[Federal Register Volume 77, Number 62 (Friday, March 30, 2012)]
[Pages 19276-19277]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2012-7666]



Proposed Agency Information Collection

AGENCY: U.S. Department of Energy, DOE.

ACTION: Notice and request for public review and comment.


SUMMARY: The Department of Energy (DOE) has submitted the Electricity 
Sector Cybersecurity Risk Management Maturity Pilot to the Office of 
Management and Budget (OMB) for clearance, a proposal for collection of 
information under the provisions of the Paperwork Reduction Act of 1995 
(Pub. L. 104-13, 44 U.S.C. Chapter 35) and 5 CFR 1320.13.

DATES: Comments regarding this collection must be received on or before 
15 days from the date of publication. If you anticipate that you will 
be submitting comments, but find it difficult to do so within the 
period of time allowed by this notice, please advise the DOE Desk 
Officer at OMB of your intention to make a submission as soon as 
possible. The Desk Officer may be telephoned at 202-395-4650.

ADDRESSES: Written comments should be sent to the DOE Desk Officer, 
Office of Information and Regulatory Affairs, Office of Management and 
Budget, New Executive Office Building, Room 10102, 735 17th Street NW., 
Washington, DC 20503. And to: Samara Moore, samara.moore@hq.doe.gov, 
Fax: 202-586-1472.


[[Page 19277]]

samara.moore@hq.doe.gov, Fax: 202-586-1472.

SUPPLEMENTARY INFORMATION: The proposed collection will be used by the 
Department and electric sector owners and operators to identify best 
practices and potential resource allocations for cybersecurity in terms 
of supply chain management, information sharing, asset, change and 
configuration management, and risk management, among others. It is 
imperative that the owners and operators of the nation's electric 
utilities, as well as the government agencies supporting the sector, 
have the ability to understand what capabilities and competencies will 
allow the sector to defend itself, and how to prioritize necessary 
investments. This initiative supports strategies identified in the 
White House Cyberspace Policy Review 2010 and the 2011 Roadmap to 
Achieve Energy Delivery Systems Cybersecurity. A maturity model 
approach was deemed to be a reasonable way to leverage existing efforts 
to implement key strategies designed to measure the sector's 
cybersecurity posture and to enable utilities to make strategic 
investments that will increase cybersecurity throughout the electricity 
sector. The pilot process will request feedback from a limited set of 
participants on both the model's and the assessment tool's structure 
and application to the unique attributes of the sector. The model 
structure includes domains--logical groupings of cybersecurity risk 
management activities--and maturity indicator levels (MILs). The 
content within each domain includes characteristics, which are 
expressions of domain activities at each level of maturity. The model 
is developed as a common model that can be used by the various types of 
entities operating within the sector, including investor-owned, 
municipal, and cooperative utilities. It will also enable utilities to 
communicate cybersecurity capabilities in meaningful terms and 
prioritize their cybersecurity actions and investments.
    The OMB is particularly interested in comments that:
     Evaluate whether the proposed collection of information is 
necessary for the proper performance of the functions of the agency, 
including whether the information will have practical utility;
     Evaluate the accuracy of the agency's estimate of the 
burden of the proposed collection of information, including the 
validity of the methodology and assumptions used;
     Enhance the quality, utility, and clarity of the 
information to be collected; and
     Minimize the burden of the collection of information on 
those who are to respond, including through the use of appropriate 
automated, electronic, mechanical, or other technological collection 
techniques or other forms of information technology, e.g., permitting 
electronic submission of responses.
    This information collection request contains: (1) OMB No. New; (2) 
Information Collection Request Title: Electric Sector Cybersecurity 
Risk Management Maturity Initiative; (3) Type of Request: New; (4) 
Purpose: The Department of Energy, at the request of the White House, 
and in collaboration with DHS and industry experts, has developed a 
maturity model with owners, operators and subject matter experts to 
meet their request to identify and prioritize capabilities relative to 
risk and cost; (5) Annual Estimated Number of Respondents: 17; (6) 
Annual Estimated Number of Total Responses: 17; (7) Annual Estimated 
Number of Burden Hours: 136; (8) Annual Estimated Reporting and 
Recordkeeping Cost Burden: $0.

    Statutory Authority:  Section 301 of the Department of Energy 
Organization Act, codified at 42 U.S.C. 7151.

    Issued in Washington, DC, on March 26, 2012.
Patricia Hoffman,
Assistant Secretary, Office of Electricity Delivery and Energy 
[FR Doc. 2012-7666 Filed 3-29-12; 8:45 am]