Bill Text: HI HB2582 | 2024 | Regular Session | Amended
Bill Title: Relating To Critical Infrastructure Information.
Spectrum: Partisan Bill (Democrat 1-0)
Status: (Engrossed - Dead) 2024-04-18 - Received notice of appointment of House conferees (Hse. Com. No. 760). [HB2582 Detail]
Download: Hawaii-2024-HB2582-Amended.html
HOUSE OF REPRESENTATIVES |
H.B. NO. |
2582 |
THIRTY-SECOND LEGISLATURE, 2024 |
H.D. 1 |
|
STATE OF HAWAII |
S.D. 2 |
|
|
|
|
|
||
|
A BILL FOR AN ACT
RELATING TO CRITICAL INFRASTRUCTURE INFORMATION.
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF HAWAII:
SECTION 1. The legislature finds that critical infrastructure are those assets, systems, and networks that provide functions necessary for our way of life. There are sixteen federal designated critical infrastructure sectors, including energy, emergency services, water, health care, and others, that are part of a complex, interconnected ecosystem. Any threat to these sectors could have potentially debilitating consequences to national security, the economy, and public health and safety.
The legislature further finds it is imperative to establish protections for critical infrastructure information that is created, received, or maintained by government agencies to ensure public health and safety. The protections under this Act are aligned with the federal Critical Infrastructure Information Act of 2002 and enhance the sharing of critical infrastructure information between private entities and government agencies. Providing homeland security partners additional reassurance that their shared proprietary information will be protected is important to encourage open sharing of critical infrastructure information. The legislature also finds that voluntary collaboration is crucial in providing for critical infrastructure security. Up-front protections in statute for non-disclosure of specific security-related information will support better understanding and identification of:
(1) Security risks and threats from physical and cyber-attacks, like the types and characteristics of physical security or technology systems;
(2) Vulnerabilities and mitigation strategies during special events, including actions taken to manage potential threats at an event venue; and
(3) Overall critical infrastructure security, such as understanding the nature of previous incidents to identify and ultimately close vulnerability gaps.
The
purpose of this Act is to exclude critical infrastructure information from
disclosure requirements under the Uniform Information Practices Act.
SECTION 2. Section 92F-13, Hawaii Revised Statutes, is amended to read as follows:
"§92F-13 Government records; exceptions to general rule. This part shall not require disclosure of:
(1) Government records which, if disclosed, would constitute a clearly unwarranted invasion of personal privacy;
(2) Government records pertaining to the prosecution or defense of any judicial or quasi-judicial action to which the State or any county is or may be a party, to the extent that such records would not be discoverable;
(3) Government records that, by their nature, must be confidential in order for the government to avoid the frustration of a legitimate government function;
(4) Government records which, pursuant to state or
federal law including an order of any state or federal court, are protected
from disclosure; [and]
(5) Inchoate and draft working papers of
legislative committees including budget worksheets and unfiled committee
reports; work product; records or transcripts of an investigating committee of
the legislature [which] that are closed by rules adopted pursuant
to section 21-4 and the personal files of members of the legislature[.];
and
(6) Critical infrastructure information related
to the security of critical infrastructure or protected systems, including
documents, records, or other information concerning:
(A) Actual, potential, or threatened
interference with, attacks on, compromise of, or incapacitation of critical
infrastructure of protected systems by either physical or computer-based attack
or other similar conduct, including the misuse of or unauthorized access to all
types of communications and data transmission systems that:
(i) Violates federal, state, local, or tribal law;
(ii) Harms interstate commerce of the United States;
or
(iii) Threatens public health or safety;
(B) The ability of any critical infrastructure
or protected system to resist interference, attack, compromise, or
incapacitation described in subparagraph (A), including any planned or past
assessment, projection, or estimate of the vulnerability of critical
infrastructure or a protected system, including security testing, risk
evaluation thereto, risk management planning, or risk audit; or
(C) Any planned or past operational problem or
solution regarding critical infrastructure or protected systems, including
repair, recovery, reconstruction, insurance, or continuity, to the extent it is
related to the interference, attack, compromise, or incapacitation described in
subparagraph (A)."
SECTION 3. Statutory material to be repealed is bracketed and stricken. New statutory material is underscored.
SECTION 4. This Act shall take effect on April 14, 2112.
Report Title:
UIPA; Critical Infrastructure Information
Description:
Excludes critical infrastructure information from disclosure requirements under the Uniform Information Practices Act. Takes effect 4/14/2112. (SD2)
The summary description
of legislation appearing on this page is for informational purposes only and is
not legislation or evidence of legislative intent.