§ 131. Definitions
In this part:
(2)
Covered Federal agency
The term “covered Federal agency” means the Department of Homeland Security.
(3)
Critical infrastructure information
The term “critical infrastructure information” means information not customarily in the public domain and related to the security of critical infrastructure or protected systems—
(A)
actual, potential, or threatened interference with, attack on, compromise of, or incapacitation of critical infrastructure or protected systems by either physical or computer-based attack or other similar conduct (including the misuse of or unauthorized access to all types of communications and data transmission systems) that violates Federal, State, or local law, harms interstate commerce of the United States, or threatens public health or safety;
(B)
the ability of any critical infrastructure or protected system to resist such interference, compromise, or incapacitation, including any planned or past assessment, projection, or estimate of the vulnerability of critical infrastructure or a protected system, including security testing, risk evaluation thereto, risk management planning, or risk audit; or
(4)
Critical infrastructure protection program
The term “critical infrastructure protection program” means any component or bureau of a covered Federal agency that has been designated by the President or any agency head to receive critical infrastructure information.
(5)
Information Sharing and Analysis Organization
The term “Information Sharing and Analysis Organization” means any formal or informal entity or collaboration created or employed by public or private sector organizations, for purposes of—
(A)
gathering and analyzing critical infrastructure information in order to better understand security problems and interdependencies related to critical infrastructure and protected systems, so as to ensure the availability, integrity, and reliability thereof;
(6)
Protected system
The term “protected system”—
(A)
means any service, physical or computer-based system, process, or procedure that directly or indirectly affects the viability of a facility of critical infrastructure; and
(B)
includes any physical or computer-based system, including a computer, computer system, computer or communications network, or any component hardware or element thereof, software program, processing instructions, or information or data in transmission or storage therein, irrespective of the medium of transmission or storage.
(7)
Voluntary
(A)
In general
The term “voluntary”, in the case of any submittal of critical infrastructure information to a covered Federal agency, means the submittal thereof in the absence of such agency’s exercise of legal authority to compel access to or submission of such information and may be accomplished by a single entity or an Information Sharing and Analysis Organization on behalf of itself or its members.
(B)
Exclusions
The term “voluntary”—
(i)
in the case of any action brought under the securities laws as is defined in section
78c
(a)(47) of title
15—
[1] So in original. Probably should be “an”.
[2] So in original. The word “a” probably should not appear.