UNITED STATES OF AMERICA
FEDERAL ENERGY REGULATORY COMMISSION
[Docket No. RD21-2-000]
COMMISSION INFORMATION COLLECTION ACTIVITIES (FERC-725B2);
COMMENT REQUEST
AGENCY: Federal Energy Regulatory Commission.
ACTION: Notice of information collection and request for comments.
SUMMARY: In compliance with the requirements of the Paperwork Reduction Act of 1995, the Federal Energy Regulatory Commission (Commission or FERC) is soliciting public comment on revisions to the reporting and recordkeeping requirements proposed for Reliability Standards CIP-013-2 (Cyber Security – Supply Chain Risk Management), CIP-005-7 (Cyber Security – Electronic Security Perimeter(s)), and CIP-010-4 (Cyber Security – Configuration Change Management and Vulnerability Assessments) in Docket No. RD21-2-000. The burden for the requirements will be included in FERC-725B2 (Mandatory Reliability Standards for Critical Infrastructure Protection [CIP] Reliability Standards).
DATES: Comments on the collection of information are due [Insert date 60 days after date of publication in the Federal Register].
ADDRESSES: You may submit comments (identified by Docket No. RD21-2-000) by any of the following methods:
eFiling at Commission’s Web Site: http://www.ferc.gov/docs-filing/efiling.asp
U.S. Postal Service (USPS): Federal Energy Regulatory Commission, 888 First Street, NE, Washington, DC 20426.
Other Carriers/Couriers: Federal Energy Regulatory Commission, 12225 Wilkins Avenue, Rockville, Maryland 20852.
Instructions: All submissions must be formatted and filed in accordance with submission guidelines at: http://www.ferc.gov/help/submission-guide.asp. For user assistance, contact FERC Online Support by e-mail at [email protected], or by phone at: (866) 208-3676 (toll-free).
Docket: Users interested in receiving automatic notification of activity in this docket or in viewing/downloading comments and issuances in this docket may do so at http://www.ferc.gov/docs-filing/docs-filing.asp.
FOR FURTHER INFORMATION: Ellen Brown may be reached by e-mail at [email protected] and telephone at (202) 502-8663.
SUPPLEMENTARY INFORMATION:
Title: FERC-725B2, Mandatory Reliability Standards for Critical Infrastructure Protection [CIP] Reliability Standards1
OMB Control No.: 1902-0304
Type of Request: Approval of proposed changes as described in Docket No. RD21-2-000.
Abstract: The FERC-725B2 contains the following information collection elements.
Pursuant to Reliability Standard CIP-013-2 Requirement R1, responsible entities should update their supply chain risk management plans to include Electronic Access Control or Monitoring Systems and Physical Access Control Systems. The act of implementing the modified plans and procedures may result in additional documentation, as required by Reliability Standard CIP-013-2, Requirement R2. In addition to the above one-time paperwork requirements, pursuant to Reliability Standard CIP-013-1, Requirement R3, responsible entities are required to review their supply chain risk management plan and associated procedures every 15 months.
Also, implementation of the technical requirements in Reliability Standard CIP-005-7, Requirement R3.1 and Requirement R3.2 is likely to result in initial documentation burden.
Reliability Standard CIP-010-4, Requirement R1.6 will require modification of certain procedures, as well as initial implementation and documentation of said procedures.
The compliance-related requirements of the above-mentioned standards will continue on an ongoing basis.
If the modified Reliability Standards become effective by April 1, 2021, the effective date of the approved Reliability Standards will be October 1, 2022.
The NERC petition was filed with the Commission on December 14, 2020. The docket was noticed on January 7 with a 21-day comment/intervention period, ending on January 28, 2021. No comments or interventions were received.
Type of Respondent: Businesses or other for-profit institutions; not-for-profit institutions
Estimate of Annual Burden2: The Commission estimates the total annual burden and cost3 for this information collection in the table below. For hourly cost (for wages and benefits) for the reporting requirements, we estimate that
2% of the time is spent by Electrical Engineers (code 17-2071, at $70.19/hr.),
15% of the time is spent by Legal (code 23-0000, at $142.65/hr.),
31.5% of the time is spent by Information Security Analysts (Occupation Code 15-1122, at $71.47/hr.),
10% of the time is spent by Computer and Information Systems Managers (Occupation Code: 11-3021, at $101.58/hr.),
10% of the time is spent by Management (Occupation Code: 11-0000, at $97.15/hr.), and
31.5% of the time is spent by Management Analyst (Code: 43-0000 at $66.23/hr.). Therefore, for reporting requirements, we use the weighted hourly cost (for wages and benefits) of $86.05.
For recordkeeping requirements, for hourly cost (for wages and benefits), we are using $41.03 for Information and Record Clerks (code 43-4199).
The proposed standards are not changing the reporting or recordkeeping requirements, however the proposed standards are expanding the types of assets to which the reporting and recordkeeping requirements apply.
FERC-725B2, Estimated Additional Annual Burden Due to Docket No. RD21-21 |
||||||
Type and No. of Respondents4 |
Type of Reporting or Recordkeeping Requirement |
Annual No. of Respondents (A) |
Annual No. of Responses Per Respondent (B) |
Total No. of Annual Responses (A)x(B)=(C) |
Average Annual Burden Hours & Cost ($) per Response (D) |
Estimated Total Annual Burden Hrs. & Cost ($) (C)x(D) |
Reliability Standard CIP-013-2 |
||||||
343 (BA, DP, GO, GOP, RC, TO, and TOP) |
Reporting, Implementation (one-time in Year 1) |
343 |
1 |
343 |
136 hrs.; $11,702.80 |
46,648 hrs.; $4,014,060.40 |
343 (BA, DP, GO, GOP, RC, TO, and TOP) |
Reporting (ongoing starting in Year 2) |
343 |
1 |
343 |
30 hrs.; $2,581.50 |
10,290 hrs.; $885,454.50 |
343 (BA, DP, GO, GOP, RC, TO, and TOP) |
Recordkeeping (ongoing starting in Year 1) |
343 |
1 |
343 |
5 hrs.; $205.15 |
1,715 hrs.; $70,366.45 |
Sub-Total for CIP-013-2 |
|
|
|
|
|
58,653 hrs.; $4,969,881.35 |
Reliability Standard CIP-005-7 |
||||||
343 (BA, DP, GO, GOP, RC, TO, and TOP) |
Reporting, Implementation (one-time in Year 1) |
343 |
1 |
343 |
12hrs.; $1,032.60 |
4,116hrs.; $354,181.80 |
343 (BA, DP, GO, GOP, RC, TO, and TOP) |
Recordkeeping (ongoing starting in Year 1) |
343 |
1 |
343 |
3 hrs.; $123.09 |
1,029 hrs.; $42,219.87 |
Sub-Total for CIP-005-7 |
|
|
|
|
|
5,145 hrs.; $396,401.67 |
Reliability Standard CIP-010-4 |
||||||
343 (BA, DP, GO, GOP, RC, TO, and TOP) |
Reporting, Implementation (one-time in Yr. 1) |
343 |
1 |
343 |
12 hrs.; $1,032.60 |
4116 hrs.; $354,181.80 |
343 (BA, DP, GO, GOP, RC, TO, and TOP) |
Recordkeeping (ongoing starting in Year 1) |
343 |
1 |
343 |
3 hrs,; $123.09? |
1,029 hrs.; $42,219.87 |
Sub-Total for CIP-010-4 |
|
|
|
|
|
5,145 hrs.; $396,401.67 |
Total Annual Burden Hrs. and Cost, due to RD21-2 |
|
|
|
|
|
68,943 hrs.; $5,762,684.69 |
Comments: Comments are invited on: (1) whether the collection of information is necessary for the proper performance of the functions of the Commission, including whether the information will have practical utility; (2) the accuracy of the agency’s estimate of the burden and cost of the collection of information, including the validity of the methodology and assumptions used; (3) ways to enhance the quality, utility and clarity of the information collection; and (4) ways to minimize the burden of the collection of information on those who are to respond, including the use of automated collection techniques or other forms of information technology.
Kimberly D. Bose,
Secretary.
1 The reporting and recordkeeping requirements proposed in Docket No. RD21-2-000 would normally be included in FERC-725B (OMB Control No. 1902-0248). However another unrelated item under FERC-725B is pending review by the Office of Management and Budget (OMB), and only one item per OMB Control No. can be pending review at a time.
We are submitting the additional requirements (and related burden estimates) described in Docket No. RD21-2-000 to OMB under the interim information collection number FERC-725B2 in order to submit the request to OMB timely. FERC-725B continues to cover the current requirements of the standards, before implementation of the additional requirements of Docket No. RD21-2-000.
2 “Burden” is the total time, effort, or financial resources expended by persons to generate, maintain, retain, or disclose or provide information to or for a Federal agency. For further explanation of what is included in the information collection burden, refer to Title 5 Code of Federal Regulations 1320.3.
3
Costs (for wages and benefits) are based on wage figures from the
Bureau of Labor Statistics (BLS) for May 2019 (at
https://www.bls.gov/oes/current/naics2_22.htm)
and benefits information issued March 19,2020 (at
https://www.bls.gov/news.release/ecec.nr0.htm)
.
4 There are 1,494 unique registered entities in the NERC compliance registry as of February 5, 2021. Of this total, we estimate that 343 entities (Balancing Authority [BA], Distribution Provider [DP], Generator Owner [GO], Generator Operator [GOP], Reliability Coordinator [RC], Transmission Owner [TO], and Transmission Operator [TOP]) will face an increased paperwork burden due to Docket No. RD21-2.
File Type | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
File Modified | 0000-00-00 |
File Created | 2021-05-08 |