The State of New Hampshire, as members of the Multi-State Information Sharing and Analysis Center, participates in cyber alert evaluation and planning. Listed below are the potential levels of cyber alert set perpetually as the State computer networks are monitored for a variety of types of intrusions.

The indicators are set by the State Government entities listed. Entity names are followed by their role.

What is the Alert Indicator?

The Alert Indicator shows the current level of malicious cyber activity and reflects the potential for, or actual damage. The indicator consists of 5 levels:

1. Green or Low – Indicates a low risk. No unusual activity exists beyond the normal concern for known hacking activities, known viruses or other malicious activity.

Examples:

• Normal probing of the network.
• Low risk viruses.

2. Blue or Guarded – Indicates a general risk of increased hacking, virus or other malicious activity. The potential exists for malicious cyber activities, but no known exploits have been identified.

Examples:

• A critical vulnerability is discovered but no exploits are reported.
• A new virus is discovered with the potential to spread quickly.
• Credible warnings of increased probes or scans.

3. Yellow or Elevated – Indicates a significant risk due to increased hacking, virus or other malicious activity which compromises systems or diminishes service. At this level, there are known vulnerabilities that are being exploited with a moderate level damage or disruption.

Examples:

• A critical vulnerability is actively being exploited.
• Web site defacements.
• A virus is spreading quickly throughout the Internet causing excessive network traffic.
• A distributed denial of service attack.

4. Orange or High – Indicates a high risk of increased hacking, virus or other malicious cyber activity which targets or compromises core infrastructure, causes multiple service outages, multiple system compromises or compromises critical infrastructure. At this level, vulnerabilities are being exploited with a high level of damage or disruption.

Examples:

• Attackers have gained administrative privileges on compromised systems.
• Multiple damaging or disruptive virus attacks.
• Multiple denial of service attacks against critical infrastructure services.

5. Red or Severe – Indicates a severe risk of hacking, virus or other malicious activity resulting in wide-spread outages and/or significantly destructive compromises to systems with no known remedy or debilitates one or more critical infrastructure sectors. At this level, vulnerabilities are being exploited with a severe level or wide spread level of damage or disruption of Critical Infrastructure Assets.

Examples:

• Complete network failures.
• Mission critical application failures.
• Compromise or loss of administrative controls of critical system.
• Loss of critical supervisory control and data acquisition (SCADA) systems.
• Potential for or actual loss of lives or significant impact on the health or economic security of the State.