Commission Information Collection Activities (FERC-725B); Comment Request; Extension, 67432-67434 [2024-18641]
Download as PDF
<![CDATA[
67432
Federal Register / Vol. 89, No. 161 / Tuesday, August 20, 2024 / Notices
the methodology and assumptions used;
(3) ways to enhance the quality, utility
and, clarity of the information
collection; and (4) ways to minimize the
burden of the, collection of information
on those who are to respond, including
the use of automated collection
techniques or other forms of information
technology.
Dated: August 13, 2024.
Debbie-Anne A. Reese,
Acting Secretary.
[FR Doc. 2024–18529 Filed 8–19–24; 8:45 am]
BILLING CODE 6717–01–P
DEPARTMENT OF ENERGY
Federal Energy Regulatory
Commission
[Docket No. RD24–3–000]
Commission Information Collection
Activities (FERC–725B); Comment
Request; Extension
Federal Energy Regulatory
Commission.
ACTION: Notice of information collection
and request for comments.
AGENCY:
In compliance with the
requirements of the Paperwork
Reduction Act of 1995, the Federal
Energy Regulatory Commission
(Commission or FERC) is soliciting
public comment on the currently
approved information collection, FERC–
725B, Mandatory Reliability Standards,
Critical Infrastructure Protection (CIP)
(Update for CIP–012–1 to version CIP–
012–02) Cyber Security—
Communications between Control
Centers. The 60-day notice comment
period ended on July 23, 2024, with no
comments received.
DATES: Comments on the collection of
information are due September 19,
2024.
SUMMARY:
Send written comments on
FERC–725B (1902–0248) to OMB
through www.reginfo.gov/public/do/
PRAMain. Attention: Federal Energy
Regulatory Commission Desk Officer.
Please identify the OMB Control
Numbers in the subject line of your
comments. Comments should be sent
within 30 days of publication of this
notice to www.reginfo.gov/public/do/
PRAMain.
Please submit copies of your
comments to the Commission. You may
submit copies of your comments
(identified by Docket No. RD24–3–000)
by one of the following methods:
Electronic filing through https://
www.ferc.gov, is preferred.
khammond on DSKJM1Z7X2PROD with NOTICES
ADDRESSES:
VerDate Sep<11>2014
17:24 Aug 19, 2024
Jkt 262001
• Electronic Filing: Documents must
be filed in acceptable native
applications and print-to-PDF, but not
in scanned or picture format.
• For those unable to file
electronically, comments may be filed
by USPS mail or by hand (including
courier) delivery.
Æ Mail via U.S. Postal Service Only:
Addressed to: Federal Energy
Regulatory Commission, Secretary of the
Commission, 888 First Street NE,
Washington, DC 20426.
Æ Hand (including courier) delivery:
Deliver to: Federal Energy Regulatory
Commission, Secretary of the
Commission, 12225 Wilkins Avenue,
Rockville, MD 20852.
Instructions: OMB submissions must
be formatted and filed in accordance
with submission guidelines at
www.reginfo.gov/public/do/PRAMain.
Using the search function under the
‘‘Currently Under Review’’ field, select
Federal Energy Regulatory Commission;
click ‘‘submit,’’ and select ‘‘comment’’
to the right of the subject collection.
FERC submissions must be formatted
and filed in accordance with submission
guidelines at: https://www.ferc.gov. For
user assistance, contact FERC Online
Support by email at ferconlinesupport@
ferc.gov, or by phone at: (866) 208–3676
(toll-free).
Docket: Users interested in receiving
automatic notification of activity in this
docket or in viewing/downloading
comments and issuances in this docket
may do so at https://www.ferc.gov/ferconline/overview.
FOR FURTHER INFORMATION CONTACT:
Kayla Williams may be reached by
email at DataClearance@FERC.gov,
telephone at (202) 502–6468.
SUPPLEMENTARY INFORMATION:
Title: FERC–725B, Mandatory
Reliability Standards, Critical
Infrastructure Protection (CIP) (Update
to CIP–012–2).
OMB Control No.: 1902–0248.
Type of Request: Revision of a
currently approved FERC–725B
information collection requirements
with changes to the reporting
requirements.
Abstract: On August 8, 2005, Congress
enacted the Energy Policy Act of 2005.1
The Energy Policy Act of 2005 added a
new section 215 to the Federal Power
Act (FPA),2 which requires a
Commission-certified Electric
Reliability Organization to develop
mandatory and enforceable Reliability
Standards,3 including requirements for
1 Energy Policy Act of 2005, Public Law 109–58,
sec. 1261 et seq., 119 Stat. 594 (2005).
2 16 U.S.C. 824o.
3 Section 215 of the FPA defines Reliability
Standard as a requirement, approved by the
PO 00000
Frm 00026
Fmt 4703
Sfmt 4703
cybersecurity protection, which are
subject to Commission review and
approval. Once approved, the Reliability
Standards may be enforced by the
Electric Reliability Organization subject
to Commission oversight, or the
Commission can independently enforce
Reliability Standards.
On February 3, 2006, the Commission
issued Order No. 672,4 implementing
FPA Section 215. The Commission
subsequently certified the North
American Electric Reliability
Corporation (NERC) as the Electric
Reliability Organization. The Reliability
Standards developed by NERC become
mandatory and enforceable after
Commission approval and apply to
users, owners, and operators of the
Bulk-Power System, as set forth in each
Reliability Standard.5 The CIP
Reliability Standards require entities to
comply with specific requirements to
safeguard bulk electric system (BES)
Cyber Systems 6 and their associated
BES Cyber Assets. These standards are
results-based and do not specify a
technology or method to achieve
Commission, to provide for reliable operation of
existing bulk-power system facilities, including
cybersecurity protection, and the design of planned
additions or modifications to such facilities to the
extent necessary to provide for reliable operation of
the Bulk-Power System. However, the term does not
include any requirement to enlarge such facilities
or to construct new transmission capacity or
generation capacity.
4 Rules Concerning Certification of the Elec.
Reliability Org.; and Procedures for the
Establishment, Approval, and Enf’t of Elec.
Reliability Standards, Order No. 672, 71 FR 8661
(Feb. 17, 2006), 114 FERC ¶ 61,104, order on reh’g,
Order No. 672–A, 71 FR 19814 (Apr. 28, 2006), 114
FERC ¶ 61,328 (2006).
5 NERC uses the term ‘‘registered entity’’ to
identify users, owners, and operators of the BulkPower System responsible for performing specified
reliability functions with respect to NERC
Reliability Standards. See, e.g., Version 4 Critical
Infrastructure Protection Reliability Standards,
Order No. 761, 77 FR 24594 (Apr. 25, 2012), 139
FERC ¶ 61,058, at P 46, order denying clarification
and reh’g, 140 FERC ¶ 61,109 (2012). Within the
NERC Reliability Standards are various subsets of
entities responsible for performing various specified
reliability functions. We collectively refer to these
as ‘‘entities.’’
6 NERC defines BES Cyber System as ‘‘[o]ne or
more BES Cyber Assets logically grouped by a
responsible entity to perform one or more reliability
tasks for a functional entity.’’ NERC, Glossary of
Terms Used in NERC Reliability Standards, at 5
(2020), Glossary_of_Terms.pdf (nerc.com) . NERC
defines BES Cyber Asset as A Cyber Asset that if
rendered unavailable, degraded, or misused would,
within 15 minutes of its required operation, misoperation, or non-operation, adversely impact one
or more Facilities, systems, or equipment, which, if
destroyed, degraded, or otherwise rendered
unavailable when needed, would affect the reliable
operation of the Bulk Electric System. Redundancy
of affected Facilities, systems, and equipment shall
not be considered when determining adverse
impact. Each BES Cyber Asset is included in one
or more BES Cyber Systems. Id. at 4.
E:\FR\FM\20AUN1.SGM
20AUN1
67433
Federal Register / Vol. 89, No. 161 / Tuesday, August 20, 2024 / Notices
compliance, instead leaving it up to the
entity to decide how best to comply.
The Commission has approved
multiple versions of the CIP Reliability
Standards submitted by NERC, partly to
address the evolving nature of cyberrelated threats to the Bulk-Power
System. High impact systems include
large control centers. Medium impact
systems include smaller control centers,
ultra-high voltage transmission lines,
large substations, and generating
facilities. The remainder of the BES
Cyber Systems are categorized as low
impact systems. Most requirements in
the CIP Reliability Standards apply to
high and medium impact systems;
however, a technical controls
requirement in Reliability standard CIP–
012, described below, applies to all
(low, medium and high) impact Control
Centers.
The FERC–725B information
collection requirements are subject to
review by the Office of Management and
Budget (OMB) under section 3507(d) of
the Paperwork Reduction Act of 1995.7
OMB’s regulations require approval of
certain information collection
requirements imposed by agency rules.8
Upon approval of a collection of
information, OMB will assign an OMB
control number and expiration date.
Respondents subject to the filing
requirements will not be penalized for
failing to respond to these collections of
information unless the collections of
information display a valid OMB
control number. The Commission
solicits comments on the Commission’s
need for this information, whether the
information will have practical utility,
the accuracy of the burden estimates,
ways to enhance the quality, utility, and
clarity of the information to be collected
or retained, and any suggested methods
for minimizing respondents’ burden,
including the use of automated
information techniques.
Reliability Standard CIP–012–2—
Communications between Control
Centers: requires entities to protect the
confidentiality, integrity, and
availability and integrity of data
transmitted between Control Centers
that could lead to mis-operation or
instability on the Bulk-Power System.
Specifically, the Reliability Standard
CIP–012–2 is revised to add
requirements for entities to provide
protections of the availability of
communication links and sensitive data
transmitted between BES Control
Centers. It is part of the implementation
of the Congressional mandate of the
Energy Policy Act of 2005 to develop
mandatory and enforceable Reliability
Standards to better ensure the reliability
of the nation’s Bulk-Power System.
Type of Respondents: Business or
other for profit, and not for profit
institutions.
Estimate of Annual Burden: 9 The
Commission bases its paperwork burden
estimates on the changes in paperwork
burden presented by the proposed
revision to CIP Reliability Standard
CIP–012–2 as compared to the current
Commission-approved Reliability
Standard CIP–012–1. As discussed
above, the immediate order addresses
the area of modification to the CIP
Reliability Standards: modifications to
provide protections of the availability of
communication links and sensitive data
transmitted between BES Control
Centers.
The CIP Reliability Standards, viewed
as a whole, implement a defense-indepth approach to protecting the
security of BES Cyber Systems at all
impact levels.10 The CIP Reliability
Standards are objective-based and allow
entities to choose compliance
approaches best tailored to their
systems.11 The NERC Compliance
Registry, as of March 15, 2024, identifies
approximately 1,610 unique U.S.
entities that are subject to mandatory
compliance with CIP Reliability
Standards. Of this total, we estimate that
730 entities will face an increased
paperwork burden under proposed
Reliability Standard CIP–012–2. Based
on these assumptions, we estimate the
following reporting burdens:
khammond on DSKJM1Z7X2PROD with NOTICES
FERC–725B, MODIFICATIONS IN DOCKET NO. RD24–3–000
Number of
respondents
Number of
responses 12
per respondent
Total number
of responses
Average burden hrs. &
cost per response 13
Total annual burden hours &
total annual cost
(1)
(2)
(1) × (2) = (3)
(4)
(3) × (4) = 5
730
1
730
42 hrs.; $4,493.16 ......
30,660 hrs.; $3,280,006.80.
730
1
730
20 hrs.; $2,139.60 ......
14,600 hrs.; $1,561,908.
730
1
730
60 hrs.; $6,418.80 ......
43,800 hrs.; $4,685,724.
730
1
730
100 hrs.; $10,698 .......
73,000 hrs.; $7,809,540.
730
1
730
50 hrs.; $5,349 ...........
36,500 hrs.; $3,904,770.
730
1
730
50 hrs.; $5,349 ...........
36,500 hrs.; $3,904,770.
730
1
730
1 hr.; $106.98 .............
730 hrs.; $78,095.40.
Total (one-time, in Year 1) .........................................
....................
..........................
4,380
.....................................
235,060 hrs.;
$25,146,718.80.
Total (ongoing, starting in Year 2) ..............................
....................
..........................
730
.....................................
730 hrs.; $78,095.40.
Implementation of Documented Plan(s) (Requirement
R1) 14.
Document Identification of methods to mitigate the risk(s)
posed by unauthorized disclosure and unauthorized
modification (Requirement R1.1) 14.
Document Identification of methods to mitigate the risk(s)
posed by loss of the ability to communicate (Requirement R1.2) 14.
Document Identification of methods to use to initiate the
recovery of communication links (Requirement R1.3) 14.
Document Identification of where the implemented method(s) as required in Parts 1.1 and 1.2 (Requirement
R1.4) 12.
Document identification of the responsibilities of each
Responsible Entity (if not owned by same Responsible
Entity) required in Parts 1.1, 1.2 and 1.3 (Requirement
R1.5) 14.
Maintaining Compliance (ongoing, starting in Year 2) ......
7 44
U.S.C. 3507(d) (2012).
CFR 1320.11 (2017).
9 ‘‘Burden’’ is the total time, effort, or financial
resources expended by persons to generate,
maintain, retain, or disclose or provide information
85
VerDate Sep<11>2014
17:24 Aug 19, 2024
Jkt 262001
to or for a Federal agency. For further explanation
of what is included in the information collection
burden, refer to 5 CFR 1320.3.
10 Order No. 822, 154 FERC ¶ 61,037 at 32.
PO 00000
Frm 00027
Fmt 4703
Sfmt 4703
11 Mandatory Reliability Standards for Critical
Infrastructure Protection, Order No. 706, 73 FR
7368 (Feb. 7, 2008), 122 FERC ¶ 61,040, at P 72
(2008); order on reh’g, Order No. 706–A, 123 FERC
¶ 61,174 (2008); order on clarification, Order No.
706–B, 126 FERC ¶ 61,229 (2009).
E:\FR\FM\20AUN1.SGM
20AUN1
67434
Federal Register / Vol. 89, No. 161 / Tuesday, August 20, 2024 / Notices
1. The one-time burden (in Year 1) for
the FERC–725B information collection
will be averaged over three years:
• 235,060 hours ÷ 3 = 78,353
(rounded) hours/year over Years 1–3.
• The number of one-time responses
for the FERC–725B information
collection is also averaged over Years 1–
3: 4,380 responses ÷ 3 = 1,460
responses/year.
2. The average annual number (for
Years 1–3) of responses and burden for
one-time and ongoing burden will total:
• 2,190 responses [1,460 responses
(one-time) + 730 responses (ongoing)].
• 79,083 burden hours [78,353 hours
(one-time) + 730 hours (ongoing)].
Comments: Comments are invited on:
(1) whether the collection of
information is necessary for the proper
performance of the functions of the
Commission, including whether the
information will have practical utility;
(2) the accuracy of the agency’s estimate
of the burden and cost of the collection
of information, including the validity of
the methodology and assumptions used;
(3) ways to enhance the quality, utility
and clarity of the information collection;
and (4) ways to minimize the burden of
the collection of information on those
who are to respond, including the use
of automated collection techniques or
other forms of information technology.
Dated: August 14, 2024.
Debbie-Anne A. Reese,
Acting Secretary.
[FR Doc. 2024–18641 Filed 8–19–24; 8:45 am]
khammond on DSKJM1Z7X2PROD with NOTICES
BILLING CODE 6717–01–P
12 We consider the filing of an application to be
a ‘‘response.’’
13 The hourly cost for wages plus benefits is based
on the average of the occupational categories for
2024 found on the Bureau of Labor Statistics
website (https://www.bls.gov/oes/current/naics2_
22.htm):
Information Security Analysts (Occupation Code:
15–1212): $80.62.
Computer and Mathematical (Occupation Code:
15–0000): $74.16.
Legal (Occupation Code: 23–0000): $160.24.
Computer and Information Systems Managers
(Occupation Code: 11–3021): $112.88.
These various occupational categories’ wage
figures are averaged as follows: $80.62/hour +
$74.16/hour + $160.24/hour + $112.88/hour) ÷ 4 =
$106.975/hour ($106.98 rounded). The resulting
wage figure is rounded to $106.98/hour for use in
calculating wage figures in the Final Rule in Docket
No. RD24–3–000.
14 This includes the record retention costs for the
one-time and the on-going reporting documents.
VerDate Sep<11>2014
17:24 Aug 19, 2024
Jkt 262001
DEPARTMENT OF ENERGY
Federal Energy Regulatory
Commission
[Project No. 15000–003]
Erie Boulevard Hydropower, L.P.;
Notice of Settlement Agreement and
Soliciting Comments
Take notice that the following
settlement agreement has been filed
with the Commission and is available
for public inspection.
a. Type of Application: Settlement
Agreement.
b. Project No.: 15000–003.
c. Date Filed: August 9, 2024.
d. Applicant: Erie Boulevard
Hydropower, L.P. (Erie).
e. Name of Project: Franklin Falls
Hydroelectric Project (project).
f. Location: The existing project is
located on the Saranac River, in Essex
and Franklin counties, New York.
g. Filed Pursuant to: Rule 602 of the
Commission’s Rules of Practice and
Procedure, 18 CFR 385.602.
h. Applicant Contact: Steven Murphy,
Director, U.S. Licensing, Erie Boulevard
Hydropower, L.P., 33 West 1st Street
South, Fulton, New York 13069;
telephone at (315) 598–6130; email at
steven.murphy@
brookfieldrenewable.com.
i. FERC Contact: Joshua Dub, Project
Coordinator, Great Lakes Branch,
Division of Hydropower Licensing;
telephone at (202) 502–8138; email at
Joshua.Dub@FERC.gov.
j. Deadline for filing comments:
September 13, 2024. Reply comments
due: September 28, 2024.
The Commission strongly encourages
electronic filing. Please file comments
using the Commission’s eFiling system
at https://ferconline.ferc.gov/FERC
Online.aspx. Commenters can submit
brief comments up to 6,000 characters,
without prior registration, using the
eComment system at https://ferc
online.ferc.gov/QuickComment.aspx.
You must include your name and
contact information at the end of your
comments. For assistance, please
contact FERC Online Support at
FERCOnlineSupport@ferc.gov, (866)
208–3676 (toll free), or (202) 502–8659
(TTY). In lieu of electronic filing, you
may submit a paper copy. Submissions
sent via the U.S. Postal Service must be
addressed to: Debbie Anne A. Reese,
Acting Secretary, Federal Energy
Regulatory Commission, 888 First Street
NE, Room 1A, Washington, DC 20426.
Submissions sent via any other carrier
must be addressed to: Debbie-Anne A.
Reese, Acting Secretary, Federal Energy
Regulatory Commission, 12225 Wilkins
PO 00000
Frm 00028
Fmt 4703
Sfmt 4703
Avenue, Rockville, MD 20852. All
filings must clearly identify the project
name and docket number on the first
page: Franklin Falls Hydroelectric
Project (P–15000–003).
The Commission’s Rules of Practice
require all intervenors filing documents
with the Commission to serve a copy of
that document on each person on the
official service list for the project.
Further, if an intervenor files comments
or documents with the Commission
relating to the merits of an issue that
may affect the responsibilities of a
particular resource agency, they must
also serve a copy of the document on
that resource agency.
k. Erie filed a Settlement Agreement
for the project’s relicense proceeding, on
behalf of itself, the U.S. Fish and
Wildlife Service, the New York State
Department of Environmental
Conservation, and New York Trout
Unlimited. The purpose of the
Settlement Agreement is to resolve,
among the signatories, relicensing issues
related to project operation, water
quality, fisheries, wildlife, and
recreation. The Settlement Agreement
includes proposed protection,
mitigation, and enhancement measures
to address: (1) modified run-of-river
operation; (2) impoundment surface
elevations; (3) minimum bypassed reach
and downstream flows; (4) operation
compliance and monitoring; (5)
impoundment drawdowns; (6) fish
exclusion and conveyance; (7) project
recreation; (8) bald eagle protection; and
(9) invasive species management. Erie
requests that any new license issued by
the commission for the project contain
conditions consistent with the
provisions of the Settlement Agreement
and within the scope of its regulatory
authority.
l. A copy of the Settlement Agreement
is available for review on the
Commission’s website at https://
www.ferc.gov using the ‘‘eLibrary’’ link.
Enter the docket number, excluding the
last three digits in the docket number
field, to access the document (i.e., P–
15000). For assistance, contact FERC at
FERCOnlineSupport@ferc.gov or call
toll free, (886) 208–3676 or TTY (202)
502–8659.
You may also register online at
https://www.ferc.gov/ferc-online/
overview to be notified via email of new
filings and issuances related to this or
other pending projects. For assistance,
contact FERC Online Support.
m. The Commission’s Office of Public
Participation (OPP) supports meaningful
public engagement and participation in
Commission proceedings. OPP can help
members of the public, including
landowners, environmental justice
E:\FR\FM\20AUN1.SGM
20AUN1
]]>Agencies
[Federal Register Volume 89, Number 161 (Tuesday, August 20, 2024)]
[Notices]
[Pages 67432-67434]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2024-18641]
-----------------------------------------------------------------------
DEPARTMENT OF ENERGY
Federal Energy Regulatory Commission
[Docket No. RD24-3-000]
Commission Information Collection Activities (FERC-725B); Comment
Request; Extension
AGENCY: Federal Energy Regulatory Commission.
ACTION: Notice of information collection and request for comments.
-----------------------------------------------------------------------
SUMMARY: In compliance with the requirements of the Paperwork Reduction
Act of 1995, the Federal Energy Regulatory Commission (Commission or
FERC) is soliciting public comment on the currently approved
information collection, FERC-725B, Mandatory Reliability Standards,
Critical Infrastructure Protection (CIP) (Update for CIP-012-1 to
version CIP-012-02) Cyber Security--Communications between Control
Centers. The 60-day notice comment period ended on July 23, 2024, with
no comments received.
DATES: Comments on the collection of information are due September 19,
2024.
ADDRESSES: Send written comments on FERC-725B (1902-0248) to OMB
through www.reginfo.gov/public/do/PRAMain. Attention: Federal Energy
Regulatory Commission Desk Officer. Please identify the OMB Control
Numbers in the subject line of your comments. Comments should be sent
within 30 days of publication of this notice to www.reginfo.gov/public/do/PRAMain.
Please submit copies of your comments to the Commission. You may
submit copies of your comments (identified by Docket No. RD24-3-000) by
one of the following methods:
Electronic filing through https://www.ferc.gov, is preferred.
Electronic Filing: Documents must be filed in acceptable
native applications and print-to-PDF, but not in scanned or picture
format.
For those unable to file electronically, comments may be
filed by USPS mail or by hand (including courier) delivery.
[cir] Mail via U.S. Postal Service Only: Addressed to: Federal
Energy Regulatory Commission, Secretary of the Commission, 888 First
Street NE, Washington, DC 20426.
[cir] Hand (including courier) delivery: Deliver to: Federal Energy
Regulatory Commission, Secretary of the Commission, 12225 Wilkins
Avenue, Rockville, MD 20852.
Instructions: OMB submissions must be formatted and filed in
accordance with submission guidelines at www.reginfo.gov/public/do/PRAMain. Using the search function under the ``Currently Under Review''
field, select Federal Energy Regulatory Commission; click ``submit,''
and select ``comment'' to the right of the subject collection. FERC
submissions must be formatted and filed in accordance with submission
guidelines at: https://www.ferc.gov. For user assistance, contact FERC
Online Support by email at [email protected], or by phone at:
(866) 208-3676 (toll-free).
Docket: Users interested in receiving automatic notification of
activity in this docket or in viewing/downloading comments and
issuances in this docket may do so at https://www.ferc.gov/ferc-online/overview.
FOR FURTHER INFORMATION CONTACT: Kayla Williams may be reached by email
at [email protected], telephone at (202) 502-6468.
SUPPLEMENTARY INFORMATION:
Title: FERC-725B, Mandatory Reliability Standards, Critical
Infrastructure Protection (CIP) (Update to CIP-012-2).
OMB Control No.: 1902-0248.
Type of Request: Revision of a currently approved FERC-725B
information collection requirements with changes to the reporting
requirements.
Abstract: On August 8, 2005, Congress enacted the Energy Policy Act
of 2005.\1\ The Energy Policy Act of 2005 added a new section 215 to
the Federal Power Act (FPA),\2\ which requires a Commission-certified
Electric Reliability Organization to develop mandatory and enforceable
Reliability Standards,\3\ including requirements for cybersecurity
protection, which are subject to Commission review and approval. Once
approved, the Reliability Standards may be enforced by the Electric
Reliability Organization subject to Commission oversight, or the
Commission can independently enforce Reliability Standards.
---------------------------------------------------------------------------
\1\ Energy Policy Act of 2005, Public Law 109-58, sec. 1261 et
seq., 119 Stat. 594 (2005).
\2\ 16 U.S.C. 824o.
\3\ Section 215 of the FPA defines Reliability Standard as a
requirement, approved by the Commission, to provide for reliable
operation of existing bulk-power system facilities, including
cybersecurity protection, and the design of planned additions or
modifications to such facilities to the extent necessary to provide
for reliable operation of the Bulk-Power System. However, the term
does not include any requirement to enlarge such facilities or to
construct new transmission capacity or generation capacity.
---------------------------------------------------------------------------
On February 3, 2006, the Commission issued Order No. 672,\4\
implementing FPA Section 215. The Commission subsequently certified the
North American Electric Reliability Corporation (NERC) as the Electric
Reliability Organization. The Reliability Standards developed by NERC
become mandatory and enforceable after Commission approval and apply to
users, owners, and operators of the Bulk-Power System, as set forth in
each Reliability Standard.\5\ The CIP Reliability Standards require
entities to comply with specific requirements to safeguard bulk
electric system (BES) Cyber Systems \6\ and their associated BES Cyber
Assets. These standards are results-based and do not specify a
technology or method to achieve
[[Page 67433]]
compliance, instead leaving it up to the entity to decide how best to
comply.
---------------------------------------------------------------------------
\4\ Rules Concerning Certification of the Elec. Reliability
Org.; and Procedures for the Establishment, Approval, and Enf't of
Elec. Reliability Standards, Order No. 672, 71 FR 8661 (Feb. 17,
2006), 114 FERC ] 61,104, order on reh'g, Order No. 672-A, 71 FR
19814 (Apr. 28, 2006), 114 FERC ] 61,328 (2006).
\5\ NERC uses the term ``registered entity'' to identify users,
owners, and operators of the Bulk-Power System responsible for
performing specified reliability functions with respect to NERC
Reliability Standards. See, e.g., Version 4 Critical Infrastructure
Protection Reliability Standards, Order No. 761, 77 FR 24594 (Apr.
25, 2012), 139 FERC ] 61,058, at P 46, order denying clarification
and reh'g, 140 FERC ] 61,109 (2012). Within the NERC Reliability
Standards are various subsets of entities responsible for performing
various specified reliability functions. We collectively refer to
these as ``entities.''
\6\ NERC defines BES Cyber System as ``[o]ne or more BES Cyber
Assets logically grouped by a responsible entity to perform one or
more reliability tasks for a functional entity.'' NERC, Glossary of
Terms Used in NERC Reliability Standards, at 5 (2020),
Glossary_of_Terms.pdf (nerc.com) . NERC defines BES Cyber Asset as A
Cyber Asset that if rendered unavailable, degraded, or misused
would, within 15 minutes of its required operation, mis-operation,
or non-operation, adversely impact one or more Facilities, systems,
or equipment, which, if destroyed, degraded, or otherwise rendered
unavailable when needed, would affect the reliable operation of the
Bulk Electric System. Redundancy of affected Facilities, systems,
and equipment shall not be considered when determining adverse
impact. Each BES Cyber Asset is included in one or more BES Cyber
Systems. Id. at 4.
---------------------------------------------------------------------------
The Commission has approved multiple versions of the CIP
Reliability Standards submitted by NERC, partly to address the evolving
nature of cyber-related threats to the Bulk-Power System. High impact
systems include large control centers. Medium impact systems include
smaller control centers, ultra-high voltage transmission lines, large
substations, and generating facilities. The remainder of the BES Cyber
Systems are categorized as low impact systems. Most requirements in the
CIP Reliability Standards apply to high and medium impact systems;
however, a technical controls requirement in Reliability standard CIP-
012, described below, applies to all (low, medium and high) impact
Control Centers.
The FERC-725B information collection requirements are subject to
review by the Office of Management and Budget (OMB) under section
3507(d) of the Paperwork Reduction Act of 1995.\7\ OMB's regulations
require approval of certain information collection requirements imposed
by agency rules.\8\ Upon approval of a collection of information, OMB
will assign an OMB control number and expiration date. Respondents
subject to the filing requirements will not be penalized for failing to
respond to these collections of information unless the collections of
information display a valid OMB control number. The Commission solicits
comments on the Commission's need for this information, whether the
information will have practical utility, the accuracy of the burden
estimates, ways to enhance the quality, utility, and clarity of the
information to be collected or retained, and any suggested methods for
minimizing respondents' burden, including the use of automated
information techniques.
---------------------------------------------------------------------------
\7\ 44 U.S.C. 3507(d) (2012).
\8\ 5 CFR 1320.11 (2017).
---------------------------------------------------------------------------
Reliability Standard CIP-012-2--Communications between Control
Centers: requires entities to protect the confidentiality, integrity,
and availability and integrity of data transmitted between Control
Centers that could lead to mis-operation or instability on the Bulk-
Power System. Specifically, the Reliability Standard CIP-012-2 is
revised to add requirements for entities to provide protections of the
availability of communication links and sensitive data transmitted
between BES Control Centers. It is part of the implementation of the
Congressional mandate of the Energy Policy Act of 2005 to develop
mandatory and enforceable Reliability Standards to better ensure the
reliability of the nation's Bulk-Power System.
Type of Respondents: Business or other for profit, and not for
profit institutions.
Estimate of Annual Burden: \9\ The Commission bases its paperwork
burden estimates on the changes in paperwork burden presented by the
proposed revision to CIP Reliability Standard CIP-012-2 as compared to
the current Commission-approved Reliability Standard CIP-012-1. As
discussed above, the immediate order addresses the area of modification
to the CIP Reliability Standards: modifications to provide protections
of the availability of communication links and sensitive data
transmitted between BES Control Centers.
---------------------------------------------------------------------------
\9\ ``Burden'' is the total time, effort, or financial resources
expended by persons to generate, maintain, retain, or disclose or
provide information to or for a Federal agency. For further
explanation of what is included in the information collection
burden, refer to 5 CFR 1320.3.
---------------------------------------------------------------------------
The CIP Reliability Standards, viewed as a whole, implement a
defense-in-depth approach to protecting the security of BES Cyber
Systems at all impact levels.\10\ The CIP Reliability Standards are
objective-based and allow entities to choose compliance approaches best
tailored to their systems.\11\ The NERC Compliance Registry, as of
March 15, 2024, identifies approximately 1,610 unique U.S. entities
that are subject to mandatory compliance with CIP Reliability
Standards. Of this total, we estimate that 730 entities will face an
increased paperwork burden under proposed Reliability Standard CIP-012-
2. Based on these assumptions, we estimate the following reporting
burdens:
---------------------------------------------------------------------------
\10\ Order No. 822, 154 FERC ] 61,037 at 32.
\11\ Mandatory Reliability Standards for Critical Infrastructure
Protection, Order No. 706, 73 FR 7368 (Feb. 7, 2008), 122 FERC ]
61,040, at P 72 (2008); order on reh'g, Order No. 706-A, 123 FERC ]
61,174 (2008); order on clarification, Order No. 706-B, 126 FERC ]
61,229 (2009).
FERC-725B, Modifications in Docket No. RD24-3-000
----------------------------------------------------------------------------------------------------------------
Total annual
Number of Number of Total number of Average burden burden hours &
respondents responses \12\ responses hrs. & cost per total annual
per respondent response \13\ cost
(1) (2) (1) x (2) = (3) (4)............. (3) x (4) = 5
----------------------------------------------------------------------------------------------------------------
Implementation of Documented 730 1 730 42 hrs.; 30,660 hrs.;
Plan(s) (Requirement R1) $4,493.16. $3,280,006.80.
\14\.
Document Identification of 730 1 730 20 hrs.; 14,600 hrs.;
methods to mitigate the $2,139.60. $1,561,908.
risk(s) posed by
unauthorized disclosure and
unauthorized modification
(Requirement R1.1) \14\.
Document Identification of 730 1 730 60 hrs.; 43,800 hrs.;
methods to mitigate the $6,418.80. $4,685,724.
risk(s) posed by loss of the
ability to communicate
(Requirement R1.2) \14\.
Document Identification of 730 1 730 100 hrs.; 73,000 hrs.;
methods to use to initiate $10,698. $7,809,540.
the recovery of
communication links
(Requirement R1.3) \14\.
Document Identification of 730 1 730 50 hrs.; $5,349. 36,500 hrs.;
where the implemented $3,904,770.
method(s) as required in
Parts 1.1 and 1.2
(Requirement R1.4) \12\.
Document identification of 730 1 730 50 hrs.; $5,349. 36,500 hrs.;
the responsibilities of each $3,904,770.
Responsible Entity (if not
owned by same Responsible
Entity) required in Parts
1.1, 1.2 and 1.3
(Requirement R1.5) \14\.
Maintaining Compliance 730 1 730 1 hr.; $106.98.. 730 hrs.;
(ongoing, starting in Year $78,095.40.
2).
----------------------------------------------------------------------------------------------------------------
Total (one-time, in Year ........... ............... 4,380 ................ 235,060 hrs.;
1). $25,146,718.80.
----------------------------------------------------------------------------------
Total (ongoing, starting ........... ............... 730 ................ 730 hrs.;
in Year 2). $78,095.40.
----------------------------------------------------------------------------------------------------------------
[[Page 67434]]
1. The one-time burden (in Year 1) for the FERC-725B information
collection will be averaged over three years:
---------------------------------------------------------------------------
\12\ We consider the filing of an application to be a
``response.''
\13\ The hourly cost for wages plus benefits is based on the
average of the occupational categories for 2024 found on the Bureau
of Labor Statistics website (https://www.bls.gov/oes/current/naics2_22.htm):
Information Security Analysts (Occupation Code: 15-1212):
$80.62.
Computer and Mathematical (Occupation Code: 15-0000): $74.16.
Legal (Occupation Code: 23-0000): $160.24.
Computer and Information Systems Managers (Occupation Code: 11-
3021): $112.88.
These various occupational categories' wage figures are averaged
as follows: $80.62/hour + $74.16/hour + $160.24/hour + $112.88/hour)
/ 4 = $106.975/hour ($106.98 rounded). The resulting wage figure is
rounded to $106.98/hour for use in calculating wage figures in the
Final Rule in Docket No. RD24-3-000.
\14\ This includes the record retention costs for the one-time
and the on-going reporting documents.
---------------------------------------------------------------------------
235,060 hours / 3 = 78,353 (rounded) hours/year over Years
1-3.
The number of one-time responses for the FERC-725B
information collection is also averaged over Years 1-3: 4,380 responses
/ 3 = 1,460 responses/year.
2. The average annual number (for Years 1-3) of responses and
burden for one-time and ongoing burden will total:
2,190 responses [1,460 responses (one-time) + 730
responses (ongoing)].
79,083 burden hours [78,353 hours (one-time) + 730 hours
(ongoing)].
Comments: Comments are invited on: (1) whether the collection of
information is necessary for the proper performance of the functions of
the Commission, including whether the information will have practical
utility; (2) the accuracy of the agency's estimate of the burden and
cost of the collection of information, including the validity of the
methodology and assumptions used; (3) ways to enhance the quality,
utility and clarity of the information collection; and (4) ways to
minimize the burden of the collection of information on those who are
to respond, including the use of automated collection techniques or
other forms of information technology.
Dated: August 14, 2024.
Debbie-Anne A. Reese,
Acting Secretary.
[FR Doc. 2024-18641 Filed 8-19-24; 8:45 am]
BILLING CODE 6717-01-P
