[Federal Register Volume 68, Number 19 (Wednesday, January 29, 2003)]
[Proposed Rules]
[Pages 4401-4402]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 03-1972]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF ENERGY

Federal Energy Regulatory Commission

18 CFR Part 35

[Docket No. RM01-12-000]


Remedying Undue Discrimination Through Open Access Transmission 
Service and Standard Electricity Market Design

January 22, 2003.
AGENCY: Federal Energy Regulatory Commission, DOE.

ACTION: Notice of technical conference.

-----------------------------------------------------------------------

SUMMARY: Commission staff will convene a technical conference on 
February 4, 2003 to discuss issues relating to the proposed rules for 
cyber-security of entities interacting on the nation's electric grid. 
The conference will build upon the concepts found in

[[Page 4402]]

the original and revised cyber-security standards, with particular 
focus on issues pertaining to implementation and timing of, and 
compliance with, the standards. There will be an opportunity for 
interested persons to make very brief public statements at the 
conference.

DATES: The conference will take place on February 4, 2003.

ADDRESSES: The conference will take place at: Federal Energy Regulatory 
Commission, 888 First Street, NE., Washington, DC 20426.

FOR FURTHER INFORMATION CONTACT: Sarah McKinley, Office of External 
Affairs, Federal Energy Regulatory Commission, 888 First Street, NE., 
Washington, DC 20426, (202) 502-8004.

SUPPLEMENTARY INFORMATION:

Notice of Technical Conference

    1. Take notice that a technical conference will be held on February 
4, 2003, from approximately 9:30 a.m. to 3 p.m. in Hearing Room 1 on 
the second floor of the offices of the Federal Energy Regulatory 
Commission, 888 First Street, NE., Washington, DC. The goal of the 
conference is to discuss issues relating to the proposed rules for 
cyber-security of entities interacting on the nation's electric grid.
    2. The Commission's proposed cyber-security standard was described 
in section M and appendix G of the Notice of Proposed Rulemaking (NOPR) 
published in this docket on July 31, 2002. That proposal was developed 
by the Critical Infrastructure Protection Advisory Group (CIPAG) of the 
North American Electric Reliability Council (NERC), which has since 
proposed a set of revisions to the standard that have been approved by 
the NERC Board.
    3. Copies of the NOPR security proposal may be obtained from: 
http://www.ferc.gov/Electric/RTO/Mrkt-Strct-comments/discussion_paper.htm. Copies of the NERC security proposal are available in 
Attachment A at: ftp://www.nerc.com/pub/sys/all_updl/docs/ferc/RM01-12-000-SMD.pdf.
    4. This conference will build upon the concepts found in the 
original and revised cyber-security standards. The discussions will 
focus on the following questions pertaining to implementation and 
timing of, and compliance with, the standards:
    [sbull] When should compliance with the standard become mandatory? 
The original NOPR would require compliance in January 2004, but recent 
discussions have suggested that this standard be advisory in 2004 and 
mandatory in 2005.
    [sbull] What is the best way to establish a verification and 
compliance process for the standards? What is the current and expected 
process that NERC uses to determine compliance with the NERC standards, 
and would it be appropriate for the cyber-security standards as well? 
Should regular audits be used as part of the compliance and 
verification effort? Should there be a role for third-party testing or 
investigation of complaints about the compliance of wholesale market 
participants?
    [sbull] What are the appropriate penalties and remedies for non-
compliance or inadequate compliance with the cyber-security standards, 
once they are in effect?
    [sbull] Should new technical issues that were neither 
technologically nor commercially ripe for resolution in the proposed 
standard be identified and recognized now so the wholesale industry and 
the information technology industry can anticipate the issues and 
requirements ahead? What issues and cyber-security challenges were not 
addressed in the proposed standard but should be ready for inclusion in 
the next standard, if the next standard is adopted in two to three 
years?
    5. Other than with respect to the last bullet above, this workshop 
will not discuss the substance of the NERC-approved cyber-security 
standard.
    6. The bulk of this workshop will be discussion between attendees. 
Commission staff has asked selected individuals to speak at this 
conference, and is not entertaining requests to make presentations. 
However, interested persons will be permitted to make very brief public 
statements that are not repetitive of materials already filed in the 
public record of this docket.
    7. All interested persons may attend the technical conference, and 
registration is not required. However, in-person attendees are asked to 
notify the Commission of their intent to attend by sending an e-mail 
message to [email protected].
    8. Transcripts of the conference will be immediately available from 
Ace Reporting Company (202-347-3700 or 1-800-336-6646), for a fee. They 
will be available for the public on the Commission's FERRIS system two 
weeks after the conference. Additionally, Capitol Connection offers the 
opportunity for remote listening of the conference for a fee. Persons 
interested in this service should contact David Reininger or
    9. Julia Morelli at the Capitol Connection (703-993-3100) as soon 
as possible or visit the Capitol Connection Web site at http://www.capitolconnection.gmu.edu and click on ``FERC.''
    10. For more information about the conference, please contact Sarah 
McKinley at (202) 502-8004 or [email protected].

Magalie R. Salas,
Secretary.
[FR Doc. 03-1972 Filed 1-28-03; 8:45 am]
BILLING CODE 6717-01-P