What is INFOCON?
INFOCON, short for Information Operations Condition, is the U.S. Department of Defense's threat level system specifically designed for protecting military computer networks and information systems. Established by a Chairman of the Joint Chiefs of Staff directive in 1999, INFOCON provides a structured response framework for cyber threats.
The system mirrors the familiar DEFCON structure but focuses exclusively on the cyber domain. While DEFCON addresses overall military readiness for combat, INFOCON addresses the protection of information systems that are critical to military operations.
INFOCON levels can be raised or lowered independently of DEFCON levels. A military network could be at INFOCON 3 due to a cyber threat while DEFCON remains at 5 (normal peacetime readiness), or vice versa.
Key Facts
- INFOCON protects military computer networks and information systems
- Five levels from INFOCON 5 (normal) to INFOCON 1 (maximum)
- Established in 1999 as part of Joint Chiefs of Staff directive
- Can be set independently of DEFCON levels
The Five INFOCON Levels
INFOCON uses a five-level scale, with INFOCON 5 representing normal operations and INFOCON 1 representing maximum protection during an active, significant attack.
| Level | Name | Description |
|---|---|---|
| INFOCON 5 | Normal | Routine network operations with standard security measures. Normal readiness with no identified threats. |
| INFOCON 4 | Increased Vigilance | Increased monitoring and information assurance measures. Elevated concern about potential threats. |
| INFOCON 3 | Enhanced Readiness | Enhanced security measures and active defense posture. Specific threat identified requiring response. |
| INFOCON 2 | Defense Ready | Heightened protection with limited access controls. Imminent or ongoing attack requiring defensive action. |
| INFOCON 1 | Maximum Protection | Maximum defensive posture with severe access restrictions. Active attack with significant impact on operations. |
What Triggers INFOCON Changes
INFOCON level changes are triggered by various cyber threat indicators. These include intelligence reports of planned attacks, detection of malicious activity targeting military networks, known vulnerabilities being actively exploited, and significant cyber incidents affecting related systems.
The decision to raise or lower INFOCON is made by appropriate military commanders based on the threat to their specific networks. Different commands may operate at different INFOCON levels depending on their threat environment.
Unlike DEFCON, which is typically set at the national level by senior leadership, INFOCON can be adjusted at multiple echelons. A specific installation might raise its INFOCON while the broader command remains at a lower level.
INFOCON vs DEFCON
While both systems use numbered levels to indicate threat severity, INFOCON and DEFCON serve different purposes. DEFCON addresses overall military combat readiness and potential nuclear conflict, while INFOCON specifically addresses cyber and information system threats.
The two systems can move independently. A major cyberattack might warrant raising INFOCON while DEFCON remains unchanged. Conversely, a conventional military crisis might raise DEFCON without necessarily changing INFOCON levels.
In practice, significant escalation in either domain often affects the other. A DEFCON increase typically brings increased attention to network security, and major cyber incidents can affect overall military readiness.
Implementation and Actions
Each INFOCON level comes with specific defensive actions and protective measures. At lower threat levels (INFOCON 5-4), these primarily involve monitoring and awareness. At higher levels (INFOCON 3-1), measures become increasingly restrictive and may affect operational capability.
Actions at elevated INFOCON levels may include increased monitoring of network traffic, restricting certain types of network access, implementing additional authentication requirements, disconnecting nonessential systems, and in extreme cases, isolating networks from external connections.
Frequently Asked Questions
What is the current INFOCON level?
INFOCON levels for military networks are not publicly released for security reasons. Different commands may operate at different levels depending on their specific threat environment.
Is INFOCON the same as DEFCON?
No. INFOCON specifically addresses cyber and information system threats, while DEFCON addresses overall military readiness for combat. They can be set independently of each other.
Who sets INFOCON levels?
INFOCON can be set at multiple command levels. Unlike DEFCON, which is typically set nationally, INFOCON can be raised by individual commanders for their specific networks based on local threat conditions.