In accordance
with 5 CFR 1320, OMB is filing comment and withholding approval at
this time. The agency shall examine public comment in response to
the proposed rulemaking and will include in the supporting
statement of the next ICR--to be submitted to OMB at the final rule
stage--a description of how the agency has responded to any public
comments on the ICR, including comments on maximizing the practical
utility of the collection and minimizing the burden.
Inventory as of this Action
Requested
Previously Approved
12/31/2021
36 Months From Approved
12/31/2021
223,362
0
223,362
1,996,520
0
1,996,520
0
0
0
The Commission proposes to approve
Reliability Standard CIP-012-1 (Cyber Security – Communications
between Control Centers). The North American Electric Reliability
Corporation (NERC), the Commission-certified Electric Reliability
Organization (ERO), submitted the proposed Reliability Standard for
Commission approval in response to a Commission directive in Order
No. 822. Specifically, pursuant to section 215(d)(5) of the FPA,
the Commission directed NERC to develop modifications to require
responsible entities to implement controls to protect, at a
minimum, communications links and sensitive bulk electric system
data communicated between bulk electric system Control Centers “in
a manner that is appropriately tailored to address the risks posed
to the bulk electric system by the assets being protected (i.e.,
high, medium, or low impact).” Proposed Reliability Standard
CIP-012-1 is intended to augment the currently-effective Critical
Infrastructure Protection (CIP) Reliability Standards to mitigate
cybersecurity risks associated with communications between bulk
electric system Control Centers. Specifically, proposed Reliability
Standard CIP-012-1 supports situational awareness and reliable bulk
electric system operations by requiring responsible entities to
protect the confidentiality and integrity of Real-time Assessment
and Real-time monitoring data transmitted between bulk electric
system Control Centers. Accordingly, the Commission proposes to
determine that proposed Reliability Standard CIP-012-1 is largely
responsive to the Commission’s directive in Order No. 822.
In Order No. 822, the
Commission directed NERC to, among other things, develop
modifications to the CIP Reliability Standards to require
responsible entities to implement controls to protect, at a
minimum, communications links and sensitive bulk electric system
data communicated between bulk electric system Control Centers “in
a manner that is appropriately tailored to address the risks posed
to the bulk electric system by the assets being protected (i.e.,
high, medium, or low impact).” The Commission explained that
Control Centers associated with responsible entities, including
reliability coordinators, balancing authorities, and transmission
operators, must be capable of receiving and storing a variety of
bulk electric system data from their interconnected entities in
order to adequately perform their reliability functions. The
Commission, therefore, determined that “additional measures to
protect both the integrity and availability of sensitive bulk
electric system data are warranted.” NERC posits that the proposed
Reliability Standard CIP-012-1 “requires Responsible Entities to
develop and implement a plan to address the risks posed by
unauthorized disclosure (confidentiality) and unauthorized
modification (integrity) of Real-time Assessment and Real-time
monitoring data while being transmitted between applicable Control
Centers.” The required plan must include the following: (1)
identification of security protections; (2) identification of where
the protections are applied; and (3) identification of the
responsibilities of each entity in case a Control Center is owned
or operated by different responsible entities.
$4,931
No
No
No
No
No
No
Uncollected
David O'Conner 202
502-6695
No
On behalf of this Federal agency, I certify that
the collection of information encompassed by this request complies
with 5 CFR 1320.9 and the related provisions of 5 CFR
1320.8(b)(3).
The following is a summary of the topics, regarding
the proposed collection of information, that the certification
covers:
(i) Why the information is being collected;
(ii) Use of information;
(iii) Burden estimate;
(iv) Nature of response (voluntary, required for a
benefit, or mandatory);
(v) Nature and extent of confidentiality; and
(vi) Need to display currently valid OMB control
number;
If you are unable to certify compliance with any of
these provisions, identify the item by leaving the box unchecked
and explain the reason in the Supporting Statement.