[Federal Register Volume 84, Number 182 (Thursday, September 19, 2019)]
[Notices]
[Pages 49290-49291]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2019-20260]


-----------------------------------------------------------------------

DEPARTMENT OF ENERGY

Federal Energy Regulatory Commission

[Docket No. RD19-3-000]


Commission Information Collection Activities (Ferc-725b3); 
Comment Request; Extension

AGENCY: Federal Energy Regulatory Commission, DOE.

ACTION: Notice of information collection and request for comments.

-----------------------------------------------------------------------

SUMMARY: In compliance with the requirements of the Paperwork Reduction 
Act of 1995, the Federal Energy Regulatory Commission (Commission or 
FERC) is soliciting public comment on the currently-approved 
information collection FERC-725B3 (Mandatory Reliability Standards for 
Critical Infrastructure Protection (CIP) Reliability Standards) and 
submitting the information collection to the Office of Management and 
Budget (OMB) for review. Any interested person may file comments 
directly with OMB and should address a copy of those comments to the 
Commission as explained below. On June 20, 2019, the Commission 
published a Notice in the Federal Register in Docket No. RD19-3-000 
requesting public comments. The Commission received no public comments 
and is indicating that in the related submittal to OMB.

DATES: Comments on the collection of information are due October 21, 
2019.

ADDRESSES: Comments filed with OMB, identified by OMB Control No. TBD, 
should be sent via email to the Office of Information and Regulatory 
Affairs: [email protected]. Attention: Federal Energy Regulatory 
Commission Desk Officer.
    A copy of the comments should also be sent to the Commission, in 
Docket No. RD19-3-000, by either of the following methods:
     eFiling at Commission's website: http://www.ferc.gov/docs-filing/efiling.asp.
     Mail/Hand Delivery/Courier: Federal Energy Regulatory 
Commission, Secretary of the Commission, 888 First Street NE, 
Washington, DC 20426.
    Instructions: All submissions must be formatted and filed in 
accordance with submission guidelines at: http://www.ferc.gov/help/submission-guide.asp. For user assistance, contact FERC Online Support 
by email at [email protected], or by phone at: (866) 208-3676 
(toll-free), or (202) 502-8659 for TTY.
    Docket: Users interested in receiving automatic notification of 
activity in this docket or in viewing/downloading comments and 
issuances in this docket may do so at http://www.ferc.gov/docs-filing/docs-filing.asp.

FOR FURTHER INFORMATION CONTACT: Ellen Brown may be reached by email at 
[email protected], telephone at (202) 502-8663, and fax at (202) 
273-0873.

SUPPLEMENTARY INFORMATION: 
    Title: Mandatory Reliability Standards for Critical Infrastructure 
Protection [CIP] Reliability Standards.
    OMB Control No.: TBD.
    Type of Request: Revisions to the information collection, as 
discussed in Docket No. RD19-3-000.
    Abstract: On March 7, 2019, the North American Electric Reliability 
Corporation (NERC) requested Commission approval of Reliability 
Standard CIP-008-6 (Cyber Security--Incident Reporting and Response 
Planning). Reliability Standard CIP-008-6 addresses the Commission's 
directive in Order No. 848 to develop modifications to the Reliability 
Standards to require reporting of Cyber Security Incidents that 
compromise, or attempt to compromise, a Responsible Entity's Electronic 
Security Perimeter (ESP) or associated Electronic Access Control or 
Monitoring Systems (EACMS).\1\
---------------------------------------------------------------------------

    \1\ Cyber Security Incident Reporting Reliability Standards, 
Order No. 848, 164 FERC ] 61,033 (2018).
---------------------------------------------------------------------------

    Reliability Standard CIP-008-6, among other things, requires 
Responsible Entities \2\ to broaden the mandatory reporting of Cyber 
Security Incidents to include compromises or attempts to compromise BES 
Cyber Systems or their associated ESPs or EACMS. Reliability Standard 
CIP-008-6 will not significantly increase the reporting burden on 
entities because it builds off the reporting threshold in the previous 
version of the Reliability Standard, Reliability Standard CIP-008-5.
---------------------------------------------------------------------------

    \2\ ``Responsible Entities'' refers to Balancing Authority, 
Distribution Provider, Generator Operator, Generator Owner, 
Reliability Coordinator, Transmission Operator, and Transmission 
Owner.
---------------------------------------------------------------------------

    Type of Respondents: Balancing Authority, Distribution Provider, 
Generator Operator, Generator Owner, Reliability Coordinator, 
Transmission Operator, and Transmission Owner.
    Estimate of Annual Burden: \3\ The Commission estimates the changes 
in the annual public reporting burden and cost as indicated below.\4\
---------------------------------------------------------------------------

    \3\ Burden is defined as the total time, effort, or financial 
resources expended by persons to generate, maintain, retain, or 
disclose or provide information to or for a Federal agency. For 
further explanation of what is included in the information 
collection burden, refer to 5 Code of Federal Regulations 1320.3.
    \4\ For the earlier version of the Reliability Standard retired 
in Docket No. RD19-3-000, the baseline numbers for respondents, 
burden, and cost are the same figures as those in Order No. 848. The 
requirements and burdens from the retired Reliability Standard are 
continued in Reliability Standard CIP-008-6, plus the additional 
requirements and burdens as indicated in the table.

[[Page 49291]]



                                                           RD19-3-000 Commission Letter Order
                             [Mandatory reliability standards for critical infrastructure protection reliability standards]
--------------------------------------------------------------------------------------------------------------------------------------------------------
                                     Number of
                                    respondents    Annual number   Total number   Average burden and cost  Total annual burden hours and     Cost per
                                    and type of    of responses    of responses       per response \6\           total annual cost        respondent ($)
                                    entity \5\    per respondent
                                             (1)             (2)     (1) * (2) =  (4)....................  (3) * (4) = (5)..............       (5) / (1)
                                                                             (3)
--------------------------------------------------------------------------------------------------------------------------------------------------------
Update internal procedures to                288               1             288  50 hrs.; $4,050........  14,400 hrs.; $1,166,400......          $4,050
 comply with augmented reporting
 requirements. (one-time) \7\
 (CIP-008-6 R1-R4).
Annual cyber security incident               288               1             288  10 hrs.; $810..........  2,880 hrs.; $233,280.........             810
 plan review (ongoing) \8\ (CIP-
 008-6 R2.1).
Update cyber security incident               288               1             288  10 hrs.; $810..........  2,880 hrs.; $233,280.........             810
 plan per review findings
 (ongoing) (CIP-008-6 R3).
Incident reporting burden                    288              12           3,456  12 hrs.; $972..........  3,456 hrs.; $279,936.........             972
 (ongoing) (CIP-008-6 R4).
                                 -----------------------------------------------------------------------------------------------------------------------
    Total (one-time)............  ..............  ..............             288  .......................  14,400 hrs.; $1,166,400......  ..............
                                 -----------------------------------------------------------------------------------------------------------------------
    Total (ongoing).............  ..............  ..............           4,032  .......................  9,216 hrs.; $746,496.........  ..............
--------------------------------------------------------------------------------------------------------------------------------------------------------

    Comments: Comments are invited on: (1) Whether the collection of 
information is necessary for the proper performance of the functions of 
the Commission, including whether the information will have practical 
utility; (2) the accuracy of the agency's estimate of the burden and 
cost of the collection of information, including the validity of the 
methodology and assumptions used; (3) ways to enhance the quality, 
utility and clarity of the information collection; and (4) ways to 
minimize the burden of the collection of information on those who are 
to respond, including the use of automated collection techniques or 
other forms of information technology.
---------------------------------------------------------------------------

    \5\ There are 1,414 unique registered entities in the NERC 
compliance registry as of May 24, 2019. Of this total, we estimate 
that 288 entities will face an increased paperwork burden.
    \6\ The loaded hourly wage figure (includes benefits) is based 
on the average of the occupational categories for 2017 found on the 
Bureau of Labor Statistics website: https://www.bls.gov/oes/2017/may/oessrci.htm.
    Legal (Occupation Code: 23-0000): $143.68.
    Information Security Analysts (Occupation Code 15-1122): $61.55.
    Computer and Information Systems Managers (Occupation Code: 11-
3021): $96.51.
    Management (Occupation Code: 11-0000): $94.28.
    Electrical Engineer (Occupation Code: 17-2071): $66.90.
    Management Analyst (Code: 43-0000): $63.32.
    These various occupational categories are weighted as follows: 
[($94.28)(.10) + ($61.55)(.315) + ($66.90)(.02) + ($143.68)(.15) + 
($96.51)(.10) + ($63.32)(.315)] = $81.30. The figure is rounded to 
$81.00 for use in calculating wage figures in this order.
    \7\ One-time burdens apply in Year 1 only.
    \8\ Ongoing burdens apply in Year 2 and beyond.

    Dated: September 12, 2019.
Kimberly D. Bose,
Secretary.
[FR Doc. 2019-20260 Filed 9-18-19; 8:45 am]
 BILLING CODE 6717-01-P