As used in this article, the following definitions shall apply:

(a) “Critical infrastructure controls” means networks and systems controlling assets so vital to the state that the incapacity or destruction of those networks, systems, or assets would have a debilitating impact on public health, safety, economic security, or any combination thereof.

(b) “Critical infrastructure information” means information not customarily in the public domain pertaining to any of the following:

(1) Actual, potential, or threatened interference with, or an attack on, compromise of, or incapacitation of critical infrastructure controls by either physical or computer-based attack or other similar conduct, including, but not limited to, the misuse of, or unauthorized access to, all types of communications and data transmission systems, that violates federal, state, or local law or harms public health, safety, or economic security, or any combination thereof.

(2) The ability of critical infrastructure controls to resist any interference, compromise, or incapacitation, including, but not limited to, any planned or past assessment or estimate of the vulnerability of critical infrastructure.

(3) Any planned or past operational problem or solution regarding critical infrastructure controls, including, but not limited to, repair, recovery, reconstruction, insurance, or continuity, to the extent it is related to interference, compromise, or incapacitation of critical infrastructure controls.

(c) “Department” means the Department of Technology.

(d) “Office” means the Office of Emergency Services.

(e) “Secretary” means the secretary of each state agency as set forth in subdivision (a) of Section 12800.

(f) “State agency” or “state agencies” means the same as “state agency” as set forth in Section 11000.

(Added by Stats. 2016, Ch. 508, Sec. 2. (AB 1841) Effective January 1, 2017.)