Download:
pdf |
pdf19124
Federal Register / Vol. 88, No. 61 / Thursday, March 30, 2023 / Notices
must file in accordance with Rules 211
and 214 of the Commission’s
Regulations (18 CFR 385.211 and
385.214) on or before 5:00 p.m. Eastern
time on the specified comment date.
Protests may be considered, but
intervention is necessary to become a
party to the proceeding.
The filings are accessible in the
Commission’s eLibrary system (https://
elibrary.ferc.gov/idmws/search/
fercgensearch.asp) by querying the
docket number.
eFiling is encouraged. More detailed
information relating to filing
requirements, interventions, protests,
service, and qualifying facilities filings
can be found at: http://www.ferc.gov/
docs-filing/efiling/filing-req.pdf. For
other information, call (866) 208–3676
(toll free). For TTY, call (202) 502–8659.
Dated: March 24, 2023.
Debbie-Anne A. Reese,
Deputy Secretary.
[FR Doc. 2023–06601 Filed 3–29–23; 8:45 am]
BILLING CODE 6717–01–P
DEPARTMENT OF ENERGY
Federal Energy Regulatory
Commission
[Docket No. RD23–3–000]
Commission Information Collection
Activities (FERC–725B(5)); Comment
Request; Extension
Federal Energy Regulatory
Commission, Department of Energy.
ACTION: Notice of information collection
and request for comments.
AGENCY:
In compliance with the
requirements of the Paperwork
Reduction Act of 1995, the Federal
Energy Regulatory Commission
(Commission or FERC) is soliciting
public comment on the currently
approved information collection, FERC–
725B(5), (Mandatory Reliability
Standards, Critical Infrastructure
Protection (CIP–003–9)—Temporary
Placeholder for FERC–725B that is
pending approval at OMB.
DATES: Comments on the collection of
information are due May 30, 2023.
ADDRESSES: You may submit copies of
your comments (identified by Docket
No. RD23–3–000) by one of the
following methods:
Electronic filing through http://
www.ferc.gov, is preferred.
• Electronic Filing: Documents must
be filed in acceptable native
applications and print-to-PDF, but not
in scanned or picture format.
• For those unable to file
electronically, comments may be filed
lotter on DSK11XQN23PROD with NOTICES1
SUMMARY:
VerDate Sep<11>2014
17:22 Mar 29, 2023
Jkt 259001
by USPS mail or by hand (including
courier) delivery:
Æ Mail via U.S. Postal Service Only:
Addressed to: Federal Energy
Regulatory Commission, Secretary of the
Commission, 888 First Street NE,
Washington, DC 20426.
Æ Hand (including courier) Delivery:
Deliver to: Federal Energy Regulatory
Commission, 12225 Wilkins Avenue,
Rockville, MD 20852.
Instructions: All submissions must be
formatted and filed in accordance with
submission guidelines at: http://
www.ferc.gov. For user assistance,
contact FERC Online Support by email
at [email protected], or by
phone at (866) 208–3676 (toll-free).
Docket: Users interested in receiving
automatic notification of activity in this
docket or in viewing/downloading
comments and issuances in this docket
may do so at http://www.ferc.gov.
FOR FURTHER INFORMATION CONTACT:
Ellen Brown may be reached by email
at [email protected], telephone
at (202) 502–8663.
SUPPLEMENTARY INFORMATION:
Title: FERC–725B(5) (Mandatory
Reliability Standards, Critical
Infrastructure Protection (CIP–003–9))—
Temporary Placeholder for FERC–725B
that is pending approval at OMB.
OMB Control No.: 1902–NEW.
Type of Request: New collection
request for FERC–725B(5)—temporary
placeholder for FERC–725B information
collection requirements with changes to
the reporting requirements.
Abstract: On August 8, 2005, Congress
enacted the Energy Policy Act of 2005.1
The Energy Policy Act of 2005 added a
new section 215 to the Federal Power
Act (FPA),2 which requires a
Commission-certified Electric
Reliability Organization to develop
mandatory and enforceable Reliability
Standards,3 including requirements for
cybersecurity protection, which are
subject to Commission review and
approval. Once approved, the Reliability
Standards may be enforced by the
Electric Reliability Organization subject
to Commission oversight, or the
1 Energy Policy Act of 2005, Public Law 109–58,
sec. 1261 et seq., 119 Stat. 594 (2005).
2 16 U.S.C. 824o.
3 Section 215 of the FPA defines Reliability
Standard as a requirement, approved by the
Commission, to provide for reliable operation of
existing bulk-power system facilities, including
cybersecurity protection, and the design of planned
additions or modifications to such facilities to the
extent necessary to provide for reliable operation of
the Bulk-Power System. However, the term does not
include any requirement to enlarge such facilities
or to construct new transmission capacity or
generation capacity. Id. at 824o(a)(3).
PO 00000
Frm 00074
Fmt 4703
Sfmt 4703
Commission can independently enforce
Reliability Standards.
On February 3, 2006, the Commission
issued Order No. 672,4 implementing
FPA section 215. The Commission
subsequently certified the North
American Electric Reliability
Corporation (NERC) as the Electric
Reliability Organization. The Reliability
Standards developed by NERC become
mandatory and enforceable after
Commission approval and apply to
users, owners, and operators of the
Bulk-Power System, as set forth in each
Reliability Standard.5 The CIP
Reliability Standards require entities to
comply with specific requirements to
safeguard bulk electric system (BES)
Cyber Systems 6 and their associated
BES Cyber Assets. These standards are
results-based and do not specify a
technology or method to achieve
compliance, instead leaving it up to the
entity to decide how best to comply.
The Commission has approved
multiple versions of the CIP Reliability
Standards submitted by NERC, partly to
address the evolving nature of cyberrelated threats to the Bulk-Power
System. High impact systems include
large control centers. Medium impact
systems include smaller control centers,
ultra-high voltage transmission, and
large substations and generating
4 Rules Concerning Certification of the Elec.
Reliability Org.; and Procedures for the
Establishment, Approval, and Enf’t of Elec.
Reliability Standards, Order No. 672, 71 FR 8661
(Feb. 17, 2006), 114 FERC ¶ 61,104, order on reh’g,
Order No. 672–A, 71 FR 19814 (Apr. 28, 2006), 114
FERC ¶ 61,328 (2006).
5 NERC uses the term ‘‘registered entity’’ to
identify users, owners, and operators of the BulkPower System responsible for performing specified
reliability functions with respect to NERC
Reliability Standards. See, e.g., Version 4 Critical
Infrastructure Protection Reliability Standards,
Order No. 761, 77 FR 24594 (Apr. 25, 2012), 139
FERC ¶ 61,058, at P 46, order denying clarification
and reh’g, 140 FERC ¶ 61,109 (2012). Within the
NERC Reliability Standards are various subsets of
entities responsible for performing various specified
reliability functions. We collectively refer to these
as ‘‘entities.’’
6 NERC defines BES Cyber System as ‘‘[o]ne or
more BES Cyber Assets logically grouped by a
responsible entity to perform one or more reliability
tasks for a functional entity.’’ NERC, Glossary of
Terms Used in NERC Reliability Standards, at 5
(2020), https://www.nerc.com/files/glossary_of_
terms.pdf (NERC Glossary of Terms). NERC defines
BES Cyber Asset as
A Cyber Asset that if rendered unavailable,
degraded, or misused would, within 15 minutes of
its required operation, mis-operation, or nonoperation, adversely impact one or more Facilities,
systems, or equipment, which, if destroyed,
degraded, or otherwise rendered unavailable when
needed, would affect the reliable operation of the
Bulk Electric System. Redundancy of affected
Facilities, systems, and equipment shall not be
considered when determining adverse impact. Each
BES Cyber Asset is included in one or more BES
Cyber Systems.
Id. at 4.
E:\FR\FM\30MRN1.SGM
30MRN1
Federal Register / Vol. 88, No. 61 / Thursday, March 30, 2023 / Notices
facilities. The remainder of the BES
Cyber Systems are categorized as low
impact systems. Most requirements in
the CIP Reliability Standards apply to
high and medium impact systems;
however, a technical controls
requirement in Reliability standard CIP–
003, described below, applies only to
low impact systems.
The Commission is currently revising
CIP–003 on this submission of Docket
No. RD23–3–000 to update CIP–003–8
to CIP–003–9. The FERC–725B
information collection requirements are
subject to review by the Office of
Management and Budget (OMB) under
section 3507(d) of the Paperwork
Reduction Act of 1995.7 OMB’s
regulations require approval of certain
information collection requirements
imposed by agency rules.8 Upon
approval of a collection of information,
OMB will assign an OMB control
number and expiration date.
Respondents subject to the filing
requirements will not be penalized for
failing to respond to these collections of
information unless the collections of
information display a valid OMB
control number. The Commission
solicits comments on the Commission’s
need for this information, whether the
information will have practical utility,
the accuracy of the burden estimates,
ways to enhance the quality, utility, and
clarity of the information to be collected
or retained, and any suggested methods
for minimizing respondents’ burden,
including the use of automated
information techniques.
Reliability Standard CIP–003–9
Security Management Controls: requires
entities to specify consistent and
sustainable security management
controls that establish responsibility
and accountability to protect BES Cyber
Systems against compromise that could
lead to mis-operation or instability on
the Bulk-Power System. Specifically,
the Reliability Standard CIP–003–9 is
revised to add requirements for entities
to adopt mandatory security controls for
vendor electronic remote access used at
low impact BES Cyber Systems. It is
part of the implementation of the
Congressional mandate of the Energy
Policy Act of 2005 to develop
mandatory and enforceable Reliability
Standards to better ensure the reliability
of the nation’s Bulk-Power System.
Type of Respondents: Business or
other for profit, and not for profit
institutions.
Estimate of Annual Burden: 9
The Commission bases its paperwork
burden estimates on the changes in
19125
paperwork burden presented by the
proposed revision to CIP Reliability
Standard CIP–003–9 as compared to the
current Commission-approved
Reliability Standard CIP–003–8. As
discussed above, the immediate order
addresses the area of modification to the
CIP Reliability Standards: adopting
mandatory security controls for vendor
electronic remote access used at low
impact BES Cyber Systems.
The CIP Reliability Standards, viewed
as a whole, implement a defense-indepth approach to protecting the
security of BES Cyber Systems at all
impact levels.10 The CIP Reliability
Standards are objective-based and allow
entities to choose compliance
approaches best tailored to their
systems.11 The NERC Compliance
Registry, as of January 4, 2023, identifies
approximately 1,592 U.S. entities that
are subject to mandatory compliance
with Reliability Standards. Of this total,
we estimate that 1,579 entities will face
an increased paperwork burden under
Reliability Standard CIP 003–9,
estimating that a majority of these
entities will have one or more low
impact BES Cyber Systems. Based on
these assumptions, the Commission
estimates the total annual burden and
cost as follows:
RD23–3–000 COMMISSION ORDER
[Mandatory Reliability Standards for Critical Infrastructure Protection Reliability Standards CIP–003–9]
Number of
respondents
Annual
number of
responses per
respondent
Total
number of
responses
Average burden &
cost per response 12
Total annual burden
hours & total annual cost
Cost per
respondent
($)
(1)
(2)
(1) * (2) = (3)
(4)
(3) * (4) = (5)
(5) ÷ (1)
Create vendor remote access policy (onetime) 13.
Updates and reviews of vendor remote access policy (ongoing).
1,579
1
1,579
60 hrs.; $5,340 .........
94,740 hrs.; $8,431,860 ..
$5,340
1,579
1
1,579
3.5 hrs.; $311.50 ......
5,527 hrs. (rounded);
$491,903.
311.50
Total burden for FERC–725B(5) under
CIP–003–9.
........................
........................
3,158
...................................
100,267 hrs.; $8,923,763
The one-time burden of 94,740 hours
that only applies for Year 1 will be
averaged over three years (94,740 hours
÷ 3 = 31,580 hours/year over three
years). The number of responses is also
averaged over three years (1,579
responses ÷ 3 = 526.33 responses/year).
The ongoing burden of 5,527 hours/
year applies for only Years 2 and
7 44
U.S.C. 3507(d) (2012).
CFR 1320.11 (2017).
9 ‘‘Burden’’ is the total time, effort, or financial
resources expended by persons to generate,
maintain, retain, or disclose or provide information
to or for a Federal agency. For further explanation
of what is included in the information collection
burden, refer to Title 5 Code of Federal Regulations
1320.3.
10 Order No. 822, 154 FERC ¶ 61,037 at 32.
lotter on DSK11XQN23PROD with NOTICES1
85
VerDate Sep<11>2014
17:22 Mar 29, 2023
Jkt 259001
........................
beyond (5,527 hours (Year 2) + 5,527
hours (Year 3) ÷ 3 = 5,527 hours.
Similarly, the number of responses is
also averaged over three years ((1,579
responses (Year 2) + 1,579 (Year 3)) ÷ 3
= 1,57914).
The responses and burden hours for
Years 1–3 will total respectively as
follows for Year 1 one-time burden:
Year 1: 526.33 responses; 31,580 hours
Year 2: 526.33 responses; 31,580 hours
Year 3: 526.33 responses; 31,580 hours
11 Mandatory Reliability Standards for Critical
Infrastructure Protection, Order No. 706, 73 FR
7368 (Feb. 7, 2008), 122 FERC ¶ 61,040, at P 72
(2008); order on reh’g, Order No. 706–A, 123 FERC
¶ 61,174 (2008); order on clarification, Order No.
706–B, 126 FERC ¶ 61,229 (2009).
12 The loaded hourly wage figure (includes
benefits) is based on the average of three
occupational categories for 2022 found on the
Bureau of Labor Statistics website (http://
www.bls.gov/oes/current/naics2_22.htm):
Legal (Occupation Code: 23–0000): $145.35.
Electrical Engineer (Occupation Code: 17–2071):
$77.02.
Office and Administrative Support (Occupation
Code: 43–0000): $43.62 ($145.35 + $77.02 + $43.62)
÷ 3 = $88.66. The figure is rounded to $89.00 for
use in calculating wage figures in this Commission
Order.
13 This one-time burden applies in Year One only.
PO 00000
Frm 00075
Fmt 4703
Sfmt 4703
The responses and burden hours for
Years 1–3 will total respectively as
follows for Ongoing and beyond: 1,579
responses and 5,527 hours
E:\FR\FM\30MRN1.SGM
30MRN1
19126
Federal Register / Vol. 88, No. 61 / Thursday, March 30, 2023 / Notices
The following shows the annual cost
burden for each group, based on the
burden hours in the table above:
• Year 1: $8,431,860 (Onetime)
• Years 2 and 3: $491,903 (Ongoing)
The paperwork burden estimate
includes costs associated with the initial
development of a policy to address
requirements relating to: (1) clarifying
the obligations pertaining to electronic
access control for low impact BES Cyber
Systems; (2) adopting mandatory
security controls for transient electronic
devices (e.g., thumb drives, laptop
computers, and other portable devices
frequently connected to and
disconnected from systems) used at low
impact BES Cyber Systems; and (3)
requiring responsible entities to have a
policy for declaring and responding to
CIP Exceptional Circumstances related
to low impact BES Cyber Systems.
Further, the estimate reflects the
assumption that costs incurred in year
1 will pertain to policy development,
while costs in years 2 and 3 will reflect
the burden associated with maintaining
logs and other records to demonstrate
ongoing compliance.
Comments: Comments are invited on:
(1) whether the collection of
information is necessary for the proper
performance of the functions of the
Commission, including whether the
information will have practical utility;
(2) the accuracy of the agency’s estimate
of the burden and cost of the collection
of information, including the validity of
the methodology and assumptions used;
(3) ways to enhance the quality, utility
and clarity of the information collection;
and (4) ways to minimize the burden of
the collection of information on those
who are to respond, including the use
of automated collection techniques or
other forms of information technology.
Federal Energy Regulatory
Commission, Department of Energy.
In compliance with the
requirements of the Paperwork
Reduction Act of 1995, the Federal
Energy Regulatory Commission
(Commission or FERC) is soliciting
public comment on the currently
approved information collection, FERC
Form No. 73, (Oil Pipeline Service Life
Data), which will be submitted to the
Office of Management and Budget
(OMB) for review. No Comments were
received on the 60-day notice published
on January 19, 2023.
DATES: Comments on the collection of
information are due May 1, 2023.
ADDRESSES: Send written comments on
FERC–73 to OMB through
www.reginfo.gov/public/do/PRAMain.
Attention: Federal Energy Regulatory
Commission Desk Officer. Please
identify the OMB Control Number
(1902–0019) in the subject line of your
comments. Comments should be sent
within 30 days of publication of this
notice to www.reginfo.gov/public/do/
PRAMain.
Please submit copies of your
comments to the Commission. You may
submit copies of your comments
(identified by Docket No. IC23–4–000)
by one of the following methods:
Electronic filing through https://
www.ferc.gov, is preferred.
• Electronic Filing: Documents must
be filed in acceptable native
applications and print-to-PDF, but not
in scanned or picture format.
• For those unable to file
electronically, comments may be filed
by USPS mail or by hand (including
courier) delivery.
Æ Mail via U.S. Postal Service Only:
Addressed to: Federal Energy
Regulatory Commission, Secretary of the
Commission, 888 First Street NE,
Washington, DC 20426.
Æ Hand (including courier) delivery:
Deliver to: Federal Energy Regulatory
Commission, Secretary of the
Commission, 12225 Wilkins Avenue,
Rockville, MD 20852.
Instructions: OMB submissions must
be formatted and filed in accordance
with submission guidelines at
www.reginfo.gov/public/do/PRAMain.
Using the search function under the
‘‘Currently Under Review’’ field, select
Federal Energy Regulatory Commission;
click ‘‘submit,’’ and select ‘‘comment’’
to the right of the subject collection.
FERC submissions must be formatted
and filed in accordance with submission
1 ‘‘Burden’’ is the total time, effort, or financial
resources expended by persons to generate,
maintain, retain, or disclose or provide information
to or for a Federal agency. For further explanation
Dated: March 24, 2023.
Debbie-Anne A. Reese,
Deputy Secretary.
[FR Doc. 2023–06600 Filed 3–29–23; 8:45 am]
BILLING CODE 6717–01–P
DEPARTMENT OF ENERGY
Federal Energy Regulatory
Commission
[Docket No. IC23–4–000]
lotter on DSK11XQN23PROD with NOTICES1
Notice of information collection
and request for comments.
ACTION:
Commission Information Collection
Activities (FERC–73) Comment
Request; Extension
AGENCY:
VerDate Sep<11>2014
17:22 Mar 29, 2023
Jkt 259001
SUMMARY:
PO 00000
Frm 00076
Fmt 4703
Sfmt 4703
guidelines at: https://www.ferc.gov. For
user assistance, contact FERC Online
Support by email at ferconlinesupport@
ferc.gov, or by phone at: (866) 208–3676
(toll-free).
Docket: Users interested in receiving
automatic notification of activity in this
docket or in viewing/downloading
comments and issuances in this docket
may do so at https://www.ferc.gov/ferconline/overview.
FOR FURTHER INFORMATION CONTACT:
Ellen Brown may be reached by email
at [email protected], telephone
at (202) 502–8663.
SUPPLEMENTARY INFORMATION:
Title: FERC Form No. 73, Oil Pipeline
Service Life Data.
OMB Control No.: 1902–0019.
Type of Request: Three-year extension
of the FERC Form No. 73 information
collection requirements with no changes
to the current reporting requirements.
Abstract: The Commission collects
FERC Form No. 73 information as part
of its authority under the Interstate
Commerce Act, 49 U.S.C. 60501, et al.
FERC Form No. 73 contains necessary
information for the review of oil
pipeline companies’ proposed
depreciation rates, as regulated entities
are required to provide service life data
illustrating the remaining physical life
of an oil pipeline’s properties. This is
used to calculate the company’s cost of
service and its transportation rates to
access customers. The Commission
implements these filing reviews under
the purview of 18 CFR part 357.3, FERC
Form No. 73, Oil Pipeline Data for
Depreciation Analysis, and 18 CFR part
347. Parts 357.3 and 347 require an oil
pipeline company to submit information
under FERC Form No. 73 when: (1)
requesting approval for new or changed
depreciation rates of an oil pipeline; or
(2) being directed by the Commission to
file the service life data during an
investigation of its book depreciation
rates.
Type of Respondent: Oil pipeline
companies.
Estimate of Annual Burden:1
The Commission estimates the annual
public reporting burden for the
information collection as below:
of what is included in the information collection
burden, refer to 5 CFR 1320.3.
E:\FR\FM\30MRN1.SGM
30MRN1
File Type | application/pdf |
File Modified | 2023-04-26 |
File Created | 2023-04-27 |