The Cyber Defense Force Posture is the only industry peacetime and wartime escalation advisory for changing a company's readiness state against cyber threats. This advisory model should be used in conjunction with wartime preparedness planning as recommended by the CYBER DEFENSE CENTER. Corporate incident response playbooks should be modified based upon current and changing advisory levels.
The readiness state is intended to be used as an activation trigger for incident response procedures. Companies may adopt this model to improve overall response readiness for Peacetime (levels 1-3) and Wartime (levels 4-5).
PEACETIME: This level indicates no direct or declared nation-state involvement in ongoing cyber attacks. Attack attribution to known threat actors is possible.
PEACETIME: This level indicates an increase in cyber-attacks due to a condition such as a holiday or new criminal variant or threat. Nations states may be involved indirectly in attacks and attacker attribution is possible.
PEACETIME: This level indicates that nation-states are threatening, menacing, preparing, or proxying targeted cyber attacks on public or private sector critical infrastructure. Direct attribution may be limited.
WARTIME: Nation states are actively and directly conducting targeted cyber attacks against public or private sector critical infrastructure. This usually involves the use of variants of current cyber tactics with some advanced tactics potentially weaponized or developed for specific targets. Cyber warfare by adversarial nation-states is imminent.
WARTIME: Cyber warfare is active or declared. Attacks on companies by adversarial nation states is active. This usually involves the use of advanced cyber weapons. Companies and infrastructure subject to campaigns conducted by nation-states may be targeted or indiscriminate.
The CYBER DEFENSE CENTER moves the cyber defense recommended force posture to LEVEL 4 for the first time.
As of 2.24.22, the CYBER DEFENSE CENTER has moved the recommended cyber defense force posture for companies operating or headquartered in the United States and its territories from LEVEL 3 to LEVEL 4. This posture change represents that Russia and/or nation-state sponsored threat actors or allies of Russia are actively and directly conducting targeted cyber-attacks against public or private sector critical infrastructure.
Moving from Level 3 to Level 4 also moves the recommended cyber defense posture from peacetime to wartime readiness. This is significant and is the purpose of issuance of this advisory.
Using the buttons below, we will go over some tactical defense strategies that you should consider before such fallout heads your way. These advisories are focused on helping you think and prepare for cyber defense in wartime. This is very different from the approach you take toward conventional cyber defense today, although it involves some of the same defense capabilities you are using to combat peacetime cyber-attacks. The goal of these advisories is to offer some actionable threat awareness to you and your company to help you test and prepare for wartime. If you are seeking additional guidance, the CYBER DEFENSE CENTER is on stand-by to consult with you, your team, or your leadership teams on this introduction to wartime cyber defense force readiness. CONTACT US
Attacks on critical infrastructure are part of 21st century warfare. Planning for wartime defense and response to cyber attacks involves a new mindset, new scenarios, new response playbooks, and expert testing to optimize defense capabilities. CYBER DEFENSE CENTER provides some guidance for getting started and stands ready to assist critical infrastructure in this type of planning before it is too late. Learn more here or contact the CYBER DEFENSE CENTER today for a free advisory consultation.
In wartime your company may be targeted simply because it is headquartered or operates in a nation-state that is an adversary in the conflict. Your company may be considered a strategic or tactical objective or just collateral damage of the many cyber campaigns waged during the conflict. Either way, this new domain of warfare has unwillingly conscripted your company onto the frontlines of the battlefield. Learn more about how the motives behind cyber threats are different during wartime.
Your company may or may not have an incident response plan or test for wartime cyber incidents. If you do not have such a plan or it has fallen out of date, you should immediately establish such a plan as you prepare for a wartime cyber defense transition and preparation. If you have not performed a tabletop exercise of your incident response plan for wartime scenarios to date, learn more about wartime preparedness here before revising, testing, or activating your plan for wartime.
We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.