Joint FERC-DOE Supply Chain Risk Management, Technical Conference; Supplemental Notice of Technical Conference, 68147-68150 [2022-24710]
Download as PDF
<![CDATA[
Federal Register / Vol. 87, No. 218 / Monday, November 14, 2022 / Notices
Signed in Washington, DC, on November 8,
2022.
Treena V. Garrett,
Federal Register Liaison Officer, U.S.
Department of Energy.
[FR Doc. 2022–24667 Filed 11–10–22; 8:45 am]
BILLING CODE 6450–01–P
DEPARTMENT OF ENERGY
Federal Energy Regulatory
Commission
[Docket No. ER23–375–000]
khammond on DSKJM1Z7X2PROD with NOTICES
Colice Hall Solar, LLC; Supplemental
Notice That Initial Market-Based Rate
Filing Includes Request for Blanket
Section 204 Authorization
This is a supplemental notice in the
above-referenced proceeding of Colice
Hall Solar, LLC’s application for marketbased rate authority, with an
accompanying rate tariff, noting that
such application includes a request for
blanket authorization, under 18 CFR
part 34, of future issuances of securities
and assumptions of liability.
Any person desiring to intervene or to
protest should file with the Federal
Energy Regulatory Commission, 888
First Street NE, Washington, DC 20426,
in accordance with Rules 211 and 214
of the Commission’s Rules of Practice
and Procedure (18 CFR 385.211 and
385.214). Anyone filing a motion to
intervene or protest must serve a copy
of that document on the Applicant.
Notice is hereby given that the
deadline for filing protests with regard
to the applicant’s request for blanket
authorization, under 18 CFR part 34, of
future issuances of securities and
assumptions of liability, is November
28, 2022.
The Commission encourages
electronic submission of protests and
interventions in lieu of paper, using the
FERC Online links at https://
www.ferc.gov. To facilitate electronic
service, persons with internet access
who will eFile a document and/or be
listed as a contact for an intervenor
must create and validate an
eRegistration account using the
eRegistration link. Select the eFiling
link to log on and submit the
intervention or protests.
Persons unable to file electronically
may mail similar pleadings to the
Federal Energy Regulatory Commission,
888 First Street NE, Washington, DC
20426. Hand delivered submissions in
docketed proceedings should be
delivered to Health and Human
Services, 12225 Wilkins Avenue,
Rockville, Maryland 20852.
VerDate Sep<11>2014
17:30 Nov 10, 2022
Jkt 259001
In addition to publishing the full text
of this document in the Federal
Register, the Commission provides all
interested persons an opportunity to
view and/or print the contents of this
document via the internet through the
Commission’s Home Page (https://
www.ferc.gov) using the ‘‘eLibrary’’ link.
Enter the docket number excluding the
last three digits in the docket number
field to access the document. At this
time, the Commission has suspended
access to the Commission’s Public
Reference Room, due to the
proclamation declaring a National
Emergency concerning the Novel
Coronavirus Disease (COVID–19), issued
by the President on March 13, 2020. For
assistance, contact the Federal Energy
Regulatory Commission at
FERCOnlineSupport@ferc.gov or call
toll-free, (886) 208–3676 or TYY, (202)
502–8659.
Dated: November 7, 2022.
Debbie-Anne A. Reese,
Deputy Secretary.
[FR Doc. 2022–24696 Filed 11–10–22; 8:45 am]
BILLING CODE 6717–01–P
DEPARTMENT OF ENERGY
Federal Energy Regulatory
Commission
Combined Notice of Filings
Take notice that the Commission has
received the following Natural Gas
Pipeline Rate and Refund Report filings:
Filings in Existing Proceedings
Docket Numbers: RP23–77–001.
Applicants: ANR Pipeline Company.
Description: Tariff Amendment:
Jackson Generation Amended NCNR
Agmt No. 132120_2 to be effective 11/
1/2022.
Filed Date: 11/4/22.
Accession Number: 20221104–5121.
Comment Date: 5 p.m. ET 11/16/22.
Any person desiring to protest in any
the above proceedings must file in
accordance with Rule 211 of the
Commission’s Regulations (18 CFR
385.211) on or before 5:00 p.m. Eastern
time on the specified comment date.
Filings Instituting Proceedings
Docket Numbers: RP23–170–000.
Applicants: Wyoming Interstate
Company, L.L.C.
Description: § 4(d) Rate Filing: Firm
Daily Balancing Service Update to be
effective 12/1/2022.
Filed Date: 11/4/22.
Accession Number: 20221104–5101.
Comment Date: 5 p.m. ET 11/16/22.
Docket Numbers: RP23–171–000.
PO 00000
Frm 00028
Fmt 4703
Sfmt 4703
68147
Applicants: Columbia Gas
Transmission, LLC.
Description: § 4(d) Rate Filing:
Capacity Release Agreements—Vitol,
Direct Energy and Constellation Energy
to be effective 11/1/2022.
Filed Date: 11/4/22.
Accession Number: 20221104–5118.
Comment Date: 5 p.m. ET 11/16/22.
Docket Numbers: RP23–172–000.
Applicants: Nautilus Pipeline
Company, L.L.C.
Description: § 4(d) Rate Filing:
Negotiated Rates—Walter OG 630249 eff
11–7–22 to be effective 11/7/2022.
Filed Date: 11/7/22.
Accession Number: 20221107–5072.
Comment Date: 5 p.m. ET 11/21/22.
Any person desiring to intervene or
protest in any of the above proceedings
must file in accordance with Rules 211
and 214 of the Commission’s
Regulations (18 CFR 385.211 and
385.214) on or before 5:00 p.m. Eastern
time on the specified comment date.
Protests may be considered, but
intervention is necessary to become a
party to the proceeding.
The filings are accessible in the
Commission’s eLibrary system (https://
elibrary.ferc.gov/idmws/search/
fercgensearch.asp) by querying the
docket number.
eFiling is encouraged. More detailed
information relating to filing
requirements, interventions, protests,
service, and qualifying facilities filings
can be found at: https://www.ferc.gov/
docs-filing/efiling/filing-req.pdf. For
other information, call (866) 208–3676
(toll free). For TTY, call (202) 502–8659.
Dated: November 7, 2022.
Debbie-Anne A. Reese,
Deputy Secretary.
[FR Doc. 2022–24697 Filed 11–10–22; 8:45 am]
BILLING CODE 6717–01–P
DEPARTMENT OF ENERGY
Federal Energy Regulatory
Commission
[Docket No. AD22–12–000]
Joint FERC–DOE Supply Chain Risk
Management, Technical Conference;
Supplemental Notice of Technical
Conference
Take notice that the Federal Energy
Regulatory Commission (Commission)
will convene a Joint Technical
Conference with the U.S. Department of
Energy in the above-referenced
proceeding on December 7, 2022, from
approximately 8:30 a.m. to 5:00 p.m.
Eastern Time. The conference will be
held in-person at the Commission’s
E:\FR\FM\14NON1.SGM
14NON1
Federal Register / Vol. 87, No. 218 / Monday, November 14, 2022 / Notices
headquarters at 888 First Street NE,
Washington, DC 20426 in the
Commission Meeting Room.
The purpose of this conference is to
discuss supply chain security
challenges related to the Bulk-Power
System, ongoing supply chain-related
activities, and potential measures to
secure the supply chain for the grid’s
hardware, software, computer, and
networking equipment. FERC
Commissioners and DOE’s Office of
Cybersecurity, Energy Security, and
Emergency Response (CESER) Director
will be in attendance, and panels will
involve multiple DOE program offices,
the North American Electric Reliability
Corporation (NERC), trade associations,
leading vendors and manufacturers, and
utilities.
The conference will be open for the
public to attend, and there is no fee for
attendance. This notice provides
additional information regarding each
panel and seeks nominations for
interested panelists. The Commission
will issue a further supplemental notice
with a full agenda and the list of
panelists. Information on this technical
conference will also be posted on the
Calendar of Events on the Commission’s
website, www.ferc.gov, prior to the
event.
The conference will also be
transcribed. Transcripts will be
available for a fee from Ace Reporting,
(202) 347–3700.
Those who wish to nominate their
names for consideration as a panel
participant should submit their name,
title, company (or organization they are
representing), telephone, email, a oneparagraph biography, picture, and topic
they wish to address to:
2022SupplyChainTechConference@
ferc.gov by close of business on Friday,
November 18, 2022.
Commission conferences are
accessible under section 508 of the
Rehabilitation Act of 1973. For
accessibility accommodations, please
send an email to accessibility@ferc.gov,
call toll-free (866) 208–3372 (voice) or
(202) 208–8659 (TTY), or send a fax to
(202) 208–2106 with the required
accommodations.
For more information about this
technical conference, please contact
Simon Slobodnik at Simon.Slobodnik@
ferc.gov or (202) 502–6707. For
information related to logistics, please
contact Lodie White at Lodie.White@
ferc.gov or (202) 502–8453.
VerDate Sep<11>2014
17:30 Nov 10, 2022
Jkt 259001
Dated: November 7, 2022.
Kimberly D. Bose,
Secretary.
Supply Chain Risk Management
Technical Conference
Docket No. AD22–12–000
December 7, 2022, 8:30 a.m.–5:00 p.m.
8:30 a.m.—Opening Remarks and
Introductions
9:00 a.m.—Panel I: Supply Chain Risks
Facing the Bulk-Power System
The U.S. energy sector procures
products and services from a globally
distributed, highly complex, and
increasingly interconnected set of
supply chains. Information Technology
(IT) and Operational Technology (OT)
systems enable increased
interconnectivity, process automation,
and remote control. As a result, supply
chain risks will continue to evolve and
likely increase.1 This panel will discuss
the state of supply chain risks from a
national and geopolitical perspective.
Specifically, the panel will explore
current supply chain risks to the
security of grid’s hardware, software,
computer, and networking equipment
and how well-resourced campaigns
perpetrated by nation states, such as the
SolarWinds incident, affect supply
chain risk for the electric sector.
Panelists will discuss the origins of
these risks, their pervasiveness, the
possible impacts they could have on
Bulk-Power System reliability, and
approaches to mitigating them. The
panelists will also discuss challenges
associated with supply chain visibility
and covert embedded spyware or other
compromising software or hardware in
suppliers’ products, parts, or services.
This panel may include a discussion
of the following topics and questions:
1. Describe the types of challenges
and risks associated with globally
1 See U.S. Dep’t. of Energy, America’s Strategy to
Secure the Supply Chain for a Robust Clean Energy
Transition: Response to Executive Order 14017,
America’s Supply Chains, 42, (Feb. 24, 2022),
https://www.energy.gov/sites/default/files/2022-02/
America’s%20Strategy%20to%20Secure%20the
%20Supply%20Chain%20for%20a%20Robust%20
Clean%20Energy%20Transition%20FINAL.docx_
0.pdf.
PO 00000
Frm 00029
Fmt 4703
Sfmt 4703
distributed, highly complex, and
increasingly interconnected supply
chains.
2. Describe the difficulties associated
with supply chain visibility and how
origins of products or components may
be obscured.
3. How are foreign-supplied BulkPower System components being
manipulated and is there a particular
phase in the product lifecycle where the
product is manipulated for nefarious
intent?
4. How are these supply chain
challenges and risks currently being
managed?
5. How has the current geopolitical
landscape impacted the energy sector’s
ability to manage supply chain
challenges and risks?
6. How can Sector Risk Management
Agencies and Regulators promote and/
or incentivize supply chain
transparency at the earlier stages of
product development and
manufacturing?
7. Discuss the pathways (e.g.,
voluntary best practices and guidelines,
mandatory standards) that together
could address the current supply chain
challenges and risks?
8. What actions can government take,
both formal regulatory actions and
coordination, to help identify and
mitigate risks from the global supply
chain for the energy sector?
10:30 a.m.—Break
10:45 a.m.—Panel II: Current Supply
Chain Risk Management (SCRM)
Reliability Standards, Implementation
Challenges, Gaps, and Opportunities
for Improvement
It has now been more than six years
since the Commission directed the
development of mandatory standards to
address supply chain risks, and more
than two years since the first set of those
standards became effective. As
discussed in Panel 1, supply chain risks
have continued to grow in that time. In
light of that evolving threat, panelists
will discuss the existing SCRM
Reliability Standards, including: (1)
their effectiveness in securing the BulkPower System; (2) lessons learned from
implementation of the current SCRM
Reliability Standards; and (3) possible
gaps in the currently effective SCRM
Reliability Standards. This panel will
also provide an opportunity to discuss
any Reliability Standards in
development, and how these new
standards will help enhance security
and help address some of the emerging
supply chain threats.
This panel may include a discussion
of the following topics and questions:
1. Are the currently effective SCRM
Reliability Standards sufficient to
E:\FR\FM\14NON1.SGM
14NON1
EN14NO22.014</GPH>
khammond on DSKJM1Z7X2PROD with NOTICES
68148
khammond on DSKJM1Z7X2PROD with NOTICES
Federal Register / Vol. 87, No. 218 / Monday, November 14, 2022 / Notices
successfully ensure Bulk-Power System
reliability and security in light of
existing and emerging risks?
2. What requirements in the SCRM
Reliability Standards present
implementation challenges for
registered entities and for vendors?
3. How are implementation challenges
being addressed for utilities and for
vendors?
4. Are there alternative methods for
implementing the SCRM Reliability
Standards that could eliminate
challenges or enhance effectiveness
moving forward?
5. Based on the current and evolving
threat landscape, would the currently
effective SCRM Reliability Standards
benefit from additional mandatory
security control requirements and how
would these additional controls
improve the security of the Bulk-Power
System?
6. Are there currently effective SCRM
criteria or standards that manufacturers
must adhere to in foreign countries that
may be prudent to adopt in the U.S.?
12:15 p.m.—Lunch
1:15 p.m.—Panel III: The U.S.
Department of Energy’s Energy Cyber
Sense Program
Through the Energy Cyber Sense
Program, DOE will provide a
comprehensive approach to securing the
nation’s critical energy infrastructure
and supply chains from cyber threats
with this voluntary program. The
Energy Cyber Sense Program will build
upon direction in Section 40122 of the
Bipartisan Infrastructure Law, as well as
multiple requests from industry,
leveraging existing programs and
technologies, while also initiating new
efforts. Through Energy Cyber Sense,
DOE aims to work with manufacturers
and asset owners to discover, mitigate,
and engineer out cyber vulnerabilities in
digital components in the Energy Sector
Industrial Base critical supply chains.
This program will provide a better
understanding of the impacts and
dependencies of software and systems
used in the energy sector; illuminate the
digital provenance of subcomponents in
energy systems, hardware, and software;
apply best-in-class testing to discover
and address common mode
vulnerabilities; and provide education
and awareness, across the sector and the
broader supply chain community to
optimize management of supply chain
risks. This panel will discuss specific
supply chain risks that Energy Cyber
Sense will address as well as some of
the programs and technologies DOE will
bring to bear under the program to
address the risks.
This panel may include a discussion
of the following topics and questions:
VerDate Sep<11>2014
17:30 Nov 10, 2022
Jkt 259001
1. How are emerging orders,
standards, and process guidance, such
as Executive Order 14017, Executive
Order 14028, NIST Special Publication
800–161r1, ISA 62443, CIP–013–1, and
others, changing how we assess our
digital supply chain?
2. Given the dependence of OT on
application-specific hardware, how
could the inclusion and linkage of
Hardware Bill of Materials (HBOMs)
with Software Bill of Materials (SBOMs)
increase our ability to accurately and
effectively assess and mitigate supply
chain risk? To what degree is this
inclusion and linkage of HBOMs with
SBOMs taking place today and what
steps should be taken to fill any
remaining gaps?
3. Given that much of the critical
technology used in the energy sector is
considered legacy technology, how can
manufacturers, vendors, asset owners
and operators, aided by the federal
government, national laboratories, and
other organizations, manage the supply
chain risk from legacy technology? How
can this risk management be
coordinated with newer technologies
that are more likely to receive SBOMs,
HBOMs, and attestations?
4. Where does testing, for example
Cyber Testing for Resilient Industrial
Control Systems (CyTRICS) and thirdparty testing, fit in the universe of
‘‘rigorous and predictable mechanisms
for ensuring that products function
securely, and as intended?’’ 2
5. More than ever, developers are
building applications on open-source
software libraries. How can developers
address the risks inherent with opensource software and how can asset
owners work with vendors to validate
that appropriate open-source risk
management measures have been taken?
6. U.S. energy systems have
significant dependencies on hardware
components, including integrated
circuits and semiconductors, most of
which are manufactured outside of the
US. What tools and technologies are
needed to understand the provenance of
hardware components used in U.S.
energy systems and the risks from
foreign manufacture? How will the
newly passed CHIPS and Science Act
change the risk landscape? What is
needed in terms of regulation,
standards, and other guidance to
2 See Exec. Order No. 14028, 86 FR 26,633, 26,646
(May 12, 2021) (The Executive Order declared that
the security of software used by the Federal
Government is ‘‘vital to the Federal Government’s
ability to perform its critical functions.’’ The
Executive Order further cited a ‘‘pressing need to
implement more rigorous and predictable
mechanisms for ensuring that products function
securely, and as intended.’’)
PO 00000
Frm 00030
Fmt 4703
Sfmt 4703
68149
strengthen the security of the hardware
component supply chain from cyber and
other risks?
2:45 p.m.—Break
3:00 p.m. Panel IV: Enhancing the
Supply Chain Security Posture of the
Bulk-Power System
This panel will discuss forwardlooking initiatives that can be used to
improve the supply chain security
posture of the Bulk-Power System.
These initiatives could include vendor
accreditation programs, product and
service verification, improved internal
supply chain security capability, third
party services, and private and public
partnerships.
Vendor accreditation can be
established in various ways. One of the
more prominent ways is currently being
explored by the North American
Transmission Forum through its Supply
Chain Security Assessment model and
the associated questionnaire.3 The panel
will also explore certain programs and
practices used by utilities to verify the
authenticity and effectiveness of
products and services. Internal supply
chain security capabilities include
hiring people with the appropriate
background and knowledge, while also
developing relevant skills internally,
through training on broad supply chain
topics and applying them to the specific
needs of the organization. Finally, this
panel will address private and public
partnerships on supply chain security
and how they can facilitate timely
access to information that will help
better identify current and future supply
chain threats to the Bulk-Power System
and best practices to address those risks.
This panel may include a discussion
of the following topics and questions:
1. What vendor accreditation
programs currently exist or are in
development? How can entities vet a
vendor in the absence of a vendor
accreditation program?
2. What are the challenges, benefits,
and risks associated with utilizing thirdparty services for maintaining a supply
chain risk management program?
3. What are the best practices and
other guidance for security evaluation of
vendors?
4. What programs and practices are
currently in use to ensure product and
service integrity?
5. What processes are used to test
products prior to implementation?
6. What is the right balance between
vendor and product security and cost?
Is there a point of diminishing returns?
7. What are effective strategies for
recruiting personnel with the
3 https://www.natf.net/industry-initiatives/
supply-chain-industry-coordination.
E:\FR\FM\14NON1.SGM
14NON1
68150
Federal Register / Vol. 87, No. 218 / Monday, November 14, 2022 / Notices
appropriate background and SCRM
skills to strengthen internal security
practices? How do you provide the
training necessary to further develop the
skills specific to your unique
organizational challenges?
8. What are the best ways to
meaningfully assimilate SBOM
information and what subsequent
analyses can be done to strengthen
internal security practices?
9. How can the industry keep
informed of the latest supply chain
compromises? How do entities currently
respond to these compromises to keep
their systems secure? Are there ways to
improve these responses? What actions
can government take, both formal
regulatory actions and coordination, to
help keep industry informed of supply
chain compromises and to facilitate
effective responses?
10. What key risk factors do entities
need to consider prior to leveraging
third party services and how should
those risk factors be balanced with an
entity’s organizational policy? What
SCRM controls do you have in place to
ensure your systems and products have
a reduced risk of compromise? Please
discuss any challenges that you have
experienced as well as successes.
11. How should government and
industry prioritize and coordinate
federal cross-agency and private sector
collaboration and activities regarding
SCRM?
4:45 p.m.—Closing Remarks
5:00 p.m.—Adjourn
[FR Doc. 2022–24710 Filed 11–10–22; 8:45 am]
BILLING CODE 6717–01–P
DEPARTMENT OF ENERGY
Federal Energy Regulatory
Commission
[Project No. 298–000]
khammond on DSKJM1Z7X2PROD with NOTICES
Southern California Edison Company;
Notice of Authorization for Continued
Project Operation
The license for the Kaweah
Hydroelectric Project No. 298 was
issued for a period ending December 31,
2021.
Section 15(a)(1) of the FPA, 16 U.S.C.
808(a)(1), requires the Commission, at
the expiration of a license term, to issue
from year-to-year an annual license to
the then licensee(s) under the terms and
conditions of the prior license until a
new license is issued, or the project is
otherwise disposed of as provided in
section 15 or any other applicable
section of the FPA. If the project’s prior
license waived the applicability of
section 15 of the FPA, then, based on
VerDate Sep<11>2014
17:30 Nov 10, 2022
Jkt 259001
section 9(b) of the Administrative
Procedure Act, 5 U.S.C. 558(c), and as
set forth at 18 CFR 16.21(a), if the
licensee of such project has filed an
application for a subsequent license, the
licensee may continue to operate the
project in accordance with the terms
and conditions of the license after the
minor or minor part license expires,
until the Commission acts on its
application. If the licensee of such a
project has not filed an application for
a subsequent license, then it may be
required, pursuant to 18 CFR 16.21(b),
to continue project operations until the
Commission issues someone else a
license for the project or otherwise
orders disposition of the project.
If the project is subject to section 15
of the FPA, notice is hereby given that
an annual license for Project No. 298 is
issued to the Southern California Edison
Company for a period effective January
1, 2022, through December 31, 2022, or
until the issuance of a new license for
the project or other disposition under
the FPA, whichever comes first. If
issuance of a new license (or other
disposition) does not take place on or
before December 31, 2022, notice is
hereby given that, pursuant to 18 CFR
16.18(c), an annual license under
section 15(a)(1) of the FPA is renewed
automatically without further order or
notice by the Commission, unless the
Commission orders otherwise.
If the project is not subject to section
15 of the FPA, notice is hereby given
that the Southern California Edison
Company is authorized to continue
operation of the Kaweah Hydroelectric
Project under the terms and conditions
of the prior license until the issuance of
a new license for the project or other
disposition under the FPA, whichever
comes first.
Dated: November 7, 2022.
Kimberly D. Bose,
Secretary.
[FR Doc. 2022–24711 Filed 11–10–22; 8:45 am]
BILLING CODE 6717–01–P
DEPARTMENT OF ENERGY
Federal Energy Regulatory
Commission
Combined Notice of Filings #1
Take notice that the Commission
received the following electric corporate
filings:
Docket Numbers: EC22–121–000;
EC22–127–000.
Applicants: Desert Harvest II LLC,
Desert Harvest, LLC, Milligan 1 Wind
LLC, BigBeau Solar LLC, BigBeau Solar,
LLC.
PO 00000
Frm 00031
Fmt 4703
Sfmt 4703
Description: Response to October 27,
2022 Deficiency Letter of BigBeau Solar,
LLC et al.
Filed Date: 11/3/22.
Accession Number: 20221103–5184.
Comment Date: 5 p.m. ET 11/14/22.
Docket Numbers: EC23–23–000.
Applicants: ENBALA Power Networks
(USA), Inc.
Description: Application for
Authorization Under Section 203 of the
Federal Power Act of ENBALA Power
Networks (USA) Inc.
Filed Date: 11/3/22.
Accession Number: 20221103–5186.
Comment Date: 5 p.m. ET 11/25/22.
Take notice that the Commission
received the following electric rate
filings:
Docket Numbers: ER23–376–000.
Applicants: Oak Solar, LLC.
Description: Baseline eTariff Filing:
Co-Tenancy and Shared Facilities
Agreement to be effective 12/31/2022.
Filed Date: 11/4/22.
Accession Number: 20221104–5133.
Comment Date: 5 p.m. ET 11/25/22.
Docket Numbers: ER23–377–000.
Applicants: PJM Interconnection,
L.L.C.
Description: § 205(d) Rate Filing:
Original NSA, Service Agreement No.
6691; Queue No. AD2–115 to be
effective 10/6/2022.
Filed Date: 11/7/22.
Accession Number: 20221107–5023.
Comment Date: 5 p.m. ET 11/28/22.
Docket Numbers: ER23–378–000.
Applicants: PJM Interconnection,
L.L.C.
Description: § 205(d) Rate Filing: ISA,
Original SA No. 6667; Queue No. AE1–
157 to be effective 10/7/2022.
Filed Date: 11/7/22.
Accession Number: 20221107–5043.
Comment Date: 5 p.m. ET 11/28/22.
Docket Numbers: ER23–379–000.
Applicants: EWO Marketing, LLC.
Description: § 205(d) Rate Filing:
SRPSA Capacity Rate Adjustment to be
effective 1/1/2023.
Filed Date: 11/7/22.
Accession Number: 20221107–5057.
Comment Date: 5 p.m. ET 11/28/22.
Docket Numbers: ER23–380–000.
Applicants: PacifiCorp.
Description: § 205(d) Rate Filing: TriState—Heward Interconnection Agrmt
to be effective 1/7/2023.
Filed Date: 11/7/22.
Accession Number: 20221107–5067.
Comment Date: 5 p.m. ET 11/28/22.
Docket Numbers: ER23–381–000.
Applicants: Midcontinent
Independent System Operator, Inc.
Description: § 205(d) Rate Filing:
2022–11–07_SA 3393 Ameren IL-
E:\FR\FM\14NON1.SGM
14NON1
]]>Agencies
[Federal Register Volume 87, Number 218 (Monday, November 14, 2022)]
[Notices]
[Pages 68147-68150]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2022-24710]
-----------------------------------------------------------------------
DEPARTMENT OF ENERGY
Federal Energy Regulatory Commission
[Docket No. AD22-12-000]
Joint FERC-DOE Supply Chain Risk Management, Technical
Conference; Supplemental Notice of Technical Conference
Take notice that the Federal Energy Regulatory Commission
(Commission) will convene a Joint Technical Conference with the U.S.
Department of Energy in the above-referenced proceeding on December 7,
2022, from approximately 8:30 a.m. to 5:00 p.m. Eastern Time. The
conference will be held in-person at the Commission's
[[Page 68148]]
headquarters at 888 First Street NE, Washington, DC 20426 in the
Commission Meeting Room.
The purpose of this conference is to discuss supply chain security
challenges related to the Bulk-Power System, ongoing supply chain-
related activities, and potential measures to secure the supply chain
for the grid's hardware, software, computer, and networking equipment.
FERC Commissioners and DOE's Office of Cybersecurity, Energy Security,
and Emergency Response (CESER) Director will be in attendance, and
panels will involve multiple DOE program offices, the North American
Electric Reliability Corporation (NERC), trade associations, leading
vendors and manufacturers, and utilities.
The conference will be open for the public to attend, and there is
no fee for attendance. This notice provides additional information
regarding each panel and seeks nominations for interested panelists.
The Commission will issue a further supplemental notice with a full
agenda and the list of panelists. Information on this technical
conference will also be posted on the Calendar of Events on the
Commission's website, www.ferc.gov, prior to the event.
The conference will also be transcribed. Transcripts will be
available for a fee from Ace Reporting, (202) 347-3700.
Those who wish to nominate their names for consideration as a panel
participant should submit their name, title, company (or organization
they are representing), telephone, email, a one-paragraph biography,
picture, and topic they wish to address to:
[email protected] by close of business on Friday,
November 18, 2022.
Commission conferences are accessible under section 508 of the
Rehabilitation Act of 1973. For accessibility accommodations, please
send an email to [email protected], call toll-free (866) 208-3372
(voice) or (202) 208-8659 (TTY), or send a fax to (202) 208-2106 with
the required accommodations.
For more information about this technical conference, please
contact Simon Slobodnik at [email protected] or (202) 502-6707.
For information related to logistics, please contact Lodie White at
[email protected] or (202) 502-8453.
Dated: November 7, 2022.
Kimberly D. Bose,
Secretary.
[GRAPHIC] [TIFF OMITTED] TN14NO22.014
Supply Chain Risk Management Technical Conference
Docket No. AD22-12-000
December 7, 2022, 8:30 a.m.-5:00 p.m.
8:30 a.m.--Opening Remarks and Introductions
9:00 a.m.--Panel I: Supply Chain Risks Facing the Bulk-Power System
The U.S. energy sector procures products and services from a
globally distributed, highly complex, and increasingly interconnected
set of supply chains. Information Technology (IT) and Operational
Technology (OT) systems enable increased interconnectivity, process
automation, and remote control. As a result, supply chain risks will
continue to evolve and likely increase.\1\ This panel will discuss the
state of supply chain risks from a national and geopolitical
perspective. Specifically, the panel will explore current supply chain
risks to the security of grid's hardware, software, computer, and
networking equipment and how well-resourced campaigns perpetrated by
nation states, such as the SolarWinds incident, affect supply chain
risk for the electric sector. Panelists will discuss the origins of
these risks, their pervasiveness, the possible impacts they could have
on Bulk-Power System reliability, and approaches to mitigating them.
The panelists will also discuss challenges associated with supply chain
visibility and covert embedded spyware or other compromising software
or hardware in suppliers' products, parts, or services.
---------------------------------------------------------------------------
\1\ See U.S. Dep't. of Energy, America's Strategy to Secure the
Supply Chain for a Robust Clean Energy Transition: Response to
Executive Order 14017, America's Supply Chains, 42, (Feb. 24, 2022),
https://www.energy.gov/sites/default/files/2022-02/America's%20Strategy%20to%20Secure%20the%20Supply%20Chain%20for%20a%2
0Robust%20Clean%20Energy%20Transition%20FINAL.docx_0.pdf.
---------------------------------------------------------------------------
This panel may include a discussion of the following topics and
questions:
1. Describe the types of challenges and risks associated with
globally distributed, highly complex, and increasingly interconnected
supply chains.
2. Describe the difficulties associated with supply chain
visibility and how origins of products or components may be obscured.
3. How are foreign-supplied Bulk-Power System components being
manipulated and is there a particular phase in the product lifecycle
where the product is manipulated for nefarious intent?
4. How are these supply chain challenges and risks currently being
managed?
5. How has the current geopolitical landscape impacted the energy
sector's ability to manage supply chain challenges and risks?
6. How can Sector Risk Management Agencies and Regulators promote
and/or incentivize supply chain transparency at the earlier stages of
product development and manufacturing?
7. Discuss the pathways (e.g., voluntary best practices and
guidelines, mandatory standards) that together could address the
current supply chain challenges and risks?
8. What actions can government take, both formal regulatory actions
and coordination, to help identify and mitigate risks from the global
supply chain for the energy sector?
10:30 a.m.--Break
10:45 a.m.--Panel II: Current Supply Chain Risk Management (SCRM)
Reliability Standards, Implementation Challenges, Gaps, and
Opportunities for Improvement
It has now been more than six years since the Commission directed
the development of mandatory standards to address supply chain risks,
and more than two years since the first set of those standards became
effective. As discussed in Panel 1, supply chain risks have continued
to grow in that time. In light of that evolving threat, panelists will
discuss the existing SCRM Reliability Standards, including: (1) their
effectiveness in securing the Bulk-Power System; (2) lessons learned
from implementation of the current SCRM Reliability Standards; and (3)
possible gaps in the currently effective SCRM Reliability Standards.
This panel will also provide an opportunity to discuss any Reliability
Standards in development, and how these new standards will help enhance
security and help address some of the emerging supply chain threats.
This panel may include a discussion of the following topics and
questions:
1. Are the currently effective SCRM Reliability Standards
sufficient to
[[Page 68149]]
successfully ensure Bulk-Power System reliability and security in light
of existing and emerging risks?
2. What requirements in the SCRM Reliability Standards present
implementation challenges for registered entities and for vendors?
3. How are implementation challenges being addressed for utilities
and for vendors?
4. Are there alternative methods for implementing the SCRM
Reliability Standards that could eliminate challenges or enhance
effectiveness moving forward?
5. Based on the current and evolving threat landscape, would the
currently effective SCRM Reliability Standards benefit from additional
mandatory security control requirements and how would these additional
controls improve the security of the Bulk-Power System?
6. Are there currently effective SCRM criteria or standards that
manufacturers must adhere to in foreign countries that may be prudent
to adopt in the U.S.?
12:15 p.m.--Lunch
1:15 p.m.--Panel III: The U.S. Department of Energy's Energy Cyber
Sense Program
Through the Energy Cyber Sense Program, DOE will provide a
comprehensive approach to securing the nation's critical energy
infrastructure and supply chains from cyber threats with this voluntary
program. The Energy Cyber Sense Program will build upon direction in
Section 40122 of the Bipartisan Infrastructure Law, as well as multiple
requests from industry, leveraging existing programs and technologies,
while also initiating new efforts. Through Energy Cyber Sense, DOE aims
to work with manufacturers and asset owners to discover, mitigate, and
engineer out cyber vulnerabilities in digital components in the Energy
Sector Industrial Base critical supply chains. This program will
provide a better understanding of the impacts and dependencies of
software and systems used in the energy sector; illuminate the digital
provenance of subcomponents in energy systems, hardware, and software;
apply best-in-class testing to discover and address common mode
vulnerabilities; and provide education and awareness, across the sector
and the broader supply chain community to optimize management of supply
chain risks. This panel will discuss specific supply chain risks that
Energy Cyber Sense will address as well as some of the programs and
technologies DOE will bring to bear under the program to address the
risks.
This panel may include a discussion of the following topics and
questions:
1. How are emerging orders, standards, and process guidance, such
as Executive Order 14017, Executive Order 14028, NIST Special
Publication 800-161r1, ISA 62443, CIP-013-1, and others, changing how
we assess our digital supply chain?
2. Given the dependence of OT on application-specific hardware, how
could the inclusion and linkage of Hardware Bill of Materials (HBOMs)
with Software Bill of Materials (SBOMs) increase our ability to
accurately and effectively assess and mitigate supply chain risk? To
what degree is this inclusion and linkage of HBOMs with SBOMs taking
place today and what steps should be taken to fill any remaining gaps?
3. Given that much of the critical technology used in the energy
sector is considered legacy technology, how can manufacturers, vendors,
asset owners and operators, aided by the federal government, national
laboratories, and other organizations, manage the supply chain risk
from legacy technology? How can this risk management be coordinated
with newer technologies that are more likely to receive SBOMs, HBOMs,
and attestations?
4. Where does testing, for example Cyber Testing for Resilient
Industrial Control Systems (CyTRICS) and third-party testing, fit in
the universe of ``rigorous and predictable mechanisms for ensuring that
products function securely, and as intended?'' \2\
---------------------------------------------------------------------------
\2\ See Exec. Order No. 14028, 86 FR 26,633, 26,646 (May 12,
2021) (The Executive Order declared that the security of software
used by the Federal Government is ``vital to the Federal
Government's ability to perform its critical functions.'' The
Executive Order further cited a ``pressing need to implement more
rigorous and predictable mechanisms for ensuring that products
function securely, and as intended.'')
---------------------------------------------------------------------------
5. More than ever, developers are building applications on open-
source software libraries. How can developers address the risks
inherent with open-source software and how can asset owners work with
vendors to validate that appropriate open-source risk management
measures have been taken?
6. U.S. energy systems have significant dependencies on hardware
components, including integrated circuits and semiconductors, most of
which are manufactured outside of the US. What tools and technologies
are needed to understand the provenance of hardware components used in
U.S. energy systems and the risks from foreign manufacture? How will
the newly passed CHIPS and Science Act change the risk landscape? What
is needed in terms of regulation, standards, and other guidance to
strengthen the security of the hardware component supply chain from
cyber and other risks?
2:45 p.m.--Break
3:00 p.m. Panel IV: Enhancing the Supply Chain Security Posture of the
Bulk-Power System
This panel will discuss forward-looking initiatives that can be
used to improve the supply chain security posture of the Bulk-Power
System. These initiatives could include vendor accreditation programs,
product and service verification, improved internal supply chain
security capability, third party services, and private and public
partnerships.
Vendor accreditation can be established in various ways. One of the
more prominent ways is currently being explored by the North American
Transmission Forum through its Supply Chain Security Assessment model
and the associated questionnaire.\3\ The panel will also explore
certain programs and practices used by utilities to verify the
authenticity and effectiveness of products and services. Internal
supply chain security capabilities include hiring people with the
appropriate background and knowledge, while also developing relevant
skills internally, through training on broad supply chain topics and
applying them to the specific needs of the organization. Finally, this
panel will address private and public partnerships on supply chain
security and how they can facilitate timely access to information that
will help better identify current and future supply chain threats to
the Bulk-Power System and best practices to address those risks.
---------------------------------------------------------------------------
\3\ https://www.natf.net/industry-initiatives/supply-chain-industry-coordination.
---------------------------------------------------------------------------
This panel may include a discussion of the following topics and
questions:
1. What vendor accreditation programs currently exist or are in
development? How can entities vet a vendor in the absence of a vendor
accreditation program?
2. What are the challenges, benefits, and risks associated with
utilizing third-party services for maintaining a supply chain risk
management program?
3. What are the best practices and other guidance for security
evaluation of vendors?
4. What programs and practices are currently in use to ensure
product and service integrity?
5. What processes are used to test products prior to
implementation?
6. What is the right balance between vendor and product security
and cost? Is there a point of diminishing returns?
7. What are effective strategies for recruiting personnel with the
[[Page 68150]]
appropriate background and SCRM skills to strengthen internal security
practices? How do you provide the training necessary to further develop
the skills specific to your unique organizational challenges?
8. What are the best ways to meaningfully assimilate SBOM
information and what subsequent analyses can be done to strengthen
internal security practices?
9. How can the industry keep informed of the latest supply chain
compromises? How do entities currently respond to these compromises to
keep their systems secure? Are there ways to improve these responses?
What actions can government take, both formal regulatory actions and
coordination, to help keep industry informed of supply chain
compromises and to facilitate effective responses?
10. What key risk factors do entities need to consider prior to
leveraging third party services and how should those risk factors be
balanced with an entity's organizational policy? What SCRM controls do
you have in place to ensure your systems and products have a reduced
risk of compromise? Please discuss any challenges that you have
experienced as well as successes.
11. How should government and industry prioritize and coordinate
federal cross-agency and private sector collaboration and activities
regarding SCRM?
4:45 p.m.--Closing Remarks
5:00 p.m.--Adjourn
[FR Doc. 2022-24710 Filed 11-10-22; 8:45 am]
BILLING CODE 6717-01-P
