(a) For the purposes of this subchapter, the following terms shall have the same meanings as provided in § 2-502:
(10) “Public record”;
(12) “Rule”; and
(b) For the purposes of this subchapter, the term:
(1) “Critical infrastructure” means existing and proposed infrastructure systems and assets, whether physical or virtual, so vital to the District of Columbia or the United States that the incapacity or destruction of the infrastructure system or asset could jeopardize the physical security, economic security, health, safety, or welfare of the public.
(2) “Critical infrastructure information” means information not customarily in the public domain that is related to the security of critical infrastructure of companies that are regulated by the Public Service Commission of the District of Columbia, including information regarding:
(A) Actual, potential, or threatened interference with, attack on, compromise of, or incapacitation of critical infrastructure or protected systems by either physical or computer-based attack or similar conduct (including the misuse of or unauthorized access to all types of communications and data transmission systems) that violates federal or District of Columbia laws, harms interstate commerce of the United States or the economy of the District of Columbia, or threatens public health or safety;
(B) The ability of any critical infrastructure or protected system to resist such interference, compromise, or incapacitation, including any planned or past assessment, projection, or estimate of the vulnerability of critical infrastructure or a protected system, including security testing, risk evaluation, risk-management planning, or risk audit; or
(C) Any planned or past operational problem or solution regarding critical infrastructure or protected systems, including repair, recovery, reconstruction, insurance, or continuity, to the extent it is related to such interference, compromise, or incapacitation.