RD21-2, 60-day Notice, issued by FERC 2/22/2021

Download: docx | pdf

UNITED STATES OF AMERICA

FEDERAL ENERGY REGULATORY COMMISSION

[Docket No. RD21-2-000]

COMMISSION INFORMATION COLLECTION ACTIVITIES (FERC-725B2);

COMMENT REQUEST

(February 22, 2021)

AGENCY: Federal Energy Regulatory Commission.

ACTION: Notice of information collection and request for comments.

SUMMARY: In compliance with the requirements of the Paperwork Reduction Act of 1995, the Federal Energy Regulatory Commission (Commission or FERC) is soliciting public comment on revisions to the reporting and recordkeeping requirements proposed for Reliability Standards CIP-013-2 (Cyber Security – Supply Chain Risk Management), CIP-005-7 (Cyber Security – Electronic Security Perimeter(s)), and CIP-010-4 (Cyber Security – Configuration Change Management and Vulnerability Assessments) in Docket No. RD21-2-000. The burden for the requirements will be included in FERC-725B2 (Mandatory Reliability Standards for Critical Infrastructure Protection [CIP] Reliability Standards).

DATES: Comments on the collection of information are due [Insert date 60 days after date of publication in the Federal Register].

ADDRESSES: You may submit comments (identified by Docket No. RD21-2-000) by any of the following methods:

• eFiling at Commission’s Web Site: http://www.ferc.gov/docs-filing/efiling.asp

• U.S. Postal Service (USPS): Federal Energy Regulatory Commission, 888 First Street, NE, Washington, DC 20426.

• Other Carriers/Couriers: Federal Energy Regulatory Commission, 12225 Wilkins Avenue, Rockville, Maryland 20852.

Instructions: All submissions must be formatted and filed in accordance with submission guidelines at: http://www.ferc.gov/help/submission-guide.asp. For user assistance, contact FERC Online Support by e-mail at [email protected], or by phone at: (866) 208-3676 (toll-free).

Docket: Users interested in receiving automatic notification of activity in this docket or in viewing/downloading comments and issuances in this docket may do so at http://www.ferc.gov/docs-filing/docs-filing.asp.

FOR FURTHER INFORMATION: Ellen Brown may be reached by e-mail at [email protected] and telephone at (202) 502-8663.

SUPPLEMENTARY INFORMATION:

Title: FERC-725B2, Mandatory Reliability Standards for Critical Infrastructure Protection [CIP] Reliability Standards¹

OMB Control No.: 1902-0304

Type of Request: Approval of proposed changes as described in Docket No. RD21-2-000.

Abstract: The FERC-725B2 contains the following information collection elements.

Pursuant to Reliability Standard CIP-013-2 Requirement R1, responsible entities should update their supply chain risk management plans to include Electronic Access Control or Monitoring Systems and Physical Access Control Systems. The act of implementing the modified plans and procedures may result in additional documentation, as required by Reliability Standard CIP-013-2, Requirement R2. In addition to the above one-time paperwork requirements, pursuant to Reliability Standard CIP-013-1, Requirement R3, responsible entities are required to review their supply chain risk management plan and associated procedures every 15 months.

Also, implementation of the technical requirements in Reliability Standard CIP-005-7, Requirement R3.1 and Requirement R3.2 is likely to result in initial documentation burden.

Reliability Standard CIP-010-4, Requirement R1.6 will require modification of certain procedures, as well as initial implementation and documentation of said procedures.

The compliance-related requirements of the above-mentioned standards will continue on an ongoing basis.

If the modified Reliability Standards become effective by April 1, 2021, the effective date of the approved Reliability Standards will be October 1, 2022. 

The NERC petition was filed with the Commission on December 14, 2020. The docket was noticed on January 7 with a 21-day comment/intervention period, ending on January 28, 2021. No comments or interventions were received.

Type of Respondent: Businesses or other for-profit institutions; not-for-profit institutions

Estimate of Annual Burden²: The Commission estimates the total annual burden and cost³ for this information collection in the table below. For hourly cost (for wages and benefits) for the reporting requirements, we estimate that

• 2% of the time is spent by Electrical Engineers (code 17-2071, at $70.19/hr.),

• 15% of the time is spent by Legal (code 23-0000, at $142.65/hr.),

• 31.5% of the time is spent by Information Security Analysts (Occupation Code 15-1122, at $71.47/hr.),

• 10% of the time is spent by Computer and Information Systems Managers (Occupation Code: 11-3021, at $101.58/hr.),

• 10% of the time is spent by Management (Occupation Code: 11-0000, at $97.15/hr.), and

• 31.5% of the time is spent by Management Analyst (Code: 43-0000 at $66.23/hr.). Therefore, for reporting requirements, we use the weighted hourly cost (for wages and benefits) of $86.05.

For recordkeeping requirements, for hourly cost (for wages and benefits), we are using $41.03 for Information and Record Clerks (code 43-4199).

The proposed standards are not changing the reporting or recordkeeping requirements, however the proposed standards are expanding the types of assets to which the reporting and recordkeeping requirements apply.

FERC-725B2, Estimated Additional Annual Burden Due to Docket No. RD21-21
Type and No. of Respondents4	Type of Reporting or Recordkeeping Requirement	Annual No. of Respondents (A)	Annual No. of Responses Per Respondent (B)	Total No. of Annual Responses (A)x(B)=(C)	Average Annual Burden Hours & Cost ($) per Response (D)	Estimated Total Annual Burden Hrs. & Cost ($) (C)x(D)
Reliability Standard CIP-013-2
343 (BA, DP, GO, GOP, RC, TO, and TOP)	Reporting, Implementation (one-time in Year 1)	343	1	343	136 hrs.; $11,702.80	46,648 hrs.; $4,014,060.40
343 (BA, DP, GO, GOP, RC, TO, and TOP)	Reporting (ongoing starting in Year 2)	343	1	343	30 hrs.; $2,581.50	10,290 hrs.; $885,454.50
343 (BA, DP, GO, GOP, RC, TO, and TOP)	Recordkeeping (ongoing starting in Year 1)	343	1	343	5 hrs.; $205.15	1,715 hrs.; $70,366.45
Sub-Total for CIP-013-2						58,653 hrs.; $4,969,881.35
Reliability Standard CIP-005-7
343 (BA, DP, GO, GOP, RC, TO, and TOP)	Reporting, Implementation (one-time in Year 1)	343	1	343	12hrs.; $1,032.60	4,116hrs.; $354,181.80
343 (BA, DP, GO, GOP, RC, TO, and TOP)	Recordkeeping (ongoing starting in Year 1)	343	1	343	3 hrs.; $123.09	1,029 hrs.; $42,219.87
Sub-Total for CIP-005-7						5,145 hrs.; $396,401.67
Reliability Standard CIP-010-4
343 (BA, DP, GO, GOP, RC, TO, and TOP)	Reporting, Implementation (one-time in Yr. 1)	343	1	343	12 hrs.; $1,032.60	4116 hrs.; $354,181.80
343 (BA, DP, GO, GOP, RC, TO, and TOP)	Recordkeeping (ongoing starting in Year 1)	343	1	343	3 hrs,; $123.09?	1,029 hrs.; $42,219.87
Sub-Total for CIP-010-4						5,145 hrs.; $396,401.67
Total Annual Burden Hrs. and Cost, due to RD21-2						68,943 hrs.; $5,762,684.69

Comments: Comments are invited on: (1) whether the collection of information is necessary for the proper performance of the functions of the Commission, including whether the information will have practical utility; (2) the accuracy of the agency’s estimate of the burden and cost of the collection of information, including the validity of the methodology and assumptions used; (3) ways to enhance the quality, utility and clarity of the information collection; and (4) ways to minimize the burden of the collection of information on those who are to respond, including the use of automated collection techniques or other forms of information technology.

Kimberly D. Bose,

Secretary.

File Type	application/vnd.openxmlformats-officedocument.wordprocessingml.document
File Modified	0000-00-00
File Created	2021-05-08