Supporting Statement A

OE417_Supporting Statement A.docx

Electric Emergency Incident and Disturbance Report

Supporting Statement A

OMB: 1901-0288

Document [docx]
Download: docx | pdf


Shape1 Shape2

­­­



Supporting Statement for Survey Clearance

  1. Part A: Justification

Shape3

Form OE-417 Electric Emergency Incident and Disturbance Report



OMB No. 1901-0288

Shape6 Shape4 Shape5 Shape7 Shape8

December 2020

Independent Statistics & Analysis

www.eia.gov

U.S. Department of Energy

Washington, DC 20585





Introduction

The U.S. Energy Information Administration (EIA) is the statistical and analytical agency within the U.S. Department of Energy (DOE). It collects, analyzes, and disseminates independent and impartial energy information to promote sound policymaking, efficient markets, and public understanding regarding energy and its interaction with the economy and the environment.

EIA is requesting a three-year extension with changes for OMB No. 1901-0288, Form OE-417, Electric Emergency Incident and Disturbance Report. The survey collects information on electric power emergencies, incidents, and disturbances. Response to this survey is mandatory pursuant to the criteria set forth in Form OE-417. The survey is sponsored by the DOE Office of Cybersecurity, Energy Security, and Emergency Response.

Entities within the jurisdiction of North American Electric Reliability Corporation (NERC) may also be required to report emergencies or qualifying events per the EOP-004-3 Reliability Standard. During the prior update and recertification of Form OE-417, there was an effort to align the EOP-004-3 Reliability Standard reporting requirements with the requirements in Form OE-417. Currently reporting entities in the U.S. may submit a Form OE-417 in place of reporting under NERC EOP-004-3. The current update to Form OE-417 will align to reporting requirements that in the recently approved NERC CIP-008-6 Reliability Standard, which established new definitions for a Cyber Security Incident and Reportable Cyber Security Incident and expanded the reporting requirements, including expanding the applicable systems to report on and adding new reporting requirements for attempted compromises of high and medium impact Bulk Electric System (BES) cyber systems and their associated electronic access control or monitoring systems. The continued alignment between Form OE-417 and NERC reporting requirements will help to minimize confusion amongst industry stakeholders about which reporting requirements and forms are required to be complete and enable industry stakeholders to train personnel to report using a single form.

Summary of Modifications to Survey

Change the title of the survey instrument from “Form OE-417” to “Form DOE-417.” Additional changes are described as follows:

  • Add the reporting requirements from the North American Electric Reliability Corporation (NERC) CIP-008-6 Standard to reduce the combined burden on respondents reporting to NERC and DOE and streamline responses. It is expected that for NERC reporting entities registered in the United States; NERC will accept information reported on Form OE-417 to meet the submittal requirements that will be established by CIP-008-6 to the Department of Homeland Security and the Electricity Information Sharing and Analysis Center

  • Updated the “Response Due” criteria with new line numbers and to include the following:

    • “For criterion 2, submit within 1-hour of determination of that a Reportable Cyber Security Incident has occurred. If criterion 2 is met, also submit the Cyber Attributes on line T in Schedule 2.”

    • “By the end of the next calendar day after a determination, submit Schedule 1 and lines N – S and the Cyber Attributes on line T in Schedule 2 as an Attempted Cyber Compromise if criterion 14 is met.”

    • “If multiple criterion are met by an incident, Schedule 1 and any additionally required information (as noted above), must be submitted within timeframe established by the criteria with the shortest reporting timeline.”

  • The reporting criteria are renumbered to show the new reporting requirements.

  • Other changes to Form OE-417 related to satisfying the reporting requirements established by the NERC CIP-008-06 standard include:

    • Reworded Criteria 2 to “Reportable Cyber Security Incident”

    • Added new Criteria 3 “Cyber event that is not a Reportable Cyber Security Incident that causes interruptions of electrical system operations.”

  • To align with reporting requirements established by the NERC CIP-008-06 standard

    • Added “Attempted Cyber Compromise” Alert Type to be filed within 1-Day

    • Added corresponding criteria “Cyber Security Incident that was an attempt to compromise a High or Medium Impact Bulk Electric System Cyber System and their associated Electronic Access Control or Monitoring Systems”

  • Updated Line Numbers throughout Schedule 1 and Schedule 2

  • Added self-identified FOIA Exemption criteria for respondents to identify whether the respondent considers the information in Schedule 1 Lines C & D may be exempt FOIA due to the following:

    • “Privileged or confidential information, e.g., trade secrets, commercial, or financial information”

    • “Critical Electric Infrastructure Information”

    • “Other information exempt from FOIA”

  • Added self-identified FOIA Exemption criteria for respondents to identify whether Information in Schedule 2 may be exempt FOIA due to the following:

    • “Privileged or confidential information, e.g., trade secrets, commercial, or financial information”

    • “Critical Electric Infrastructure Information”

    • “Other information exempt from FOIA”

  • Added the following to the direction to the Narrative Section “Cyber Attributes: For cyber events, including attempted cyber compromises, provide the following attributes (at a minimum): (1) the functional impact, (2) the attack vector used, and (3) the level of intrusion that was achieved or attempted.”

  • Added the DHS CISA Central or their successor(s) to Line W.

A.1. Legal Justification

The authority for these data collections is provided by the following provisions:

  • 15 U.S.C. §772(b) states:

      1. “All persons owning or operating facilities or business premises who are engaged in any phase of energy supply or major energy consumption shall make available to the [Secretary] such information and periodic reports, records, documents, and other data relating to the purposes of this Act, including full identification of all data and projections as to source, time, and methodology of development, as the [Secretary] may prescribe by regulation or order as necessary or appropriate for the exercise of functions under the Act.”

  • 15 U.S.C. 764(b) states that to the extent authorized by 15 U.S.C. §764(a), the Administrator shall;

      1. advise the President and the Congress with respect to the establishment of a comprehensive national energy policy in relation to the energy matters for which the Administration has responsibility, and, in coordination with the Secretary of State, the integration of domestic and foreign policies relating to energy resource management;

      2. assess the adequacy of energy resources to meet demands in the immediate and longer range future for all sectors of the economy and for the general public;

      3. develop effective arrangements for the participation of State and local governments in the resolution of energy problems;

      4. develop plans and programs for dealing with energy production shortages; …

      5. promote stability in energy prices to the consumer, promote free and open competition in all aspects of the energy field, prevent unreasonable profits within the various segments of the energy industry, and promote free enterprise;

      6. assure that energy programs are designed and implemented in a fair and efficient manner so as to minimize hardship and inequity while assuring that the priority needs of the Nation are met;

  1. collect, evaluate, assemble, and analyze energy information on reserves, production, demand, and related economic data;

  1. perform such other functions as may be prescribed by law."

  • As the authority for invoking 15 U.S.C. §764(b), above, 15 U.S.C. §764(a) states:

      1. “Subject to the provisions and procedures set forth in this Act, the [Secretary] shall be responsible for such actions as are taken to assure that adequate provision is made to meet the energy needs of the Nation. To that end, he shall make such plans and direct and conduct such programs related to the production, conservation, use, control, distribution, rationing, and allocation of all forms of energy as are appropriate in connection with only those authorities or functions-

        1. specifically transferred to or vested in him by or pursuant to this chapter;

        1. otherwise specifically vested in the Administrator by the Congress."

  • Additional authority for this information collection is provided by 15 U.S.C. §790(a) which states;

      1. “It shall be the duty of the Director to establish a National Energy Information System… [which] shall contain such information as is required to provide a description of and facilitate analysis of energy supply and consumption within and affecting the United States on the basis of such geographic areas and economic sectors as may be appropriate… to meet adequately the needs of…”

  1. (1) the Department of Energy in carrying out its lawful functions;

  2. (2) the Congress;

  3. (3) other officers and employees of the United States in whom have been vested, or to whom have been delegated energy-related policy decision-making responsibilities;

  4. (4) the States to the extent required by the Natural Gas Act [15 U.S.C. 717 et seq.] and the Federal Power Act [16 U.S.C. 791a et seq.].

      1. "At a minimum, the System shall contain such energy information as is necessary to carry out the Administration's statistical and forecasting activities, and shall include… such energy information as is required to define and permit analysis of;

        1. the institutional structure of the energy supply system including patterns of ownership and control of mineral fuel and non-mineral energy resources and the production, distribution, and marketing of mineral fuels and electricity;

        2. the consumption of mineral fuels, non-mineral energy resources, and electricity by such classes, sectors, and regions as may be appropriate for the purposes of this chapter;

  1. industrial, labor, and regional impacts of changes in patterns of energy supply and consumption;

  2. international aspects, economic and otherwise, of the evolving energy situation; and

  3. long-term relationships between energy supply and consumption in the United States and world communities.”

  1. Additional authority for invoking 15 U.S.C §790(a) is provided by the 16 U.S.C. §2601 which states:

            1. The Congress finds that the protection of the public health, safety, and welfare, the preservation of national security, and the proper exercise of congressional authority under the Constitution to regulate interstate commerce require - . . .

  1. a program to improve the wholesale distribution of electric energy, the reliability of electric service, the procedures concerning consideration of wholesale rate applications … the participation of the public in matters … and to provide other measures with respect to the regulation of the wholesale sale of electric energy;

A.2. Needs and Uses of Data

The electric power industry in the United States consists of traditionally regulated entities (also known as electric utilities), as well as non-traditional participants that include unregulated entities and electric power marketers. As of late 2019, there were 2,299 traditionally regulated and unregulated utilities and power marketers across the Unites States and U.S. Territories. However, the operation of the bulk electrical system is managed by 204 Balancing Authorities (BA).

Form OE-417 enables DOE to monitor electric emergency incidents and disturbances in the United States (including all 50 States, the District of Columbia, Puerto Rico, U.S. Virgin Islands, and the U.S. Territories). The integration of the North American Energy Reliability Corporation (NERC) EOP-004-3 Reliability Standard reporting requirements into Form OE-417 allows NERC to utilize Form OE-417 to improve the reliability of the Bulk Electric System by monitoring events of reporting entities. The CIP-008-6 Reliability Standard established new definitions for a Cyber Security Incident and a Reportable Cyber Security Incident and expanded the reporting requirements, including expanding the applicable systems to report on and adding new reporting requirements for attempted compromises of high and medium impact BES cyber systems and their associated electronic access control or monitoring systems. The addition of the reporting requirements from NERC CIP-008-6 Critical Infrastructure Protection Standard into the OE-417 will provide further value by ensuring that DOE has critical information about cyber incidents affecting the energy sector. The information will assist the government by helping to prevent the physical or cyber disruption of the operation of the critical electrical energy infrastructure.

DOE is the coordinating agency for Emergency Support Function (ESF) #12 – Energy, under the National Response Framework, and the Sector Specific Agency (SSA) for Energy under Presidential Policy Directive (PPD) 21 PPD 41, and the FAST ACT. DOE’s Office of Cybersecurity, Energy Security, and Emergency Response uses Form OE-417, “Emergency Incident and Disturbance Report” to monitor major incidents or potential incidents on electric power systems, and to conduct after-action investigations on significant interruptions of electric power or threats to the electric system reliability, which helps DOE meet its ESF #12, SSA, and national security responsibilities.

A.2.1 Overview of Data Uses

Form OE-417 enables DOE to monitor electric emergency incidents and disturbances so the U.S. Government may take steps to help prevent the physical or virtual disruption of the operation of critical electric power infrastructure. Form OE-417 is an alert mechanism that enables DOE to quickly respond to energy emergencies, which may impact the nation’s energy infrastructure. The analysis of the incident/disturbance data allows for the development of strategies to mitigate or prevent future electric power disruptions. As such, the timely initial filing of Schedule 1 of this form within 1 hour of the emergency incident is extremely important.

The information is also used in developing legislative recommendations and reports to Congress; as well as inform Federal efforts developing policies to respond to electrical disturbances and protect critical national infrastructure. The information submitted is also used by the DOE’s Office of Electricity, the Energy Information Administration, and other DOE offices with a need-to-know designation to analyze significant interruptions or potential interruptions of electric power.



Emergency electric incidents and disturbances that lead to interruptions of power, could lead to disruptions of critical infrastructure. Critical Infrastructure that can be affected by electric incidents and disturbances include natural gas or petroleum product pipelines, petroleum refineries, water supplies, and telecommunications systems. The national security, economic prosperity, and the well-being of the U.S. depends on the continuing reliability of the Nation’s increasingly complex electric power infrastructure. Along with examining issues associated with insufficient capacity reserves, tracking disturbances that impact integrated generation and transmission facilities is an important task. Form OE-417 is a critical alert mechanism for informing DOE so that physical and virtual disruption of any critical infrastructure can be prevented or mitigated. Form OE-417 data has alerted DOE to recent cyber incidents that could have affected customers, allowing DOE to engage with the affected utility and to provide additional support from the Department of Homeland Security and Federal Bureau of Investigation. Additionally, the form is regularly used during severe weather events and allows DOE to assess the specific cause of outages, how many customers were affected and the demand loss, as well as estimated time to restoration.

Form OE-417 is designed to identify and track emergency incidents from:

  • Entities that have Balancing Authorities (BA) and/or regional Reliability Coordinator (RC) functions. They are responsible for the physical operations and reliability coordination.

  • All electric utilities’ physical and electronic (cyber) security, suspected, malicious, or intentional threats.

A.2.2.1 Overview of Data Collection

Form OE-417 does not follow a reporting schedule because the requirement to report is event driven.

Reporting coverage for Form OE-417 includes all 50 States, the District of Columbia, Puerto Rico, the U.S. Virgin Islands, and the U.S. Territories. DOE is maintaining the reporting functions for electric utilities, BA, and RCs. Incident events reporting, such as suspected or actual threats, vandalism, and/or cyber-attacks or total loss of power, is required for all respondents. However, it is the expectation that few, if any, reports would be filed in any given year by most respondents. There are 215 NERC- established BA1 and RC2 entities that are responsible for the physical operations and reliability coordination of business entities that file the form. All of these functions are located within existing electric utilities or in those business entities that were established by the Federal Energy Regulatory Commission (FERC).

The entities that have BA responsibilities are considered the primary filer of Form OE-417. They report information on individual load and counts of customers lost that come from the electric utilities found within their area. Many of these electric utilities are full requirement or partial requirement customers of other electric utilities - they do not generate, but receive their power under one or more contracts; which are usually long-term agreements. DOE accepts joint filing activity where the BA and these electric utilities file a combined report or all information passed to the BA who then files a single report. An example of this activity would be cooperative power suppliers (generating and transmission) filing for their member distribution cooperatives. Another example would be joint filings by BA and the controlling RC. DOE requests notification from those entities that plan to file jointly and those electric utilities that want to file separately. Notification can be done at the time of the filing.

DOE continues to have the option to conduct special investigations of incidents affecting the electric power industry. Such investigations could involve one or more electric utilities, BAs, or other entities participating in the electric power industry. Any utility or business entity that participates in the electric power industry could be notified by DOE that they would need to provide technical information concerning a particular incident.3 These special investigations are infrequent and the report of the investigations are released to the public.4

The following information to be collected on emergency events includes important details covering each major part of an electric power disturbance incident:

  1. Cause(s) of an incident

  2. Impact(s) of incident

  3. Action(s) taken

Uses of Data:

The information is used by the Department of Energy:

  • To track electrical emergency incidents and disturbances on a timely basis;

  • To answer queries from the Congress, the White House, the Department of Homeland Security, the Federal Bureau of Investigation, the Federal Emergency Management Agency, State Energy Offices, State Offices of Emergency Management, the electric power industry, and the general public;

  • To monitor the electric power industry by providing situational awareness of electricity disruptions that could cause additional impacts;

  • As input to Office of Cybersecurity, Energy Security, and Emergency Responses’ Disturbance Events (OE-417) Annual Summaries5;

  • As input to the Energy Information Administration’s Electric Power Monthly’s Appendix B Major Disturbances and Unusual Occurrences6; and

  • To identify incidents that may require a technical examination of the underlying problems that lead to the event.

The public summaries of Form OE-417 data users include electricity-related trade associations; independent system operators; electric utility companies; unregulated power companies; energy service providers; wholesale electricity traders; electrical equipment companies; numerous local, State, and Federal government agencies; environmental associations; consumer groups; financial analysts; and the news media. These organizations use this data for a variety of purposes including trend analysis, research on electricity disturbances, and as facts for public interest news stories.


A.3. Use of Technology

DOE introduced an online version of Form OE-417 in January 2011 to give respondents an electronic reporting option. Since 2011, the online data system has been consistently updated and now features the ability for respondents to completely manage and tailor their Form OE-417 submission process to meet their unique needs.

The electronic reporting system features the ability to submit forms directly to the North American Electric Reliability Corporation (NERC) and the Electricity Sector Information Sharing and Analysis Center (E-ISAC) to meet NERC Reliability Standard requirements and all users receive a copy of his or her submitted form by email. If Form OE-417 is recertified as requested, reporting entities will also have the ability to submit forms to the DHS Cybersecurity and Infrastructure Security Agency, pursuant to the NERC CIP-008-6 requirements.

The online system has been upgraded in the past several years to support the ability of companies to manage all respondents from a single organization, in that, one company can have a user account for each individual responsible for filling out Form OE-417, with each user account under the organization’s account. The organization then has total visibility of all forms previously submitted and in-process of being drafted. The system can automatically populate data fields for updated submissions related to extended electric power disturbance events. In addition, the reporting system also automatically fills-in the name and contact information for registered users. This reduces reporting burden so that a respondent only needs to report the data values that changed from the last submission.

DOE posted the form and instructions on the websites of the Office of Cybersecurity, Energy Security, and Emergency Response (CESER) and the Energy Information Administration (EIA). The website utilized to submit Form OE-417 includes instructions for the online system and Frequently Asked Questions about the system. The website is also in compliance with Section 508 of the Workforce Rehabilitation Act of 1973. In addition to submitting the form online, respondents have the ability to submit by phone, email, or fax.

A.4. Efforts to Identify Duplication

DOE has determined that other sources cannot replace or approximate the timeliness or information coverage of the current Form OE-417.

The Federal Energy Regulatory Commission (FERC) has certified the North American Electric Reliability Corporation (NERC) to operate as the Electricity Reliability Organization under the Federal Power Act. FERC has approved NERC Reliability Standard EOP-004-3, event reporting that requires entities under its jurisdiction to submit either a Form OE-417 or an EOP-004-3 event report on the occurrence of an event. It is expected that FERC will continue to certify that, for U.S. NERC reporting entities, that the updated Form OE-417 will also meet NERC’s CIP-008-6 submittal requirements. DOE is working with the NERC to ensure alignment with the standards.

The information collected for EOP-004-3 and CIP-008-6 is considered the minimum subset information necessary for NERC to complete its Reliability Oversight mission. These standards do not collect all of the specific information collected on events through Form OE-417. DOE collects data to support both the notification of the Secretary of Energy to emergency energy events, as well to support emergency response and restoration activities under the Federal Emergency Management Agency (FEMA) Emergency Support Function 12 – Energy. FERC collects data to support regulatory and compliance activities under its jurisdiction. Additionally, while a reporting template has been developed by NERC for the reporting requirements under CIP-008-6 as of February 2020, neither the EOP-004-3 nor the CIP-008-6 standard require information to be reported to DOE thus creating a situational awareness gap for Federal Entities if Form OE-417 was not recertified. Finally, NERC has not publicly released system disturbance data collected under EOP-004 since 2009. NERC stopped publicly reporting the system disturbance event reports that they received in 2009. The event history can be found at the bottom of this page under System Disturbance Reports: http://www.nerc.com/pa/rrm/ea/Pages/EA-Program.aspx.

Form OE-417 is the critical alert mechanism for informing DOE about electrical emergency incidents or disturbances so the physical and virtual disruption of the operation of any critical infrastructure can be prevented. DOE officials address the information reported on a real-time basis. They inform policymakers and others about the significance, as appropriate. Form EIA-930 collects data on the operations of balancing authorities across the US. The posted data are used to monitor the current status and trends of the electric power industry, and to support enhancement of electric system operations. The data collected on Form OE-417 are on discrete system events, such as physical attacks, electrical islanding, and losses of electricity customers are not captured on Form EIA-930 hourly submissions.

A.5. Provisions for Reducing Burden on Small Businesses

The DOE is mindful of the need to minimize burden on small business, and designs its information collections so that small operations are not unduly affected. DOE has worked closely with NERC to reduce overall burden to potential respondents and Form OE-417 is not expected to impact small business.

A.6. Consequences of Less-Frequent Reporting

DOE needs to be informed of all electric power disturbances and incidents meeting the threshold levels identified earlier so that it can take appropriate actions. Less frequent reporting will not provide the Federal government with the information it needs to fulfill its mandates.

The rapid evolution of information technology in the electric power industry has national security implications due to the interdependent networks of physical and information infrastructures.7 Information technology has changed the way the Nation’s business is transacted, the way government operates and the way government addresses national security.

Form OE-417 is the critical alert mechanism for informing DOE about electrical emergency incidents or disturbances so the physical and virtual disruption of the operation of any critical infrastructure can be prevented. DOE officials address the information reported on a real-time basis and inform relevant interagency partners, as appropriate including the Department of Homeland Security, the Federal Emergency Management Agency, and the Federal Bureau of Investigations, as well as the White House and others to provide information about the significance of an electricity disturbance.

Form OE-417 provides important real-time alert information to DOE, trend information, and is used in historical publications. Schedule 2 of Form OE-417 collects detailed information on system events, including specific locations of events (such as specific transmission circuits or substations impacted) or the sequence of events (for a physical attack event). This specific data would not be collected within Form EIA-930 data collection, which focuses on automated data collection of system operating data on a wide-area basis.

A.7. Compliance with 5 CFR 1320.5

The data being collected are consistent with the guidelines in 5 CFR 1320.5, except for requiring respondents to initially report information soon after an incident or disturbance. See items A.2 and A.6 for justification for timing of reporting. A final report is due to DOE 72 hours after an initial report.

A.8. Summary of Consultations Outside of the Agency

A request for comments from interested persons was solicited in a Federal Register Notice (FRN) describing the proposed extension and proposed modifications to each form. The notice was published in the Federal Register, 85 Fed. Reg. 35925 (June 12, 2020). The notice and proposed versions of the survey forms were posted on EIA’s website. Five comments were received in response to the June 12, 2020 FRN. Two of the comments that were received via regulation.gov, did not provide any feedback relevant to the FRN. The other three comments were from the electricity industry, including the Midcontinent Independent System Operator, the Independent System Operator of New England, and the Edison Electric Institute which represents investor owned utilities. The feedback from the five comments has been careful considered by DOE and three additional changes were incorporated to the form accordingly. The comments and DOE response are available at: https://www.oe.netl.doe.gov/oe417.aspx. The comments have also been posted to Regulation.gov at: https://beta.regulations.gov/document/DOE-HQ-2020-0038-0001/comment

During this proposed revision to Form OE-417, DOE has coordinated with the E-ISAC and NERC to discuss and agree on the structure of proposed additions to Form OE-417 to align with the NERC CIP-008-6 reporting requirements to ensure that there is a single mechanism for industry to provide input. DOE also advised the secretariat of the Electricity Subsector Coordinating Council of the publication of the FRN for comments from industry. During the previous revision of Form OE-417, DOE worked closely with the NERC Standards Drafting Committee to integrate and align questions between Form EOP-004 and Form OE-417.

A.9. Payments or Gifts to Respondents

No payments or gifts are made to the respondents.

A.10. Provisions for Protection of Information

Form OE-417 instructions will include the following statement regarding data confidentiality.

The information reported on Schedule 1, except for lines C and D if boxes in line B are checked and to the extent that it satisfies the criteria for exemption under FOIA, will be considered “public information” and may be publicly released in company or individually identifiable form.

Information on Schedule 2 of the form and lines C and D of Schedule 1 will not be disclosed to the public to the extent that it satisfies the criteria for exemption under FOIA, 5 U.S.C. § 552, the DOE regulations, 10 C.F.R. § 1004.11, implementing the FOIA, the Trade Secrets Act, 18 U.S.C. § 1905, and Critical Energy Infrastructure Information regulations as defined by the Federal Energy Regulatory Commission pursuant to section 215A(d) of the Federal Power Act, as amended. DOE will protect the information in accordance with its confidentiality and security policies and procedures. Potential releases in response to FOIA requests may occur following a case-by-case determination of the appropriate level of data protection.

In accordance with the FOIA, the DOE provides company-specific protected data to other Federal agencies when requested for official use. The information reported on this form may also be made available, upon request, to another component of DOE; to any Committee of Congress, the U.S. General Accountability Office, or other Federal agencies authorized by law to receive such information. A court of competent jurisdiction may obtain this information in response to an order. The information may be used for any non-statistical purposes such as administrative, regulatory, law enforcement, or adjudicatory purposes.

The data collected on Form OE-417, Electric Emergency Incident and disturbance Report, will be used by DOE to meet its overall national security and National Response Framework responsibilities.

A.11. Justification for Sensitive Questions

There are no questions of a sensitive nature.

A.12. Estimate of Respondent Burden Hours and Cost

Training Assumptions:

  • 2,514 Respondents – 11 U.S. reliability coordinators, 204 balancing authorities, and 2,299 regulated utilities.

  • During year 1 to 3 – a 2.0 hour refresher training (to include training on the on-line form) per BA/RC and utility respondent; 5,028 hours.

  • Total training time per year – 5,028 hours

Table 1: Training Hours Assumptions

Total Number of Respondents

Training Hours Per Respondent

Total Training Hours

2,514

2.0

5,028

Reporting Assumptions:

  • 250 Reports per year –The burden assumed in 2017 OMB submission was 200 reports annually. Based on the level of actual reporting (150 events in 2017, 220 events in 2018, and 278 events in 2019) the burden estimate has been calculated at 250 reports annually to accommodate normal, possible updates, and final filings for events. The single most common reason Form

OE-417 is filed by a utility is for weather/natural disaster related incidents, including 53% of reports filed in 2017, 46% of the incidents in 2018, and 33% of reports in 2019, thus weather/natural disasters is the largest variable in annual reporting.

  • Schedule 1 - 250 reports x 10 minutes = 2,500 minutes or 42 hours

  • Schedule 2 – 250 reports x 1.5 hours = 375 hours

  • Schedule 2 Follow-up (additional follow-up for significant reports) – 20 respondents; 20 reports x .5 hour = 10 hours

  • Annual total for responses = 427 hours per year

  • Notifications to DOE about suspected or actual criminal actions (cyber-attacks, threats, vandalism) are not considered accountable burden events. DOE has general and specific obligations for national security and law enforcement actions/support under various Presidential Directives, memorandum of agreements and inter-agency understandings.



Table 2: Reporting Assumptions

Number of Reports

Hours for Schedule 1

Hours for Schedule 2

Follow Up hours

Annual total hours for responses

250

42

375

10

427


Using the above estimates, the average estimated annual burden with training estimates, per year, is 5,455 hours (5,028 training hours + 427 response hours).

Table 3: Burden Summary Table

EIA Form Number/Title

Annual Reporting Frequency

Number of Respondents

Annual Number of Responses

Burden Hours Per Response

Annual Burden Hours

OE-417 Schedule 1

1

250

250

0.17

42

OE-417 Schedule 2

1

250

250

1.50

375

OE-417 Schedule 2 (Follow-Up)

1

20

20

0.50

10

Training

1

2,514

2,514

2.00

5,028

Total

 

3,034

3,034

 

5,455



The estimated annual cost to all combined respondents of the reporting burden is $437,163.70 (5,455 hours x $80.14)

There are no capital or start-up costs associated with this data collection for reporting and record keeping. The information collected on Form OE-417 is information that is collected and maintained by electric power producers in their normal course of business. Therefore, other than burden hours there are no additional costs for annual reporting and record keeping.

An average cost per hour of $80.14 is used because that is the average loaded (salary plus benefits) cost for a DOE employee. DOE assumes that the survey respondent workforce completing Form OE-417 is comparable with the DOE workforce.

A.13. Annual Cost to the Federal Government

The annual costs based on contractor invoices, including personnel, development/maintenance, collection, processing, analysis, and publication are estimated to be approximately $310,000—a decrease of around $65,288 from 2017. Table 4 provides a comparison of estimated costs for 2017 and estimated costs for 2020, and an overview of estimated hours for various survey management functions, including System Development, Maintenance, and Support of Form OE-417 online system (which includes processing and helping users address system issues), Project Management of Online System projects, and Annual Form follow-up hours. The decrease in cost from 2017 to 2020 is due to less requirements for system development to implement updates to the OE-417 and a new support service contract with a different rate structure. DOE anticipates that the annual cost for Form OE-417 in 2021, and each successive year thereafter, is expected to be approximately $310,000 - $350,000 per year. Federal oversight of Form OE-417 is handled by the Program Manager for Situational Awareness as part of regularly assigned duties in the course of normal business, thus there is no additional costs for Federal employees.

Table 4: Estimated Hours and Actual Costs for Survey Functions


OE-417 System Development Maintenance, and Support Hours

Project Management of Online System Projects Hours8

Annual Form Follow-up Hours9

Annual Cost to the Federal Government

2017 Estimate

3,018

100

50

$375,288

2020 Estimate

1903

100

50

$310,000

A.14. Changes in Burden



A.15. Reasons for Changes in Burden

Table 5 shows that the total respondent burden increased by 322 hours from 5,133 hours to 5,455 hours since the 2017 submission. The increase in burden is due to an increase in survey respondents and number of Schedule 1 and Schedule 2 responses expected since the 2017 clearance. The increase in potential respondents is due to an increase in the number of utilities in the U.S. The increase in the number of Schedule 1 and Schedule 2 response to 250 per year is based on an average of actual responses in 2017, 2018, and 2019 (average of 216) plus an estimate of additional response, based on the new criteria being added to the form.

Respondents

The number of respondents for training increased from 2,395 to 2,514 due to an increase in the number of utilities and Balancing Authorities operating in the United States. There is one less Reliability Coordinator from the 2017 submission. The estimated number of respondents reporting (Schedule 1 and 2) has increased over the past three years, from the 2017 submission, so DOE revised its estimate. Based on the level of actual reporting (150 events in 2017, 220 events in 2018, and 278 events in 2019), the burden estimate was increased to an average of 216 estimated respondents per year. Additionally, based on the number of respondents in 2019 and the additional criteria, an additional 34 responses was added to the burden calculation for Schedule 1 and Schedule 2 for a total of 250 respondents per year. The burden hours for Schedule 2 Follow-Up reports remains unchanged.

Burden

The estimated hours for training and to complete each section remain the same as the 2017 submission. DOE estimates that it will take 2 hours for training and 0.17 hours for respondents to complete Schedule 1 of the report. Based on EIA cognitive research10 from 2017, the data showed that the average time it takes a respondent to complete Schedule 2 is 1.5 hours. There is no change to the burden per response for filing Schedule 2 Follow-Up Report. Supplemental reports are simple updates to the original submission that state how many people are still affected from the event. While the additional criteria being added to the form for the 2020 submission are expected to increase the annual number of responses, the new criteria will require additional time to complete.

Table A3. ICR Summary of Burden


Requested

Program Change Due to Agency Discretion

Change Due to Adjustment in Agency Estimate

Previously Approved

Total Number of Responses

3,034

68

151

2,815

Total Time Burden (Hr)

5,455

27

295

5,133



A.16. Collection, Tabulation, and Publication Plans

Table 7: Electric Power Data Collection by Schedule

Form

Frequency of Reporting

Form Due Date

Elements Collected

OE-417, Schedule 1

Per critical incident

1 hour after incident

Emergency alert check-off

OE-417, Schedule 1

Per other types of incidents

6 hour after incident

Normal Report check-off

OE-417, Schedule 1

Per other types of incidents

24 hours after the recognition of the incident OR by the end of the next business day, whichever is later

System Report check-off

OE-417, Schedule 1

Per other types of incidents

24 hours after the recognition of the incident

Attempted Cyber Compromise check-off

OE-417, Schedule 1

As changes to key information, such as cause or number of impacted customers, becomes available

After initial submission of Schedule 1 as necessary

Update check-off

OE-417, Schedule 1 and 2

Per any incident

72 hours after the incident

Final report check off and Narrative details - more detailed estimates of impact and any attachments



Table 8: Schedule 1 Publication Plan

Source

Elements Published

Office of Cybersecurity, Energy Security, and Emergency Responses’ Electric Disturbance Events (OE-417) Annual Summaries page

  • Date Incident Began

  • Time Incident Began

  • Date Final Report Received / Incident Ended

  • Time Final Report Received / Incident Ended

  • North American Electric Reliability Corporation Region

  • Incident Type

  • Incident Sub-classification

  • Demand Loss

  • Peak Customers Affected

EIA Electric Power Monthly: Appendix B**

  • Geographical Location by State

  • Company Name

  • Amount of Demand (Load) Lost

  • Count of Customers Affected

  • Time and Date of Incident

  • Length of Incident Until Restoration (amount of time)

  • Type of Incident

Note: Information provided under Schedule 2 of Form OE-417 is not included in the published summaries

*Information on Schedule 2 will not be disclosed to the public to the extent that it satisfies the criteria for exemption under the Freedom of Information Act, e.g., exemptions for confidential commercial information and trade secrets, certain information that could endanger the physical safety of an individual, or information designated as Critical Energy Infrastructure Information.

** The EIA Electric Power Monthly: Appendix B only includes Major Disturbances and Unusual Occurrence

A.17. OMB Number and Expiration Date

The OMB Number 1901-0288 and expiration date will be displayed on all the data collection forms and instructions.

A.18. Certification Statement

Form OE-417 meets all certification requirements of the "Certification for Paperwork Reduction Act Submissions," of OMB Form 83-I.



1 As of 2019, there are 204 Balancing Authorities (BA) in the contiguous United States. Balancing Authorities are a defined NERC Functional Entity and is defined by NERC as the responsible entity that integrates resource plans ahead of time, maintains load-interchange-generation balance within a Balancing Authority Area, and supports Interconnection frequency in real time.

2There are 11 Reliability Coordinators within the contiguous United States. The Reliability Coordinator is the entity with the highest level of authority and who is responsible for the reliable operation of the Bulk Electric System, has the Wide Area view of the Bulk Electric System, and has the operating tools, processes and procedures, including the authority to prevent or mitigate emergency operating situations in both next-day analysis and real-time operations. The Reliability Coordinator has the purview that is broad enough to enable the calculation of Interconnection Reliability Operating Limits, which may be based on the operating parameters of transmission systems beyond any Transmission Operator’s vision.

3 The Federal Energy Administration Act of 1974 (Pub. L. No. 93-275) and the DOE Organization

Act (Pub. L. No. 95-91) provide other authorities.

4 The Department of Energy has initiated four special studies about incidents that happened in the

1990s. The four studies are: The Cold Weather Snap of 1992, The Electric Power Outages in the Western

United States, July 2-3, 1996 (DOE/PO-0050), and the Report of the U.S. Department of Energy’s Power

Outage Study Team (DOE/PO - March 2000 Final Report); and the Final Report on August 14, 2003

Blackout in the United States and Canada: Causes and Recommendations, April 2004

5 The Annual Summary of Form OE-417 events is available at: https://www.oe.netl.doe.gov/OE417_annual_summary.aspx

6 Electric Power Monthly, Appendix B. Major Disturbances and Unusual Occurrences: http://www.eia.gov/electricity/monthly/

7 Emergency electric incidents and disturbances leading to interruptions of power, such as rotating blackouts, could lead to disruptions of critical infrastructures such as natural gas or petroleum product pipelines, water supplies, and telecommunications systems. The national security, economic prosperity and social well-being of the nation depends on the continuing reliability of our increasingly complex and interdependent infrastructures, a key one of which is electric power.

8 This activity is undertaken in the normal course of business within the Office of Cybersecurity, Energy Security, and Emergency Response

9 This activity is undertaken in the normal course of business within the Office of Cybersecurity, Energy Security, and Emergency Response

10 EIA conducted 20 telephone interviews with Form OE-417 respondents between March 2017 and April 2017 to check the burden per response estimate. The research revealed that the average time it takes respondents to gather the information to complete Schedule 2 of Form OE-417 is 66 minutes (1.1 hours). The average time it takes respondents to record the information in Form OE-417 is 22 minutes (0.37 hours) showing the burden for Schedule 2 is 1.5 hours (approximately 90 minutes total).


File Typeapplication/vnd.openxmlformats-officedocument.wordprocessingml.document
File TitleSupporting Statement for Survey Clearance
SubjectImproving the Quality and Scope of EIA Data
AuthorStroud, Lawrence
File Modified0000-00-00
File Created2021-10-09

© 2024 OMB.report | Privacy Policy