179 FERC ¶ 61,187
UNITED STATES OF AMERICA
FEDERAL ENERGY REGULATORY COMMISSION
Before Commissioners: Richard Glick, Chairman;
James P. Danly, Allison Clements,
Mark C. Christie, and Willie L. Phillips.
North American Electric Reliability Corporation |
Docket No. |
RD22-3-000 |
ORDER APPROVING MODIFICATIONS TO THE COMPLIANCE SECTION OF RELIABILITY STANDARD CIP-014
(Issued June 16, 2022)
On February 16, 2022, the North American Electric Reliability Corporation (NERC), the Commission-certified Electric Reliability Organization (ERO), submitted a petition seeking approval of Reliability Standard CIP-014-3, which would modify the compliance section of Reliability Standard CIP-014-2 (Physical Security). The proposed modification would eliminate a provision requiring that all evidence demonstrating compliance with this Reliability Standard should be retained at the transmission owner’s or transmission operator’s facility. As discussed in this order, we approve NERC’s petition.
Section 215 of the Federal Power Act (FPA) requires a Commission-certified ERO to develop mandatory and enforceable Reliability Standards, subject to Commission review and approval. The ERO is obligated to file each Reliability Standard or modification to a Reliability Standard that it proposes to be made effective with the Commission.1 Reliability Standards may be enforced by the ERO, subject to Commission oversight, or by the Commission independently.2 Pursuant to section 215 of the FPA, the Commission established a process to select and certify an ERO,3 and subsequently certified NERC.4
Reliability Standard CIP-014-2, which applies to transmission owners and transmission operators, is designed to “identify and protect Transmission stations and Transmission substations, and their associated primary control centers, that if rendered inoperable or damaged as a result of a physical attack could result in widespread instability, uncontrolled separation, or Cascading within an Interconnection.”5 Pursuant to the Reliability Standard, transmission owners must perform an initial and subsequent risk assessments to identify the transmission stations and substations that, if rendered inoperable or damaged could result in instability, uncontrolled separation, or cascading within an Interconnection, and is subject to a third party verification. Transmission owners that control identified facilities must conduct an evaluation of the potential threats and vulnerabilities of a physical attack to transmission stations and substation, as well as primary control centers, develop and implement a documented physical security plan and have a third-party review of the evaluation.
NERC proposes to remove section C.1.1.4., Additional Compliance Information, from the compliance section of the currently effective Reliability Standard CIP-014-2 (Physical Security) that requires all evidence demonstrating compliance with this Reliability Standard to be retained at the transmission owner’s or transmission operator’s
facility in order to protect the entity’s confidential information.6 NERC states that the proposed change applies only to the compliance section of Reliability Standard CIP-014-2, and proposes no changes in the mandatory and enforceable Requirements of Reliability Standard CIP-014-2. According to NERC, the provision presents challenges to effective and efficient compliance monitoring and is not necessary to protect the confidentiality of Reliability Standard CIP-014-2 compliance evidence.7
NERC states that the “Additional Compliance Information” provision in the compliance section of CIP-014 was added to address heightened concerns regarding the protection of CIP-014 evidence. However, NERC has determined that it should no longer treat CIP-014 evidence any differently than other sensitive evidence it collects during its Compliance Monitoring and Enforcement Program (CMEP) activities.8 With the advent of the ERO Secure Evidence Locker (SEL), NERC asserts that it has a secure means of collecting and analyzing CIP-014 evidence in the same manner as any other sensitive evidence collected as part of CMEP activities.14
NERC explains that if the change is approved, it will no longer treat Reliability Standard CIP-014 evidence any differently than other sensitive evidence it collects during its compliance activities.9 NERC plans to use its SEL to support data and information handling, and it explains that it has developed the SEL for temporary storage of all registered entity compliance evidence.10 According to NERC, the SEL enables a registered entity to securely submit evidence through an encrypted session; the evidence is encrypted immediately upon submission, securely isolated per registered entity, never extracted, never backed up, and subject to proactive and disciplined destruction policies. NERC submits that the SEL provides security advantages to ensure proper protection and chain-of-custody management of the submitted evidence for CIP-014 compliance.
NERC requests that the modification to the Reliability Standard become effective on the date of Commission approval.
Notice of NERC’s February 16, 2022 Petition was published in the Federal Register, 87 FR 11061 (Feb.28, 2022), with interventions and protests due on or before March 15, 2022. The Edison Electric Institute (EEI) filed a timely motion to intervene and comments. On March 21, 2022, NERC submitted a request to submit reply comments and reply comments (NERC Answer). On March 30, 2022, EEI filed a motion for leave to answer and answer (EEI Answer).
EEI opposes NERC’s petition and maintains that Reliability Standard CIP-014 requires data collection for industry’s most sensitive assets and, therefore, the compliance provision should be retained so that NERC continues to review compliance evidence for this Reliability Standard only on-site at the registered entities for the most sensitive data.11 EEI explains that the information retained under this compliance requirement is of a critical and highly sensitive nature, and some information provided for Reliability Standard CIP-014 compliance is only available to a small set of personnel on a need-to-know basis within EEI member companies.12 According to EEI, its members go to great lengths to protect the identity of the assets and other sensitive information by using alternative anonymous names both in internal and external discussions. Further, EEI expresses security concerns related to the use of SEL, arguing that the SEL increases the risk of aggregated industry information falling into the hands of a nation state or bad actor.13 EEI argues that ease of access cannot take precedence over the safety, security, and reliability of the electric grid.
NERC asserts in its answer that the proposed modification would not
decrease
the protection of any highly sensitive compliance
evidence, but it is needed to ensure compliance monitoring with
Reliability Standard CIP-014.14
Among other arguments, NERC explains that there will be limited
CIP-014 evidence aggregated in the SEL at any given time.15
Further, NERC elaborates that a registered entity may choose to
develop its own SEL rather than use NERC’s SEL, or use NERC’s
exceptions process, which allows registered entities to collaborate
with the compliance authority on alternative submittal methods.
Finally, NERC states that over the last two years, due to pandemic
restrictions, in some instances registered entities refused on-site
access for compliance monitoring.16
In addition, certain entities also refused to allow a review
of evidence using a secure videoconferencing platform. NERC
believes that “[t]he end result was increased risk, in certain
instances, because [NERC and the Regional Entities] had no mechanism
with which to monitor compliance with CIP-014 until the entity, at
its own discretion, lifted its pandemic-related restriction.”17
In its answer, EEI argues that more flexibility should be given to
registered entities to select the most secure methods for providing
CIP-014 compliance data. In particular, EEI states that, if agreed
to by a registered entity’s Compliance Enforcement Authority,
“secure videoconferencing is an attractive and equally
effective and efficient alternative to using the ERO SEL and one
that EEI members would welcome.”18
EEI notes, however, that certain entities may prefer to use their
own videoconferencing tools, as opposed to an ERO-based tool,
“because in doing so they have an understanding of, and
confidence in, the security measures that have been implemented.”19
Further, because many registered entities’ corporate security
access management programs require training, background checks, and
monitoring of third-party access, EEI believes that some registered
entities may be unable to use their own SEL to submit compliance
information if NERC or Regional Entity compliance personnel are
unable or unwilling
to meet their SEL security access
requirements.20
EEI also expresses concern with the length of time NERC will keep
compliance information in the SEL, as entities have no way of
verifying whether it has been deleted.
Pursuant to Rule 214 of the Commission’s Rules of Practice and
Procedure,
18 CFR § 385.214 (2021), EEI’s timely,
unopposed motion to intervene serve to make
it a party to this
proceeding.
Rule 213(a)(2) of the Commission’s Rules of Practice and
Procedure, 18 CFR
§ 385.213(a)(2) (2021), prohibits an
answer to a protest or answer unless otherwise ordered by the
decisional authority. We accept NERC’s and EEI’s
answers because
they have provided information that assisted
us in our decision-making process.
As discussed below, we find that the proposed removal of the evidence retention provision in section C.1.1.4 of the compliance section of Reliability Standard CIP-014-2 is just, reasonable, not unduly discriminatory or preferential, and in the public interest. The modification will allow NERC to monitor compliance more effectively without compromising the confidentiality of sensitive information. Accordingly, we approve NERC’s petition.
Reliability Standard CIP-014-2, compliance section C.1.1.4.,
Additional Compliance Information, currently requires compliance
personnel and auditors (and enforcement staff if a potential
noncompliance is identified) to be physically present at
an
entity’s facility to review evidence of compliance. As NERC’s
petition explains,
this requirement presented challenges
during the pandemic, when auditors could not access certain
entities’ facilities in person and in some instances were
prevented from reviewing the evidence remotely.21
We recognize that Reliability Standard CIP-014-2 requires data
collection for industry’s sensitive assets and that therefore
the data should be handled in a secure manner. However, while
section C.1.1.4 may have provided necessary protection in
the
past, we are persuaded by NERC’s explanation that its SEL now
offers a secure and more flexible alternative for compliance
evidence collection and review for Reliability Standard CIP-014-2.
Moreover, we are not persuaded by EEI’s comments seeking to
retain the on-site viewing requirement. First, contrary to EEI’s
suggestion in its comments, the use of
the SEL is not novel
and untested. In NERC’s petition requesting funding for the
SEL, which was filed in June 2020, NERC explained that the use of an
evidence locker was a practice already in place for at least two
Regional Entities to collect evidence associated with Critical
Infrastructure Protection (CIP) Reliability Standards.22
Before deciding
to implement the SEL, NERC consulted with
industry and discussed security concerns related to evidence
collection.23
Also, NERC has been using the SEL to access compliance evidence for
the other CIP Reliability Standards, which indicates that it is
a
well-established and secure method of evidence review. Restricting
auditor review to on-site only when there is a secure alternative
impairs the auditor’s ability to perform in-depth review of
the evidence and could result in increased risk due to lack of
adequate or timely compliance monitoring.
Further, we are not persuaded by EEI’s argument that the SEL
increases the risk
of aggregated industry information falling
into the hands of a nation-state or bad actor. Once evidence is
submitted through an SEL encrypted session, it is immediately
encrypted and cannot be extracted, is not backed up, and is subject
to proactive and disciplined destruction policies, as well as being
separated by registered entity.24
NERC explained that it will remove the information from the SEL
when the CMEP engagement concludes.25
Finally, as stated by NERC, entities can structure their own SELs
that adhere to their security measure requirements. EEI argues that
some registered entities may be unable to use their own SELs to
submit compliance information if NERC or Regional Entity compliance
personnel are unable or unwilling to meet the SEL security access
requirements.26
However, EEI provides no specific evidence of such situations for
other CIP compliance monitoring engagements or whether they
have led to increased
risk of evidence being compromised. We
find unpersuasive EEI’s objections to NERC’s offering of
a flexible approach to accommodate entities.
Therefore, we find that the removal of the evidence retention
provision in
section C.1.1.4 of the compliance section of
Reliability Standard CIP-014-2 will allow NERC to monitor compliance
more effectively without compromising the confidentiality of
sensitive information. Accordingly, we approve NERC’s
petition and accept the proposed Reliability Standard CIP-014-3, to
become effective on the date of issuance of this order.
In compliance with the requirements of the Paperwork Reduction Act
of 1995,
44 U.S.C. 3506(c)(2)(A), the Commission is soliciting
public comment on revisions
to the information collection
FERC-725U, Mandatory Reliability Standards for the
Bulk Power
System; CIP Reliability Standards; which will be submitted to the
Office of Management and Budget (OMB) for a review of the
information collection requirements. Comments on the collection of
information are due within 60 days of the date this order is
published in the Federal Register. Respondents subject to
the filing requirements of this order will not be penalized for
failing to respond to these collections of information unless the
collections of information display a valid OMB control number.
The information collection requirements are subject to review by the OMB under section 3507(d) of the Paperwork Reduction Act of 1995.27 OMB’s regulations require approval of certain information collection requirements imposed by agency rules.28 The Commission solicits comments on the Commission’s need for this information, whether the information will have practical utility, the accuracy of the burden estimates, ways to enhance the quality, utility, and clarity of the information to be collected or retained, and any suggested methods for minimizing respondents’ burden, including the use of automated information techniques.
The number of respondents below is based on an estimate of the NERC compliance registry for transmission owners and transmission operator. The Commission based its paperwork burden estimates on the NERC compliance registry as of May 6, 2022. According to the registry, there are 326 transmission owners and 18 transmission operators not also registered as transmission owners. The estimate is based on a zero change in burden from the current standard to the standard approved in this Order. The Commission based the burden estimate on staff experience, knowledge, and expertise.
For the new Reliability Standard CIP-014-3, the burden for entities remains the same as they will still need to provide the same evidence to demonstrate compliance whether it is kept on-site or loaded electronically into the SEL. No comments were received that expressed a change in the manhour burden associated with the use of SEL.
Burden Estimates: The Commission estimates the changes in the annual public reporting burden and cost29 as indicated below:
FERC-725U: (Mandatory Reliability Standards: Reliability Standard CIP-014) Change in Burden |
||||||
|
Number of
Respondents30 |
Number of Responses per Respondent (2) |
Total Number of Responses (1)*(2)=(3) |
Average Burden Hours & Cost Per Response (4) |
Total Burden Hours & Total Cost (3)*(4)=(5) |
Average Cost per Respondent (5)÷(1) |
Change Annual Reporting and Recordkeeping |
344
|
1 |
344 |
32.71 hrs.; $2,845.77 |
11,252.24 hrs.; $978,944.88 |
$2,845.77
|
TOTAL FERC-725U
|
344 |
1 |
344 |
32.71 hrs.; $2,845.77 |
11,254.24 hrs.; $978,944.88 |
$2,845.77 |
Titles: FERC-725U, Mandatory Reliability Standards for the Bulk Power System; CIP Reliability Standards.
Action: Compliance update with no changes to Existing Collections of Information, FERC-725U.
OMB Control Nos: 1902-0274(FERC-725U).
Respondents: Business or other for profit, and not for profit institutions.
Frequency of Responses: On occasion.
Necessity of the Information: Reliability Standard CIP-014-3 (Physical Security) is part of the implementation of the Congressional mandate of the Energy Policy Act of 2005 to develop mandatory and enforceable Reliability Standards to better ensure the reliability of the nation’s Bulk Power system. Specifically, the revised standard only changes the how the evidence is stored.
Internal review: The Commission has reviewed NERC’s proposal and determined that its action is necessary to implement section 215 of the FPA.
Interested persons may obtain information on the reporting requirements by contacting the Federal Energy Regulatory Commission, Office of the Executive Director, 888 First Street, NE, Washington, DC 20426 [Attention: Ellen Brown, e-mail: [email protected], phone: (202) 502-8663].
All submissions must be formatted and filed in accordance with submission guidelines at: http://www.ferc.gov. For user assistance, contact FERC Online Support by e-mail at [email protected], or by phone at (866) 208-3676 (toll-free).
Comments concerning the information collections and requirements approved and associated burden estimates, should be sent to the Commission in this docket and may also be sent to the Office of Management and Budget, Office of Information and Regulatory Affairs [Attention: Desk Officer for the Federal Energy Regulatory Commission]. OMB submissions must be formatted and filed in accordance with submission guidelines at www.reginfo.gov/public/do/PRAMain. Using the search function under the “Currently Under Review” field, select Federal Energy Regulatory Commission; click “submit,” and select “comment” to the right of the subject collection.
Please refer to the appropriate OMB Control Number(s) 1902-0274(FERC-725U) in your submission.
In addition to publishing the full text of this document in the
Federal Register,
the Commission provides all interested
persons an opportunity to view and/or print
the contents of
this document via the Internet through the Commission's Home Page
(http://www.ferc.gov) and in the Commission's Public Reference Room
during normal business hours (8:30 a.m. to 5:00 p.m. Eastern time)
at 888 First Street, NE, Room 2A, Washington, DC 20426.
From the Commission’s Home Page on the Internet, this information is available on eLibrary. The full text of this document is available on eLibrary in PDF and Microsoft Word format for viewing, printing, and/or downloading. To access this document in eLibrary, type the docket number excluding the last three digits of this document in the docket number field.
User assistance is available for eLibrary and the Commission’s website during normal business hours from the Commission’s Online Support at (202) 502-6652 (toll free at 1-866-208-3676) or email at [email protected], or the Public Reference Room at (202) 502-8371, TTY (202) 502-8659. E-mail the Public Reference Room at [email protected].
The Commission orders:
Reliability Standard CIP-014-3 is hereby approved, as discussed in the body of this order.
By the Commission.
( S E A L )
Debbie-Anne A. Reese,
Deputy Secretary.
1 16 U.S.C. 824o(d)(1).
2 Id. 824o(e).
3
Rules Concerning Certification of the Elec. Reliability Org.; &
Procedures
for the Establishment, Approval, & Enforcement
of Elec. Reliability Standards, Order
No. 672, 114 FERC ¶
61,104, order on reh’g, Order No. 672-A, 71 FR 19814
(April 18, 2006),114 FERC ¶ 61,328 (2006).
4
N. Am. Elec. Reliability Corp., 116 FERC ¶ 61,062, order
on reh’g and compliance, 117 FERC ¶ 61,126 (2006),
aff’d sub nom. Alcoa, Inc. v. FERC,
564 F.3d 1342
(D.C. Cir. 2009).
5 NERC Reliability Standard CIP-014-2 (Physical Security), Purpose.
6 NERC Petition at 1. Section C.1.1.4., Additional Compliance Information states:
Confidentiality: To protect the confidentiality and sensitive nature of the evidence for demonstrating compliance with this standard, all evidence will be retained at the Transmission Owner’s and Transmission Operator’s facilities.
7 NERC Petition at 1.
8 Id. at 5-6.
9 Id.
10 Id. at 6.
11 EEI Comments at 1.
12 Id. at 5.
13 Id.
14 NERC Answer at 1.
15 Id. at 2-3.
16 Id. at 3-4.
17 Id. at 4.
18 EEI Answer at 2.
19 Id.
20 Id. at 2-3.
21 NERC Petition at 7; NERC Answer at 3.
22 NERC, Request of the North American Electric Reliability Corporation to expend funds to develop the ERO Enterprise Secure Evidence Locker, Docket No. RR19-8-001, at 4 (filed June 8, 2020) (NERC 2020 Filing); N. Am. Elec. Reliability Corp., Docket No. RR19-8-001 (June 22, 2020) (delegated order).
23 NERC 2020 Filing at 5.
24 NERC Answer at 2.
25 Id. at 2-3.
26 Id.
27 44 U.S.C. 3507(d).
28 5 CFR 1320 (2021).
29 FERC staff estimates that industry costs for salary plus benefits are similar to Commission costs. The FERC 2021 average salary plus benefits for one FERC full-time equivalent (FTE) is $180,703/year (or $87.00/hour) posted by the Bureau of Labor Statistics for the Utilities sector (available at https://www.bls.gov/oes/current/naics3_221000.htm).
30 The total number (344) of transmission owners (326) plus transmission operators (18) not also registered as owners, this represents the unique US entities (taken from data as of May 6, 2022).
File Type | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
File Modified | 0000-00-00 |
File Created | 2022-09-21 |