1-9. Threat Capabilities. The capabilities of adversaries operating in the information environment are ranked as follows:
• First level. Lone or small groups of amateurs using common hacker tools and techniques in an unsophisticated manner without significant support. • Second level. Individuals or small groups supported by commercial business entities, criminal syndicates, or other transnational groups using common hacker tools in a sophisticated manner. This level of adversary includes terrorists and nongovernmental terrorist organizations. Their activities include espionage, data collection, network mapping or reconnaissance, and data theft. • Third level. Individuals or small groups supported by state-sponsored institutions (military or civilian) and significant resources, using sophisticated tools. Their activities include espionage, data collection, network mapping or reconnaissance, and data theft. • Fourth level. State-sponsored offensive IO, especially computer network attacks (CNAs), using state-of-the-art tools and covert techniques conducted in coordination with military operations.
1-10. Threat sources are listed at the right. Boundaries among these threats and among the capability levels are indistinct, and it is often difficult to discern the origins of any particular incident. For example, actions that appear to be the work of first level threat may actually be the work of a fourth level attack. In addition to active adversary actions, information fratriide can also threaten IO success. 1-11. Hackers. Hackers are unauthorized users who attempt to or actually gain access to C2 systems and INFOSYS, or deny their use to legitimate users. They are often people who enjoy exploring the details of programmable systems and determining how to stretch their capabilities. The worldwide spread of INFOSYS in general, and the establishment of the Internet in particular, has led to a new threat: mass attacks by hackers to make political statements. This phenomenon is notable because it crosses national boundaries. When groups of activists believe that an entity is acting contrary to their goals, they make a global call for hackers to attack their perceived adversary. Calls to arms are made to individuals based on personal beliefs and morality; response to such a call is nearly impossible to predict. Even if hackers do not penetrate the target’s C2 system, the number of attempts may have the effect of a denial of service attack. 1-12. Insiders. Insiders are individuals with legitimate access to elements of a C2 system. They pose one of the most serious threats to C2 systems. Whether recruited or self-motivated, insiders have access to INFOSYS normally protected against attack. 1-13. Activist Nonstate Actors. Nonstate actors, ranging from drug cartels to social activists, are taking advantage of the possibilities the information environment offers. They can acquire capabilities to strike at foes’ C2
Text Box: Threat Sources · Hackers · Insiders · Activist nonstate actors · Terrorists · Foreign IO activities · Information fratricide