Department of Energy, Federal Energy Regulatory Commission: Mandatory Reliability Standards for Critical Infrastructure Protection

B-316012

February 21, 2008

The Honorable Jeff Bingaman
Chairman
The Honorable Pete V. Domenici
Ranking Minority Member
Committee on Energy and Natural Resources
United States Senate

The Honorable John D. Dingell
Chairman
The Honorable Joe Barton
Ranking Minority Member
Committee on Energy and Commerce
House of Representatives

Subject: Department of Energy, Federal Energy Regulatory Commission: Mandatory Reliability Standards for Critical Infrastructure Protection

Pursuant to section 801(a)(2)(A) of title 5, United States Code, this is our report on a major rule promulgated by the Department of Energy, Federal Energy Regulatory Commission (Commission), entitled –Mandatory Reliability Standards for Critical Infrastructure Protection— (Docket No. RM06-22-000). We received the rule on January 24, 2008. It was published in the Federal Register as a final rule on February 7, 2008. 73 Fed. Reg. 7368. This rule has a stated effective date of April 7, 2008.

The final rule approves eight Critical Infrastructure Protection Reliability Standards submitted to the Commission by the North American Electric Reliability Corporation. These eight reliability standards require certain users, owners, and operators of the Bulk-Power System to comply with specific requirements safeguarding critical assets against malicious cyber attacks.

Enclosed is our assessment of the Commission's compliance with the procedural steps required by section 801(a)(1)(B)(i) through (iv) of title 5 with respect to the rule. Our review indicates that the Commission complied with the applicable requirements.

If you have any questions about this report or wish to contact GAO officials responsible for the evaluation work relating to the subject matter of the rule, please contact Michael R. Volpe, Assistant General Counsel, at (202) 512-8236.

signed

Robert J. Cramer
Associate General Counsel

Enclosure

cc: Christy Walsh

Office of the General Counsel

Energy Markets

Federal Energy Regulatory Commission

Department of Energy

ENCLOSURE

REPORT UNDER 5 U.S.C. sect. 801(a)(2)(A) ON A MAJOR RULE
ISSUED BY THE
DEPARTMENT OF ENERGY,
FEDERAL ENERGY REGULATORY COMMISSION
ENTITLED
"MANDATORY RELIABILITY STANDARDS FOR
CRITICAL INFRASTRUCTURE PROTECTION"
(DOCKET NO. RM06-22-000)

(i) Cost-benefit analysis

The Federal Energy Regulatory Commission (Commission) projects that the costs for compliance will exceed $100 million as an initial matter, although the Commission adopted a number of measures to mitigate many of the additional burdens associated with complying with these standards. In the final rule the Commission only included the cost of the information collection requirements, which are discussed below. The Commission did not include in this final rule its estimate of the cost of substantial compliance with the Critical Infrastructure Protection Reliability Standards.

(ii) Agency actions relevant to the Regulatory Flexibility Act, 5 U.S.C. sections 603-605, 607, and 609

The Commission determined that this final rule will not have a significant economic impact on a substantial number of small entities.

(iii) Agency actions relevant to sections 202-205 of the Unfunded Mandates Reform Act of 1995, 2 U.S.C. sections 1532-1535

As an independent regulatory agency, the Commission is not subject to Title II of the Unfunded Mandates Reform Act of 1995. 2 U.S.C. sect. 658.

(iv) Other relevant information or requirements under acts and executive orders

Administrative Procedure Act, 5 U.S.C. sections 551 et seq.

The final rule was issued using the notice and comment procedures of the Administrative Procedure Act. 5 U.S.C. sect. 553. On August 6, 2007, the Commission published a Notice of Proposed Rulemaking in the Federal Register. 72 Fed. Reg. 43,970. In response to the notice, the Commission received about 70 comment letters, to which the Commission responded in the final rule. 72 Fed. Reg. 7370–7447 (Feb. 7, 2008).

Paperwork Reduction Act, 44 U.S.C. sections 3501-3520

This final rule contains information collection requirements that the Commission submitted to the Office of Management and Budget (OMB) for review under the Act. The information collection requirement has the OBM Control Number of 1902-0248 and the Commission estimates that the annual cost of this requirement will be $24,758,800.

Statutory authorization for the rule

This final rule was promulgated under the authority of section 215 of the Federal Power Act. 16 U.S.C. sect. 824o.

Executive Order No. 12,866

As this final rule is promulgated by an independent regulatory agency, it is not subject to the review requirements of the order.