In this subchapter:
(1) Agency The term “agency” has the meaning given the term in section 3502 of title 44.
The term “antitrust laws”—
(A) has the meaning given the term in section 12 of title 15;
(B) includes section 45 of title 15 to the extent that section 45 of title 15 applies to unfair methods of competition; and
(C) includes any State antitrust law, but only to the extent that such law is consistent with the law referred to in subparagraph (A) or the law referred to in subparagraph (B).
The term “appropriate Federal entities” means the following:
(A) The Department of Commerce.
(B) The Department of Defense.
(C) The Department of Energy.
(D) The Department of Homeland Security.
(E) The Department of Justice.
(F) The Department of the Treasury.
(G) The Office of the Director of National Intelligence.
(4) Cybersecurity purpose The term “cybersecurity purpose” means the purpose of protecting an information system or information that is stored on, processed by, or transiting an information system from a cybersecurity threat or security vulnerability.
Except as provided in subparagraph (B), the term “cybersecurity threat” means an action, not protected by the First Amendment to the Constitution of the United States, on or through an information system that may result in an unauthorized effort to adversely impact the security, availability, confidentiality, or integrity of an information system or information that is stored on, processed by, or transiting an information system.
(A) In general Except as provided in subparagraph (B), the term “cybersecurity threat” means an action, not protected by the First Amendment to the Constitution of the United States, on or through an information system that may result in an unauthorized effort to adversely impact the security, availability, confidentiality, or integrity of an information system or information that is stored on, processed by, or transiting an information system.
(B) Exclusion The term “cybersecurity threat” does not include any action that solely involves a violation of a consumer term of service or a consumer licensing agreement.
The term “cyber threat indicator” means information that is necessary to describe or identify—
(A) malicious reconnaissance, including anomalous patterns of communications that appear to be transmitted for the purpose of gathering technical information related to a cybersecurity threat or security vulnerability;
(B) a method of defeating a security control or exploitation of a security vulnerability;
(C) a security vulnerability, including anomalous activity that appears to indicate the existence of a security vulnerability;
(D) a method of causing a user with legitimate access to an information system or information that is stored on, processed by, or transiting an information system to unwittingly enable the defeat of a security control or exploitation of a security vulnerability;
(E) malicious cyber command and control;
(F) the actual or potential harm caused by an incident, including a description of the information exfiltrated as a result of a particular cybersecurity threat;
(G) any other attribute of a cybersecurity threat, if disclosure of such attribute is not otherwise prohibited by law; or
(H) any combination thereof.
The term “defensive measure” does not include a measure that destroys, renders unusable, provides unauthorized access to, or substantially harms an information system or information stored on, processed by, or transiting such information system not owned by—
(A) In general Except as provided in subparagraph (B), the term “defensive measure” means an action, device, procedure, signature, technique, or other measure applied to an information system or information that is stored on, processed by, or transiting an information system that detects, prevents, or mitigates a known or suspected cybersecurity threat or security vulnerability.
(B) ExclusionThe term “defensive measure” does not include a measure that destroys, renders unusable, provides unauthorized access to, or substantially harms an information system or information stored on, processed by, or transiting such information system not owned by— (i) the private entity operating the measure; or (ii) another entity or Federal entity that is authorized to provide consent and has provided consent to that private entity for operation of such measure.
(8) Federal entity The term “Federal entity” means a department or agency of the United States or any component of such department or agency.
The term “information system”—
(A) has the meaning given the term in section 3502 of title 44; and
(B) includes industrial control systems, such as supervisory control and data acquisition systems, distributed control systems, and programmable logic controllers.
(10) Local government The term “local government” means any borough, city, county, parish, town, township, village, or other political subdivision of a State.
(11) Malicious cyber command and control The term “malicious cyber command and control” means a method for unauthorized remote identification of, access to, or use of, an information system or information that is stored on, processed by, or transiting an information system.
(12) Malicious reconnaissance The term “malicious reconnaissance” means a method for actively probing or passively monitoring an information system for the purpose of discerning security vulnerabilities of the information system, if such method is associated with a known or suspected cybersecurity threat.
(13) Monitor The term “monitor” means to acquire, identify, or scan, or to possess, information that is stored on, processed by, or transiting an information system.
Except as otherwise provided in this paragraph, the term “non-Federal entity” means any private entity, non-Federal government agency or department, or State, tribal, or local government (including a political subdivision, department, or component thereof).
(A) In general Except as otherwise provided in this paragraph, the term “non-Federal entity” means any private entity, non-Federal government agency or department, or State, tribal, or local government (including a political subdivision, department, or component thereof).
(B) Inclusions The term “non-Federal entity” includes a government agency or department of the District of Columbia, the Commonwealth of Puerto Rico, the United States Virgin Islands, Guam, American Samoa, the Northern Mariana Islands, and any other territory or possession of the United States.
(C) Exclusion The term “non-Federal entity” does not include a foreign power as defined in section 1801 of title 50.
Except as otherwise provided in this paragraph, the term “private entity” means any person or private group, organization, proprietorship, partnership, trust, cooperative, corporation, or other commercial or nonprofit entity, including an officer, employee, or agent thereof.
(A) In general Except as otherwise provided in this paragraph, the term “private entity” means any person or private group, organization, proprietorship, partnership, trust, cooperative, corporation, or other commercial or nonprofit entity, including an officer, employee, or agent thereof.
(B) Inclusion The term “private entity” includes a State, tribal, or local government performing utility services, such as electric, natural gas, or water services.
(C) Exclusion The term “private entity” does not include a foreign power as defined in section 1801 of title 50.
(16) Security control The term “security control” means the management, operational, and technical controls used to protect against an unauthorized effort to adversely affect the confidentiality, integrity, and availability of an information system or its information.
(17) Security vulnerability The term “security vulnerability” means any attribute of hardware, software, process, or procedure that could enable or facilitate the defeat of a security control.
(18) Tribal The term “tribal” has the meaning given the term “Indian tribe” in section 5304 of title 25.
(Pub. L. 114–113, div. N, title I, § 102, Dec. 18, 2015, 129 Stat. 2936.)
Copyright ©2024 LegalFix. All rights reserved. LegalFix is not a law firm, is not licensed to practice law, and does not provide legal advice, services, or representation. The information on this website is an overview of the legal insurance products you can purchase—or that may be provided by your employer as an employee benefit or by your credit union or other membership group as a membership benefit.
LegalFix provides its members with access to legal services through a network of provider law firms. LegalFix, its corporate entity, and its officers, directors, employees, agents, and contractors do not provide legal advice, services, or representation—directly or indirectly.
The articles and information on the site are not legal advice and should not be relied upon—they are for information purposes only. You should become a LegalFix member to get legal services from one of our provider law firms.
You should not disclose confidential or potentially incriminating information to LegalFix—you should only communicate such information to your provider law firm.
The benefits and legal services described in the LegalFix legal plans are not always available in all states or with all plans. See the legal plan Benefit Overview and the more comprehensive legal plan contract during checkout for coverage details in your state.
Use of this website, the purchase of legal insurance products, and access to the LegalFix network of provider law firms are subject to the LegalFix Terms of Service and Privacy Policy.
