Académique Documents
Professionnel Documents
Culture Documents
Leve o! Ris" to C4 assets Critica it# o! C4 s#ste$s %ein& tar&ete' A'versar# Activit#(Intent De&ree to )*ic* activit# is 'e$onstrate' to %e a coor'inate' net)or" attac" A'versar# Co$+,ter Net)or" Attac" -CNA. Ca+a%i it# A'versar# Co$+,ter Net)or" Ex+ oitation -CNE. Ca+a%i it# /r,ste' Environ$ent Activit# -0&ov1 0$i . Net)or" Mana&er Actions (typicalother actions will be situation dependent) 5 Minimal/Acceptable - UNCLASS networks - Non-Mission Critical - !" !ternal #eb page defacement No specific target identified Low 4 Increased - UNCLASS Networks - $perationall% significant C& Limited network reconnaissance Low Moderate - UNCLASS and/or CLASSI'I ( network)s* - $perationall% significant C& (emonstrated intent to ca+se denial, disr+ption, degradation, or destr+ction of C- s%stems Ambig+o+s e.idence of coordinated attack - Moderate indigeno+s CNA threat e!ists - Intent of s+pport from others 'oc+sed e!ploitation of Cs%stems to s+pport ad.ersar% C$A Some pattern of attack e!ists - Implement /roced+res called for in A'I 34-534 IN'$C$N < - /ossible =1$, limit network ser.ices, minim+m to accomplish mission operations9 3 High - UNCLASS and CLASSI'I ( network)s* - $perationall% significant C& (emonstrated abilit% to ca+se denial, disr+ption, degradation, or destr+ction of C- s%stems Clear e.idence of coordinated attacks - High access to Indigeno+s CNA threat - Clear e.idence of ad.ersar% intent to emplo% CNA 'oc+sed e!ploitation of Cs%stems to s+pport ad.ersar% C$A 'oc+sed attacks against tr+sted C- s%stems - Implement /roced+res called for in A'I 34-534 IN'$C$N & - /ossible =1$, limit SI/1N = access to C& > Intel - Increase ph%sical sec+rit% on critical infrastr+ct+re 2 Significant - UNCLASS and CLASSI'I ( network)s* - $perationall% significant C& 'oc+sed attack on Cs%stems Clearl% coordinated attacks ha.e occ+rred - (emonstrated CNA threat - High le.el of CNA threat 1
Low threat
An !ploitation threat e!ists 1andom or transient e.ents - Implement /roced+res called for in A'I 34-534 IN'$C$N 6 - Identif% and prioriti7e network s%stems and their elements 8 +sers, infrastr+ct+re, etc9
- Limited indigeno+s CNA threat e!ists - /otential S+pport from others )No known intent to pro.ide s+pport* 0road e!ploitation capabilit% e!ists or is likel% present across C2eneral acti.it% - Implement /roced+res called for in A'I 34-534 IN'$C$N - Increase fre:+enc% );4 da% c%cle* of a+dit log re.iews and s%stem back+ps
'oc+sed e!ploitation of Cs%stems to s+pport ad.ersar% C$A 'oc+sed attacks against tr+sted C- s%stems - Implement /roced+res called for in A'I 34-534 IN'$C$N 3 - /ossible =1$, disconnect ALL s%stems not re:+ired for mission e!ec+tion
- Sit+ational awareness" report network/s%stem anomalies to #orkgro+p Manager - 1espond as directed to e!pected incremental losses of network capabilities s+ch as web access )to all b+t 9mil and 9go.*, e-mail, modem connections, 1AS, ?/N, and/or other f+nctional s%stems
Exit Criteria
N/A
INFOCON 5 8 Normal acti.it%9 A general threat of possible information attack e!ists, b+t warrants onl% a ro+tine sec+rit% post+re9 IN'$C$N 6 is alwa%s in effect +nless a more specific threat or incident warrants the transition to a higher IN'$C$N9 INFOCON 4 8 Increased, +npredictable risk of attack9 A heightened threat of possible information attack e!ists, to incl+de an increased n+mber of probes, which might indicate patterned s+r.eillance/reconnaissance9 Circ+mstances do not D+stif% f+ll implementation of IN'$C$N < meas+res, b+t certain meas+res from higher IN'$C$Ns ma% be necessar% based on intelligence reports, or as a deterrent9 Installation Commander m+st be able to maintain this IN'$C$N indefinitel%9 Under INFOCON 2 expect increased vigilance over work areas/facilities 9 INFOCON 3 8 Specific increased and more predictable risk of attack e!ists9 A demonstrated, increased, and patterned set of intr+sion acti.ities e!ists, to incl+de a compromise of s%stem reso+rces9 !amples of acti.ities in IN'$C$N < are dedicated comp+ter sweeps, scans, or probes and a significant increase of detected .ir+ses, n+isances, and (enial of Ser.ice attacks9 =he meas+res in this IN'$C$N m+st be capable of being maintained for weeks witho+t ca+sing +nd+e hardship affecting operations capabilit%9 Under INFOCON 3 expect to see increased network security and be prepared to co ply wit! instructions" #lso expect tig!tening of network usage policies $e"g" restricted web surfing% &oss of e' ail% s!ut down public web servers( INFOCON 2 8 Limited attack)s*9 An act+al information attack has occ+rred or intelligence indicates an imminent information warfare attack9 !amples incl+de" attempts to access C- s%stems, databases, and comm+nications media for the p+rpose of data destr+ction, dela%, denial, deception, etc9 N$= " An% collection efforts targeted against classified s%stems warrant implementation of IN'$C$N &9 Implementation of this meas+re for more than a short period has a high probabilit% to create hardship and affect the peacetime acti.ities of the installation and its personnel9 Under INFOCON 2 expect furt!er tig!tening of network usage policies $e"g"% restricted web surfing% &oss of e' ail% s!ut down public web servers( INFOCON 1 8 2eneral attack)s*999when the se.erit% of an information attack has significantl% degraded mission capabilit%9 /rimar% efforts d+ring IN'$C$N 3 are reco.er% and reconstit+tion9 Under IN'$C$N 3 e!pect disconnection of non-mission essential C- s%stems De!initions2 Co$+,ter Net)or" Attac" -CNA. vs0 Co$+,ter Net)or" Ex+ oitation -CNE." CN is information gathering and probing, while CNA is deliberate acts taken to disr+pt or destro% network capabilities9