[Federal Register Volume 77, Number 189 (Friday, September 28, 2012)]
[Notices]
[Pages 59597-59598]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2012-23911]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF ENERGY


Agency Information Collection Extension

AGENCY: Office of Electricity Delivery and Energy Reliability, U.S. 
Department of Energy.

ACTION: Notice and request for comments.

-----------------------------------------------------------------------

SUMMARY: The Department of Energy (DOE), pursuant to the Paperwork 
Reduction Act of 1995), intends to extend for three years, an 
information collection request with the Office of Management and Budget 
(OMB) for the Electricity Subsector Cybersecurity Capability Maturity 
Model (ES-C2M2) Program. Comments are invited on: (a)

[[Page 59598]]

Whether the extended collection of information is necessary for the 
proper performance of the functions of the agency, including whether 
the information shall have practical utility; (b) the accuracy of the 
agency's estimate of the burden of the proposed collection of 
information, including the validity of the methodology and assumptions 
used; (c) ways to enhance the quality, utility, and clarity of the 
information to be collected; and (d) ways to minimize the burden of the 
collection of information on respondents, including through the use of 
automated collection techniques or other forms of information 
technology.

DATES: Comments must be filed by November 27, 2012. If you anticipate 
difficulty in submitting comments within that period, contact the 
person listed below as soon as possible.

ADDRESSES: Written comments may be sent to: Matthew Light, U.S. 
Department of Energy, 1000 Independence Ave. SW., Washington, DC 20585.
    To ensure receipt of the comments by the due date, submission by 
email (matthew.light@hq.doe.gov) is recommended. Alternatively, Mr. 
Light may be contacted by telephone at 202-586-8550.

FOR FURTHER INFORMATION CONTACT: Requests for additional information or 
copies of any forms and instructions should be directed to Matthew 
Light at the contact information listed above.

SUPPLEMENTARY INFORMATION: The proposed collection is based on the 
Electricity Subsector Cybersecurity Capability Maturity Model (ES-
C2M2). The model structure includes domains--logical groupings of 
cybersecurity risk management activities--and maturity indicator levels 
(MILs). The content within each domain includes characteristics, which 
are expressions of domain activities at each level of maturity. The 
model, using the Self-Evaluation Survey document can be used by various 
electricity subsector entities to identify best practices and potential 
resource allocations for cybersecurity in terms of supply chain 
management, information sharing, asset, change and configuration 
management, and risk management, among others. It is imperative that 
the owners and operators of the nation's electric utilities, as well as 
the government agencies supporting the subsector, have the ability to 
understand what capabilities and competencies will allow the sector to 
defend itself, and how to prioritize necessary investments. This 
program supports strategies identified in the White House Cyberspace 
Policy Review 2010 and the 2011 Roadmap to Achieve Energy Delivery 
Systems Cybersecurity. DOE will collect survey results from voluntary 
participants of the ES-C2M2 program to analyze and compare results 
across the industry to better understand the subsector's overall 
cybersecurity capabilities. The collected information will also be used 
to develop benchmarks that will be shared with program participants.
    This information collection request contains: (1) OMB No. New; (2) 
Information Collection Request Title: Electricity Subsector 
Cybersecurity Capability Maturity Model Program; (3) Type of Request: 
New; (4) Purpose: The Department of Energy, at the request of the White 
House, and in collaboration with DHS and industry experts, has 
developed a maturity model with owners, operators and subject matter 
experts to meet their request to identify and prioritize cybersecurity 
capabilities relative to risk and cost; (5) Annual Estimated Number of 
Respondents: 250; (6) Annual Estimated Number of Total Responses: 250; 
(7) Annual Estimated Number of Burden Hours: 2000; (8) Annual Estimated 
Reporting and Recordkeeping Cost Burden: $100,000.

    Statutory Authority: Section 301 of the Department of Energy 
Organization Act, codified at 42 U.S.C. 7151.

    Issued in Washington, DC, on September 18, 2012.
Patricia Hoffman,
Assistant Secretary, Office of Electricity Delivery and Energy 
Reliability.
[FR Doc. 2012-23911 Filed 9-27-12; 8:45 am]
BILLING CODE 6450-01-P