Commission Information Collection Activities (FERC-725b) Comment Request; Errata Notice, 62159-62162 [2021-24475]
Download as PDF
<![CDATA[
Federal Register / Vol. 86, No. 214 / Tuesday, November 9, 2021 / Notices
for open access transmission by third
parties.
Procedural Matters: Any person
desiring to be heard in this proceeding
should file a comment or protest to the
Application at the address provided
above. Protests should be filed in
accordance with Rule 211 of the Federal
Energy Regulatory Commission’s (FERC)
Rules of Practice and Procedure (18 CFR
385.211). Any person desiring to
become a party to this proceeding
should file a motion to intervene at the
above address in accordance with FERC
Rule 214 (18 CFR 385.214).
Comments and other filings
concerning SPP’s application to export
electric energy to Canada should be
clearly marked with OE Docket No. EA–
434–A. Additional copies are to be
provided directly to Joseph W.
Ghormley, 201 Worthen Drive, Little
Rock, AR 72223, jghormley@spp.org;
Matthew J. Binette, 1200 G Street NW,
Suite 600, Washington, DC 20005,
binette@wrightlaw.com; Victoria M.
Lauterbach, 1200 G Street NW, Suite
600, Washington, DC 20005,
lauterbach@wrightlaw.com; and Uju
Okasi, 1200 G Street NW, Suite 600,
Washington, DC 20005, okasi@
wrightlaw.com.
A final decision will be made on the
requested authorization after the
environmental impacts have been
evaluated pursuant to DOE’s National
Environmental Policy Act Implementing
Procedures (10 CFR part 1021) and after
DOE evaluates whether the proposed
action will have an adverse impact on
the sufficiency of supply or the
reliability of the U.S. electric power
supply system.
Copies of the Application will be
made available, upon request, by
accessing the program website at https://
energy.gov/node/11845, or by emailing
Matt Aronoff at matthew.aronoff@
hq.doe.gov.
Signed in Washington, DC, on November 4,
2021.
Christopher Lawrence,
Management and Program Analyst, Electricity
Delivery Division, Office of Electricity.
[FR Doc. 2021–24465 Filed 11–8–21; 8:45 am]
BILLING CODE 6450–01–P
jspears on DSK121TN23PROD with NOTICES1
DEPARTMENT OF ENERGY
Federal Energy Regulatory
Commission
[Docket No. ID–9320–000]
Starheim, Gregory J.; Notice of Filing
Take notice that on November 2,
2021, Gregory J. Starheim submitted for
filing, application for authority to hold
VerDate Sep<11>2014
17:00 Nov 08, 2021
Jkt 256001
interlocking positions, pursuant to
section 305(b) of the Federal Power Act,
16 U.S.C. 825d (b) and Part 45.8 of the
Federal Energy Regulatory
Commission’s (Commission) Rules of
Practice and Procedure, 18 CFR part
45.8.
Any person desiring to intervene or to
protest this filing must file in
accordance with Rules 211 and 214 of
the Commission’s Rules of Practice and
Procedure (18 CFR 385.211, 385.214).
Protests will be considered by the
Commission in determining the
appropriate action to be taken but will
not serve to make protestants parties to
the proceeding. Any person wishing to
become a party must file a notice of
intervention or motion to intervene, as
appropriate. Such notices, motions, or
protests must be filed on or before the
comment date. On or before the
comment date, it is not necessary to
serve motions to intervene or protests
on persons other than the Applicant.
In addition to publishing the full text
of this document in the Federal
Register, the Commission provides all
interested persons an opportunity to
view and/or print the contents of this
document via the internet through the
Commission’s Home Page (https://
www.ferc.gov) using the ‘‘eLibrary’’ link.
Enter the docket number excluding the
last three digits in the docket number
field to access the document. At this
time, the Commission has suspended
access to the Commission’s Public
Reference Room, due to the
proclamation declaring a National
Emergency concerning the Novel
Coronavirus Disease (COVID–19), issued
by the President on March 13, 2020. For
assistance, contact the Federal Energy
Regulatory Commission at
FERCOnlineSupport@ferc.gov or call
toll-free, (886) 208–3676 or TYY, (202)
502–8659.
The Commission strongly encourages
electronic filings of comments, protests
and interventions in lieu of paper using
the ‘‘eFiling’’ link at https://
www.ferc.gov. Persons unable to file
electronically may mail similar
pleadings to the Federal Energy
Regulatory Commission, 888 First Street
NE, Washington, DC 20426. Hand
delivered submissions in docketed
proceedings should be delivered to
Health and Human Services, 12225
Wilkins Avenue, Rockville, Maryland
20852.
Comment Date: 5:00 p.m. Eastern
Time on November 23, 2021.
PO 00000
Frm 00019
Fmt 4703
Sfmt 4703
62159
Dated: November 2, 2021.
Kimberly D. Bose,
Secretary.
[FR Doc. 2021–24399 Filed 11–8–21; 8:45 am]
BILLING CODE 6717–01–P
DEPARTMENT OF ENERGY
Federal Energy Regulatory
Commission
[Docket No. IC21–26–000]
Commission Information Collection
Activities (FERC–725b) Comment
Request; Errata Notice
Federal Energy Regulatory
Commission, Department of Energy.
ACTION: Errata and request for
comments.
AGENCY:
In compliance with the
requirements of the Paperwork
Reduction Act of 1995, the Federal
Energy Regulatory Commission
(Commission or FERC) is soliciting
public comment on the currently
approved information collection, FERC–
725B, (Mandatory Reliability Standards,
Critical Infrastructure Protection (CIP).
This notice corrects the 30-day notice
published on September 14, 2021 (86 FR
51131) adjusting the estimates in the
burden table.
DATES: Comments on the collection of
information are due December 9, 2021.
ADDRESSES: Send written comments on
FERC–725B to OMB through
www.reginfo.gov/public/do/PRAMain.
Attention: Federal Energy Regulatory
Commission Desk Officer. Please
identify the OMB Control Number
(1902–0248) in the subject line of your
comments. Comments should be sent
within 30 days of publication of this
notice to www.reginfo.gov/public/do/
PRAMain.
Please submit copies of your
comments to the Commission. You may
submit copies of your comments
(identified by Docket No. IC21–26–000)
by one of the following methods:
Electronic filing through https://
www.ferc.gov, is preferred.
• Electronic Filing: Documents must
be filed in acceptable native
applications and print-to-PDF, but not
in scanned or picture format.
• For those unable to file
electronically, comments may be filed
by USPS mail or by hand (including
courier) delivery.
Æ Mail via U.S. Postal Service Only:
Addressed to: Federal Energy
Regulatory Commission, Secretary of the
Commission, 888 First Street NE,
Washington, DC 20426.
SUMMARY:
E:\FR\FM\09NON1.SGM
09NON1
62160
Federal Register / Vol. 86, No. 214 / Tuesday, November 9, 2021 / Notices
jspears on DSK121TN23PROD with NOTICES1
Æ Hand (including courier) delivery:
Deliver to: Federal Energy Regulatory
Commission, 12225 Wilkins Avenue,
Rockville, MD 20852.
Instructions: OMB submissions must
be formatted and filed in accordance
with submission guidelines at
www.reginfo.gov/public/do/PRAMain.
Using the search function under the
‘‘Currently Under Review’’ field, select
Federal Energy Regulatory Commission;
click ‘‘submit,’’ and select ‘‘comment’’
to the right of the subject collection.
FERC submissions must be formatted
and filed in accordance with submission
guidelines at: https://www.ferc.gov. For
user assistance, contact FERC Online
Support by email at ferconlinesupport@
ferc.gov, or by phone at: (866) 208–3676
(toll-free).
Docket: Users interested in receiving
automatic notification of activity in this
docket or in viewing/downloading
comments and issuances in this docket
may do so at https://www.ferc.gov/ferconline/overview.
FOR FURTHER INFORMATION CONTACT:
Ellen Brown may be reached by email
at DataClearance@FERC.gov, telephone
at (202) 502–8663.
SUPPLEMENTARY INFORMATION:
Title: FERC–725B (Mandatory
Reliability Standards, Critical
Infrastructure Protection (CIP)).
OMB Control No.: 1902–0248.
Type of Request: Three-year extension
of the FERC–725B information
collection requirements with no changes
to the reporting requirements.
Abstract: On August 8, 2005, Congress
enacted the Energy Policy Act of 2005.1
The Energy Policy Act of 2005 added a
new section 215 to the FPA,2 which
requires a Commission-certified Electric
Reliability Organization to develop
mandatory and enforceable Reliability
Standards,3 including requirements for
cybersecurity protection, which are
subject to Commission review and
approval. Once approved, the Reliability
1 Energy Policy Act of 2005, Public Law 109–58,
sec. 1261 et seq., 119 Stat. 594 (2005).
2 16 U.S.C. 824o.
3 FPA section 215 defines Reliability Standard as
a requirement, approved by the Commission, to
provide for reliable operation of existing bulkpower system facilities, including cybersecurity
protection, and the design of planned additions or
modifications to such facilities to the extent
necessary to provide for reliable operation of the
Bulk-Power System. However, the term does not
include any requirement to enlarge such facilities
or to construct new transmission capacity or
generation capacity. Id. at 824o(a)(3).
VerDate Sep<11>2014
17:00 Nov 08, 2021
Jkt 256001
Standards may be enforced by the
Electric Reliability Organization subject
to Commission oversight, or the
Commission can independently enforce
Reliability Standards.
On February 3, 2006, the Commission
issued Order No. 672,4 implementing
FPA section 215. The Commission
subsequently certified NERC as the
Electric Reliability Organization. The
Reliability Standards developed by
NERC become mandatory and
enforceable after Commission approval
and apply to users, owners, and
operators of the Bulk-Power System, as
set forth in each Reliability Standard.5
The CIP Reliability Standards require
entities to comply with specific
requirements to safeguard critical cyber
assets. These standards are results-based
and do not specify a technology or
method to achieve compliance, instead
leaving it up to the entity to decide how
best to comply.
On January 18, 2008, the Commission
issued Order No. 706,6 approving the
initial eight CIP Reliability Standards,
CIP version 1 Standards, submitted by
NERC. Subsequently, the Commission
has approved multiple versions of the
CIP Reliability Standards submitted by
NERC, partly to address the evolving
nature of cyber-related threats to the
Bulk-Power System. On November 22,
2013, the Commission issued Order No.
791,7 approving CIP version 5
Standards, the last major revision to the
CIP Reliability Standards. The CIP
version 5 Standards implement a tiered
approach to categorize assets,
identifying them as high, medium, or
low risk to the operation of the Bulk
4 Rules Concerning Certification of the Elec.
Reliability Org.; and Procedures for the
Establishment, Approval, and Enf’t of Elec.
Reliability Standards, Order No. 672, 71 FR 8661
(Feb. 17, 2006), 114 FERC ¶ 61,104, order on reh’g,
Order No. 672–A, 71 FR 19814 (Apr. 28, 2006), 114
FERC ¶ 61,328 (2006).
5 NERC uses the term ‘‘registered entity’’ to
identify users, owners, and operators of the BulkPower System responsible for performing specified
reliability functions with respect to NERC
Reliability Standards. See, e.g., Version 4 Critical
Infrastructure Protection Reliability Standards,
Order No. 761, 77 FR 24594 (Apr. 25, 2012), 139
FERC ¶ 61,058, at P 46, order denying clarification
and reh’g, 140 FERC ¶ 61,109 (2012). Within the
NERC Reliability Standards are various subsets of
entities responsible for performing various specified
reliability functions. We collectively refer to these
as ‘‘entities.’’
6 Order No. 706, 122 FERC ¶ 61,040 at P 1.
7 Version 5 Critical Infrastructure Protection
Reliability Standards, Order No. 791, 78 FR 72755
(Dec. 13, 2013), 145 FERC ¶ 61,160 (2013), order on
reh’g, Order No. 791–A, 146 FERC ¶ 61,188 (2014).
PO 00000
Frm 00020
Fmt 4703
Sfmt 4703
Electric System (BES) 8 if compromised.
High impact systems include large
control centers. Medium impact systems
include smaller control centers, ultrahigh voltage transmission, and large
substations and generating facilities.
The remainder of the BES Cyber
Systems 9 are categorized as low impact
systems. Most requirements in the CIP
Reliability Standards apply to high and
medium impact systems; however, a
technical controls requirement in
Reliability standard CIP–003, described
below, applies only to low impact
systems. Since 2013, the Commission
has approved new and modified CIP
Reliability Standards that address
specific issues such as supply chain risk
management, cyber incident reporting,
communications between control
centers, and the physical security of
critical transmission facilities.10
8 In general, NERC defines BES to include all
Transmission Elements operated at 100 kV or
higher and Real Power and Reactive Power
resources connected at 100 kV or higher. This does
not include facilities used in the local distribution
of electric energy. See NERC, Bulk Electric System
Definition Reference Document, Version 3, at page
iii (August 2018). In Order No. 693, the Commission
found that NERC’s definition of BES is narrower
than the statutory definition of Bulk-Power System.
The Commission decided to rely on the NERC
definition of BES to provide certainty regarding the
applicability of Reliability Standards to specific
entities. See Mandatory Reliability Standards for
the Bulk-Power System, Order No. 693, 72 FR 16415
(Apr. 4, 2007), 118 FERC ¶ 61,218, at PP 75, 79, 491,
order on reh’g, Order No. 693–A, 72 FR 49717 (July
25, 2007), 120 FERC ¶ 61,053 (2007).
9 NERC defines BES Cyber System as ‘‘[o]ne or
more BES Cyber Assets logically grouped by a
responsible entity to perform one or more reliability
tasks for a functional entity.’’ NERC, Glossary of
Terms Used in NERC Reliability Standards, at 5
(2020), https://www.nerc.com/files/glossary_of_
terms.pdf (NERC Glossary of Terms). NERC defines
BES Cyber Asset as
A Cyber Asset that if rendered unavailable,
degraded, or misused would, within 15 minutes of
its required operation, mis-operation, or nonoperation, adversely impact one or more Facilities,
systems, or equipment, which, if destroyed,
degraded, or otherwise rendered unavailable when
needed, would affect the reliable operation of the
Bulk Electric System. Redundancy of affected
Facilities, systems, and equipment shall not be
considered when determining adverse impact. Each
BES Cyber Asset is included in one or more BED
Cyber Systems.
Id. at 4.
10 See, e.g., Order No. 791, 78 FR 72755; Revised
Critical Infrastructure Protection Reliability
Standards, Order No. 822, 81 FR 4177 (Jan. 26,
2016), 154 FERC ¶ 61,037, reh’g denied, Order No.
822–A, 156 FERC ¶ 61,052 (2016); Revised Critical
Infrastructure Protection Reliability Standard CIP–
003–7—Cyber Security—Security Management
Controls, Order No. 843, 163 FERC ¶ 61,032 (2018).
E:\FR\FM\09NON1.SGM
09NON1
Federal Register / Vol. 86, No. 214 / Tuesday, November 9, 2021 / Notices
The CIP Reliability Standards
currently consist of 13 standards
specifying a set of requirements that
entities must follow to ensure the cyber
and physical security of the Bulk-Power
System.
• CIP–002–5.1a Bulk Electric
System Cyber System Categorization:
Requires entities to identify and
categorize BES Cyber Assets for the
application of cyber security
requirements commensurate with the
adverse impact that loss, compromise,
or misuse of those BES Cyber Systems
could have on the reliable operation of
the BES.
• CIP–003–8 Security Management
Controls: Requires entities to specify
consistent and sustainable security
management controls that establish
responsibility and accountability to
protect BES Cyber Systems against
compromise that could lead to misoperation or instability in the BES.
• CIP–004–6 Personnel and
Training: Requires entities to minimize
the risk against compromise that could
lead to mis-operation or instability in
the BES from individuals accessing BES
Cyber Systems by requiring an
appropriate level of personnel risk
assessment, training, and security
awareness in support of protecting BES
Cyber Systems.
• CIP–005–6 Electronic Security
Perimeter(s): Requires entities to
manage electronic access to BES Cyber
Systems by specifying a controlled
Electronic Security Perimeter in support
of protecting BES Cyber Systems against
compromise that could lead to misoperation or instability in the BES.
62161
• CIP–011–2 Information Protection:
Requires entities to prevent
unauthorized access to BES Cyber
System Information by specifying
information protection requirements in
support of protecting BES Cyber
Systems against compromise that could
lead to mis-operation or instability in
the BES.
• CIP–012–1 Communications
between Control Centers: 11 Requires
entities to protect the confidentiality
and integrity of Real-time Assessment
and Real-time monitoring data
transmitted between Control Centers.
• CIP–013–1 Supply Chain Risk
Management: Requires entities to
mitigate cybersecurity risks to the
reliable operation of the BES by
implementing security controls for
supply chain risk management of BES
Cyber Systems.
• CIP–014–2 Physical Security:
Requires the Transmission Owner to
perform a risk assessment, consisting of
a transmission analysis, to determine
which of those Transmission stations
and Transmission Substations and
conduct an assessment of potential
threats and vulnerabilities to those
Transmission stations, Transmission
substations, and primary control centers
using a tailored evaluation process.
The CIP Reliability Standards, viewed
as a whole, implement a defense-indepth approach to protecting the
security of BES Cyber Systems at all
impact levels.12 The CIP Reliability
Standards are objective-based and allow
entities to choose compliance
approaches best tailored to their
systems.13
• CIP–006–6 Physical Security of
Bulk Electric System Cyber Systems:
Requires entities to manage physical
access to BES Cyber Systems by
specifying a physical security plan in
support of protecting BES Cyber
Systems against compromise that could
lead to mis-operation or instability in
the BES.
• CIP–007–6 System Security
Management: Requires entities to
manage system security by specifying
select technical, operational, and
procedural requirements in support of
protecting BES Cyber Systems against
compromise that could lead to misoperation or instability in the BES.
• CIP–008–6 Incident Reporting and
Response Planning: Requires entities to
mitigate the risk to the reliable
operation of the BES as the result of a
cybersecurity incident by specifying
incident response requirements.
• CIP–009–6 Recovery Plans for
Bulk Electric System Cyber Systems:
Requires entities to recover reliability
functions performed by BES Cyber
Systems by specifying recovery plan
requirements in support of the
continued stability, operability, and
reliability of the BES.
• CIP–010–3 Configuration Change
Management and Vulnerability
Assessments: Requires entities to
prevent and detect unauthorized
changes to BES Cyber Systems by
specifying configuration change
management and vulnerability
assessment requirements in support of
protecting BES Cyber Systems from
compromise that could lead to misoperation or instability in the BES.
FERC–725B—(MANDATORY RELIABILITY STANDARDS FOR CRITICAL INFRASTRUCTURE PROTECTION [CIP] RELIABILITY
STANDARDS) AFTER ADDING FILERS FROM CYBERSECURITY INCENTIVES INVESTMENT ACTIVITY
[Submitted as a separate IC within FERC–725B]
jspears on DSK121TN23PROD with NOTICES1
CIP–002–5.1 .......................
CIP–003–8 ..........................
CIP–004–6
CIP–005–7
CIP–006–6
CIP–007–6
CIP–008–6
CIP–009–6
CIP–010–3
CIP–011–2
CIP–012–1
..........................
..........................
..........................
..........................
..........................
..........................
..........................
..........................
..........................
Number and
type of
respondent 14
Annual
number of
responses per
respondent
Total number
of responses
Average burden per response
(hours) 15 and cost per
response
Total annual burden
(hours) and total annual
cost 16
($)
(1)
(2)
(1) * (2) = (3)
(4)
(3) * (4) = (5)
29,840 hrs.; $2,536,996.8.
363,440.04 hrs.;
$30,899,672.20.
193,795 hrs.; $16,476,450.90.
180,075 hrs.; $15,309,976.50.
79,576 hrs.; $6,765,551.52.
713,440 hrs.; $60,656,668.80.
36,288 hrs.; $3,085,205.76.
55,566 hrs.; $4,724,221.32.
401,996 hrs.; $34,177,699.92.
29,498 hrs.; $2,507,919.96.
62,025.08 hrs.;
$5,273,372.30.
17 1,492
1,492
1
156.149
1,492
232,974.387
20 hrs.; $1,700.40 ..................
1.56 hrs.; $132.63 ..................
343
343
343
343
343
343
343
343
18 724
1
1
1
1
8
1
1
1
1
343
343
343
343
2744
343
343
343
724
565 hrs.; $48,036.30 ..............
525 hrs.; $44,635.50 ..............
232 hrs.; $19,724.64 ..............
2,080 hrs.; $176,841.60 .........
13.225 hrs.; $1,124.39 ...........
162 hrs.; $13,773.24 ..............
1,172 hrs.; $99,643.44 ...........
86 hrs.; $7,311.72 ..................
85.67 hrs.; $7,283.66 .............
11 CIP–012–1: Communications between Control
Centers will be subject to enforcement by July 1,
2022.
VerDate Sep<11>2014
17:49 Nov 08, 2021
Jkt 256001
12
13
PO 00000
Order No. 822, 154 FERC ¶ 61,037 at 32.
Order No. 706, 122 FERC ¶ 61,040 at 72.
Frm 00021
Fmt 4703
Sfmt 4703
E:\FR\FM\09NON1.SGM
09NON1
62162
Federal Register / Vol. 86, No. 214 / Tuesday, November 9, 2021 / Notices
FERC–725B—(MANDATORY RELIABILITY STANDARDS FOR CRITICAL INFRASTRUCTURE PROTECTION [CIP] RELIABILITY
STANDARDS) AFTER ADDING FILERS FROM CYBERSECURITY INCENTIVES INVESTMENT ACTIVITY—Continued
[Submitted as a separate IC within FERC–725B]
Number and
type of
respondent 14
Annual
number of
responses per
respondent
Total number
of responses
Average burden per response
(hours) 15 and cost per
response
Total annual burden
(hours) and total annual
cost 16
($)
(1)
(2)
(1) * (2) = (3)
(4)
(3) * (4) = (5)
CIP–013–1 ..........................
CIP–014–2 ..........................
Total Burden of FERC–
725B.
19 321
343
1
1
343
321
20 hrs.; $1,700.40 ..................
32.71 hrs.; $2,781 ..................
6,860 hrs.; $583,237.20.
10,449.91 hrs.; $888,451.35.
........................
........................
240,099.387
.................................................
2,162,849.03 hrs.;
$183,885,424.53.
Comments: Comments are invited on:
(1) Whether the collection of
information is necessary for the proper
performance of the functions of the
Commission, including whether the
information will have practical utility;
(2) the accuracy of the agency’s estimate
of the burden and cost of the collection
of information, including the validity of
the methodology and assumptions used;
(3) ways to enhance the quality, utility
and clarity of the information collection;
and (4) ways to minimize the burden of
the collection of information on those
who are to respond, including the use
of automated collection techniques or
other forms of information technology.
Dated: November 3, 2021.
Kimberly D. Bose,
Secretary.
[FR Doc. 2021–24475 Filed 11–8–21; 8:45 am]
BILLING CODE 6717–01–P
DEPARTMENT OF ENERGY
Federal Energy Regulatory
Commission
Combined Notice of Filings #1
jspears on DSK121TN23PROD with NOTICES1
Take notice that the Commission
received the following electric corporate
filings:
14 The number of respondents is based on the
NERC Compliance Registry as of June 22, 2021.
Currently there are 1,508 unique NERC Registered,
subtracting 16 Canadians Entities yields 1492 U.S.
entities.
15 Of the average estimated 295.702 hours per
response, 210 hours are for recordkeeping, and
85.702 hours are for reporting.
16 The estimates for cost per hour are $85.02/hour
(averaged based on the following occupations):
17 We estimate that 1,161 entities will face an
increased paperwork burden under Reliability
Standard CIP 003–8, estimating that a majority of
these entities will have one or more low impact BES
Cyber Systems.
18 The number of entities and the number of
hours required are based on FERC Order No. 802
which approved CIP–012–1.
19 321 U.S. Transmission Owners in NERC
Compliance Registry as of June 22, 2021.
VerDate Sep<11>2014
17:49 Nov 08, 2021
Jkt 256001
Docket Numbers: EC22–13–000.
Applicants: Howard Wind LLC.
Description: Application for
Authorization Under Section 203 of the
Federal Power Act of Howard Wind
LLC.
Filed Date: 11/3/21.
Accession Number: 20211103–5027.
Comment Date: 5 p.m. ET 11/24/21.
Take notice that the Commission
received the following exempt
wholesale generator filings:
Docket Numbers: EG22–19–000.
Applicants: Cottontail Solar 2, LLC.
Description: Notice of SelfCertification of Exempt Wholesale
Generators Status of Cottontail Solar 2,
LLC.
Filed Date: 11/3/21.
Accession Number: 20211103–5061.
Comment Date: 5 p.m. ET 11/24/21.
Docket Numbers: EG22–20–000.
Applicants: Cottontail Solar 8, LLC.
Description: Notice of SelfCertification of Exempt Wholesale
Generator Status of Cottontail Solar 8,
LLC.
Filed Date: 11/3/21.
Accession Number: 20211103–5062.
Comment Date: 5 p.m. ET 11/24/21.
Take notice that the Commission
received the following electric rate
filings:
Docket Numbers: ER21–2455–001.
Applicants: California Independent
System Operator Corporation.
Description: Tariff Amendment:
2021–11–02 FERC Order No. 2222—
Response to Letter to be effective 12/31/
9998.
Filed Date: 11/2/21.
Accession Number: 20211102–5180.
Comment Date: 5 p.m. ET 11/23/21.
Docket Numbers: ER22–327–000.
Applicants: Nine Mile Point Nuclear
Station, LLC.
Description: § 205(d) Rate Filing:
Certificate of Concurrence for Nuclear
Operating Services Agreement to be
effective 12/31/9998.
PO 00000
Frm 00022
Fmt 4703
Sfmt 4703
Filed Date: 11/2/21.
Accession Number: 20211102–5177.
Comment Date: 5 p.m. ET 11/23/21.
Docket Numbers: ER22–328–000.
Applicants: Portland General Electric
Company.
Description: § 205(d) Rate Filing:
NorthernGrid Funding Agreement
Concurrence to be effective 1/1/2022.
Filed Date: 11/2/21.
Accession Number: 20211102–5185.
Comment Date: 5 p.m. ET 11/23/21.
Docket Numbers: ER22–329–000.
Applicants: R.E. Ginna Nuclear Power
Plant, LLC.
Description: § 205(d) Rate Filing:
Certificate of Concurrence for Nuclear
Operating Services Agreement to be
effective 12/31/9998.
Filed Date: 11/2/21.
Accession Number: 20211102–5186.
Comment Date: 5 p.m. ET 11/23/21.
Docket Numbers: ER22–330–000.
Applicants: PJM Interconnection,
L.L.C.
Description: Tariff Amendment:
Notice of Cancellation of Service
Agreement Nos. 4955 (PJM & AEP
NITSA) to be effective 1/1/2022.
Filed Date: 11/2/21.
Accession Number: 20211102–5187.
Comment Date: 5 p.m. ET 11/23/21.
Docket Numbers: ER22–331–000.
Applicants: Southwest Power Pool,
Inc.
Description: § 205(d) Rate Filing:
Revisions to Modify the Review of Base
Plan Allocation Methodology to be
effective 1/3/2022.
Filed Date: 11/3/21.
Accession Number: 20211103–5068.
Comment Date: 5 p.m. ET 11/24/21.
Docket Numbers: ER22–333–000.
Applicants: Southwest Power Pool,
Inc.
Description: § 205(d) Rate Filing:
NorthWestern Corporation (South
Dakota) Formula Rate Revision to be
effective 1/3/2022.
Filed Date: 11/3/21.
Accession Number: 20211103–5111.
E:\FR\FM\09NON1.SGM
09NON1
]]>Agencies
[Federal Register Volume 86, Number 214 (Tuesday, November 9, 2021)]
[Notices]
[Pages 62159-62162]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2021-24475]
-----------------------------------------------------------------------
DEPARTMENT OF ENERGY
Federal Energy Regulatory Commission
[Docket No. IC21-26-000]
Commission Information Collection Activities (FERC-725b) Comment
Request; Errata Notice
AGENCY: Federal Energy Regulatory Commission, Department of Energy.
ACTION: Errata and request for comments.
-----------------------------------------------------------------------
SUMMARY: In compliance with the requirements of the Paperwork Reduction
Act of 1995, the Federal Energy Regulatory Commission (Commission or
FERC) is soliciting public comment on the currently approved
information collection, FERC-725B, (Mandatory Reliability Standards,
Critical Infrastructure Protection (CIP). This notice corrects the 30-
day notice published on September 14, 2021 (86 FR 51131) adjusting the
estimates in the burden table.
DATES: Comments on the collection of information are due December 9,
2021.
ADDRESSES: Send written comments on FERC-725B to OMB through
www.reginfo.gov/public/do/PRAMain. Attention: Federal Energy Regulatory
Commission Desk Officer. Please identify the OMB Control Number (1902-
0248) in the subject line of your comments. Comments should be sent
within 30 days of publication of this notice to www.reginfo.gov/public/do/PRAMain.
Please submit copies of your comments to the Commission. You may
submit copies of your comments (identified by Docket No. IC21-26-000)
by one of the following methods:
Electronic filing through https://www.ferc.gov, is preferred.
Electronic Filing: Documents must be filed in acceptable
native applications and print-to-PDF, but not in scanned or picture
format.
For those unable to file electronically, comments may be
filed by USPS mail or by hand (including courier) delivery.
[cir] Mail via U.S. Postal Service Only: Addressed to: Federal
Energy Regulatory Commission, Secretary of the Commission, 888 First
Street NE, Washington, DC 20426.
[[Page 62160]]
[cir] Hand (including courier) delivery: Deliver to: Federal Energy
Regulatory Commission, 12225 Wilkins Avenue, Rockville, MD 20852.
Instructions: OMB submissions must be formatted and filed in
accordance with submission guidelines at www.reginfo.gov/public/do/PRAMain. Using the search function under the ``Currently Under Review''
field, select Federal Energy Regulatory Commission; click ``submit,''
and select ``comment'' to the right of the subject collection.
FERC submissions must be formatted and filed in accordance with
submission guidelines at: https://www.ferc.gov. For user assistance,
contact FERC Online Support by email at [email protected], or
by phone at: (866) 208-3676 (toll-free).
Docket: Users interested in receiving automatic notification of
activity in this docket or in viewing/downloading comments and
issuances in this docket may do so at https://www.ferc.gov/ferc-online/overview.
FOR FURTHER INFORMATION CONTACT: Ellen Brown may be reached by email at
[email protected], telephone at (202) 502-8663.
SUPPLEMENTARY INFORMATION:
Title: FERC-725B (Mandatory Reliability Standards, Critical
Infrastructure Protection (CIP)).
OMB Control No.: 1902-0248.
Type of Request: Three-year extension of the FERC-725B information
collection requirements with no changes to the reporting requirements.
Abstract: On August 8, 2005, Congress enacted the Energy Policy Act
of 2005.\1\ The Energy Policy Act of 2005 added a new section 215 to
the FPA,\2\ which requires a Commission-certified Electric Reliability
Organization to develop mandatory and enforceable Reliability
Standards,\3\ including requirements for cybersecurity protection,
which are subject to Commission review and approval. Once approved, the
Reliability Standards may be enforced by the Electric Reliability
Organization subject to Commission oversight, or the Commission can
independently enforce Reliability Standards.
---------------------------------------------------------------------------
\1\ Energy Policy Act of 2005, Public Law 109-58, sec. 1261 et
seq., 119 Stat. 594 (2005).
\2\ 16 U.S.C. 824o.
\3\ FPA section 215 defines Reliability Standard as a
requirement, approved by the Commission, to provide for reliable
operation of existing bulk-power system facilities, including
cybersecurity protection, and the design of planned additions or
modifications to such facilities to the extent necessary to provide
for reliable operation of the Bulk-Power System. However, the term
does not include any requirement to enlarge such facilities or to
construct new transmission capacity or generation capacity. Id. at
824o(a)(3).
---------------------------------------------------------------------------
On February 3, 2006, the Commission issued Order No. 672,\4\
implementing FPA section 215. The Commission subsequently certified
NERC as the Electric Reliability Organization. The Reliability
Standards developed by NERC become mandatory and enforceable after
Commission approval and apply to users, owners, and operators of the
Bulk-Power System, as set forth in each Reliability Standard.\5\ The
CIP Reliability Standards require entities to comply with specific
requirements to safeguard critical cyber assets. These standards are
results-based and do not specify a technology or method to achieve
compliance, instead leaving it up to the entity to decide how best to
comply.
---------------------------------------------------------------------------
\4\ Rules Concerning Certification of the Elec. Reliability
Org.; and Procedures for the Establishment, Approval, and Enf't of
Elec. Reliability Standards, Order No. 672, 71 FR 8661 (Feb. 17,
2006), 114 FERC ] 61,104, order on reh'g, Order No. 672-A, 71 FR
19814 (Apr. 28, 2006), 114 FERC ] 61,328 (2006).
\5\ NERC uses the term ``registered entity'' to identify users,
owners, and operators of the Bulk-Power System responsible for
performing specified reliability functions with respect to NERC
Reliability Standards. See, e.g., Version 4 Critical Infrastructure
Protection Reliability Standards, Order No. 761, 77 FR 24594 (Apr.
25, 2012), 139 FERC ] 61,058, at P 46, order denying clarification
and reh'g, 140 FERC ] 61,109 (2012). Within the NERC Reliability
Standards are various subsets of entities responsible for performing
various specified reliability functions. We collectively refer to
these as ``entities.''
---------------------------------------------------------------------------
On January 18, 2008, the Commission issued Order No. 706,\6\
approving the initial eight CIP Reliability Standards, CIP version 1
Standards, submitted by NERC. Subsequently, the Commission has approved
multiple versions of the CIP Reliability Standards submitted by NERC,
partly to address the evolving nature of cyber-related threats to the
Bulk-Power System. On November 22, 2013, the Commission issued Order
No. 791,\7\ approving CIP version 5 Standards, the last major revision
to the CIP Reliability Standards. The CIP version 5 Standards implement
a tiered approach to categorize assets, identifying them as high,
medium, or low risk to the operation of the Bulk Electric System (BES)
\8\ if compromised. High impact systems include large control centers.
Medium impact systems include smaller control centers, ultra-high
voltage transmission, and large substations and generating facilities.
The remainder of the BES Cyber Systems \9\ are categorized as low
impact systems. Most requirements in the CIP Reliability Standards
apply to high and medium impact systems; however, a technical controls
requirement in Reliability standard CIP-003, described below, applies
only to low impact systems. Since 2013, the Commission has approved new
and modified CIP Reliability Standards that address specific issues
such as supply chain risk management, cyber incident reporting,
communications between control centers, and the physical security of
critical transmission facilities.\10\
---------------------------------------------------------------------------
\6\ Order No. 706, 122 FERC ] 61,040 at P 1.
\7\ Version 5 Critical Infrastructure Protection Reliability
Standards, Order No. 791, 78 FR 72755 (Dec. 13, 2013), 145 FERC ]
61,160 (2013), order on reh'g, Order No. 791-A, 146 FERC ] 61,188
(2014).
\8\ In general, NERC defines BES to include all Transmission
Elements operated at 100 kV or higher and Real Power and Reactive
Power resources connected at 100 kV or higher. This does not include
facilities used in the local distribution of electric energy. See
NERC, Bulk Electric System Definition Reference Document, Version 3,
at page iii (August 2018). In Order No. 693, the Commission found
that NERC's definition of BES is narrower than the statutory
definition of Bulk-Power System. The Commission decided to rely on
the NERC definition of BES to provide certainty regarding the
applicability of Reliability Standards to specific entities. See
Mandatory Reliability Standards for the Bulk-Power System, Order No.
693, 72 FR 16415 (Apr. 4, 2007), 118 FERC ] 61,218, at PP 75, 79,
491, order on reh'g, Order No. 693-A, 72 FR 49717 (July 25, 2007),
120 FERC ] 61,053 (2007).
\9\ NERC defines BES Cyber System as ``[o]ne or more BES Cyber
Assets logically grouped by a responsible entity to perform one or
more reliability tasks for a functional entity.'' NERC, Glossary of
Terms Used in NERC Reliability Standards, at 5 (2020), https://www.nerc.com/files/glossary_of_terms.pdf (NERC Glossary of Terms).
NERC defines BES Cyber Asset as
A Cyber Asset that if rendered unavailable, degraded, or misused
would, within 15 minutes of its required operation, mis-operation,
or non-operation, adversely impact one or more Facilities, systems,
or equipment, which, if destroyed, degraded, or otherwise rendered
unavailable when needed, would affect the reliable operation of the
Bulk Electric System. Redundancy of affected Facilities, systems,
and equipment shall not be considered when determining adverse
impact. Each BES Cyber Asset is included in one or more BED Cyber
Systems.
Id. at 4.
\10\ See, e.g., Order No. 791, 78 FR 72755; Revised Critical
Infrastructure Protection Reliability Standards, Order No. 822, 81
FR 4177 (Jan. 26, 2016), 154 FERC ] 61,037, reh'g denied, Order No.
822-A, 156 FERC ] 61,052 (2016); Revised Critical Infrastructure
Protection Reliability Standard CIP-003-7--Cyber Security--Security
Management Controls, Order No. 843, 163 FERC ] 61,032 (2018).
---------------------------------------------------------------------------
[[Page 62161]]
The CIP Reliability Standards currently consist of 13 standards
specifying a set of requirements that entities must follow to ensure
the cyber and physical security of the Bulk-Power System.
CIP-002-5.1a Bulk Electric System Cyber System
Categorization: Requires entities to identify and categorize BES Cyber
Assets for the application of cyber security requirements commensurate
with the adverse impact that loss, compromise, or misuse of those BES
Cyber Systems could have on the reliable operation of the BES.
CIP-003-8 Security Management Controls: Requires entities
to specify consistent and sustainable security management controls that
establish responsibility and accountability to protect BES Cyber
Systems against compromise that could lead to mis-operation or
instability in the BES.
CIP-004-6 Personnel and Training: Requires entities to
minimize the risk against compromise that could lead to mis-operation
or instability in the BES from individuals accessing BES Cyber Systems
by requiring an appropriate level of personnel risk assessment,
training, and security awareness in support of protecting BES Cyber
Systems.
CIP-005-6 Electronic Security Perimeter(s): Requires
entities to manage electronic access to BES Cyber Systems by specifying
a controlled Electronic Security Perimeter in support of protecting BES
Cyber Systems against compromise that could lead to mis-operation or
instability in the BES.
CIP-006-6 Physical Security of Bulk Electric System Cyber
Systems: Requires entities to manage physical access to BES Cyber
Systems by specifying a physical security plan in support of protecting
BES Cyber Systems against compromise that could lead to mis-operation
or instability in the BES.
CIP-007-6 System Security Management: Requires entities to
manage system security by specifying select technical, operational, and
procedural requirements in support of protecting BES Cyber Systems
against compromise that could lead to mis-operation or instability in
the BES.
CIP-008-6 Incident Reporting and Response Planning:
Requires entities to mitigate the risk to the reliable operation of the
BES as the result of a cybersecurity incident by specifying incident
response requirements.
CIP-009-6 Recovery Plans for Bulk Electric System Cyber
Systems: Requires entities to recover reliability functions performed
by BES Cyber Systems by specifying recovery plan requirements in
support of the continued stability, operability, and reliability of the
BES.
CIP-010-3 Configuration Change Management and
Vulnerability Assessments: Requires entities to prevent and detect
unauthorized changes to BES Cyber Systems by specifying configuration
change management and vulnerability assessment requirements in support
of protecting BES Cyber Systems from compromise that could lead to mis-
operation or instability in the BES.
CIP-011-2 Information Protection: Requires entities to
prevent unauthorized access to BES Cyber System Information by
specifying information protection requirements in support of protecting
BES Cyber Systems against compromise that could lead to mis-operation
or instability in the BES.
CIP-012-1 Communications between Control Centers: \11\
Requires entities to protect the confidentiality and integrity of Real-
time Assessment and Real-time monitoring data transmitted between
Control Centers.
---------------------------------------------------------------------------
\11\ CIP-012-1: Communications between Control Centers will be
subject to enforcement by July 1, 2022.
---------------------------------------------------------------------------
CIP-013-1 Supply Chain Risk Management: Requires entities
to mitigate cybersecurity risks to the reliable operation of the BES by
implementing security controls for supply chain risk management of BES
Cyber Systems.
CIP-014-2 Physical Security: Requires the Transmission
Owner to perform a risk assessment, consisting of a transmission
analysis, to determine which of those Transmission stations and
Transmission Substations and conduct an assessment of potential threats
and vulnerabilities to those Transmission stations, Transmission
substations, and primary control centers using a tailored evaluation
process.
The CIP Reliability Standards, viewed as a whole, implement a
defense-in-depth approach to protecting the security of BES Cyber
Systems at all impact levels.\12\ The CIP Reliability Standards are
objective-based and allow entities to choose compliance approaches best
tailored to their systems.\13\
---------------------------------------------------------------------------
\12\ Order No. 822, 154 FERC ] 61,037 at 32.
\13\ Order No. 706, 122 FERC ] 61,040 at 72.
FERC-725B--(Mandatory Reliability Standards for Critical Infrastructure Protection [CIP] Reliability Standards)
After Adding Filers From Cybersecurity Incentives Investment Activity
[Submitted as a separate IC within FERC-725B]
----------------------------------------------------------------------------------------------------------------
Average burden Total annual
Number and Annual number per response burden (hours)
type of of responses Total number (hours) \15\ and and total
respondent per respondent of responses cost per annual cost
\14\ response \16\ ($)
(1) (2) (1) * (2) = (4)............. (3) * (4) = (5)
(3)
----------------------------------------------------------------------------------------------------------------
CIP-002-5.1.................. 1,492 1 1,492 20 hrs.; 29,840 hrs.;
$1,700.40. $2,536,996.8.
CIP-003-8.................... \17\ 1,492 156.149 232,974.387 1.56 hrs.; 363,440.04
$132.63. hrs.;
$30,899,672.20
.
CIP-004-6.................... 343 1 343 565 hrs.; 193,795 hrs.;
$48,036.30. $16,476,450.90
.
CIP-005-7.................... 343 1 343 525 hrs.; 180,075 hrs.;
$44,635.50. $15,309,976.50
.
CIP-006-6.................... 343 1 343 232 hrs.; 79,576 hrs.;
$19,724.64. $6,765,551.52.
CIP-007-6.................... 343 1 343 2,080 hrs.; 713,440 hrs.;
$176,841.60. $60,656,668.80
.
CIP-008-6.................... 343 8 2744 13.225 hrs.; 36,288 hrs.;
$1,124.39. $3,085,205.76.
CIP-009-6.................... 343 1 343 162 hrs.; 55,566 hrs.;
$13,773.24. $4,724,221.32.
CIP-010-3.................... 343 1 343 1,172 hrs.; 401,996 hrs.;
$99,643.44. $34,177,699.92
.
CIP-011-2.................... 343 1 343 86 hrs.; 29,498 hrs.;
$7,311.72. $2,507,919.96.
CIP-012-1.................... \18\ 724 1 724 85.67 hrs.; 62,025.08 hrs.;
$7,283.66. $5,273,372.30.
[[Page 62162]]
CIP-013-1.................... 343 1 343 20 hrs.; 6,860 hrs.;
$1,700.40. $583,237.20.
CIP-014-2.................... \19\ 321 1 321 32.71 hrs.; 10,449.91 hrs.;
$2,781. $888,451.35.
----------------------------------------------------------------------------------
Total Burden of FERC-725B .............. .............. 240,099.387 ................ 2,162,849.03
hrs.;
$183,885,424.5
3.
----------------------------------------------------------------------------------------------------------------
Comments: Comments are invited on: (1) Whether the collection of
information is necessary for the proper performance of the functions of
the Commission, including whether the information will have practical
utility; (2) the accuracy of the agency's estimate of the burden and
cost of the collection of information, including the validity of the
methodology and assumptions used; (3) ways to enhance the quality,
utility and clarity of the information collection; and (4) ways to
minimize the burden of the collection of information on those who are
to respond, including the use of automated collection techniques or
other forms of information technology.
---------------------------------------------------------------------------
\14\ The number of respondents is based on the NERC Compliance
Registry as of June 22, 2021. Currently there are 1,508 unique NERC
Registered, subtracting 16 Canadians Entities yields 1492 U.S.
entities.
\15\ Of the average estimated 295.702 hours per response, 210
hours are for recordkeeping, and 85.702 hours are for reporting.
\16\ The estimates for cost per hour are $85.02/hour (averaged
based on the following occupations):
\17\ We estimate that 1,161 entities will face an increased
paperwork burden under Reliability Standard CIP 003-8, estimating
that a majority of these entities will have one or more low impact
BES Cyber Systems.
\18\ The number of entities and the number of hours required are
based on FERC Order No. 802 which approved CIP-012-1.
\19\ 321 U.S. Transmission Owners in NERC Compliance Registry as
of June 22, 2021.
Dated: November 3, 2021.
Kimberly D. Bose,
Secretary.
[FR Doc. 2021-24475 Filed 11-8-21; 8:45 am]
BILLING CODE 6717-01-P
