On January 20, 2009, the Cyber Alert Level remaining at Blue (Guarded) due to the continued threat related to vulnerabilities in Microsoft Server Message Block, Blackberry PDF Distiller and various Oracle products. Additionally, we are receiving reports of high number entities getting infected with the Conflicker/Downadup Worm that spreads via MS08-067 (Microsoft Server Service vulnerability) and USB Flash drives. Organizations and users are encouraged to update and apply all appropriate vendor security patches, to continue to update antivirus signatures daily and to disable autorun feature on their computers. Another line of defense includes user awareness training regarding the threats posed by attachments and hypertext links contained in emails, especially from un-trusted sources.

What is the Cyber Threat Level?

The current Cyber Threat level is determined by the Multi-State Information Sharing and Analysis Center (MS-ISAC).  The alert level shows the current level of malicious cyber activity and reflects the potential for, or actual damage.  The indicator consists of 5 levels:

Indicates a severe risk of hacking, virus or other malicious activity resulting in wide-spread outages and/or significantly destructive compromises to systems with no known remedy or debilitates one or more critical infrastructure sectors. At this level, vulnerabilities are being exploited with a severe level or wide spread level of damage or disruption of Critical Infrastructure Assets.

Indicates a high risk of increased hacking, virus or other malicious cyber activity which targets or compromises core infrastructure, causes multiple service outages, multiple system compromises or compromises critical infrastructure. At this level, vulnerabilities are being exploited with a high level of damage or disruption or the potential for severe damage or disruption is high.

Indicates a significant risk due to increased hacking, virus or other malicious activity which compromises systems or diminishes service. At this level, there are known vulnerabilities that are being exploited with a moderate level of damage or disruption or the potential for significant damage or disruption is high.

Indicates a general risk of increased hacking, virus or other malicious activity. The potential exists for malicious cyber activities, but no known exploits have been identified or known exploits have been identified but no significant impact has occurred.

Indicates a low risk. No unusual activity exists beyond the normal concern for known hacking activities, known viruses or other malicious activity.