposed rule across the first three years to create
an annual figure to provide to OMB. This annual figure is 779,595
hrs [(418,048 hrs + 1,162,788 hrs + 757,948 hrs)/3 = 779,595 hrs].
After the first three years, entities will have completed
implementation of CIP version 5 (a total of 383,543 hours) and will
continue with ongoing burden unless other changes are made. FERC
proposes to add the annual hours from the final rule, 779,595
hours, to an adjusted baseline of burden hours under the existing
CIP standards. The current burden inventory shows 848,730 hours.
FERC is adjusting the existing hours based upon careful review of
the assumptions used to generate the previous estimates. FERC is
also adjusting the number entities/responses. Further detail is
provided in the supporting statement. FERC does not consider there
to be any additional non-labor costs for CIP version 5. The removal
of the annual cost burden below is due to a staff review
determining that any non-labor hour costs are negligible.
On behalf of this Federal agency, I certify that
the collection of information encompassed by this request complies
with 5 CFR 1320.9 and the related provisions of 5 CFR
1320.8(b)(3).
The following is a summary of the topics, regarding
the proposed collection of information, that the certification
covers:
(i) Why the information is being collected;
(ii) Use of information;
(iii) Burden estimate;
(iv) Nature of response (voluntary, required for a
benefit, or mandatory);
(v) Nature and extent of confidentiality; and
(vi) Need to display currently valid OMB control
number;
If you are unable to certify compliance with any of
these provisions, identify the item by leaving the box unchecked
and explain the reason in the Supporting Statement.
CIP v5 FR (RM13-5) SuppStmta.docx
Commissioner LaFluer Statement on Reliability Orders (RM13-5).pdf
V3-V5 burden and explanation of adjustment 1-24-14.xlsx
Statutes and Regs for Reliability.doc
FERC-725B, Mandatory Reliability Standards for Critical Infrastructure Protection