Current CyDefCon Level Information
(as of October 10, 2024)*
IT (Elevated) – Recent vulnerabilities discovered in popular vendor-offered
products (I.e CrowdStrike) have increased the Cyber Defense Condition to Elevated.
Considering all factors, the current state of global cybersecurity can be assessed as YELLOW (Elevated). This indicates a significant risk due to increased hacking, virus, or other malicious activity that compromises systems or diminishes service. There are known vulnerabilities being exploited with a moderate level of damage or disruption, and the potential for significant damage or disruption is high.
Examples supporting this assessment:
Critical vulnerabilities are being actively exploited (e.g., Log4Shell) , CrowdStrike shutdown (est. $6.5 Billion)
Ransomware attacks have caused significant operational disruptions and financial losses.
State-sponsored attacks have targeted critical infrastructure and sensitive data.
Actions recommended at this level:
Continue recommended actions from previous levels.
Identify and protect vulnerable systems.
Increase monitoring of critical systems.
Implement countermeasures immediately.
Apply patches and anti-virus updates as soon as possible.
SCADA/ICS (Elevated) – Recent political posturing in the western Asia-Pacific
rim and the middle east have increased our Cyber Defense Condition awareness to Elevated.
What Do the Different Alert Level Colors Indicate?
GREEN or LOW indicates a low risk. No unusual activity exists beyond the normal concern for known hacking activities, known viruses, or other malicious activity.
Examples:
Normal probing of the network
Low-risk viruses
Actions:
Continue routine preventive measures, including the application of vendor security patches and updates to anti-virus software signature files on a regular basis.
Continue routine security monitoring.
Ensure personnel receive proper training on cybersecurity policies.
BLUE or GUARDED indicates a general risk of increased hacking, virus, or other malicious activity. The potential exists for malicious cyber activities, but no known exploits have been identified, or known exploits have been identified but no significant impact has occurred.
Examples:
A critical vulnerability is discovered but no exploits are reported.
A critical vulnerability is being exploited but there has been no significant impact.
A new virus is discovered with the potential to spread quickly.
There are credible warnings of increased probes or scans.
A compromise of non-critical system(s) did not result in loss of data.
Actions:
Continue recommended actions from previous level.
Identify vulnerable systems.
Implement appropriate countermeasures to protect vulnerable systems.
When available, test and implement patches, install anti-virus updates, etc., in the next regular cycle.
YELLOW or ELEVATED indicates a significant risk due to increased hacking, virus, or other malicious activity that compromises systems or diminishes service. At this level, there are known vulnerabilities that are being exploited with a moderate level of damage or disruption, or the potential for significant damage or disruption is high.
Examples:
An exploit for a critical vulnerability exists that has the potential for significant damage.
A critical vulnerability is being exploited and there has been a moderate impact.
There is a compromise of a secure or critical system(s) containing sensitive information.
There is a compromise of a critical system(s) containing non-sensitive information if appropriate.
A virus is spreading quickly throughout the Internet, causing excessive network traffic.
There is a distributed denial of service attack.
Actions:
Continue recommended actions from previous levels.
Identify vulnerable systems.
Increase monitoring of critical systems.
Immediately implement appropriate countermeasures to protect vulnerable critical systems.
When available, test and implement patches, install anti-virus updates, etc., as soon as possible.
Orange or HIGH indicates a high risk of increased hacking, virus, or other malicious cyber activity that targets or compromises core infrastructure, causes multiple service outages, causes multiple system compromises, or compromises critical infrastructure. At this level, vulnerabilities are being exploited with a high level of damage or disruption, or the potential for severe damage or disruption is high.
Examples:
An exploit for a critical vulnerability exists that has the potential for severe damage.
A critical vulnerability is being exploited and there has been significant impact.
Attackers have gained administrative privileges on compromised systems.
There are multiple damaging or disruptive virus attacks.
There are multiple denial of service attacks against critical infrastructure services.
Actions:
Continue recommended actions from previous levels.
Closely monitor security mechanisms, including firewalls, web log files, anti-virus gateways, system log files, etc., for unusual activity.
Consider limiting or shutting down less critical connections to external networks such as the Internet.
Consider isolating less mission-critical internal networks to contain or limit the potential of an incident.
Consider the use of alternative methods of communication, such as phone, fax, or radio in lieu of email and other forms of electronic communication.
When available, test and implement patches, anti-virus updates, etc., immediately.
RED or SEVERE indicates a severe risk of hacking, virus, or other malicious activity resulting in widespread outages and/or significantly destructive compromises to systems with no known remedy or debilitates one or more critical infrastructure sectors. At this level, vulnerabilities are being exploited with a severe level or widespread level of damage or disruption of Critical Infrastructure Assets.
Examples:
Complete network failures
Mission-critical application failures
Compromise or loss of administrative controls of critical system
Loss of critical supervisory control and data acquisition (SCADA) systems
Potential for or actual loss of lives or significant impact on the health or economic security of the state
Actions:
Continue recommended actions from previous levels.
Shut down connections to the Internet and external business partners until appropriate corrective actions are taken.
Isolate internal networks to contain or limit the damage or disruption.
Use alternative methods of communication, such as phone, fax, or radio as necessary in lieu of email and other forms of electronic communication.
© 2024 Houdini Security Global – All Rights Reserved