Towards Centralized Orchestration of Cyber Protection Condition (CPCON)
The United States Cyber Command (USCYBERCOM) Cyber Protection Condition (CPCON) framework mandates graduated security postures across Department of Defense (DoD) networks, but current implementation remains largely manual, inconsistent, and error-prone. This paper presents a prototype system for centralized orchestration of CPCON directives, enabling automated policy enforcement and real-time threat response across heterogeneous network environments. Building on prior work in host-based intrusion response, our system leverages a policy-driven orchestrator to standardize security actions, isolate compromised subnets, and verify enforcement status. We validate the system through emulated attack scenarios, demonstrating improved speed, accuracy, and verifiability in CPCON transitions with human-in-the-loop oversight.
View on arXiv@article{timmons2025_2505.12613,
title={ Towards Centralized Orchestration of Cyber Protection Condition (CPCON) },
author={ Mark Timmons and Daniel Lukaszewski and Geoffrey Xie and Thomas Mayo and Donald McCanless },
journal={arXiv preprint arXiv:2505.12613},
year={ 2025 }
}