Download: docx | pdf

179 FERC ¶ 61,187

UNITED STATES OF AMERICA

FEDERAL ENERGY REGULATORY COMMISSION

Before Commissioners: Richard Glick, Chairman;

James P. Danly, Allison Clements,

Mark C. Christie, and Willie L. Phillips.

North American Electric Reliability Corporation

Docket No.

RD22-3-000

ORDER APPROVING MODIFICATIONS TO THE COMPLIANCE SECTION OF RELIABILITY STANDARD CIP-014

(Issued June 16, 2022)

1. On February 16, 2022, the North American Electric Reliability Corporation (NERC), the Commission-certified Electric Reliability Organization (ERO), submitted a petition seeking approval of Reliability Standard CIP-014-3, which would modify the compliance section of Reliability Standard CIP-014-2 (Physical Security). The proposed modification would eliminate a provision requiring that all evidence demonstrating compliance with this Reliability Standard should be retained at the transmission owner’s or transmission operator’s facility. As discussed in this order, we approve NERC’s petition.

1. Background

   1. Section 215 and Mandatory Reliability Standards

2. Section 215 of the Federal Power Act (FPA) requires a Commission-certified ERO to develop mandatory and enforceable Reliability Standards, subject to Commission review and approval. The ERO is obligated to file each Reliability Standard or modification to a Reliability Standard that it proposes to be made effective with the Commission.¹ Reliability Standards may be enforced by the ERO, subject to Commission oversight, or by the Commission independently.² Pursuant to section 215 of the FPA, the Commission established a process to select and certify an ERO,³ and subsequently certified NERC.⁴

1. Currently Effective Reliability Standard CIP-014-2

3. Reliability Standard CIP-014-2, which applies to transmission owners and transmission operators, is designed to “identify and protect Transmission stations and Transmission substations, and their associated primary control centers, that if rendered inoperable or damaged as a result of a physical attack could result in widespread instability, uncontrolled separation, or Cascading within an Interconnection.”⁵ Pursuant to the Reliability Standard, transmission owners must perform an initial and subsequent risk assessments to identify the transmission stations and substations that, if rendered inoperable or damaged could result in instability, uncontrolled separation, or cascading within an Interconnection, and is subject to a third party verification. Transmission owners that control identified facilities must conduct an evaluation of the potential threats and vulnerabilities of a physical attack to transmission stations and substation, as well as primary control centers, develop and implement a documented physical security plan and have a third-party review of the evaluation.

1. NERC Petition for Modifications to the Compliance Section of Reliability Standard CIP-014

4. NERC proposes to remove section C.1.1.4., Additional Compliance Information, from the compliance section of the currently effective Reliability Standard CIP-014-2 (Physical Security) that requires all evidence demonstrating compliance with this Reliability Standard to be retained at the transmission owner’s or transmission operator’s

facility in order to protect the entity’s confidential information.⁶ NERC states that the proposed change applies only to the compliance section of Reliability Standard CIP-014-2, and proposes no changes in the mandatory and enforceable Requirements of Reliability Standard CIP-014-2. According to NERC, the provision presents challenges to effective and efficient compliance monitoring and is not necessary to protect the confidentiality of Reliability Standard CIP-014-2 compliance evidence.⁷

5. NERC states that the “Additional Compliance Information” provision in the compliance section of CIP-014 was added to address heightened concerns regarding the protection of CIP-014 evidence. However, NERC has determined that it should no longer treat CIP-014 evidence any differently than other sensitive evidence it collects during its Compliance Monitoring and Enforcement Program (CMEP) activities.⁸ With the advent of the ERO Secure Evidence Locker (SEL), NERC asserts that it has a secure means of collecting and analyzing CIP-014 evidence in the same manner as any other sensitive evidence collected as part of CMEP activities.¹⁴

6. NERC explains that if the change is approved, it will no longer treat Reliability Standard CIP-014 evidence any differently than other sensitive evidence it collects during its compliance activities.⁹ NERC plans to use its SEL to support data and information handling, and it explains that it has developed the SEL for temporary storage of all registered entity compliance evidence.¹⁰ According to NERC, the SEL enables a registered entity to securely submit evidence through an encrypted session; the evidence is encrypted immediately upon submission, securely isolated per registered entity, never extracted, never backed up, and subject to proactive and disciplined destruction policies. NERC submits that the SEL provides security advantages to ensure proper protection and chain-of-custody management of the submitted evidence for CIP-014 compliance.

7. NERC requests that the modification to the Reliability Standard become effective on the date of Commission approval.

2. Notice of Filing and Responsive Pleadings

8. Notice of NERC’s February 16, 2022 Petition was published in the Federal Register, 87 FR 11061 (Feb.28, 2022), with interventions and protests due on or before March 15, 2022. The Edison Electric Institute (EEI) filed a timely motion to intervene and comments. On March 21, 2022, NERC submitted a request to submit reply comments and reply comments (NERC Answer). On March 30, 2022, EEI filed a motion for leave to answer and answer (EEI Answer).

9. EEI opposes NERC’s petition and maintains that Reliability Standard CIP-014 requires data collection for industry’s most sensitive assets and, therefore, the compliance provision should be retained so that NERC continues to review compliance evidence for this Reliability Standard only on-site at the registered entities for the most sensitive data.¹¹ EEI explains that the information retained under this compliance requirement is of a critical and highly sensitive nature, and some information provided for Reliability Standard CIP-014 compliance is only available to a small set of personnel on a need-to-know basis within EEI member companies.¹² According to EEI, its members go to great lengths to protect the identity of the assets and other sensitive information by using alternative anonymous names both in internal and external discussions. Further, EEI expresses security concerns related to the use of SEL, arguing that the SEL increases the risk of aggregated industry information falling into the hands of a nation state or bad actor.¹³ EEI argues that ease of access cannot take precedence over the safety, security, and reliability of the electric grid.

10. NERC asserts in its answer that the proposed modification would not decrease
    the protection of any highly sensitive compliance evidence, but it is needed to ensure compliance monitoring with Reliability Standard CIP-014.¹⁴ Among other arguments, NERC explains that there will be limited CIP-014 evidence aggregated in the SEL at any given time.¹⁵ Further, NERC elaborates that a registered entity may choose to develop its own SEL rather than use NERC’s SEL, or use NERC’s exceptions process, which allows registered entities to collaborate with the compliance authority on alternative submittal methods.

11. Finally, NERC states that over the last two years, due to pandemic restrictions, in some instances registered entities refused on-site access for compliance monitoring.¹⁶
    In addition, certain entities also refused to allow a review of evidence using a secure videoconferencing platform. NERC believes that “[t]he end result was increased risk, in certain instances, because [NERC and the Regional Entities] had no mechanism with which to monitor compliance with CIP-014 until the entity, at its own discretion, lifted its pandemic-related restriction.”¹⁷

12. In its answer, EEI argues that more flexibility should be given to registered entities to select the most secure methods for providing CIP-014 compliance data. In particular, EEI states that, if agreed to by a registered entity’s Compliance Enforcement Authority, “secure videoconferencing is an attractive and equally effective and efficient alternative to using the ERO SEL and one that EEI members would welcome.”¹⁸ EEI notes, however, that certain entities may prefer to use their own videoconferencing tools, as opposed to an ERO-based tool, “because in doing so they have an understanding of, and confidence in, the security measures that have been implemented.”¹⁹ Further, because many registered entities’ corporate security access management programs require training, background checks, and monitoring of third-party access, EEI believes that some registered entities may be unable to use their own SEL to submit compliance information if NERC or Regional Entity compliance personnel are unable or unwilling
    to meet their SEL security access requirements.²⁰ EEI also expresses concern with the length of time NERC will keep compliance information in the SEL, as entities have no way of verifying whether it has been deleted.

3. Determination

   1. Procedural Matters

13. Pursuant to Rule 214 of the Commission’s Rules of Practice and Procedure,
    18 CFR § 385.214 (2021), EEI’s timely, unopposed motion to intervene serve to make
    it a party to this proceeding.

14. Rule 213(a)(2) of the Commission’s Rules of Practice and Procedure, 18 CFR
    § 385.213(a)(2) (2021), prohibits an answer to a protest or answer unless otherwise ordered by the decisional authority. We accept NERC’s and EEI’s answers because
    they have provided information that assisted us in our decision-making process.

1. Substantive Matters

15. As discussed below, we find that the proposed removal of the evidence retention provision in section C.1.1.4 of the compliance section of Reliability Standard CIP-014-2 is just, reasonable, not unduly discriminatory or preferential, and in the public interest. The modification will allow NERC to monitor compliance more effectively without compromising the confidentiality of sensitive information. Accordingly, we approve NERC’s petition.

16. Reliability Standard CIP-014-2, compliance section C.1.1.4., Additional Compliance Information, currently requires compliance personnel and auditors (and enforcement staff if a potential noncompliance is identified) to be physically present at
    an entity’s facility to review evidence of compliance. As NERC’s petition explains,
    this requirement presented challenges during the pandemic, when auditors could not access certain entities’ facilities in person and in some instances were prevented from reviewing the evidence remotely.²¹

17. We recognize that Reliability Standard CIP-014-2 requires data collection for industry’s sensitive assets and that therefore the data should be handled in a secure manner. However, while section C.1.1.4 may have provided necessary protection in
    the past, we are persuaded by NERC’s explanation that its SEL now offers a secure and more flexible alternative for compliance evidence collection and review for Reliability Standard CIP-014-2.

18. Moreover, we are not persuaded by EEI’s comments seeking to retain the on-site viewing requirement. First, contrary to EEI’s suggestion in its comments, the use of
    the SEL is not novel and untested. In NERC’s petition requesting funding for the SEL, which was filed in June 2020, NERC explained that the use of an evidence locker was a practice already in place for at least two Regional Entities to collect evidence associated with Critical Infrastructure Protection (CIP) Reliability Standards.²² Before deciding
    to implement the SEL, NERC consulted with industry and discussed security concerns related to evidence collection.²³ Also, NERC has been using the SEL to access compliance evidence for the other CIP Reliability Standards, which indicates that it is
    a well-established and secure method of evidence review. Restricting auditor review to on-site only when there is a secure alternative impairs the auditor’s ability to perform in-depth review of the evidence and could result in increased risk due to lack of adequate or timely compliance monitoring.

19. Further, we are not persuaded by EEI’s argument that the SEL increases the risk
    of aggregated industry information falling into the hands of a nation-state or bad actor. Once evidence is submitted through an SEL encrypted session, it is immediately encrypted and cannot be extracted, is not backed up, and is subject to proactive and disciplined destruction policies, as well as being separated by registered entity.²⁴ NERC explained that it will remove the information from the SEL when the CMEP engagement concludes.²⁵

20. Finally, as stated by NERC, entities can structure their own SELs that adhere to their security measure requirements. EEI argues that some registered entities may be unable to use their own SELs to submit compliance information if NERC or Regional Entity compliance personnel are unable or unwilling to meet the SEL security access requirements.²⁶ However, EEI provides no specific evidence of such situations for
    other CIP compliance monitoring engagements or whether they have led to increased
    risk of evidence being compromised. We find unpersuasive EEI’s objections to NERC’s offering of a flexible approach to accommodate entities.

21. Therefore, we find that the removal of the evidence retention provision in
    section C.1.1.4 of the compliance section of Reliability Standard CIP-014-2 will allow NERC to monitor compliance more effectively without compromising the confidentiality of sensitive information. Accordingly, we approve NERC’s petition and accept the proposed Reliability Standard CIP-014-3, to become effective on the date of issuance of this order.

4. Information Collection Statement

22. In compliance with the requirements of the Paperwork Reduction Act of 1995,
    44 U.S.C. 3506(c)(2)(A), the Commission is soliciting public comment on revisions
    to the information collection FERC-725U, Mandatory Reliability Standards for the
    Bulk Power System; CIP Reliability Standards; which will be submitted to the Office of Management and Budget (OMB) for a review of the information collection requirements. Comments on the collection of information are due within 60 days of the date this order is published in the Federal Register. Respondents subject to the filing requirements of this order will not be penalized for failing to respond to these collections of information unless the collections of information display a valid OMB control number.

23. The information collection requirements are subject to review by the OMB under section 3507(d) of the Paperwork Reduction Act of 1995.²⁷ OMB’s regulations require approval of certain information collection requirements imposed by agency rules.²⁸ The Commission solicits comments on the Commission’s need for this information, whether the information will have practical utility, the accuracy of the burden estimates, ways to enhance the quality, utility, and clarity of the information to be collected or retained, and any suggested methods for minimizing respondents’ burden, including the use of automated information techniques.

24. The number of respondents below is based on an estimate of the NERC compliance registry for transmission owners and transmission operator. The Commission based its paperwork burden estimates on the NERC compliance registry as of May 6, 2022. According to the registry, there are 326 transmission owners and 18 transmission operators not also registered as transmission owners. The estimate is based on a zero change in burden from the current standard to the standard approved in this Order. The Commission based the burden estimate on staff experience, knowledge, and expertise.

25. For the new Reliability Standard CIP-014-3, the burden for entities remains the same as they will still need to provide the same evidence to demonstrate compliance whether it is kept on-site or loaded electronically into the SEL. No comments were received that expressed a change in the manhour burden associated with the use of SEL.

26. Burden Estimates: The Commission estimates the changes in the annual public reporting burden and cost²⁹ as indicated below:

FERC-725U: (Mandatory Reliability Standards: Reliability Standard CIP-014) Change in Burden
	Number of Respondents30 (1)	Number of Responses per Respondent (2)	Total Number of Responses (1)*(2)=(3)	Average Burden Hours & Cost Per Response (4)	Total Burden Hours & Total Cost (3)*(4)=(5)	Average Cost per Respondent (5)÷(1)
Change Annual Reporting and Recordkeeping	344	1	344	32.71 hrs.; $2,845.77	11,252.24 hrs.; $978,944.88	$2,845.77
TOTAL FERC-725U	344	1	344	32.71 hrs.; $2,845.77	11,254.24 hrs.; $978,944.88	$2,845.77

Titles: FERC-725U, Mandatory Reliability Standards for the Bulk Power System; CIP Reliability Standards.

Action: Compliance update with no changes to Existing Collections of Information, FERC-725U.

OMB Control Nos: 1902-0274(FERC-725U).

Respondents: Business or other for profit, and not for profit institutions.

Frequency of Responses: On occasion.

Necessity of the Information: Reliability Standard CIP-014-3 (Physical Security) is part of the implementation of the Congressional mandate of the Energy Policy Act of 2005 to develop mandatory and enforceable Reliability Standards to better ensure the reliability of the nation’s Bulk Power system. Specifically, the revised standard only changes the how the evidence is stored.

Internal review: The Commission has reviewed NERC’s proposal and determined that its action is necessary to implement section 215 of the FPA.

27. Interested persons may obtain information on the reporting requirements by contacting the Federal Energy Regulatory Commission, Office of the Executive Director, 888 First Street, NE, Washington, DC 20426 [Attention: Ellen Brown, e-mail: [email protected], phone: (202) 502-8663].

28. All submissions must be formatted and filed in accordance with submission guidelines at: http://www.ferc.gov. For user assistance, contact FERC Online Support by e-mail at [email protected], or by phone at (866) 208-3676 (toll-free).

29. Comments concerning the information collections and requirements approved and associated burden estimates, should be sent to the Commission in this docket and may also be sent to the Office of Management and Budget, Office of Information and Regulatory Affairs [Attention: Desk Officer for the Federal Energy Regulatory Commission]. OMB submissions must be formatted and filed in accordance with submission guidelines at www.reginfo.gov/public/do/PRAMain. Using the search function under the “Currently Under Review” field, select Federal Energy Regulatory Commission; click “submit,” and select “comment” to the right of the subject collection.

30. Please refer to the appropriate OMB Control Number(s) 1902-0274(FERC-725U) in your submission.

5. Document Availability

31. In addition to publishing the full text of this document in the Federal Register,
    the Commission provides all interested persons an opportunity to view and/or print
    the contents of this document via the Internet through the Commission's Home Page (http://www.ferc.gov) and in the Commission's Public Reference Room during normal business hours (8:30 a.m. to 5:00 p.m. Eastern time) at 888 First Street, NE, Room 2A, Washington, DC 20426.

32. From the Commission’s Home Page on the Internet, this information is available on eLibrary. The full text of this document is available on eLibrary in PDF and Microsoft Word format for viewing, printing, and/or downloading. To access this document in eLibrary, type the docket number excluding the last three digits of this document in the docket number field.

33. User assistance is available for eLibrary and the Commission’s website during normal business hours from the Commission’s Online Support at (202) 502-6652 (toll free at 1-866-208-3676) or email at [email protected], or the Public Reference Room at (202) 502-8371, TTY (202) 502-8659. E-mail the Public Reference Room at [email protected].

The Commission orders:

Reliability Standard CIP-014-3 is hereby approved, as discussed in the body of this order.

By the Commission.

( S E A L )

Debbie-Anne A. Reese,

Deputy Secretary.

File Type	application/vnd.openxmlformats-officedocument.wordprocessingml.document
File Modified	0000-00-00
File Created	2022-09-21