Commission Information Collection Activities (Ferc-725b) Comment Request; Extension

CourtFederal Energy Regulatory Commission
Citation86 FR 51131
Publication Date14 Sep 2021
Record Number2021-19784
51131
Federal Register / Vol. 86, No. 175 / Tuesday, September 14, 2021 / Notices
1
Energy Policy Act of 2005, Public Law 109–58,
sec. 1261 et seq., 119 Stat. 594 (2005).
2
16 U.S.C. 824o.
3
FPA section 215 defines Reliability Standard as
a requirement, approved by the Commission, to
provide for reliable operation of existing bulk-
power system facilities, including cybersecurity
protection, and the design of planned additions or
modifications to such facilities to the extent
necessary to provide for reliable operation of the
Bulk-Power System. However, the term does not
include any requirement to enlarge such facilities
or to construct new transmission capacity or
generation capacity. Id. at 824o(a)(3).
4
Rules Concerning Certification of the Elec.
Reliability Org.; and Procedures for the
Establishment, Approval, and Enf’t of Elec.
Reliability Standards, Order No. 672, 71 FR 8661
(Feb. 17, 2006), 114 FERC ¶61,104, order on reh’g,
Order No. 672–A, 71 FR 19814 (Apr. 28, 2006), 114
FERC ¶61,328 (2006).
5
NERC uses the term ‘‘registered entity’’ to
identify users, owners, and operators of the Bulk-
Power System responsible for performing specified
reliability functions with respect to NERC
Reliability Standards. See, e.g., Version 4 Critical
Infrastructure Protection Reliability Standards,
Order No. 761, 77 FR 24594 (Apr. 25, 2012), 139
FERC ¶61,058, at P 46, order denying clarification
and reh’g, 140 FERC ¶61,109 (2012). Within the
NERC Reliability Standards are various subsets of
entities responsible for performing various specified
reliability functions. We collectively refer to these
as ‘‘entities.’’
6
Order No. 706, 122 FERC ¶61,040 at P 1.
(8) Annual Estimated Reporting and
Recordkeeping Cost Burden:
$58,115,655.
Statutory Authority: 42 U.S.C. 2201.
Signing Authority
This document of the Department of
Energy was signed on August 26, 2021,
by John R. Bashista, Director, Office of
Acquisition Management and Senior
Procurement Executive, pursuant to
delegated authority from the Secretary
of Energy. That document with the
original signature and date is
maintained by DOE. For administrative
purposes only, and in compliance with
requirements of the Office of the Federal
Register, the undersigned DOE Federal
Register Liaison Officer has been
authorized to sign and submit the
document in electronic format for
publication, as an official document of
the Department of Energy. This
administrative process in no way alters
the legal effect of this document upon
publication in the Federal Register.
Signed in Washington, DC, on September
8, 2021.
Treena V. Garrett,
Federal Register Liaison Officer, U.S.
Department of Energy.
[FR Doc. 2021–19731 Filed 9–13–21; 8:45 am]
BILLING CODE 6450–01–P
DEPARTMENT OF ENERGY
Federal Energy Regulatory
Commission
[Docket No. IC21–26–000]
Commission Information Collection
Activities (Ferc–725b) Comment
Request; Extension
AGENCY
: Federal Energy Regulatory
Commission.
ACTION
: Notice of information collection
and request for comments.
SUMMARY
: In compliance with the
requirements of the Paperwork
Reduction Act of 1995, the Federal
Energy Regulatory Commission
(Commission or FERC) is soliciting
public comment on the currently
approved information collection, FERC–
725B, (Mandatory Reliability Standards,
Critical Infrastructure Protection (CIP),
which will be submitted to the Office of
Management and Budget (OMB) for
review.
DATES
: Comments on the collection of
information are due October 14, 2021.
ADDRESSES
: Send written comments on
FERC–725B to OMB through
www.reginfo.gov/public/do/PRAMain.
Attention: Federal Energy Regulatory
Commission Desk Officer. Please
identify the OMB Control Number
(1902–0248) in the subject line of your
comments. Comments should be sent
within 30 days of publication of this
notice to www.reginfo.gov/public/do/
PRAMain.
Please submit copies of your
comments to the Commission. You may
submit copies of your comments
(identified by Docket No. IC21–26–000)
by one of the following methods:
Electronic filing through http://
www.ferc.gov, is preferred.
Electronic Filing: Documents must
be filed in acceptable native
applications and print-to-PDF, but not
in scanned or picture format.
For those unable to file
electronically, comments may be filed
by USPS mail or by hand (including
courier) delivery.
ÆMail via U.S. Postal Service Only:
Addressed to: Federal Energy
Regulatory Commission, Secretary of the
Commission, 888 First Street NE,
Washington, DC 20426.
ÆHand (including courier) Delivery:
Deliver to: Federal Energy Regulatory
Commission, 12225 Wilkins Avenue,
Rockville, MD 20852.
Instructions: OMB submissions must
be formatted and filed in accordance
with submission guidelines at
www.reginfo.gov/public/do/PRAMain.
Using the search function under the
‘‘Currently Under Review’’ field, select
Federal Energy Regulatory Commission;
click ‘‘submit,’’ and select ‘‘comment’’
to the right of the subject collection.
FERC submissions must be formatted
and filed in accordance with submission
guidelines at: http://www.ferc.gov. For
user assistance, contact FERC Online
Support by email at ferconlinesupport@
ferc.gov, or by phone at: (866) 208–3676
(toll-free).
Docket: Users interested in receiving
automatic notification of activity in this
docket or in viewing/downloading
comments and issuances in this docket
may do so at https://www.ferc.gov/ferc-
online/overview.
FOR FURTHER INFORMATION CONTACT
:
Ellen Brown may be reached by email
at DataClearance@FERC.gov, telephone
at (202) 502–8663.
SUPPLEMENTARY INFORMATION
:
Title: FERC–725B (Mandatory
Reliability Standards, Critical
Infrastructure Protection (CIP)).
OMB Control No.: 1902–0248.
Type of Request: Three-year extension
of the FERC–725B information
collection requirements with no changes
to the reporting requirements.
Abstract: On August 8, 2005, Congress
enacted the Energy Policy Act of 2005.
1
The Energy Policy Act of 2005 added a
new section 215 to the FPA,
2
which
requires a Commission-certified Electric
Reliability Organization to develop
mandatory and enforceable Reliability
Standards,
3
including requirements for
cybersecurity protection, which are
subject to Commission review and
approval. Once approved, the Reliability
Standards may be enforced by the
Electric Reliability Organization subject
to Commission oversight, or the
Commission can independently enforce
Reliability Standards.
On February 3, 2006, the Commission
issued Order No. 672,
4
implementing
FPA section 215. The Commission
subsequently certified NERC as the
Electric Reliability Organization. The
Reliability Standards developed by
NERC become mandatory and
enforceable after Commission approval
and apply to users, owners, and
operators of the Bulk-Power System, as
set forth in each Reliability Standard.
5
The CIP Reliability Standards require
entities to comply with specific
requirements to safeguard critical cyber
assets. These standards are results-based
and do not specify a technology or
method to achieve compliance, instead
leaving it up to the entity to decide how
best to comply.
On January 18, 2008, the Commission
issued Order No. 706,
6
approving the
initial eight CIP Reliability Standards,
CIP version 1 Standards, submitted by
VerDate Sep<11>2014 21:55 Sep 13, 2021 Jkt 253001 PO 00000 Frm 00034 Fmt 4703 Sfmt 4703 E:\FR\FM\14SEN1.SGM 14SEN1
tkelley on DSK125TN23PROD with NOTICES
51132
Federal Register / Vol. 86, No. 175 / Tuesday, September 14, 2021 / Notices
7
Version 5 Critical Infrastructure Protection
Reliability Standards, Order No. 791, 78 FR 72755
(Dec. 13, 2013), 145 FERC ¶61,160 (2013), order on
reh’g, Order No. 791–A, 146 FERC ¶61,188 (2014).
8
In general, NERC defines BES to include all
Transmission Elements operated at 100 kV or
higher and Real Power and Reactive Power
resources connected at 100 kV or higher. This does
not include facilities used in the local distribution
of electric energy. See NERC, Bulk Electric System
Definition Reference Document, Version 3, at page
iii (August 2018). In Order No. 693, the Commission
found that NERC’s definition of BES is narrower
than the statutory definition of Bulk-Power System.
The Commission decided to rely on the NERC
definition of BES to provide certainty regarding the
applicability of Reliability Standards to specific
entities. See Mandatory Reliability Standards for
the Bulk-Power System, Order No. 693, 72 FR 16415
(Apr. 4, 2007), 118 FERC ¶61,218, at PP 75, 79, 491,
order on reh’g, Order No. 693–A, 72 FR 49717 (July
25, 2007), 120 FERC ¶61,053 (2007).
9
NERC defines BES Cyber System as ‘‘[o]ne or
more BES Cyber Assets logically grouped by a
responsible entity to perform one or more reliability
tasks for a functional entity.’’ NERC, Glossary of
Terms Used in NERC Reliability Standards, at 5
(2020), https://www.nerc.com/files/glossary_of_
terms.pdf (NERC Glossary of Terms). NERC defines
BES Cyber Asset as
A Cyber Asset that if rendered unavailable,
degraded, or misused would, within 15 minutes of
its required operation, mis-operation, or non-
operation, adversely impact one or more Facilities,
systems, or equipment, which, if destroyed,
degraded, or otherwise rendered unavailable when
needed, would affect the reliable operation of the
Bulk Electric System. Redundancy of affected
Facilities, systems, and equipment shall not be
considered when determining adverse impact. Each
BES Cyber Asset is included in one or more BES
Cyber Systems.
Id. at 4.
10
See, e.g., Order No. 791, 78 FR 72755; Revised
Critical Infrastructure Protection Reliability
Standards, Order No. 822, 81 FR 4177 (Jan. 26,
2016), 154 FERC ¶61,037, reh’g denied, Order No.
822–A, 156 FERC ¶61,052 (2016); Revised Critical
Infrastructure Protection Reliability Standard CIP–
003–7—Cyber Security—Security Management
Controls, Order No. 843, 163 FERC ¶61,032 (2018).
11
CIP–012–1: Communications Between Control
Centers will be subject to enforcement by July 1,
2022.
12
Order No. 822, 154 FERC ¶61,037 at 32.
13
Order No. 706, 122 FERC ¶61,040 at 72.
NERC. Subsequently, the Commission
has approved multiple versions of the
CIP Reliability Standards submitted by
NERC, partly to address the evolving
nature of cyber-related threats to the
Bulk-Power System. On November 22,
2013, the Commission issued Order No.
791,
7
approving CIP version 5
Standards, the last major revision to the
CIP Reliability Standards. The CIP
version 5 Standards implement a tiered
approach to categorize assets,
identifying them as high, medium, or
low risk to the operation of the Bulk
Electric System (BES)
8
if compromised.
High impact systems include large
control centers. Medium impact systems
include smaller control centers, ultra-
high voltage transmission, and large
substations and generating facilities.
The remainder of the BES Cyber
Systems
9
are categorized as low impact
systems. Most requirements in the CIP
Reliability Standards apply to high and
medium impact systems; however, a
technical controls requirement in
Reliability standard CIP–003, described
below, applies only to low impact
systems. Since 2013, the Commission
has approved new and modified CIP
Reliability Standards that address
specific issues such as supply chain risk
management, cyber incident reporting,
communications between control
centers, and the physical security of
critical transmission facilities.
10
The CIP Reliability Standards
currently consist of 13 standards
specifying a set of requirements that
entities must follow to ensure the cyber
and physical security of the Bulk-Power
System.
CIP–002–5.1a Bulk Electric System
Cyber System Categorization: Requires
entities to identify and categorize BES
Cyber Assets for the application of cyber
security requirements commensurate
with the adverse impact that loss,
compromise, or misuse of those BES
Cyber Systems could have on the
reliable operation of the BES.
CIP–003–8 Security Management
Controls: Requires entities to specify
consistent and sustainable security
management controls that establish
responsibility and accountability to
protect BES Cyber Systems against
compromise that could lead to mis-
operation or instability in the BES.
CIP–004–6 Personnel and Training:
Requires entities to minimize the risk
against compromise that could lead to
mis-operation or instability in the BES
from individuals accessing BES Cyber
Systems by requiring an appropriate
level of personnel risk assessment,
training, and security awareness in
support of protecting BES Cyber
Systems.
CIP–005–6 Electronic Security
Perimeter(s): Requires entities to
manage electronic access to BES Cyber
Systems by specifying a controlled
Electronic Security Perimeter in support
of protecting BES Cyber Systems against
compromise that could lead to mis-
operation or instability in the BES.
CIP–006–6 Physical Security of Bulk
Electric System Cyber Systems: Requires
entities to manage physical access to
BES Cyber Systems by specifying a
physical security plan in support of
protecting BES Cyber Systems against
compromise that could lead to mis-
operation or instability in the BES.
CIP–007–6 System Security
Management: Requires entities to
manage system security by specifying
select technical, operational, and
procedural requirements in support of
protecting BES Cyber Systems against
compromise that could lead to mis-
operation or instability in the BES.
CIP–008–6 Incident Reporting and
Response Planning: Requires entities to
mitigate the risk to the reliable
operation of the BES as the result of a
cybersecurity incident by specifying
incident response requirements.
CIP–009–6 Recovery Plans for Bulk
Electric System Cyber Systems: Requires
entities to recover reliability functions
performed by BES Cyber Systems by
specifying recovery plan requirements
in support of the continued stability,
operability, and reliability of the BES.
CIP–010–3 Configuration Change
Management and Vulnerability
Assessments: Requires entities to
prevent and detect unauthorized
changes to BES Cyber Systems by
specifying configuration change
management and vulnerability
assessment requirements in support of
protecting BES Cyber Systems from
compromise that could lead to mis-
operation or instability in the BES.
CIP–011–2 Information Protection:
Requires entities to prevent
unauthorized access to BES Cyber
System Information by specifying
information protection requirements in
support of protecting BES Cyber
Systems against compromise that could
lead to mis-operation or instability in
the BES.
CIP–012–1 Communications
Between Control Centers:
11
Requires
entities to protect the confidentiality
and integrity of Real-time Assessment
and Real-time monitoring data
transmitted between Control Centers.
CIP–013–1 Supply Chain Risk
Management: Requires entities to
mitigate cybersecurity risks to the
reliable operation of the BES by
implementing security controls for
supply chain risk management of BES
Cyber Systems.
CIP–014–2 Physical Security:
Requires the Transmission Owner to
perform a risk assessment, consisting of
a transmission analysis, to determine
which of those Transmission stations
and Transmission Substations and
conduct an assessment of potential
threats and vulnerabilities to those
Transmission stations, Transmission
substations, and primary control centers
using a tailored evaluation process.
The CIP Reliability Standards, viewed
as a whole, implement a defense-in-
depth approach to protecting the
security of BES Cyber Systems at all
impact levels.
12
The CIP Reliability
Standards are objective-based and allow
entities to choose compliance
approaches best tailored to their
systems.
13
VerDate Sep<11>2014 21:55 Sep 13, 2021 Jkt 253001 PO 00000 Frm 00035 Fmt 4703 Sfmt 4703 E:\FR\FM\14SEN1.SGM 14SEN1
tkelley on DSK125TN23PROD with NOTICES
51133
Federal Register / Vol. 86, No. 175 / Tuesday, September 14, 2021 / Notices
14
The number of respondents is based on the
NERC Compliance Registry as of June 22, 2021.
Currently there are 1,508 unique NERC Registered,
subtracting 16 Canadians Entities yields 1492 U.S.
entities.
15
Of the average estimated 295.702 hours per
response, 210 hours are for recordkeeping, and
85.702 hours are for reporting.
16
The estimates for cost per hour are $85.02/hour
(averaged based on the following
occupations):Manager (Occupational Code: 11–
0000): $97.89/hour; and Electrical Engineer
(Occupational Code 17–2071): $72.15/hour, from
the Bureau of Labor and Statistics at http://bls.gov/
oes/current/naics3_221000.htm, as of June 2021.
17
Updates and reviews of low impact TCA assets
(ongoing)
18
We estimate that 1,161 entities will face an
increased paperwork burden under Reliability
Standard CIP 003–8, estimating that a majority of
these entities will have one or more low impact BES
Cyber Systems.
19
Update paperwork for access control
implementation in Section 2 and Section 3
(ongoing)
20
Modification and approval of cybersecurity
policies for all CIP Standards
21
600 hr. estimate is based on ongoing burden
estimate from Order No. 791, added to the 3-year
audit burden split over 3 years: 600 = (640/3) + (408
¥ (20 + 1)). (20 + 1) is the CIP–003–8 burden.
22
321 U.S. Transmission Owners in NERC
Compliance Registry as of June 22, 2021.
23
The number of entities and the number of
hours required are based on FERC Order No. 802
which approved CIP–012–1.
FERC–725B—(M
ANDATORY
R
ELIABILITY
S
TANDARDS FOR
C
RITICAL
I
NFRASTRUCTURE
P
ROTECTION
[CIP] R
ELIABILITY
S
TANDARDS
) A
FTER
A
DDING
F
ILERS
F
ROM
C
YBERSECURITY
I
NCENTIVES
I
NVESTMENT
A
CTIVITY
[Submitted as a separate IC within FERC–725B]
Number and
type of
respondent
14
Annual
number of
responses per
respondent)
Total number of
responses
Average burden per
response (hours)
15
&
Cost per response
Total annual burden (hours)
& total annual cost
16
($)
(1) (2) (1) * (2) = (3) (4) (3) * (4) = (5)
CIP–003–8
17
.......................
18
1,149 300 344,700 1.5 hrs.; $127.53 ................. 517,050 hrs; $43,959,591
CIP–003–8
19
....................... 1,149 1 1,149 20 hrs.; $1,700.40 ............... 23,220 hrs.; $1,974,164.4
CIP–003–8
20
....................... 343 1 343 1 hr.; $85.02 ....................... 343 hrs.; $29,161.86
CIP–002–5.1a, CIP–004–6,
CIP–005–6, CIP–006–6,
CIP–007–6, CIP–008–6,
CIP–009–6, CIP–010–3,
CIP–011–2.
343 1 343 600
21
hrs.; $51,012 ............ 205,800 hrs., $17,497,116
CIP–013–1 .......................... 343 1 343 30 hrs.; $2550.60 ................ 10,290 hrs.; $874,855.80
CIP–014–2 ..........................
22
321 1 321 2 hrs.; $170.04 .................... 642 hrs.; $54,582.84
CIP–012–1 ..........................
23
724 1 724 83 hrs.; $7,056.66 ............... 60,092 hrs., $5,109,021.84
Total Burden of FERC–
725B. ........................ ........................ 347,923 ............................................. 817,437 hrs.;
$69,498,493.74
Comments: Commentsare invited on:
(1) Whether the collection of
information is necessary for the proper
performance of the functions of the
Commission, including whether the
information will have practical utility;
(2) the accuracy of the agency’s estimate
of the burden and cost of the collection
of information, including the validity of
the methodology and assumptions used;
(3) ways to enhance the quality, utility
and clarity of the information collection;
and (4) ways to minimize the burden of
the collection of information on those
who are to respond, including the use
of automated collection techniques or
other forms of information technology.
Dated: September 8, 2021.
Kimberly D. Bose,
Secretary.
[FR Doc. 2021–19784 Filed 9–13–21; 8:45 am]
BILLING CODE 6717–01–P
DEPARTMENT OF ENERGY
Federal Energy Regulatory
Commission
[Docket No. ER21–2847–000]
Montague Solar, LLC; Supplemental
Notice That Initial Market-Based Rate
Filing Includes Request for Blanket
Section 204 Authorization
This is a supplemental notice in the
above-referenced proceeding of
Montague Solar, LLC’s application for
market-based rate authority, with an
accompanying rate tariff, noting that
such application includes a request for
blanket authorization, under 18 CFR
part 34, of future issuances of securities
and assumptions of liability.
Any person desiring to intervene or to
protest should file with the Federal
Energy Regulatory Commission, 888
First Street NE, Washington, DC 20426,
in accordance with Rules 211 and 214
of the Commission’s Rules of Practice
and Procedure (18 CFR 385.211 and
385.214). Anyone filing a motion to
intervene or protest must serve a copy
of that document on the Applicant.
Notice is hereby given that the
deadline for filing protests with regard
to the applicant’s request for blanket
authorization, under 18 CFR part 34, of
future issuances of securities and
assumptions of liability, is September
28, 2021.
The Commission encourages
electronic submission of protests and
interventions in lieu of paper, using the
FERC Online links at http://
www.ferc.gov. To facilitate electronic
service, persons with internet access
who will eFile a document and/or be
listed as a contact for an intervenor
must create and validate an
eRegistration account using the
eRegistration link. Select the eFiling
link to log on and submit the
intervention or protests.
Persons unable to file electronically
may mail similar pleadings to the
Federal Energy Regulatory Commission,
888 First Street NE, Washington, DC
20426. Hand delivered submissions in
docketed proceedings should be
delivered to Health and Human
Services, 12225 Wilkins Avenue,
Rockville, Maryland 20852.
In addition to publishing the full text
of this document in the Federal
Register, the Commission provides all
interested persons an opportunity to
view and/or print the contents of this
document via the internet through the
Commission’s Home Page (http://
www.ferc.gov) using the ‘‘eLibrary’’ link.
Enter the docket number excluding the
last three digits in the docket number
field to access the document. At this
time, the Commission has suspended
access to the Commission’s Public
Reference Room, due to the
proclamation declaring a National
Emergency concerning the Novel
VerDate Sep<11>2014 21:55 Sep 13, 2021 Jkt 253001 PO 00000 Frm 00036 Fmt 4703 Sfmt 4703 E:\FR\FM\14SEN1.SGM 14SEN1
tkelley on DSK125TN23PROD with NOTICES

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT