Collapse to view only § 650. Definitions
§ 650. DefinitionsExcept as otherwise specifically provided, in this subchapter:
(1) Agency
(2) Appropriate congressional committeesThe term “appropriate congressional committees” means—
(A) the Committee on Homeland Security and Governmental Affairs of the Senate; and
(B) the Committee on Homeland Security of the House of Representatives.
(3) Cloud service provider
(4) Critical infrastructure informationThe term “critical infrastructure information” means information not customarily in the public domain and related to the security of critical infrastructure or protected systems—
(A) actual, potential, or threatened interference with, attack on, compromise of, or incapacitation of critical infrastructure or protected systems by either physical or computer-based attack or other similar conduct (including the misuse of or unauthorized access to all types of communications and data transmission systems) that violates Federal, State, or local law, harms interstate commerce of the United States, or threatens public health or safety;
(B) the ability of any critical infrastructure or protected system to resist such interference, compromise, or incapacitation, including any planned or past assessment, projection, or estimate of the vulnerability of critical infrastructure or a protected system, including security testing, risk evaluation thereto, risk management planning, or risk audit; or
(C) any planned or past operational problem or solution regarding critical infrastructure or protected systems, including repair, recovery, reconstruction, insurance, or continuity, to the extent it is related to such interference, compromise, or incapacitation.
(5) Cyber threat indicatorThe term “cyber threat indicator” means information that is necessary to describe or identify—
(A) malicious reconnaissance, including anomalous patterns of communications that appear to be transmitted for the purpose of gathering technical information related to a cybersecurity threat or security vulnerability;
(B) a method of defeating a security control or exploitation of a security vulnerability;
(C) a security vulnerability, including anomalous activity that appears to indicate the existence of a security vulnerability;
(D) a method of causing a user with legitimate access to an information system or information that is stored on, processed by, or transiting an information system to unwittingly enable the defeat of a security control or exploitation of a security vulnerability;
(E) malicious cyber command and control;
(F) the actual or potential harm caused by an incident, including a description of the information exfiltrated as a result of a particular cybersecurity threat;
(G) any other attribute of a cybersecurity threat, if disclosure of such attribute is not otherwise prohibited by law; or
(H) any combination thereof.
(6) Cybersecurity purpose
(7) Cybersecurity riskThe term “cybersecurity risk”—
(A) means threats to and vulnerabilities of information or information systems and any related consequences caused by or resulting from unauthorized access, use, disclosure, degradation, disruption, modification, or destruction of such information or information systems, including such related consequences caused by an act of terrorism; and
(B) does not include any action that solely involves a violation of a consumer term of service or a consumer licensing agreement.
(8) Cybersecurity threat
(A) In general
(B) Exclusion
(9) Defensive measure
(A) In general
(B) ExclusionThe term “defensive measure” does not include a measure that destroys, renders unusable, provides unauthorized access to, or substantially harms an information system or information stored on, processed by, or transiting such information system not owned by—
(i) the private entity, as defined in section 1501 of this title, operating the measure; or
(ii) another entity or Federal entity that is authorized to provide consent and has provided consent to that private entity for operation of such measure.
(10) Director
(11) Homeland Security Enterprise
(12) Incident
(13) Information Sharing and Analysis OrganizationThe term “Information Sharing and Analysis Organization” means any formal or informal entity or collaboration created or employed by public or private sector organizations, for purposes of—
(A) gathering and analyzing critical infrastructure information, including information related to cybersecurity risks and incidents, in order to better understand security problems and interdependencies related to critical infrastructure, including cybersecurity risks and incidents, and protected systems, so as to ensure the availability, integrity, and reliability thereof;
(B) communicating or disclosing critical infrastructure information, including cybersecurity risks and incidents, to help prevent, detect, mitigate, or recover from the effects of an interference, a compromise, or an incapacitation problem related to critical infrastructure, including cybersecurity risks and incidents, or protected systems; and
(C) voluntarily disseminating critical infrastructure information, including cybersecurity risks and incidents, to its members, State, local, and Federal Governments, or any other entities that may be of assistance in carrying out the purposes specified in subparagraphs (A) and (B).
(14) Information systemThe term “information system”—
(A) has the meaning given the term in section 3502 of title 44; and
(B) includes industrial control systems, such as supervisory control and data acquisition systems, distributed control systems, and programmable logic controllers.
(15) Intelligence community
(16) Malicious cyber command and control
(17) Malicious reconnaissance
(18) Managed service provider
(19) Monitor
(20) National cybersecurity asset response activitiesThe term “national cybersecurity asset response activities” means—
(A) furnishing cybersecurity technical assistance to entities affected by cybersecurity risks to protect assets, mitigate vulnerabilities, and reduce impacts of cyber incidents;
(B) identifying other entities that may be at risk of an incident and assessing risk to the same or similar vulnerabilities;
(C) assessing potential cybersecurity risks to a sector or region, including potential cascading effects, and developing courses of action to mitigate such risks;
(D) facilitating information sharing and operational coordination with threat response; and
(E) providing guidance on how best to utilize Federal resources and capabilities in a timely, effective manner to speed recovery from cybersecurity risks.
(21) National security system
(22) Ransomware attackThe term “ransomware attack”—
(A) means an incident that includes the use or threat of use of unauthorized or malicious code on an information system, or the use or threat of use of another digital mechanism such as a denial of service attack, to interrupt or disrupt the operations of an information system or compromise the confidentiality, availability, or integrity of electronic data stored on, processed by, or transiting an information system to extort a demand for a ransom payment; and
(B) does not include any such event in which the demand for payment is—
(i) not genuine; or
(ii) made in good faith by an entity in response to a specific request by the owner or operator of the information system.
(23) Sector Risk Management Agency
(24) Security control
(25) Security vulnerability
(26) Sharing
(27) SLTT entity
(28) Supply chain compromise
(Pub. L. 107–296, title XXII, § 2200, as added Pub. L. 117–263, div. G, title LXXI, § 7143(b)(1), Dec. 23, 2022, 136 Stat. 3654.)