Threat

1. Any circumstance or event with the potential to adversely impact agency operations (including mission, functions, image, or reputation), agency assets, or individuals through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service. (NIST SP 800-53, CNSSI 4009, Adapted).

Source: The State and Local Election Cybersecurity Playbook, Defending Digital Democracy Project, Harvard Kennedy School Belfer Center for Science and International Affairs, https://www.belfercenter.org/sites/default/files/files/publication/StateLocalPlaybook%201.1.pdf

2. Any circumstance or event with the potential to adversely impact organizational operations, (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the Nation through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service.

Source: NSTAC Report to the President on a Cybersecurity Moonshot, National Security Telecommunications Advisory Committee (NSTAC), https://www.dhs.gov/sites/default/files/publications/NSTAC_CyberMoonshotReport_508c.pdf;

3. A circumstance or event that has or indicates the potential to exploit vulnerabilities and to adversely impact (create adverse consequences for) organizational operations, organizational assets (including information and information systems), individuals, other organizations, or society. Includes an individual or group of individuals, entity such as an organization or a nation), action, or occurrence.

Source: Explore Terms: A Glossary of Common Cybersecurity Terminology, National Initiative for Cybersecurity Careers and Studies (NICCS), https://niccs.us-cert.gov/about-niccs/glossary

4. The intention and capability of an adversary to undertake actions that would be detrimental to the interest of the U.S. (IC Standard 700-1, 4 Apr 2008).

5. The sum of the potential strengths, capabilities, and strategic objectives of any adversary that can limit or negate U.S. mission accomplishment or reduce force, system, or equipment effectiveness. (DoDD 5200.1-M, Acquisition Systems Protection Program, March 1994).

6. Also, an adversary having the intent, capability, and opportunity to cause loss or damage. (DoDD 3020.40, Critical Infrastructure, 14 Jan 2010).

7. The perceived imminence of intended aggression by a capable entity to harm a nation, a government or its instrumentalities, such as intelligence, programs, operations, people, installations, or facilities. (DoD 5200.08-R, Physical Security Program, 9 Apr 2007).

8. The capability of an adversary coupled with his intentions to undertake any actions detrimental to the success of program activities or operations. (IOSS OPSEC Glossary of Terms, 27 Aug 2003).

Source: Terms & Definitions of Interest for DoD Counterintelligence Professionals, Office of the National Counterintelligence, https://www.dni.gov/files/NCSC/documents/ci/CI_Glossary.pdf

9. An event or condition that has the potential for causing harm.

Source: U.S. Cyberspace Solarium Commission, March 2020, https://subscriber.politicopro.com/f/?id=00000170-c638-d8f7-a7f1-f63b33510000