1-9. Threat Capabilities. The capabilities of adversaries operating in the information environment are ranked as follows:
• First level. Lone or small groups of amateurs using common hacker
tools and techniques in an unsophisticated manner without significant
support.
• Second level. Individuals or small groups supported by commercial
business entities, criminal syndicates, or other transnational groups
using common hacker tools in a sophisticated manner. This level of adversary
includes terrorists and nongovernmental terrorist organizations.
Their activities include espionage, data collection, network mapping
or reconnaissance, and data theft.
• Third level. Individuals or small groups supported by state-sponsored
institutions (military or civilian) and significant resources, using sophisticated
tools. Their activities include espionage, data collection,
network mapping or reconnaissance, and data theft.
• Fourth level. State-sponsored offensive IO, especially computer network
attacks (CNAs), using state-of-the-art tools and covert techniques
conducted in coordination with military operations.
1-10. Threat sources are listed at the right.
Boundaries among these threats and
among the capability levels are indistinct,
and it is often difficult to discern the origins
of any particular incident. For example,
actions that appear to be the work of
first level threat may actually be the work
of a fourth level attack. In addition to active
adversary actions, information fratriide
can also threaten IO success.
1-11. Hackers. Hackers are unauthorized users who attempt to or actually
gain access to C2 systems and INFOSYS, or deny their use to legitimate users.
They are often people who enjoy exploring the details of programmable
systems and determining how to stretch their capabilities. The worldwide
spread of INFOSYS in general, and the establishment of the Internet in particular,
has led to a new threat: mass attacks by hackers to make political
statements. This phenomenon is notable because it crosses national boundaries.
When groups of activists believe that an entity is acting contrary to
their goals, they make a global call for hackers to attack their perceived adversary.
Calls to arms are made to individuals based on personal beliefs and
morality; response to such a call is nearly impossible to predict. Even if hackers
do not penetrate the target’s C2 system, the number of attempts may
have the effect of a denial of service attack.
1-12. Insiders. Insiders are individuals with legitimate access to elements of
a C2 system. They pose one of the most serious threats to C2 systems.
Whether recruited or self-motivated, insiders have access to INFOSYS normally
protected against attack.
1-13. Activist Nonstate Actors. Nonstate actors, ranging from drug cartels
to social activists, are taking advantage of the possibilities the information
environment offers. They can acquire capabilities to strike at foes’ C2
Text Box: Threat Sources
· Hackers
· Insiders
· Activist nonstate actors
· Terrorists
· Foreign IO activities
· Information fratricide
