Cyber Incident Severity Schema The United States Federal Cybersecurity Centers, in coordination with departments and agencies with a cybersecurity or cyber operations mission, adopted a common schema for describing the severity of cyber incidents affecting the homeland, U.S. capabilities, or U.S. interests. The schema establishes a common framework for evaluating and assessing cyber incidents to ensure that all departments and agencies have a common view of the: i* i* i* i*
The severity of a given incident; The urgency required for responding to a given incident; The seniority level necessary for coordinating response efforts; and The level of investment required of response efforts.
The table below depicts several key elements of the schema. General Definition Level 5 Poses an imminent threat to the Emergency provision of wide-scale critical (Black) infrastructure services, national govat stability, or to the lives of U.S. persons. Level 4 Likely to result in a significant impact Severe to public health or safety, national (Red) security, economic security, foreign relations, or civil liberties. Level 3 Likely to result in a demonstrable High impact to public health or safety, (Orange) national security, economic security, foreign relations, civil liberties, or public confidence. Level 2 May impact public health or safety, Medium national security, economic security, (Yellow) foreign relations, civil liberties, or public confidence. Level 1 Unlikely to impact public health or Low safety, national security, economic (Green) security, foreign relations, civil liberties, or public confidence. Level 0 Unsubstantiated or inconsequential Baseline event. (White)
Intended Consequence1 Cause physical consequence Damage computer and networking hardware
Corrupt or destroy data Deny availability to a key system or service
Steal sensitive information Commit a financial crime
Nuisance DoS or defacement
In addition to characterizing the observed activity, one must consider the scope and scale of the incident when applying the general definitions to arrive at a severity level.