CIBERDEFENSA ORIENTACIONES PARA EL DISEÑO, PLANEAMIENTO, IMPLANTACIÓN Y DESARROLLO DE UNA CIBERDEFENSA MILITAR 64 The complexity of the organization and the coordination of cyber defense, as well as its ability to create immediate strategic effects, requires having a single command that depends on the highest operational levels the joint force commander, the chief of defense and the minister, each in the individual’s scope of action. Cyber threat 426. Cyber threat is an external or internal potential source of damage to an organizational asset, which materializes through cyberspace. It exploits a technical or human cyberspace vulnerability, affecting valuable assets for the organization or for the cyber threat source itself. A source is considered a cyber threat if it meets three requirements capability, interest and hostility. 428. The cyber threat must have the capability to identify and take advantage of the vulnerabilities of the victim’s networks and IT systems and to cause harmful effects. 429. Capability can be configured on its own technical and human capability or surreptitiously compromising third parties technical capabilities (botnets, hiring or subcontracting someone else’s capability (universities, commercial companies or criminal groups) or influencing actions on people to generate the desired malicious actions (taking advantage of unstable or conflicting social, economic or political situations). 430. The cyber threat capability must be considered in relation to the potential objectives, since, for instance, the capability necessary to create a STUXNET-type cyberattack is not the same as a ransomware 37 or a website defacement 38 431. The cyber threat must have an interest in the victim’s assets. In other words, the assets of the potential victim, especially information, must have a profitable value for the threat source, in such away that the expected benefits offset the cost of the resources necessary to carryout the cyber attack. 432. Finally, the cyber threat must have hostility toward the potential victim, that is, an interest in causing harm to its IT networks and systems, even if it does not provide a direct benefit, but an operational advantage in the context of a conflict or a competition. 433. Identifying cyber threats is a three-phase process. First, the sources (States, organizations, individuals or entities) that have an interest in the potential victim’s assets are listed second, among the sources in that list, those with the capability are singled out and third, the sources that, even having an interest and the ability, are be ruled out because they have an alliance with the potential victim.