Sec. 101. Homeland Security Act of 2002 definitions
864 words·~4 min read·
/bill/113/hr/3696/rh/section-101·A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
Section 2 of the Homeland Security Act of 2002 ( 6 U.S.C. 101 ) is amended by adding at the end the following new paragraphs: The term critical infrastructure has the meaning given that term in section 1016(e) of the USA Patriot Act ( 42 U.S.C. 5195c(e) ). The term critical infrastructure owner means a person that owns critical infrastructure. The term critical infrastructure operator means a critical infrastructure owner or other person that manages, runs, or operates, in whole or in part, the day-to-day operations of critical infrastructure.
The term cyber incident means an incident, or an attempt to cause an incident, that, if successful, would— jeopardize or imminently jeopardize, without lawful authority, the security, integrity, confidentiality, or availability of an information system or network of information systems or any information stored on, processed on, or transiting such a system or network; constitute a violation or imminent threat of violation of law, security policies, security procedures, or acceptable use policies related to such a system or network, or an act of terrorism against such a system or network; or result in the denial of access to or degradation, disruption, or destruction of such a system or network, or the defeat of an operations control or technical control essential to the security or operation of such a system or network.
The term cybersecurity mission means activities that encompass the full range of threat reduction, vulnerability reduction, deterrence, incident response, resiliency, and recovery activities to foster the security and stability of cyberspace. The term cybersecurity purpose means the purpose of ensuring the security, integrity, confidentiality, or availability of, or safeguarding, an information system or network of information systems, including protecting such a system or network, or data residing on such a system or network, including protection of such a system or network, from— a vulnerability of such a system or network; a threat to the security, integrity, confidentiality, or availability of such a system or network, or any information stored on, processed on, or transiting such a system or network; efforts to deny access to or degrade, disrupt, or destroy such a system or network; or efforts to gain unauthorized access to such a system or network, including to gain such unauthorized access for the purpose of exfiltrating information stored on, processed on, or transiting such a system or network.
The term cyber threat means any action that may result in unauthorized access to, exfiltration of, manipulation of, harm of, or impairment to the security, integrity, confidentiality, or availability of an information system or network of information systems, or information that is stored on, processed by, or transiting such a system or network. The term cyber threat information means information directly pertaining to— a vulnerability of an information system or network of information systems of a government or private entity; a threat to the security, integrity, confidentiality, or availability of such a system or network of a government or private entity, or any information stored on, processed on, or transiting such a system or network; efforts to deny access to or degrade, disrupt, or destroy such a system or network of a government or private entity; efforts to gain unauthorized access to such a system or network, including to gain such unauthorized access for the purpose of exfiltrating information stored on, processed on, or transiting such a system or network; or an act of terrorism against an information system or network of information systems.
The term Federal civilian information systems — means information, information systems, and networks of information systems that are owned, operated, controlled, or licensed for use by, or on behalf of, any Federal agency, including such systems or networks used or operated by another entity on behalf of a Federal agency; but does not include— a national security system; or information, information systems, and networks of information systems that are owned, operated, controlled, or licensed solely for use by, or on behalf of, the Department of Defense, a military department, or an element of the intelligence community.
The term information security means the protection of information, information systems, and networks of information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide— integrity, including guarding against improper information modification or destruction, including ensuring nonrepudiation and authenticity; confidentiality, including preserving authorized restrictions on access and disclosure, including means for protecting personal privacy and proprietary information; and availability, including ensuring timely and reliable access to and use of information.
The term information system means the underlying framework and functions used to process, transmit, receive, or store information electronically, including programmable electronic devices, communications networks, and industrial or supervisory control systems and any associated hardware, software, or data. The term private entity means any individual or any private or publically-traded company, public or private utility (including a utility that is a unit of a State or local government, or a political subdivision of a State government), organization, or corporation, including an officer, employee, or agent thereof.
The term shared situational awareness means an environment in which cyber threat information is shared in real time between all designated Federal cyber operations centers to provide actionable information about all known cyber threats. .
Connectionstraces to 2
Traces to 2 documents
Citation graph
cites case law
Cites 2Cited by 0 across 0 sources