Editorial Notes

Codification

Section was formerly classified to section 131 of this title prior to renumbering by Pub. L. 115–278.

Amendments

2022—Par. (3). Pub. L. 117–263, § 7143(b)(2)(M)(i), added par. (3) and struck out former par. (3) which defined critical infrastructure information.

Pars. (5) to (8). Pub. L. 117–263, § 7143(b)(2)(M)(ii), (iii), redesignated pars. (6) and (7) as (5) and (6), respectively, and struck out former pars. (5) and (8) which defined Information Sharing and Analysis Organization and cybersecurity risk and incident, respectively.

2018—Par. (8). Pub. L. 115–278, § 2(g)(9)(B)(i), substituted “section 659 of this title” for “section 148 of this title”.

2015—Par. (5)(A). Pub. L. 114–113, § 204(1)(A), inserted “, including information related to cybersecurity risks and incidents,” after “critical infrastructure information” and “, including cybersecurity risks and incidents,” after “related to critical infrastructure”.

Par. (5)(B). Pub. L. 114–113, § 204(1)(B), inserted “, including cybersecurity risks and incidents,” after “critical infrastructure information” and “, including cybersecurity risks and incidents,” after “related to critical infrastructure”.

Par. (5)(C). Pub. L. 114–113, § 204(1)(C), inserted “, including cybersecurity risks and incidents,” after “critical infrastructure information”.

Par. (8). Pub. L. 114–113, § 204(2), added par. (8).

Statutory Notes and Related Subsidiaries

Short Title

For short title of this part as the “Critical Infrastructure Information Act of 2002”, see section 2221 of Pub. L. 107–296, set out as a note under section 101 of this title.

Prohibition on New Regulatory Authority

Pub. L. 114–113, div. N, title II, § 210, Dec. 18, 2015, 129 Stat. 2962, provided that: “Nothing in this subtitle [subtitle A (§§ 201–211) of title II of div. N of Pub. L. 114–113, see Short Title of 2015 Amendment note set out under section 101 of this title] or the amendments made by this subtitle may be construed to grant the Secretary any authority to promulgate regulations or set standards relating to the cybersecurity of non-Federal entities, not including State, local, and tribal governments, that was not in effect on the day before the date of enactment of this Act [Dec. 18, 2015].”

Definitions

Pub. L. 114–113, div. N, title II, § 202, Dec. 18, 2015, 129 Stat. 2956, as amended by Pub. L. 115–278, § 2(h)(1)(A), Nov. 16, 2018, 132 Stat. 4181, provided that: “In this subtitle [subtitle A (§§ 201–211) of title II of div. N of Pub. L. 114–113, see Short Title of 2015 Amendment note set out under section 101 of this title]:

“(1)

Appropriate congressional committees.—

The term ‘appropriate congressional committees’ means—

“(A)

the Committee on Homeland Security and Governmental Affairs of the Senate; and

“(B)

the Committee on Homeland Security of the House of Representatives.

“(2)

Cybersecurity risk; incident.—

The terms ‘cybersecurity risk’ and ‘incident’ have the meanings given those terms in section 2209 of the Homeland Security Act of 2002 [6 U.S.C. 659] [see now 6 U.S.C. 650].

“(3)

Cyber threat indicator; defensive measure.—

The terms ‘cyber threat indicator’ and ‘defensive measure’ have the meanings given those terms in section 102 [6 U.S.C. 1501].

“(4)

Department.—

The term ‘Department’ means the Department of Homeland Security.

“(5)

Secretary.—

The term ‘Secretary’ means the Secretary of Homeland Security.”