DOD cyberspace glossary(redirected from cyber incident)
DOD cyberspace glossaryFollowing are selected terms from a DOD memorandum that aligns key cyberspace operations vocabulary with the terminology from the U.S. Joint Chiefs of Staff. See DOD intelligence glossary and OPSEC.
DOD Terms (definitions below)
1 - collateral effect
2 - computer network attack (CNA)
3 - computer network exploitation (CNE)
4 - countermeasures
5 - cyber attack
6 - cyber incident
7 - cyber operational preparation of
8 - cyber-security
9 - cyberspace
10 - cyberspace operations (CO)
11 - cyberspace superiority
12 - cyber warfare (CW)
13 - defensive counter-cyber (DDC)
14 - hostile act
15 - hostile intent
16 - mission assurance category (MAC)
17 - mitigation
18 - national military strategy for
cyberspace operations (NMS-CO)
19 - network operations (NetOps)
20 - offensive counter-cyber (OCC)
21 - offensive cyberspace operations (OCO)
Unintentional or incidental effects including, but not limited to, injury or damage to persons or objects that would not be lawful military targets under the circumstances ruling at the time. Includes effects on civilian or dual-use computers, networks, information, or infrastructure. Such effects are not unlawful as long as they are not excessive in light of the overall military advantage anticipated from the activity. In cyberspace operations, collateral effects are categorized as:
1. High: substantial adverse effects on persons or property that are not lawful targets from which there is a reasonable probability of loss of life, serious injury, or serious adverse effect on the affected nation's security, economic security, public safety, or any combination of such effects.
2. Medium: substantial adverse effects on persons or property that are not lawful targets.
3. Low: temporary, minimal or intermittent effects on persons or property that are not lawful targets.
4. No: only adversary persons and computers, computer-controlled networks, and/or information and information systems are adversely affected.
computer network attack (CNA)
(DOD) A category of "fires" employed for offensive purposes in which actions are taken through the use of computer networks to disrupt, deny, degrade, manipulate, or destroy information resident in the target information system or computer networks, or the systems/networks themselves. The ultimate intended effect is not necessarily on the target system itself, but may support a larger effort, such as information operations or counter-terrorism, e.g., altering or spoofing specific communications or gaining or denying access to adversary communications or logistics channels.
Note: the term "fires" means the use of weapon systems to create specific lethal or nonlethal effects on a target.
computer network exploitation (CNE)
Enabling operations and intelligence collection capabilities conducted through the use of computer networks to gather data about target or adversary automated information systems or networks. See also computer network attack.
That form of military science that, by the employment of devices and/or techniques, has as its objective the impairment of the operational effectiveness of undesirable or adversarial activity, or the prevention of espionage, sabotage, theft, or unauthorized access to or use of sensitive or classified information or information systems.
1. defensive countermeasures include actions to identify the source of hostile cyber activities' protection/mitigation at the boundary (e.g., intrusion protection systems (IPS), pre-emptive blocks, blacklisting); hunting within networks (actively searching for insiders and other adversaries or malware); passive and active intelligence (including law enforcement) employed to detect cyber threats; and/or actions to temporarily isolate a system engaged in hostile cyber activities.
2. offensive countermeasures might include electronic jamming or other negation measures intended to disrupt an adversary's cyber capabilities during employment.
A hostile act using computer or related networks or systems, and intended to disrupt and/or destroy an adversary's critical cyber systems, assets, or functions. The intended effects of cyber attack are not necessarily limited to the targeted computer systems or data themselves-for instance, attacks on computer systems which are intended to degrade or destroy infrastructure of C2 capability. A cyber attack may use intermediate delivery vehicles including peripheral devices, electronic transmitters, embedded code, or human operators. The activation or effect of a cyber attack may be widely separated temporally and geographically from the delivery.
(Draft NCIRP Feb 2010) Level 2 or Level 1 Incident on the Cyber Risk Alert Level System. A cyber incident is likely to cause, or is causing, harm to critical functions and services across the public and private sectors by impairing the confidentiality, integrity, or availability of electronic information, information systems, services, or networks; and/or threaten public safety, undermine public confidence, have a negative effect on the national economy, or diminish the security posture of the Nation.
cyber operational preparation of the environment
(C-OPE) Non-intelligence enabling functions within cyberspace conducted to plan and prepare for potential follow-on military operations. C-OPE includes but is not limited to identifying data, system/network configurations, or physical structures connected to or associated with the network or system (to include software, ports, and assigned network address ranges or other identifiers) for the purpose of determining system vulnerabilities; and actions taken to assure future access and/or control of the system, network, or data during anticipated hostilities.
C-OPE replaces CNE or CNA when used specifically as an enabling function for another military operation.
All organizational actions required to ensure freedom from danger and risk to the security of information in all its forms (electronic, physical), and the security of the systems and networks where information is stored, accessed, processed, and transmitted, including precautions taken to guard against crime, attack, sabotage, espionage, accidents, and failures. Cyber-security risks may include those that damage stakeholder trust and confidence, affect customer retention and growth, violate customer and partner identity and privacy protections, disrupt the ability or conduct or fulfill business transactions, adversely affect health and cause loss of life, and adversely affect the operations of national critical infrastructures.
Domain characterized by the use of electronics and the electromagnetic spectrum to store, modify, and exchange data via network systems and associated physical infrastructures.
cyberspace operations (CO)
(CM-0856-09 1 Sep09). The employment of cyber capabilities where the primary purpose is to achieve objectives in or through cyberspace. Such operations include computer network operations and activities to operate and defend the Global Information Grid.
The degree of dominance in cyberspace by one force that permits the secure, reliable conduct of operations of that force, and its related land, air, sea, and space forces at a given time and sphere of operations without prohibitive interference by an adversary.
cyber warfare (CW)
An armed conflict conducted in whole or part by cyber means. Military operations conducted to deny an opposing force the effective use of cyberspace systems and weapons in a conflict. It includes cyber attack, cyber defense, and cyber enabling actions.
defensive counter-cyber (DDC)
All defensive countermeasures designed to detect, identify, intercept, and destroy or negate harmful activities attempting to penetrate or attack through cyberspace. DCC missions are designed to preserve friendly network integrity, availability, and security, and protect friendly cyber capabilities from attack, intrusion, or other malicious activity by pro-actively seeking, intercepting, and neutralizing adversarial cyber means which present such threats. DCC operations may include: military deception via honeypots and other operations; actions to adversely affect adversary and/or intermediary systems engaged in a hostile act/imminent hostile act; and redirection, deactivation, or removal of malware engaged in a hostile act/imminent hostile act.
Force or other means used directly to attach the US, US forces, or other designated persons or property, to include critical cyber assets, systems or functions. It also includes force or other means to preclude or impede the mission and/or duties of US forces, including the recovery of US personnel or vital US Government property.
The threat of an imminent hostile act. Determination of hostile intent in cyberspace can also be based on the technical attributes of an activity which does not meet the hostile act threshold but has the capability, identified though defensive countercyber or forensic operations, to disrupt, deny, degrade, manipulate, and/or destroy critical cyber assets at the will of an adversary (such as a logic bomb or 'sleeper' malware). Because an individual's systems may be used to commit a hostile act in cyberspace without their witting participation, the standard for attribution of hostile act/intent for defensive counter-cyber purposes is 'known system involvement,' and is not witting actor or geography-dependent.
mission assurance category (MAC)
(DODD 8500-1): applicable to DoD information systems, the mission assurance category reflects the importance of information relative to the achievement of DoD goals and objectives, particularly the warfighters' combat mission. Mission assurance categories are primarily used to determine the requirements for availability and integrity. The Department of Defense has three defined mission assurance categories:
1. MAC I - Systems handling information that is determined to be vital to the operational readiness or mission effectiveness of deployed and contingency forces in terms of both content and timeliness. The consequences of loss of integrity or availability of a MAC 1 system are unacceptable and could include the immediate and sustained loss of mission effectiveness. MAC 1 systems require the most stringent protection measures.
2. MAC II - Systems handling information that is important to the support of deployed and contingency forces. The consequences of loss of integrity are unacceptable. Loss of availability is difficult to deal with and can only be tolerated for a short time. The consequences could include delay or degradation in providing important support services or commodities that may seriously impact mission effectiveness or operational readiness.
3. MAC III - Systems handling information that is necessary for the conduct of day-to-day business, but does not materially affect support to deployed or contingency forces in the short term. The consequences of loss of integrity or availability can be tolerated or overcome without significant impacts on mission effectiveness or operational readiness. The consequences could include the delay or degradation of services or commodities enabling routine activities.
(US CERT CONOPS, NRF) Solutions that contain or resolve risks through analysis of threat activity and vulnerability data which provide timely and accurate responses to prevent attacks, reduce vulnerabilities and fix systems. Activities providing a critical foundation in the effort to reduce the loss of life and property from natural and/or manmade disasters by avoiding or lessening the impact of a disaster and providing value.
national military strategy
for cyberspace operations (NMS-CO)
The comprehensive strategy of the US Armed Forces to ensure US military superiority in cyberspace. The NMS-CO establishes a common understanding of cyberspace and sets forth a military strategic framework that orients and focuses DOD actions in the areas of military, intelligence, and business operations in and through cyberspace.
network operations (NetOps)
(JP-1-02) Activities conducted to operate and defend the DOD's Global information Grid.
offensive counter-cyber (OCC)
Offensive operations to destroy, disrupt, or neutralize adversary cyberspace capabilities both before and after their use against friendly forces, but as close to their souce as possible. The goal of OCA operations is to prevent the employment of adversary cyberspace capabilities prior to employment. This could mean preemptive action against an adversary.
offensive cyberspace operations (OCO)
Activities that, through the use of cyberspace, actively gather information from computers, information systems, or networks, or manipulate, disrupt, deny, degrade, or destroy targeted computers, information systems, or networks. This definition includes Cyber Operational Preparation of the Environment (C-OPE), Offensive Counter-Cyber (OCC), cyber attack, and related electronic attack and space control negation.