Information Operations Condition

From Wikipedia, the free encyclopedia
Jump to: navigation, search

INFOCON (short for Information Operations Condition) is a threat level system in the United States similar to that of FPCON. It is a defense system based primarily on the status of information systems and is a method used by the military to defend against a computer network attack.


There are five levels of INFOCON, which recently changed to more closely correlate to DEFCON levels. They are:

  • INFOCON 5 describes a situation where there is no apparent hostile activity against computer networks. Operational performance of all information systems is monitored, and password systems are used as a layer of protection.
  • INFOCON 4 describes an increased risk of attack. Increased monitoring of all network activities is mandated, and all Department of Defense end users must make sure their systems are secure. Internet usage may be restricted to government sites only, and backing up files to removable media is ideal.
  • INFOCON 3 describes when a risk has been identified. Security review on important systems is a priority, and the Computer Network Defense system's alertness is increased. All unclassified dial-up connections are disconnected.
  • INFOCON 2 describes when an attack has taken place but the Computer Network Defense system is not at its highest alertness. Non-essential networks may be taken offline, and alternate methods of communication may be implemented.
  • INFOCON 1 describes when attacks are taking place and the Computer Network Defense system is at maximum alertness. Any compromised systems are isolated from the rest of the network.

Similar concepts in private-sector computing[edit]

ThreatCon (Symantec)[edit]

In computer science, ThreatCon is a system used by computer security company Symantec in order to assess how dangerous a software or networking exploit is to the global internet and communications network. There are four levels of ThreatCon in this manner:

  • Level 1/4 describes a situation where there are no threats of malicious coding or exploits that can affect the global network. The only precautions needed are basic security systems that can detect and remove simple bugs that are of no serious threat.
  • Level 2/4 describes a situation where an exploit of moderate concern is apparent and exposed systems may be vulnerable. Updating security software with new virus definitions is a priority.
  • Level 3/4 describes a situation where a known threat is either imminent or starting to affect the global network. Updating virus definitions and rules is a must, and increased monitoring is necessary as well, as well as reconfiguring security and firewall settings.
  • Level 4/4 describes a situation where a known threat in the form of malicious coding or an exploit is currently underway and is heavily affecting the global network. Taking measures against a threat of this level will most likely affect and cause hardships for the global computing infrastructure.

In Popular Culture[edit]

In the TV Series, Crisis , the US government goes to INFOCON 2 when Francis Gibson has a massive cyber attack initiated upon the United States, nearly bringing it to war with China.

See also[edit]


Strategic Command Directive (SD) 527-1 (2006-01-27). "Department of Defense (DOD) Information Operations Condition (INFOCON) System Procedures" (PDF). DISA Policy and Guidance. Retrieved 2009-09-27.