In accordance with 5 CFR 1320, OMB is filing comment and withholding approval at this time. The agency shall examine public comment in response to the proposed rulemaking and will include in the supporting statement of the next ICR--to be submitted to OMB at the final rule stage--a description of how the agency has responded to any public comments on the ICR, including comments on maximizing the practical utility of the collection and minimizing the burden.
Inventory as of this Action
Requested
Previously Approved
12/31/2021
36 Months From Approved
12/31/2021
223,362
0
223,362
1,996,520
0
1,996,520
0
0
0
The Commission proposes to approve Reliability Standard CIP-012-1 (Cyber Security â Communications between Control Centers). The North American Electric Reliability Corporation (NERC), the Commission-certified Electric Reliability Organization (ERO), submitted the proposed Reliability Standard for Commission approval in response to a Commission directive in Order No. 822. Specifically, pursuant to section 215(d)(5) of the FPA, the Commission directed NERC to develop modifications to require responsible entities to implement controls to protect, at a minimum, communications links and sensitive bulk electric system data communicated between bulk electric system Control Centers âin a manner that is appropriately tailored to address the risks posed to the bulk electric system by the assets being protected (i.e., high, medium, or low impact).â
Proposed Reliability Standard CIP-012-1 is intended to augment the currently-effective Critical Infrastructure Protection (CIP) Reliability Standards to mitigate cybersecurity risks associated with communications between bulk electric system Control Centers. Specifically, proposed Reliability Standard CIP-012-1 supports situational awareness and reliable bulk electric system operations by requiring responsible entities to protect the confidentiality and integrity of Real-time Assessment and Real-time monitoring data transmitted between bulk electric system Control Centers. Accordingly, the Commission proposes to determine that proposed Reliability Standard CIP-012-1 is largely responsive to the Commissionâs directive in Order No. 822.
In Order No. 822, the Commission directed NERC to, among other things, develop modifications to the CIP Reliability Standards to require responsible entities to implement controls to protect, at a minimum, communications links and sensitive bulk electric system data communicated between bulk electric system Control Centers âin a manner that is appropriately tailored to address the risks posed to the bulk electric system by the assets being protected (i.e., high, medium, or low impact).â The Commission explained that Control Centers associated with responsible entities, including reliability coordinators, balancing authorities, and transmission operators, must be capable of receiving and storing a variety of bulk electric system data from their interconnected entities in order to adequately perform their reliability functions. The Commission, therefore, determined that âadditional measures to protect both the integrity and availability of sensitive bulk electric system data are warranted.â
NERC posits that the proposed Reliability Standard CIP-012-1 ârequires Responsible Entities to develop and implement a plan to address the risks posed by unauthorized disclosure (confidentiality) and unauthorized modification (integrity) of Real-time Assessment and Real-time monitoring data while being transmitted between applicable Control Centers.â The required plan must include the following: (1) identification of security protections; (2) identification of where the protections are applied; and (3) identification of the responsibilities of each entity in case a Control Center is owned or operated by different responsible entities.
$4,931
No
No
No
No
No
No
Uncollected
David O'Conner 202 502-6695
No
On behalf of this Federal agency, I certify that the collection of information encompassed by this request complies with 5 CFR 1320.9 and the related provisions of 5 CFR 1320.8(b)(3).
The following is a summary of the topics, regarding the proposed collection of information, that the certification covers:
(i) Why the information is being collected;
(ii) Use of information;
(iii) Burden estimate;
(iv) Nature of response (voluntary, required for a benefit, or mandatory);
(v) Nature and extent of confidentiality; and
(vi) Need to display currently valid OMB control number;
If you are unable to certify compliance with any of these provisions, identify the item by leaving the box unchecked and explain the reason in the Supporting Statement.
RM18-20-000 NOPR supporting statement.docx
Reliability Standard CIP-012-1.pdf
Reliability Standard PRC-012-1 (RM18-20-000)(ongoing)