Skip to Content


Agency Information Collection Extension

Document Details

Information about this document as published in the Federal Register.

Document Statistics
Document page views are updated periodically throughout the day and are cumulative counts for this document including its time on Public Inspection. Counts are subject to sampling, reprocessing and revision (up or down) throughout the day.
Published Document

This document has been published in the Federal Register. Use the PDF linked in the document sidebar for the official electronic format.


Notice and request for comments.


The Department of Energy (DOE), pursuant to the Paperwork Reduction Act of 1995), intends to extend for three years, an information collection request with the Office of Management and Budget (OMB) for the Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2) Program. Comments are invited on: (a) Whether the extended collection of information is necessary for the proper performance of the functions of the agency, including whether the information shall have practical utility; (b) the accuracy of the agency's estimate of the burden of the proposed collection of information, including the validity of the methodology and assumptions used; (c) ways to enhance the quality, utility, and clarity of the information to be collected; and (d) ways to minimize the burden of the collection of information on respondents, including through the use of automated collection techniques or other forms of information technology.


Comments must be filed by November 27, 2012. If you anticipate difficulty in submitting comments within that period, contact the person listed below as soon as possible.


Written comments may be sent to: Matthew Light, U.S. Department of Energy, 1000 Independence Ave. SW., Washington, DC 20585.

To ensure receipt of the comments by the due date, submission by email ( is recommended. Alternatively, Mr. Light may be contacted by telephone at 202-586-8550.


Requests for additional information or copies of any forms and instructions should be directed to Matthew Light at the contact information listed above.


The proposed collection is based on the Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2). The model structure includes domains—logical groupings of cybersecurity risk management activities—and maturity indicator levels (MILs). The content within each domain includes characteristics, which are expressions of domain activities at each level of maturity. The model, using the Self-Evaluation Survey document can be used by various electricity subsector entities to identify best practices and potential resource allocations for cybersecurity in terms of supply chain management, information sharing, asset, change and configuration management, and risk management, among others. It is imperative that the owners and operators of the nation's electric utilities, as well as the government agencies supporting the subsector, have the ability to understand what capabilities and competencies will allow the sector to defend itself, and how to prioritize necessary investments. This program supports strategies identified in the White House Cyberspace Policy Review 2010 and the 2011 Roadmap to Achieve Energy Delivery Systems Cybersecurity. DOE will collect survey results from voluntary participants of the ES-C2M2 program to analyze and compare results across the industry to better understand the subsector's overall cybersecurity capabilities. The collected information will also be used to develop benchmarks that will be shared with program participants.

This information collection request contains: (1) OMB No. New; (2) Information Collection Request Title: Electricity Subsector Cybersecurity Capability Maturity Model Program; (3) Type of Request: New; (4) Purpose: The Department of Energy, at the request of the White House, and in collaboration with DHS and industry experts, has developed a maturity model with owners, operators and subject matter experts to meet their request to identify and prioritize cybersecurity capabilities relative to risk and cost; (5) Annual Estimated Number of Respondents: 250; (6) Annual Estimated Number of Total Responses: 250; (7) Annual Estimated Number of Burden Hours: 2000; (8) Annual Estimated Reporting and Recordkeeping Cost Burden: $100,000.

Statutory Authority: Section 301 of the Department of Energy Organization Act, codified at 42 U.S.C. 7151.

Issued in Washington, DC, on September 18, 2012.

Patricia Hoffman,

Assistant Secretary, Office of Electricity Delivery and Energy Reliability.

[FR Doc. 2012-23911 Filed 9-27-12; 8:45 am]