UNCLASSIFIED Information Warfare - Defense Incident Classi cations and Watch Conditions W ATCHCONs UNCLASSIFIED 111111 1111111111 1 1 1 UNCLASSIFIED lass Incidents - Privacy Invasion Class incidents are characterized by computer and attempted intrusions from a variety of sources which essentially invade the privacy of individual or organizational computer users of non-classi ed networks Class I do not include any evidence of intent to cause damage to the data or networks accessed This could also be characterized as low-level computer hacking These Incidents could come from either domestic or foreign sources Class II lW Incidents - Commercialt'lndusmal Espionage Class II 1W incidents are characterized by concerted attempts or actual penetrations of eommereial computer systems to gain unauthorized access to Speci cally targeted or Information for the purposes or obtaining that Information Class II inCIdents do not include any evidence of intent to cause damage to the data or networks accessed These could come from either domestic or foreign sources Class lW Ineldents - Militagyl overnment Espionage Class IW incidents are characterized by concerted attempts to penetrate or acmal penetrations of military or gavemment computer systems to gain access to and or steal classd'ted tnl'ormation Class ll incidents do not include any evidence of intent to cause damage to the data or networks accessed These insidents could come from either domestic or foreign sources lncrusmns into unclassi ed govemment networks containing sensitive data falls under this category when evidence of foreign involvement or speci c targeting is present Class Incidents - Low Level PSYOPiDeception Programs Class ineldents are characterized by persistent long term low level PSYOP or Deception programs which occur at times of mildly increaSed tensmo between the United States and an adversary Typically they include the increas in news items which are favorable to the adversary nations The original source of these news items may be very dif cult to detenmnc Class neidents - Commercial Terrorism Class unetdents are charactenzed by penetrations or concerted attempts to penetrate the computer systems of commercial in an attempt to electronically destroy or degrade those systems or to threaten to destroy computer systems In Order to extort money These metdents could come from either domestic or foreign sources UNCLASSIFIED UNCLASSIFIED Class - when and Govemmental Infrastructure Terrorism and Attack Class VI usually occur during a time of impending or ongoing With a foreign pawer They can include foreign state-sponsored PSYOP Deception Electronic Warfare against and physical sabotage destruction of non-military U S government Information systems lass ineldents may also include attacks against the computer sySIems of key or non-DOD governmental organizations which operate critical elements of the U S infrastructure Those computer attacks may include destructive or degrading electronic codes and Viruses or the insertion of false data Class ll 1W - Military lnfrasnucture Terrorism 8- Attack Class incidents usually occur during a time of Impending or ongoing crisis with a foreign power They can include confirmed foreign State-sponsored PSYOP Deception Electronic Warfare against and physical attack or sabotage desmictronl of U S milltary information systems- Class ineidents also may include attacks against the computer systems of military organizations which operate critical elements of the U S military support structure Those computer anaclts may include destructive or degrading electronic codes and vrruses or the insertion of false data WATCHCON 5 - Operations Normal No signi cant_lW events No signi cant rise in the numbers of small isolated IW events May be characterized by a normal level of Class I events WATCHCON 4 - Slight Rise In Events A larger than normal number of events have occurred No Signi cant events which cause minor system damage outages or losses No correlation of events to foreign governments by a statistically Significant use in the overall number of lass 1 events May also be characterized by Suspected Class IV PSYOP or events OR A Significant event has occurred but purposeful intent vice accidental happensiance cannot be con rmed May be characterized by a Class ll event or events UNCLASSIFIED 111 11111 UNCLASSIFIED WATCHCON 3 - Signi cant Increase In beents A signi cant con rmed 1W event has occurred which causes or has the potential to cause major damage outages or losses to the US gOvei-nment military or busrness May or may not be accompanied by a slight increase tn the number of WV events No correlation of this major event to foreign governments- May be characterized by a rise in the number of Class II Class Class IV or Class events WATCHCON 2 - Signi cant lncreasc In Annbutable IW Events A con rmed lW evenu's has haVe occurred which causes or has the potential to cause major damage outages 0r 05 5 to the US government military or busmess This event or events are possibly or probably correlated to the purposeful activity of a foreign government The overall number of ara-ibutable and non-ambutable 1W events have increased- haracterized by an increase in the number of Class Ill Class IV and Class events Also charactenzed by the con rmation of initial Class VI and or Class VII events being launched by a foreign power May also be characterized by an increase in the number of Class Ill and Class lV events HC ON 1 - Broad Scale Attributable Attacks Significant con rmed lW events have occurred and are occurring A number of the events are attributable to a hostile foreign power The foreign power initiating the events ts also Involved in hostilities or crism confrontation with the United States in other polittcal International or military arenas haraetertzed by a large number of lass W Class V Class Vl and- or Class events UNCLASSIFIED UNCLASSIFIED Key Definitions Command and Control Warfare The integrated use of operations security military deception operations electronic warfare EW and physical destruction mutually supported by intelligence to deny information to in uence degrade or destroy adversary command and control capabilities while protecting friendly command and control capabilities against such actions Command and control warfare applies across the operational continuum and all levels of con ict C2 Attack Prevent effective C2 of adversary forces by denying information to in uencing degrading or destroying the adversary C2 system C2 Protect Maintain effective camrnand and control of own forces by turning to friendly advantage or negating adversary efforts to deny information to in uence degrade or destroy the friendly C2 system Command and Control The exercise of authority and dlrection by a pmperly designated commander over assigned forces in the accomplishment of the mission Computer Network Attack Operations to disrupt deny degrade or destroy information resident in computers and computer networks or the computers and networks themselves Counterinformation Action dedicated to controlling the information realm Defense Information Infrastructure Dill ls the shared or interconnected system of cOrnputers communications data applications security people training and other support structures serving DOD's local natiOnal and world-wide information needs The DH conneCts DOD mission support C2 and intelligence computers through voice telecommunications imagery video-and multi-media services Defensive Counterinformation Actions protecting cur military information functions from the adversary Global Information infrastructure Gil An interconnection of communications networks computers databases and consumer electrOnics that makes vast amounts of information avallable to users it encompasses a wide range of equipment including cameras scanners keyboards fax machines computers switches compact disks video and audio tape cable wire satellites optical fiber transmission lines microwave nets switches televisions monitors printers etc The Gil includes more than the physical facilities used to store process and floor-Allen at Hamilton Inc UNCLASSIFIED IW Key De nitions 1 111 UNCLASSIFIED di5play voice data it also includes the personnel who operate and consume the transmitted data information Facts data or instructions in any medium or form Information Assurance 10 that protect and defend information and information systems by ensuring their availability integrity authentication confidentiality and non-repudiation This includes providing for restoration of information systems by incorporating protection detection and reaction capabilities information Attack Directly corrupting information without visibly changing the physical entity within which it resides information Environment The aggregate of individuals organizations or systems that collect process or disseminate information also included is the information itself information Function Any activity the acquisition tranSmission storage 0r transformation of information Information Operations Actions taken to affect adversary information and information systems while defending one's own information and information systems information Superiority The capability to collect process and disseminate an uninterrupted ow of information while exploiting or denying an adversary's ability to do the same Information System The entire infrastructure organization personnel and components that collect process Stere transmit display disseminate and act on information information Warfare Information Operations i0 conducted during time of or con ict to achieve or promote Specific objectives against a specific adversary or adversaries information Warfare - Defense Protecting the National information Infrastructure and the Defense information Infrastructure and interrelated CONUS infrastructures against physical and electronic attacks and ensuring the availability of those infrastructures for commercial and military use Military Information Function Any information function supporting and enhancing the employment of military forces National information infrastructure Nil The Nil mirrors the Gil but is focused on national instead of global networks and systems iiooz-Allen Hamilton inc UNCLASSIFIED 1W Key Definitions UNCLASSIFIED Offenslve Counter-information Actions against the adversarys information functions Special Information Operations SID information Operations that their sensitive nature due to their potential effect or impact security requirements or risk to the national security of the U5 require a special review and approval process Booz Allen I Hamilton Inc UNCLASSIFIED IW Key De nitions