2 minute read
Table 10 - Representative Examples – Non-Adversarial Threat Events
Threat Events
(Characterized by Tactics, Techniques, and Procedures [TTPs])
Advertisement
Description
1431
1432
Coordinate a campaign that spreads attacks across organizational systems from an existing presence.
Coordinate a campaign of continuous, adaptive, and changing cyber attacks based on detailed surveillance.
Coordinate cyber attacks using external (outsider), internal (insider), and supply chain (supplier) attack vectors. Adversary uses an existing presence within organizational systems to extend the adversary’s span of control to other organizational systems, including organizational infrastructure. Adversary is, thus, in a position to further undermine the organization’s ability to carry out mission and business functions.
Adversary attacks continually change in response to surveillance and organizational security measures.
Adversary employs continuous, coordinated attacks, potentially using all three attack vectors for the purpose of impeding organizational operations.
Table 10 - Representative Examples – Non-Adversarial Threat Events
Threat Event
Spill sensitive information
Mishandling of critical and/or sensitive information by authorized users
Incorrect privilege settings Communications contention
Unreadable display Earthquake at primary facility Fire at primary facility Fire at backup facility
Description
An authorized user erroneously contaminates a device, information system, or network by placing on it or sending to it information of a classification or sensitivity that it has not been authorized to handle. The information is exposed to access by unauthorized individuals, and as a result, the device, system, or network is unavailable while the spill is investigated and mitigated. An authorized privileged user inadvertently exposes critical or sensitive information.
An authorized privileged user or administrator erroneously assigns a user excessive privileges or sets privilege requirements on a resource too low.
Communications performance is degraded due to contention.
The display is unreadable due to aging equipment.
An earthquake of an organization-defined magnitude at the primary facility makes that facility inoperable. A fire (not due to adversarial activity) at the primary facility makes that facility inoperable. A fire (not due to adversarial activity) at a backup facility makes that facility inoperable or destroys backups of software, configurations, data, and/or logs.
1433
Threat Event Description
Flood at primary facility Flood at backup facility Hurricane at primary facility Hurricane at backup facility
Resource depletion Introduction of vulnerabilities into software products A flood (not due to adversarial activity) at the primary facility makes that facility inoperable. A flood (not due to adversarial activity) at a backup facility makes that facility inoperable or destroys backups of software, configurations, data, and/or logs. A hurricane of organization-defined strength at the primary facility makes that facility inoperable. A hurricane of organization-defined strength at a backup facility makes that facility inoperable or destroys backups of software, configurations, data, and/or logs. Processing performance is degraded due to resource depletion.
Due to inherent weaknesses in programming languages and software development environments, errors and vulnerabilities are introduced into commonly used software products.
Disk error Storage is corrupted due to a disk error. Pervasive disk error The aging of a set of devices that were all acquired at the same time and from the same supplier leads to multiple disk errors.
Windstorm or tornado at primary facility Windstorm or tornado at backup facility A windstorm or tornado of organization-defined strength at the primary facility makes that facility inoperable.
A windstorm or tornado of organization-defined strength at a backup facility makes that facility inoperable or destroys backups of software, configurations, data, and/or logs.
1434
