Department of Energy, Federal Energy Regulatory Commission: Mandatory Reliability Standards for Critical Infrastructure Protection
GAO-08-493R: Feb 21, 2008
- Full Report:
GAO reviewed the Federal Energy Regulatory Commission's (Commission) new rule on mandatory reliability standards for critical infrastructure protection. GAO found that (1) the final rule approves eight Critical Infrastructure Protection Reliability Standards and these eight reliability standards require certain users, owners, and operators of the Bulk-Power System to comply with specific requirements safeguarding critical assets against malicious cyber attacks; and (2) the Commission complied with the applicable requirements in promulgating the rule.
Department of Energy, Federal Energy Regulatory Commission: Mandatory Reliability Standards for Critical Infrastructure Protection, GAO-08-493R, February 21, 2008
Pursuant to section 801(a)(2)(A) of title 5, United States Code, this is our report on a major rule promulgated by the Department of Energy, Federal Energy Regulatory Commission (Commission), entitled Mandatory Reliability Standards for Critical Infrastructure Protection (Docket No. RM06-22-000). We received the rule on
The final rule approves eight Critical Infrastructure Protection Reliability Standards submitted to the Commission by the North American Electric Reliability Corporation. These eight reliability standards require certain users, owners, and operators of the Bulk-Power System to comply with specific requirements safeguarding critical assets against malicious cyber attacks.
Enclosed is our assessment of the Commission's compliance with the procedural steps required by section 801(a)(1)(B)(i) through (iv) of title 5 with respect to the rule. Our review indicates that the Commission complied with the applicable requirements.
If you have any questions about this report or wish to contact GAO officials responsible for the evaluation work relating to the subject matter of the rule, please contact Michael R. Volpe, Assistant General Counsel, at (202) 512-8236.
Robert J. Cramer
Associate General Counsel
Office of the General Counsel
Federal Energy Regulatory Commission
Department of Energy
REPORT UNDER 5 U.S.C. sect. 801(a)(2)(A) ON A MAJOR RULE
ISSUED BY THE
DEPARTMENT OF ENERGY,
FEDERAL ENERGY REGULATORY COMMISSION
"MANDATORY RELIABILITY STANDARDS FOR
CRITICAL INFRASTRUCTURE PROTECTION"
(DOCKET NO. RM06-22-000)
(i) Cost-benefit analysis
The Federal Energy Regulatory Commission (Commission) projects that the costs for compliance will exceed $100 million as an initial matter, although the Commission adopted a number of measures to mitigate many of the additional burdens associated with complying with these standards. In the final rule the Commission only included the cost of the information collection requirements, which are discussed below. The Commission did not include in this final rule its estimate of the cost of substantial compliance with the Critical Infrastructure Protection Reliability Standards.
(ii) Agency actions relevant to the Regulatory Flexibility Act, 5 U.S.C. sections 603-605, 607, and 609
The Commission determined that this final rule will not have a significant economic impact on a substantial number of small entities.
(iii) Agency actions relevant to sections 202-205 of the Unfunded Mandates Reform Act of 1995, 2 U.S.C. sections 1532-1535
As an independent regulatory agency, the Commission is not subject to Title II of the Unfunded Mandates Reform Act of 1995. 2 U.S.C. sect. 658.
(iv) Other relevant information or requirements under acts and executive orders
Administrative Procedure Act, 5 U.S.C. sections 551 et seq.
The final rule was issued using the notice and comment procedures of the Administrative Procedure Act. 5 U.S.C. sect. 553. On
Paperwork Reduction Act, 44 U.S.C. sections 3501-3520
This final rule contains information collection requirements that the Commission submitted to the Office of Management and Budget (OMB) for review under the Act. The information collection requirement has the OBM Control Number of 1902-0248 and the Commission estimates that the annual cost of this requirement will be $24,758,800.
Statutory authorization for the rule
This final rule was promulgated under the authority of section 215 of the Federal Power Act. 16 U.S.C. sect. 824o.
Executive Order No. 12,866
As this final rule is promulgated by an independent regulatory agency, it is not subject to the review requirements of the order.