Documents

Computer Network Exploitation Classification Guide

Oct. 10 2014 — 11:02p.m.

/8
1/8

TOP T0 USA, FVEY (U) CLASSIFICATION GUIDE Computer Network Exploitation (CNE) Classi?cation Guide 2-59 (U) PUBLICATION DATE: 1 March 2010 (U) OFFICE OF ORIGIN: Tailored Access Operations (T (U) POC: TAO Classi?cation Advisory Of?cer (U) PHONE: ORIGINAL CLASSIFICATION AUTHORITY: Description of Information I Classi?cation/Markings I Reason I Declass I Remarks A. (U) GENERAL 1. (U) The fact that or UNCLASSIFIED (U) Details indicating TAO performs computer speci?c targets, level of network exploitation (CNE) success or capabilities remain classi?ed. 2. The fact that TO USA, See 1.4(c) *25 years (U) Details indicating or TAO, as part of FVEY speci?c targets, level of CNE operations, performs success or capabilities may remote subversion raise the classi?cation level and/or require compartrnentation. (U) Foreign releasability decisions on speci?c details relating to remote subversion are handled on a case-by-case basis. Contact TAO CAO for further guidance. 3. Identi?cation of TO USA, Sec 1.4(c) *25 years (U) Details indicating speci?c remote subversion FVEY speci?c targets, level of methods used by or success or capabilities may TAO, to include: raise the classi?cation level - Endpoint access, exploitation, and/or require or operations compartmentation. On?net access, exploitation, or operations (U) Foreign releasability - Software implant access, decisions on speci?c details exploitation, or operations relating to remote subversion - Accessing or exploiting data are handled on a case-by-case at rest basis. Contact TAO CAO for further guidance. 4. The fact that TO USA, Sec 1.4 *25 years (U) Details indicating or TAO, as part of FVEY speci?c targets, level of CNE operations, performs success or capabilities may physical subversion, to include: raise the classi?cation and TOP TO USA, FVEY

To USA. - Close access enabling. require protection. exploitation. or operations - Off-net enabling. exploitation. (U) Foreign releasability or operations decisions on speci?c details - Supply chain enabling. relating to physical exploitation. or intervention subversion are handled on a operations case-by-case basis. Contact - Hardware implant enabling. TAO CAO for further exploitationI or 9mm gui_da_nce. S. (U) The association of any UNCLASSIFIEDIIFOR FOIA 3 NIA speci?c ECI name or trigraph. OFFICIAL USE ONLY with ECI. SIGINT. or intelligence 6. (U) The association of a TO Sec. 1.4(c) NIA speci?c TAO name or USA. FVEY Mb with CNE ar_idlor TAO 7. (U) The fact that a speci?c UNCLASSIFIEIMFOR (U) If the details of the individual is cleared for a OFFICIAL USE ONLY association reveal the fact speci?c TAO ECI. when there that the ECI is TAO's. then it is no msociation between the would be BC I and TAO CONFIDENTIAUIREL T0 USA. FVEY. in accordance with entry 5. 8. (U) The fact that NSAJCSS or UNCLASSIFIED NIA TAO conducts CNE for foreign intelligence collection. 9. (U) The fact that NSAJCSS or UNCLASSIFIED NIA (U) Details indicating TAO. as part of CNE speci?c targets. level of operations. performs CN to success or capabilities remain support US. Government CNA classi?ed. efforts IO. (U) The fact that or UNCLASSIFIED NIA (U) Details indicating TAO. as part of CNE speci?c targets. level of operations. trains. equips. and success or capabilities remain organizes the US. classi?ed. System to support the CNE. CNA. and CND requirements needs of its customers (U) The fact that NSAICSS or UNCLASSIFIED NIA (U) Details indicating TAO. as part of CNE speci?c targets. level of operations. provides CNO- success or capabilities remain related military tugeting classi?ed. support 12. (U) The fact that NSAJCSS or UNCLASSIFIED NM NM (U) Details indicating TAO. as part of CNE speci?c targets. level of operations. provides success or capabilities remain intelligence gainfloss classi?ed. assessments in response to Combatant Commander CNO tam l3. (U) The fact that NSAICSS or UNCLASSIFIED NIA NIA (U) Details indicating TAO. as part of CNE operations. develops and supports analytic modeling and simulation techniques to support CNEJCNA efforts speci?c targets. level of success or capabilities remain classi?ed. TOP To USA. FVEY

To USA. I4. (U) The fact that NSAJCSS or UNCLASSIFIED (U) Details indicating TAO. as part of CNE speci?c targets. level of operations. targets. collects and success or capabilities remain processes computers. computer classi?ed. networks and computer-to- cornputer (C2C) communications without reference to a speci?c operation. activity or target l5. The fact that NSA TO USA. Sec 1.4(c) ?25 years (U) Details indicating or TAO. as part of CNE speci?c targets. level of operations. targets. collects and success or capabilities may processes specific computer raise the classi?cation level protocols (such as email. instant to TOP SECRET. messaging. ?le transfer protocols) (U) Details may also be protected by one or more ECls andlor a different level of foreign releasability (including NOPORN). l6. The fact that T0 USA. See 1.4(c) ?25 years (U) Details indicating NSAICSS or TAO. as part of speci?c targets. level of CNE operations. remotely success or capabilities may introduces code into tuget raise the classification level computer networks to facilitate to TOP SECRET. foreign intelligence collection (U) Details may also be protected by one or more andlor a different level of foreign releasability (including NOFORN). l7. The fact that TOP TO Sec 1.4(c) ?25 years (U) Details may also be NSAICSS or TAO. as part of USA. FVEY protected by one or more CNE operations. conducts off- ECls andlor a different level net ?eld operations to develop. of foreign releasability deploy. exploit. or maintain (including NOFORN). intrusive access. without further detail l8. The fact that TOP Sec 1.4(c) ?25 years (U) Details may also be NSAICSS or TAO. as part of protected by an CNE operations. conducts off- See remarks for foreign net activities at speci?ed releasability. (U) Foreign releasability locations other than NSAICSS decisions handled on a case- facilities by-case basis. Contact TAO CAO for further guidance. l9. (U) TAO project names. in WIA (3) NIA association with CNE or TAO. OFFICIAL USE ONLY with no lif details 20. The fact that CONFIDENTIAUIREL T0 Sec 1.4(c. d) ?25 years (U) Details indicating NSAICSS or TAO. as part of USA. speci?c targets. level of CNE operations. collaborates success or capabilities may with Second Party Partners to raise the classi?cation level. conduct CNE activities (U) Details may also be protected by one or more To USA.

To USA. FVEY ECls. 21. The fact that TO (U) Foreign releasability NSAICSS or TAO. as part of USA. decisions handled on a case- CNE operations. collaborates See remarks for foreign by-case basis. Contact TAO with speci?c Second Party releasability. CAO for further guidance. partners on speci?c 22. Details of the CNE SECRETIISI at a minimum (U) Details indicating collaboration between speci?c targets. level of or TAO and Second See remarks for foreign success or capabilities may Party partners releasability. raise the classi?cation level to TOP (U) Details may also be protected by one or more ECls. (U) Foreign releasability decisions handled on a case- by-case basis. Contact TAO CAO for further guidance. 23. The fact that T0 USA. See 1.4(c.d) ?25 years (U) Details may also be NSAICSS or TAO. as part of PVEY protected by an Contact CNE operations. collaborates TAO CAO for further with unspeci?ed Third Party guidance. Partners in support and conduct of Chili activities 24. The fact that TOP Sec 1.4(c. d) ?25 years (U) Foreign releasability NSAICSS or TAO. as part of decisions handled on a case- CNE operations. collaboratm See remarks for foreign by-case basis. Contact TAO with speci?ed Third Party releasability. CAO for further guidance. Partners in support and conduct of Chili activities (U) Details may also be protected by an E131. Contact TAO CAO for further guidance. 25. (UIIFOUO) The fact that POIA (3) NIA (U) Details indicating or TAO. as part of OFFICIAL USE ONLY speci?c targets. level of CNE operations. collaborates success or capabilities may with a speci?c US raise the classi?cation level. GovernmenUIC entity (U) Details may also be protected by one or more ECls a different level of foreign releasability (including NOFORN). 26. The fact that TO Sec. l.4(c) ?25 years (U) Details indicating or TAO. as part of USA. FVEY speci?c targets. level of CNE operations. collaborates success or capabilities may with a speci?c US Government/1C entity on a speci?c raise the classi?cation level. (U) Details may also be protected by one or more ECls andfor a different level of foreign releasability (including NOFORN). To USA. FVEY

TOP To USA. FVEY 27. (U) The existence of CNE UNCLASSIFIED tools. with no further details?cnntext 28. (U) Cover names of CNE tools. UNCLASSIFIED NIA with no detailsicontext 29. When associated Sec. l.4(c) ?25 years (U) Details indicating with remote subversion. at a minimum specific targets. level of details/descriptions concerning success or capabilities may CNE tools. to include: See remarks for foreign raise the classification level - Speci?c type (ie. releasability. to TOP SECRET. hardwarelsoftware. etc.) - Purpose (U) Details may also be - Capabilities protected by one or more - Conualment Techniques ECIs andlor a different level - Electronic signatures of foreign releasability - Combination?) of the above (including NOFORN). (U) Foreign releasability decisions handled on a case- by-case basis. Contact TAO CAO for further guiiance. 30. (SIISWREL) When associated TOP Sec 1.4(c) ?25 years (U) Details indicating with physical subversion. specific targets. level of details/descriptions concerning See remarks for foreign mess or capabilities may CNE tools. to include: releasability raise the classi?cation level - Speci?c type (ie. to TOP SECRET. hardwarelsoftwarc. etc.) - Purpose- (U) Details may also be - Capabilities protected by one or more - Corncealment Techniques ECls andlor a different level - Electronic signatures of foreign releasability - Combination?) of the (including NOFORN). above (U) Foreign releasability decisions handled on a case- by-case basis. Contact TAO CAO for further ggdance. 31. (UIIFOUO) Technical details UNCLASSIFIEIMFOR FOIA (3) concerning specific software OFFICIAL USE ONLY vulnerabilities. when publicly known. and that are exploited for (IN gctivities 32. Technical details TOP Sec l.4(c) ?25 years (U) Details maybe protected concerning specific software See for foreign as NOFORN on a case-by- vuInerabilities. when not releasability. case basis. publicly known. and that re exploited for CNE activities (U) Some tools may be protected under an and/or additional handling caveats. (U) Foreign releasability decisions handled on a case- by-case basis. Contact TAO CAO for further guidance. TOP TO USA. FVEY

TOP To USA. 33. (U) The fact that or TO USA. Sec. 1.4 ?25 years (U) Details may also be TAO. as part of CNE PVEY at a minimum protected by a different level operations. targets a specific of foreign releasability country or international (including NOFORN). organization (U) Contact TAO CAO for further guidance on levels of success as well as for more speci?c targeting details such as individual(s). specific government entity(ics). etc. 34. Association of TOP Sec l.4(c) ?25 years (U) Details may also be cover names for off-net protected by one or more operations physical See remarks for foreign ECls. subversion activities) with releasability. amplifying details (U) Foreign releasability speci?c electronic components. decisions handled on a case- systems. their host facilities. by-case basis. Contact TAO etc) CAO for further guidance. 35. Association of cover at a minimum Sec l.4(c) ?25 years (U) Details may also be names for on-net operatiom protected by one or more remote subversion See remarks for foreign ECls. activities) with amplifying releasability. details speci?c electronic (U) Foreign releasability components. systems. their best decisions handled on a case- facilities. etc) by-case basis. Contact TAO CAO for further guidance. 36. Individual details TOP Sec 1.4 ?25 years (U) Details may also be of CNE such as: protected by one or more - Target information including See remarks for foreign ECls. intended target network andlor releasability. device (U) Foreign releasability - Vulnerability being targeted decisions handled on a case- - Target infrastructure by-case basis. Contact TAO CAO for further guidance. 37. The fact that TOP Sec l.4(c) ?25 years (U) Details may also be NSAICSS or TAO. as part of protected by one or more CNE operations. is attempung See remarks for foreign E131. to exploit or has succeeded in releasability. exploiting a speci?c (U) Foreign releasability vulnerability in a fuewall. decisions handled on a case- operating system. software by-case basis. Contact TAO application. etc.). and a speci?c CAO for further guidance. entity or facility within a target's lT/computer structure 38. l-?acts related to TOP Sec l.4(c) ?25 years (U) Details may also be the description ofUS. See remarks for foreign protected by oneorrnore hardware or software implants releasability. and location (eg. specific organization and lntemet (U) Foreign releasability Protocol Des'icelAddress. etc.) decisions handled on a case- on a target's by-case basis. Contact TAO lTIeommunications system CAO for further m'dance. 39. Facts related to TOP Sec l.4(c) ?25 years (U) Details may also be the exact timing, location, at a minimum. protected by one or more TOP To USA. FVEY

TOP USA. participants. off-net or on-net ECI. operations. CNE command. See remarks for foreign control and data exfiltration releasability. (U) Foreign releasability toolsfcapabilities and locations. decisions handled on a case- used to exploit or maintain by-case basis. Contact TAO intrusive access to a target's CAO for further guidance. lTIoomputer structure 40. Combination of TOP Sec 1.4 ?25 years (U) Details may also be details of individual aspects of protected by one or more CNE activities. that would See remarks for foreign allow a speci?c target to take releasability. specific counter-measures. such (U) Foreign releasability as: decisions handled on a case- - Specific target network or by-case basis. Contact TAO device CAO for further guidance. - Specific capability. tool or technique used for exploitation of vulnerability 4l. The fact that TOP SBCRETIISI Sec 1.4(c) ?25 years Details may also (or TAO) acquires be protected by one or more enabling See for foreign ECI and/or HCS. information through CNE releasability. activities. (U) Foreign releasability decisions handled on a case- by-case basis. Contact TAO CAO for further ggidance. (U) ?25 years: Declassification in 25 years indicates that the information is classi?ed for 25 years from the date a document is created or 25 years from the date of this original classification decision. whichever is later. (U) Computer Network Exploitation (CNE): intelligence collection and enabling operations to gather data from target or adversary automated information systems (AIS) or networks. (Per DCID 713. Information Operations and Intelligence Community Related Activities. effective 0 July I999. administratively changed 5 June 21113) (U) Computer Network Attack (CNA): operations to manipulate. disrupt. deny. degrade. or destroy information resident in computers and computer networks. or the computers and networks themselves. (Per 78. Information Operations and Intelligence Community Related Activities. effective 0] July 1999. administratively changed 5 June 2GB) (U) Computer Network Defense efforts to defend against the CNO of others. especially that directed against US. and allied computers and networks. (Per Information Operations and Intelligence Community Related Activities. effective 01 July 1999. administratively changed 5 June 2N3) (U) Computer Network Operations (CNO): CNE. CNA. and CND collectively. (Per DCID 713. Information Operations and Intelligence Community Related Activities. effective 01 July 1999. administratively changed 5 June 2M3) (U) Information Operations (IO): actions taken to affect adversary information and information systems while defending one?s own infatuation and information systems. 10 is an integrating strategy. (Per 7/3. Information Operations and Intelligence Community Related Activities. effective 01 July 1999. administratively changed 5 June 2M3) TOP To USA. FVEY

TOP To USA. FVEY Intrusive Access: Refers to CNE operations involving remote manipulation. hardwarelsoftware modi?cations. or sensing of environment changes in a computer device or system. andfor occasionally the facilities that house the systems. Off-Net Operations: Refers to covert or clandestine ?eld activities of personnel carried out in support of (ENE activities. Physical subversion: Subverts with physical access to a device or host facility. Other terms sometimes used to connotc physical subversion are close access enabling. exploitation. or operations; off-net enabling. exploitation. or operations: supply-chain enabling. exploitation. or operations: or hardware implant enabling. exploitation. or operations. Remote subversion: Subverts without physical access to a device or host facility: obtains unauthorized permission. Other terms sometimes used to connote remote subversion are computer network exploitation: endpoint access. exploitation. or operations: on-net access. exploitation. or operations: software implant access. exploitation. or operations: or accessing or exploiting data at rest. Supply Chin Operatio: lnterdiction activities that focus on modifying equipment in a target?s supply chain. TOP To USA. FVEY

Filters SVG