Federal Energy Regulatory Commission.
Notice of information collection and request for comments.
In compliance with the requirements of the Paperwork Reduction Act of 1995, 44 U.S.C. 3506(c)(2)(A), the Federal Energy Regulatory Commission (Commission or FERC) is soliciting public comment on the requirements and burden 
of the information collection described below.
Comments on the collection of information are due June 16, 2015.
You may submit comments (identified by Docket No. IC15-6-000) by either of the following methods:
eFiling at Commission's Web site: http://www.ferc.gov/docs-filing/efiling.asp.
Mail/Hand Delivery/Courier: Federal Energy Regulatory Commission, Start Printed Page 21231Secretary of the Commission, 888 First Street NE., Washington, DC 20426.
Instructions: All submissions must be formatted and filed in accordance with submission guidelines at: http://www.ferc.gov/help/submission-guide.asp. For user assistance contact FERC Online Support by email at email@example.com, or by phone at: (866) 208-3676 (toll-free), or (202) 502-8659 for TTY.
Docket: Users interested in receiving automatic notification of activity in this docket or in viewing/downloading comments and issuances in this docket may do so at http://www.ferc.gov/docs-filing/docs-filing.asp.
Start Further Info
FOR FURTHER INFORMATION CONTACT:
Ellen Brown may be reached by email at DataClearance@FERC.gov, telephone at (202) 502-8663, and fax at (202) 273-0873.
End Further Info
Start Supplemental Information
Type of Request: Three-year extension of the information collection requirements for the collection described below with no changes to the current reporting requirements.
Comments: Comments are invited on: (1) Whether the collection of information is necessary for the proper performance of the functions of the Commission, including whether the information will have practical utility; (2) the accuracy of the agency's estimates of the burden and cost of the collection of information, including the validity of the methodology and assumptions used; (3) ways to enhance the quality, utility and clarity of the information collection; and (4) ways to minimize the burden of the collection of information on those who are to respond, including the use of automated collection techniques or other forms of information technology.
FERC-725B, Mandatory Reliability Standards for Critical Infrastructure Protection
OMB Control No.: 1902-0248.
Abstract: The information collected by the FERC-725B, Reliability Standards for Critical Infrastructure Protection, is required to implement the statutory provisions of Section 215 of the Federal Power Act (FPA) (16 U.S.C. 824o).
On January 18, 2008, the Commission issued order 706,
approving eight Critical Infrastructure Protection (CIP) Reliability Standards submitted by the North American Electric Reliability Corporation (NERC) for Commission approval. The CIP version 1 Reliability Standards, (CIP-002-1 through CIP-009-1),
require certain users, owners, and operators of the Bulk-Power System to comply with specific requirements to safeguard critical cyber assets. These standards help protect the nation's Bulk-Power System against potential disruptions from cyber-attacks. The CIP Reliability Standards include one actual reporting requirement and several recordkeeping requirements. Specifically, CIP-008-1 requires responsible entities to report cyber security incidents to the Electricity Sector-Information Sharing and Analysis Center (ES-ISAC). In addition, the eight CIP Reliability Standards require responsible entities to develop various policies, plans, programs, and procedures. However, the CIP Reliability Standards do not require a responsible entity to report to the Commission, ERO or Regional Entities, the various policies, plans, programs and procedures. Nonetheless, a showing of the documented policies, plans, programs and procedures is required to demonstrate compliance with the CIP Reliability Standards.
The Commission approved minor changes in CIP versions 2 and 3 Reliability Standards on September 30, 2009, and March 31, 2010,
respectively. On April 19, 2012, the Commission issued Order No. 761, approving the CIP version 4 Standards (CIP-002-4 through CIP-009-4) and an implementation plan that scheduled their enforcement to begin October 1, 2014.
The fundamental change in the CIP version 4 Standards was that all subject entities would use the same `bright line' criteria to determine which of the facilities they owned were subject to the required policies, plans, programs and procedures (which remained nearly the same as for prior versions).
On November 22, 2013, the Commission issued Order No. 791, approving the CIP version 5 Standards (CIP-002-5 through CIP-009-5, CIP-010-1 and CIP-011-1) and the proposed implementation plan. The CIP version 5 Standards are currently scheduled to be implemented and enforceable beginning April 2016. Order No. 791 eliminated the enforceability of the CIP version 4 Standards. The Commission also approved nineteen new or revised definitions associated with the CIP version 5 Standards for inclusion in the Glossary of Terms Used in NERC Reliability Standards (NERC Glossary). The CIP version 5 Standards identify and categorize BES Cyber Systems using a new methodology based on whether a BES Cyber System has a Low, Medium, or High Impact on the reliable operation of the bulk electric system. At a minimum, a BES Cyber System must be categorized as a Low Impact asset. Once a BES Cyber System is categorized, a responsible entity must comply with the associated requirements of the CIP version 5 Standards that apply to the impact category. The CIP version 5 Standards include 12 requirements with new cyber security controls, which address Electronic Security Perimeters (CIP-005-5), Systems Security Management (CIP-007-5), Incident Reporting and Response Planning (CIP-008-5), Recovery Plans for BES Cyber Systems (CIP-009-5), and Configuration Change Management and Vulnerability Assessments (CIP-010-1).
Type of Respondent: Entities registered with the North American Electric Reliability Corporation.
Estimate of Annual Burden: There are three tables presenting burden associated with CIP Reliability Standards in the following section.
- The first table illustrates burden associated with CIP version 5 Reliability Standards.
- The second table illustrates burden associated with CIP version 3 and 4 Reliability Standards.
- The third and last table is a summation of the total burden for all active CIP-related Reliability Standards (i.e. CIP Versions 3-5).Start Printed Page 21232
Annual Burden Related to CIP Reliability Standards
|Groups of registered entities||Classes of entity's facilities requiring CIP||Number of entities||Total hours in year 1 (hours)||Total hours in year 2 (hours)||Total hours in year 3 (hours)|
|Group C||Medium (New)||78||1,248||19,136||19,136|
|Group C||Low (Blackstart)||283||22,640||−206,024||−206,024|
|Group C||Medium or High||316||257,856||131,456||131,456|
The total annual burden (related to CIP Version 5 only) is 672,708 hours when averaging Years 1-3 [(1,133,220 hours + 731,980 hours + 152,924 hours) ÷ 3 = 672,708 hours]. The total annual cost averaged over Years 1-3 is $50,883,633 (672,708 hours * $75.64 
Regarding CIP standards unaffected by CIP Version 5, the estimated burden has been adjusted to account for a reduction in affected entities.
The applicable estimate related to CIP Version 3 and 4 standards (related to the active components) is provided in the table below. (For display purposes, the numbers in the tables below have been rounded, however exact figures were used in the calculations.)
Burden Related to CIP Reliability Standards
[Version 3 and version 4] 8
|Number of respondents||Annual number of
respondent||Total number of responses||Average burden and
response||Total annual burden hours
annual cost||Cost per respondent
|1,415||1||1,415||9 383 $28,937||10 541,334 $40,946,496||$28,937|
The following items represent the estimated total annual burden for FERC-725B and includes all burden associated with CIP Reliability Standards.
Number of respondents: 1,415 (Not all entities with CIP-related functions will be obligated to comply with every CIP reliability standard.)
Total Annual Burden Hours: 1,214,042.
Total Annual Cost: $91,830,137 (1,214,042 hours * $75.64 = $91,830,137).
Average Cost per Respondent: $64,898 
($91,830,137 ÷ 1,415 entities = $64,898).
End Supplemental Information
Dated: April 13, 2015.
Kimberly D. Bose,
[FR Doc. 2015-08875 Filed 4-16-15; 8:45 am]
BILLING CODE 6717-01-P