19.0791.01000 Sixty-sixth Legislative Assembly of North Dakota SENATE BILL NO. 2209 Introduced by Senators Klein, Heckaman, Myrdal Representatives Damschen, Devlin, Holman 1 A BILL for an Act to amend and reenact section 44-04-24 of the North Dakota Century Code, 2 relating to protection for records related to critical infrastructure and security planning, 3 mitigation, or threats. 4 BE IT ENACTED BY THE LEGISLATIVE ASSEMBLY OF NORTH DAKOTA: 5 6 SECTION 1. AMENDMENT. Section 44-04-24 of the North Dakota Century Code is amended and reenacted as follows: 7 44-04-24. Security system plan - Disaster and cybersecurity information - Exemption. 8 1. A security system plan kept by a public entity is, and records required to be disclosed 9 to another person for disaster mitigation, preparation, response, vulnerability, or 10 recovery, or for cybersecurity planning, mitigation, or threat, are exempt from the 11 provisions of section 44-04-18 and section 6 of article XI of the Constitution of North 12 Dakota. 13 14 2. As used in this section: a. "Critical infrastructure" means public buildings, systems, including 15 telecommunications centers and computers, power generation plants, dams, 16 bridges, and similar key resources, and systems related to utility services, fuel 17 supply, energy, hazardous liquid, natural gas, or coal, whether physical or virtual, 18 so vital to the state that the incapacity or destruction of these systems would 19 have a debilitating impact on security, state economic security, state public health 20 or safety, or any combination of those matters. 21 22 b. "Security system plan" includes all records,: (1) Records, information, photographs, audio and visual presentations, 23 schematic diagrams, surveys, recommendations, communications, or 24 consultations or portions of any such plan relating directly to the physical or Page No. 1 19.0791.01000 Sixty-sixth Legislative Assembly 1 electronic security of a public facility, or any critical infrastructure, whether 2 owned by or leased to the state or any of its political subdivisions, or any 3 privately owned or leased critical infrastructure if the plan or a portion of the 4 plan is in the possession of a public entity; threat 5 (2) Information relating to cybersecurity defenses, or threats, attacks, attempted 6 attacks, and vulnerabilities of cyber system operations relating directly to the 7 physical or electronic security of a public facility, or any critical infrastructure, 8 whether owned by or leased to the state or any of its political subdivisions, 9 or any privately owned or leased critical infrastructure if the information is in 10 the possession of a public entity; 11 (3) Threat assessments; vulnerability 12 (4) Vulnerability and capability assessments conducted by a public entity, or 13 any private entity; threat 14 (5) Threat response plans; and emergency 15 (6) Emergency evacuation plans. 16 3. 17 18 This exemption applies to security system plans received by a public entity before, on, or after March 20, 2003. 4. Nothing in this section may be construed to limit disclosure required for necessary 19 construction, renovation, or remodeling work on a public building. Disclosure under 20 this subsection does not constitute public disclosure. Page No. 2 19.0791.01000