(b) Designation of Department of Defense Critical Infrastructure Security Information.—
In addition to any other authority or requirement regarding protection from dissemination of information, the Secretary may designate information as being Department of Defense critical infrastructure security information, including during the course of creating such information, to ensure that such information is not disseminated without authorization. Information so designated is subject to the determination process under subsection (a) to determine whether to exempt such information from disclosure described in such subsection.
Each determination of the Secretary, or the Secretary’s designee, under subsection (a) shall be made in writing and accompanied by a statement of the basis for the determination. All such determinations and statements of basis shall be available to the public, upon request, through the Office of the Director of Administration and Management.
In this section, the term “Department of Defense critical infrastructure security information” means sensitive but unclassified information that, if disclosed, would reveal vulnerabilities in Department of Defense critical infrastructure that, if exploited, would likely result in the significant disruption, destruction, or damage of or to Department of Defense operations, property, or facilities, including information regarding the securing and safeguarding of explosives, hazardous chemicals, or pipelines, related to critical infrastructure or protected systems owned or operated by or on behalf of the Department of Defense, including vulnerability assessments prepared by or on behalf of the Department of Defense, explosives safety information (including storage and handling), and other site-specific information on or relating to installation security.