FERC-725U (OMB Control No.: 1902-0274)
Supporting Statement for
FERC-725U, Mandatory Reliability Standards: Reliability Standard CIP-014
(Three-year approval for extension requested)
The Federal Energy Regulatory Commission (FERC or Commission) requests that the Office of Management and Budget (OMB) review and renew the information collection requirements in FERC-725U under OMB Control No. 1902-0274. This supporting statement covers the requirements of the FERC-725U information collection. The reporting requirements in the FERC-725U are also contained in FERC’s regulations in 18 Code of Federal Regulations (CFR) Part 40.
CIRCUMSTANCES THAT MAKE THE COLLECTION OF INFORMATION NECESSARY
On August 8, 2005, The Electricity Modernization Act of 2005, which is Title XII of the Energy Policy Act of 2005 (EPAct 2005), was enacted into law. EPAct 2005 added a new Section 215 to the Federal Power Act (FPA), which requires a Commission-certified Electric Reliability Organization (ERO) to develop mandatory and enforceable Reliability Standards, which are subject to Commission review and approval. Once approved, the Reliability Standards may be enforced by the ERO, subject to Commission oversight. In 2006, the Commission certified the North American Electric Reliability Corporation (NERC) as the ERO pursuant to FPA section 215.1
HOW, BY WHOM, AND FOR WHAT PURPOSE THE INFORMATION IS TO BE USED AND THE CONSEQUENCES OF NOT COLLECTING THE INFORMATION
Reliability Standard CIP-014-1 (inactive as of 10/1/2015)
On 11/20/2014, FERC issued an order2 approving Reliability Standard CIP-014-1. Reliability Standard CIP-014-1 enhanced physical security measures for the critical Bulk-Power System facilities and lessened the overall vulnerability of the Bulk-Power System against physical attacks.
Reliability Standard CIP-014-2 (current)
On 7/14/2015, FERC issued a letter order approving Reliability Standard CIP-014-2 (the current version of the Reliability Standard). Reliability Standard CIP-014-2 modified Reliability Standard CIP-014-1 by removing the term “widespread” from Requirement R1. Removing the term ensured that:
Applicable entities identify appropriate critical facilities under Requirement R1, and
The electric reliability organization enforces the CIP-014-2 Reliability Standard in a more consistent manner.
The removal of the word “widespread” from Requirement R1 did not change any other aspect of the CIP-014-2 nor the FERC-725U information collection.
Reliability Standard CIP-014-2 requires applicable transmission owners and transmission operators to identify and protect transmission stations and transmission substations, and their associated primary control centers that if rendered inoperable or damaged resulting from a physical attack could result in widespread instability, uncontrolled separation, or cascading within an Interconnection.
In terms of information collection requirements, an applicable entity must create or maintain documentation showing compliance, when appropriate, with each requirement of the Reliability Standard. Reliability Standard CIP-014-2 has six requirements:
Requirement R1 requires applicable transmission owners (TO) to perform risk assessments on a periodic basis3 to identify their transmission stations and transmission substations that, if rendered inoperable or damaged, could result in widespread instability, uncontrolled separation, or cascading within an Interconnection. Requirement R1 also requires transmission owners to identify the primary control center that operationally controls each of the identified transmission stations or transmission substations. Examples of acceptable evidence may include dated written or electronic documentation of the risk assessment of its transmission stations and transmission substations (existing and planned to be in service within 24 months) that meet the criteria in Applicability Section 4.1.1 as specified in Requirement R1.
Requirement R2 requires that each applicable transmission owner have an unaffiliated third party with appropriate experience verify the risk assessment performed under Requirement R1. Requirement R2 states that the transmission owner must either modify its identification of facilities consistent with the verifier’s recommendation or document the technical basis for not doing so. In addition, Requirement R2 requires each transmission owner to implement procedures for protecting sensitive or confidential information made available to third-party verifiers or developed under the Reliability Standard from public disclosure. Examples of acceptable evidence may include dated written or electronic documentation that the transmission owner completed an unaffiliated third party verification of the Requirement R1 risk assessment and satisfied all of the applicable provisions of Requirement R2, including, if applicable, documenting the technical basis for not modifying the Requirement R1 identification as specified under Part 2.3.
Requirement R3 requires the transmission owner to notify a transmission operator (TOP) that operationally controls a primary control center identified under Requirement R1 of such identification to ensure that the transmission operator has notice of the identification so that it may timely fulfill its obligations under Requirements R4 and R5 to protect the primary control center. Examples of acceptable evidence may include dated written or electronic communications that the transmission owner notified each transmission operator, as applicable, according to Requirement R3.
Requirement R4 requires each applicable transmission owner and transmission operator to conduct an evaluation of the potential threats and vulnerabilities of a physical attack on each of its respective transmission stations, transmission substations, and primary control centers identified as critical in Requirement R1. Examples of evidence may include dated written or electronic documentation that the transmission owner or transmission operator conducted an evaluation of the potential threats and vulnerabilities of a physical attack to their respective transmission station(s), transmission substation(s) and primary control center(s) as specified in Requirement R4.
Requirement R5 requires each transmission owner and transmission operator to develop and implement documented physical security plans that cover each of their respective transmission stations, transmission substations, and primary control centers identified as critical in Requirement R1. Examples of evidence may include dated written or electronic documentation of its physical security plan(s) that covers their respective identified and verified transmission station(s), transmission substation(s), and primary control center(s) as specified in Requirement R5, and additional evidence demonstrating implementation of the physical security plan.
Requirement R6 requires that each transmission owner and transmission operator subject to Requirements R4 and R5 have an unaffiliated third party with appropriate experience review its Requirement R4 evaluation and Requirement R5 security plan. Requirement R6 states that the transmission owner or transmission operator must either modify its evaluation and security plan consistent with the recommendation, if any, of the reviewer or document its reasons for not doing so. In addition, Requirement R6 requires each transmission owner to implement procedures for protecting sensitive or confidential information made available to third-party reviewers or developed under the Reliability Standard from public disclosure. Examples of evidence may include written or electronic documentation that the transmission owner or transmission operator had an unaffiliated third party review the evaluation performed under Requirement R4 and the security plan(s) developed under Requirement R5 as specified in Requirement R6 including, if applicable, documenting the reasons for not modifying the evaluation or security plan(s) in accordance with a recommendation under Part 6.3.
Transmission owners and transmission operators must keep data or evidence to show compliance with the standard for three years unless directed by its Compliance Enforcement Authority. If a responsible entity is found non-compliant, it must keep information related to the non-compliance until mitigation is complete and approved, or for the three years, whichever is longer.
DESCRIBE ANY CONSIDERATION OF THE USE OF IMPROVED INFORMATION TECHNOLOGY TO REDUCE THE BURDEN AND TECHNICAL OR LEGAL OBSTACLES TO REDUCING BURDEN
This collection does not require industry to file the information with the Commission. However, FERC-725U does contain information collection and record retention requirements for which using current technology is an option.
The information technology to meet the information collection requirements is not specifically covered in the Reliability Standard.
DESCRIBE EFFORTS TO IDENTIFY DUPLICATION AND SHOW SPECIFICALLY WHY ANY SIMILAR INFORMATION ALREADY AVAILABLE CANNOT BE USED OR MODIFIED FOR USE FOR THE PURPOSE(S) DESCRIBED IN INSTRUCTION NO. 2
The Commission periodically reviews filing requirements concurrent with OMB review or as the Commission deems necessary to eliminate duplicative filing and to minimize the filing burden. The Commission is unaware of any other source of information related to bulk-electric system physical security.
METHODS USED TO MINIMIZE THE BURDEN IN COLLECTION OF INFORMATION INVOLVING SMALL ENTITIES
In general, small entities may reduce their burden by taking part in a joint registration organization or a coordinated functional registration. These options allow a small entity to share the compliance burden with other entities and, thus, to minimize their own compliance burden. Detailed information regarding these options is available in NERC’s Rule of Procedure at Sections 507 and 5084.
CONSEQUENCE TO FEDERAL PROGRAM IF COLLECTION WERE CONDUCTED LESS FREQUENTLY
The paperwork requirements are related with documenting compliance with substantive requirements (including the preparation of a physical security plan), and maintaining such documents. The frequency of the paperwork requirements was vetted and approved by industry consensus in the NERC standard development process and is ultimately meant to support the reliability of the bulk electric system.
EXPLAIN ANY SPECIAL CIRCUMSTANCES RELATING TO THE INFORMATION COLLECTION
There are no special circumstances related to the FERC-725U information collection.
DESCRIBE EFFORTS TO CONSULT OUTSIDE THE AGENCY: SUMMARIZE PUBLIC COMMENTS AND THE AGENCY’S RESPONSE
The ERO process to establish Reliability Standards is a collaborative process with the ERO, Regional Entities, and other stakeholders developing and reviewing drafts and providing comments.5 The NERC-approved Reliability Standards were then submitted by NERC to the FERC for review and approval.
In accordance with OMB requirements, the Commission published a 60-day notice6 and a 30-day notice7 to the public regarding this information collection on 9/1/2017 and 11/1/2017 respectively. Within the public notices, the Commission noted that it would be requesting a three-year extension of the public reporting burden. The Commission received no comments from the public in response to either published notice regarding the FERC-725U information collection.
On 12/15/2017, Commission staff issued an additional 30-day notice8 to correct and to more clearly describe the burden estimate for the multi-year cycle of the FERC-725U (with its significantly varying burden in different years). The revised burden estimates are presented in Question #12 of this supporting statement.
EXPLAIN ANY PAYMENT OR GIFTS TO RESPONDENTS
There are no gifts or payments given to the respondents.
DESCRIBE ANY ASSURANCE OF CONFIDENTIALITY PROVIDED TO RESPONDENTS
According to the NERC Rules of Procedure9, “…a Receiving Entity shall keep in confidence and not copy, disclose, or distribute any Confidential Information or any part thereof without the permission of the Submitting Entity, except as otherwise legally required.” This serves to protect confidential information submitted to NERC or Regional Entities.
Responding entities do not submit the information collected under the Reliability Standard to FERC. Rather, they maintain it internally. Since there are no submissions made to FERC, FERC provides no specific provisions in order to protect confidentiality.
PROVIDE ADDITIONAL JUSTIFICATION FOR ANY QUESTIONS OF A SENSITIVE NATURE, SUCH AS SEXUAL BEHAVIOR AND ATTITUDES, RELIGIOUS BELIEFS, AND OTHER MATTERS THAT ARE COMMONLY CONSIDERED PRIVATE.
This collection does not include any questions of a sensitive nature.
ESTIMATED BURDEN OF COLLECTION OF INFORMATION
The burden for the FERC-725U information collection is estimated based on the five year cycle of the requirements in the Reliability Standard. Over this five-year cycle, annual burden levels fluctuate greatly based on which reporting requirements are implicated each year.
This renewal requests three years of extension/approval. However, using a three-year timespan to calculate the burden would cause the total annual burden to fluctuate in an unrepresentative way because of the mismatch between the Reliability Standard’s five-year cycle and the three-year PRA administrative cycle for extension requests. Some extension requests would propose inordinately high or low burden solely dependent on the timing of the request, not on any actual changes to reporting requirements.
In order to provide the annual burden estimate in a more representative way, Commission staff is:
Calculating the average annual burden using the five-year cycle of the Standard and using that average for Years 1-3 of this extension.
Brief synopsis of the Reliability Standard’s five-year cycle and its relation to Requirements R1-R6 and Record Retention Requirements:
The year stated is the year in this PRA renewal cycle with the requirements imposed during that year.
Year 1 Record Retention only
Year 2: R1, R2, R3, R4, R5, R6, and Record Retention
Year 3: Record Retention only
Year 4: R1, R2, R3, R4, R5, R6, and Record Retention10
Year 5: Record Retention only10
NOTE: Years 1-5 (shown above and below for this supporting statement) correspond to Years 4-8 since the inception of the Reliability Standard’s requirements in FERC-725U.11
FERC-725U: Mandatory Reliability Standards: Reliability Standard CIP-01412 |
||||||||
Year and Requirement for this PRA Clearance Cycle |
Number
and Type of Respondents |
Number of Responses per Respondent (2) |
Total Number of Responses (1)*(2)=(3) |
Average Burden Hours & Cost Per Response13 (4) |
Total Burden Hours & Total Cost (3)*(4) |
|||
Year 1 |
|
|
|
|
|
|||
Record Retention |
334 TO and 2 TOP |
1 |
336 |
2 hrs.; $76 |
672 hrs.; $25,536 |
|||
Year 2 |
|
|
|
|
|
|||
R1 |
334 TO |
1 |
334 |
20 hrs.; $1,280 |
6,680 hrs.; $427,520 |
|||
R2 |
334 TO |
1 |
334 |
34 hrs; $2,448 |
11,356 hrs.; $817,632 |
|||
R3 |
2 TOP |
1 |
2 |
1 hrs.; $129 |
2 hrs.; $258 |
|||
R4 |
30 TO and 2 TOP |
1 |
32 |
80 hrs.; $5,120 |
2,560 hrs.; $163,840 |
|||
R5 |
30 TO and 2 TOP |
1 |
32 |
320 hrs.; $20,480 |
10,240 hrs.; $655,360 |
|||
R6 |
30 TO and 2 TOP |
1 |
32 |
304 hrs.; $19,456 |
9,728 hrs.; $622,592 |
|||
Record Retention |
334 TO and 2 TOP |
1 |
336 |
2 hrs.; $76 |
672 hrs.; $25,536 |
|||
Year 3 |
|
|
|
|
|
|||
Record Retention |
334 TO and 2 TOP |
1 |
336 |
2 hrs.; $76 |
672 hrs.; $25,536 |
|||
Year 4 |
|
|
|
|
|
|||
R1 |
30 TO |
1 |
30 |
20 hrs.; $1,280 |
600 hrs.; $38,400 |
|||
R2 |
30 TO |
1 |
30 |
34 hrs.; $2,448 |
1,020 hrs.; $73,440 |
|||
R3 |
2 TOP |
1 |
2 |
1 hrs.; $129 |
2 hrs.; $258 |
|||
R4 |
30 TO and 2 TOP |
1 |
32 |
80 hrs.; $5,120 |
2,560 hrs.; $163,840 |
|||
R5 |
30 TO and 2 TOP |
1 |
32 |
80 hrs.; $5,120 |
2,560 hrs.; $163,840 |
|||
R6 |
30 TO and 2 TOP |
1 |
32 |
134 hrs.; $8,576 |
4,288 hrs.; $274,432 |
|||
Record Retention |
334 TO and 2 TOP |
1 |
336 |
2 hrs.; $76 |
672 hrs.; $25,536 |
|||
Year 5 |
|
|
|
|
|
|||
Record Retention |
334 TO and 2 TOP |
1 |
336 |
2 hrs.; $76 |
672 hrs.; $25,536 |
|||
Year 1 Total |
|
|
336 |
|
672 hrs.; $25,536 |
|||
Year 2 Total |
|
|
336 |
|
41,238 hrs.; $2,712,738 |
|||
Year 3 Total |
|
|
336 |
|
672 hrs.; $25,536 |
|||
Year 4 Total |
|
|
336 |
|
11,702 hrs.; $739,746 |
|||
Year 5 Total |
|
|
336 |
|
672 hrs.; $25,536 |
|||
TOTAL (for Years 1-5) |
|
54,956 hrs.; $3,529,092 |
||||||
Average Annual Burden and Cost (for Years 1-5) |
|
10,991 hrs.; $705,828 |
For this 3-year PRA renewal request, we will use the annual averages (over the 5-year cycle of the Reliability Standard) for:
burden of 10,991 hours
cost of $705,828.
ESTIMATE OF THE TOTAL ANNUAL COST BURDEN TO RESPONDENTS
There are no start-up or other non-labor costs.
Total Capital and Start-up cost: $0
Total Operation, Maintenance, and Purchase of Services: $0
All of the costs related to the FERC-725U information collection are associated with burden hours (labor) and described in Questions #12 and #15 in this supporting statement.
ESTIMATED ANNUALIZED COST TO FEDERAL GOVERNMENT
The Regional Entities and NERC do most of the data processing, monitoring and compliance work for Reliability Standards. Any involvement by the Commission is covered under the FERC-725 collection (OMB Control No. 1902-0225) and is not part of this request or package.
The estimated annualized cost to the Federal Government for FERC-725U follows:
FERC-725U |
Number of Employees (FTEs) |
Estimated Annual Federal Cost |
FERC-725U Analysis and Processing of filings |
0 |
$0 |
Paperwork Reduction Act Administrative Cost14 |
|
$5,723 |
TOTAL |
|
$5,723 |
Based on the above table, the total federal cost for FERC-725U is $5,723.
REASONS FOR CHANGES IN BURDEN INCLUDING THE NEED FOR ANY INCREASE
The reporting and recordkeeping requirements have not changed. Each requirement (including record-keeping requirements) in CIP-014-2 retains the same related hourly burden per response.15
There are decreases (adjustments) in both the annual number of responses16 and the total annual burden hours,17 as follows.
The decrease in the number of responses is due to normal industry fluctuations in NERC registration for the TO and TOP roles18.
The changes in burden and cost are due to
the decrease of 23 affected entities, with their related burden and
our modification of the calculations to average the annual burden and cost over the entire 5-year cycle of the Reliability Standard’s requirements (rather than having extreme increases or decreases depending on where in the 5-year cycle the PRA 3-year cycle and clearance fall).
FERC-725U |
Total Request |
Previously Approved |
Change due to Adjustment in Estimate |
Change Due to Agency Discretion |
Annual Number of Responses |
336 |
359 |
-23 |
0 |
Annual Time Burden (Hr.) |
10,991 |
18,331 |
-7,340 |
0 |
Annual Cost Burden ($) |
$0 |
$0 |
$0 |
$0 |
TIME SCHEDULE FOR PUBLICATION OF DATA
There are no tabulating, statistical or tabulating analysis or publication plans for the collection of information.
DISPLAY OF EXPIRATION DATE
The expiration dates are displayed in a table posted on ferc.gov at http://www.ferc.gov/docs-filing/info-collections.asp.
EXCEPTIONS TO THE CERTIFICATION STATEMENT
There are no exceptions.
1 North American Electric Reliability Corp., 116 FERC ¶ 61,062, order on reh’g & compliance, 117 FERC ¶ 61,126 (2006), aff’d sub nom. Alcoa, Inc. v. FERC, 564 F.3d 1342 (D.C. Cir. 2009).
2 Order No. 802 (79 FR 70069, 11/25/2014)
3 The frequency is detailed in the Reliability Standard. For example, R1 states in part:
“1.1 Subsequent risk assessments shall be performed:
At least once every 30 calendar months for a Transmission Owner that has identified in its previous risk assessment (as verified according to Requirement R2) one or more Transmission stations or Transmission substations that if rendered inoperable or damaged could result in widespread instability, uncontrolled separation, or Cascading within an Interconnection; or
At least once every 60 calendar months for a Transmission Owner that has not identified in its previous risk assessment (as verified according to Requirement R2) any Transmission stations or Transmission substations that if rendered inoperable or damaged could result in widespread instability, uncontrolled separation, or Cascading within an Interconnection.
1.2. The Transmission Owner shall identify the primary control center that operationally controls each Transmission station or Transmission substation identified in the Requirement R1 risk assessment. “
5 Details of the ERO standards development process are available on the NERC website at http://www.nerc.com/pa/Stand/Documents/Appendix_3A_StandardsProcessesManual.pdf.
6 82 FR 41618
7 82 FR 50645
9 Section 1502, Paragraph 2, available at NERCs website.
10 Although Year 4 includes R1-R6 and Record Retention similar to Year 2, the related burden is not in the same amount as in Year 2.
Also note that Years 4 and 5 are part of the 5-year Reliability Standard’s cycle but beyond the current 3-year PRA approval cycle.
11 The clearance for the initial Years 1-3 was approved in ICR Ref. No. 201410-1902-001 on 1/28/2015.
12 For each Reliability Standard, the Measure shows the acceptable evidence for the associated Reporting Requirement (R numbers), and the Compliance section details the related Recordkeeping Requirement.
13 The estimates for cost per response are derived using the following formula: Average Burden Hours per Response * $XX per Hour = Average Cost per Response.
The hourly cost figures are based on data for wages plus benefits from the Bureau of Labor Statistics (as of 11/9/2016) at https://www.bls.gov/oes/current/naics2_22.htm and http://www.bls.gov/news.release/ecec.nr0.htm. The figures are rounded for the purposes of calculations in this table and are:
for electrical engineers (occupation code: 17-2071), $64.29/hr., rounded to $64/hr.
for attorneys (occupation code: 23-0000), $129.12/hr., rounded to $129/hr.
for administrative staff (occupation code: 43-0000), $37.75/hr., rounded to $38/hr.
The record retention cost is based on the administrative staff category; R3 is based on the attorney category; and Requirements R1, R4, R5 and R6 are based on the electrical engineer category.
R2 is a mix of the electrical engineer (30 hrs. at $64/hr.) and attorney (4 hrs. at $129/hr.) categories. The resulting average hourly figure is $71.65, rounded to $72/hr.
14 The PRA Administrative Cost is a Federal Cost associated with preparing, issuing, and submitting materials necessary to comply with the Paperwork Reduction Act (PRA) for rulemakings, orders, or any other vehicle used to create, modify, extend, or discontinue an information collection. This average annual cost includes requests for extensions, all associated rulemakings, and other changes to the collection.
15 The hourly burden for each CIP-014-2 requirement was established/approved in CIP-014-1 (a previous version of the Reliability Standard in ICR No. 201410-1902-001 on 1/28/2015) and remains unchanged here.
16 Approximately 6% decrease in the average annual number of responses from the previously approved request.
17 Approximately 40% decrease in the total average annual burden hours from the previously approved request, as described below.
18 TO = transmission owners; TOP = transmission operators.
File Type | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
File Title | FERC-725U supporting statement |
Author | ferc |
File Modified | 0000-00-00 |
File Created | 2021-01-21 |