Military strategy using missiles, mines, and other weapons to prevent adversary forces from entering or operating freely in a geographic area.

A structured analytic technique that evaluates multiple hypotheses against available evidence to reduce cognitive biases and improve analytical rigor.

A geographic region assigned to a military commander for operations and defense. CENTCOM's AOR includes the Middle East and Central Asia.

A sophisticated, long-term cyberattack in which an intruder gains access to a network and remains undetected for an extended period. APTs are typically state-sponsored and target high-value organizations for espionage or sabotage.

Iran's conventional military forces (Army, Navy, Air Force), distinct from the IRGC. The Artesh is responsible for territorial defense.

A ballistic missile designed to target naval vessels at sea. Iran has developed ASBMs capable of threatening ships in the Persian Gulf and beyond.

Iran-led coalition of state and non-state actors opposing U.S. and Israeli influence in the Middle East, including Hezbollah, Hamas, Houthis, and Iraqi militias.

A missile that follows a ballistic trajectory to deliver warheads. Categories include short-range (SRBM), medium-range (MRBM), intermediate-range (IRBM), and intercontinental (ICBM).

Iranian paramilitary volunteer militia subordinate to the IRGC, used for internal security, crowd control, and ideological enforcement.

The time required for a state to produce enough weapons-grade fissile material for one nuclear weapon, starting from a decision to do so.

Infrastructure used by attackers to communicate with and control compromised systems. C2 servers send commands to malware and receive stolen data from infected machines.

U.S. military unified combatant command responsible for operations in the Middle East, Central Asia, and parts of South Asia, including the Iran region.

U.S. federal agency responsible for protecting critical infrastructure from cyber and physical threats. CISA issues advisories and maintains the KEV catalog.

A temporary military organization composed of forces from multiple services and/or nations assembled for a specific mission or operation.

A potential plan or strategy that a military commander might adopt to accomplish a mission. Multiple COAs are typically developed and analyzed before selection.

An assessment of the reliability and accuracy of intelligence, typically expressed as High, Medium, or Low based on source quality, corroboration, and analytical judgment.

A naval formation centered on an aircraft carrier, typically including cruisers, destroyers, and submarines. CSGs project power and provide air defense.

A standardized identifier for publicly known cybersecurity vulnerabilities. Each CVE ID refers to a specific security flaw, enabling consistent communication about vulnerabilities across organizations.

A nuclear-powered aircraft carrier. The U.S. Navy operates 11 CVNs, which serve as the centerpiece of carrier strike groups.

A standardized framework for rating the severity of security vulnerabilities on a scale of 0-10. Scores of 9.0+ are considered Critical, 7.0-8.9 High, 4.0-6.9 Medium, and below 4.0 Low.

An attack that overwhelms a target system with traffic from multiple sources, making it unavailable to legitimate users. Often used by hacktivists or as a distraction during more sophisticated attacks.

The process of increasing the concentration of uranium-235 in uranium. Weapons-grade uranium is enriched to 90%+ while reactor fuel is typically 3-5%.

Military operations involving the use of electromagnetic spectrum to attack, protect, or exploit. Includes jamming, spoofing, and signals intelligence.

Code or technique that takes advantage of a software vulnerability to cause unintended behavior, such as gaining unauthorized access or executing malicious code.

Intelligence derived from financial data and transactions, used to track illicit financing, sanctions evasion, and terrorist funding networks.

A secured military position used to support tactical operations. FOBs provide logistics, command and control, and force protection in forward areas.

The positioning, readiness, and capabilities of military forces in a region. Changes in force posture can signal escalation or de-escalation.

Intelligence derived from imagery and geospatial data, including satellite imagery, maps, and terrain analysis.

Lebanese Shia militant group and political party, founded with IRGC support in 1982. Iran's most capable proxy with significant military capabilities.

Yemeni Shia rebel movement that controls much of northern Yemen, including the capital Sana'a. Receives weapons and support from Iran.

Intelligence gathered from human sources through interpersonal contact, including agents, informants, and diplomatic reporting.

Intelligence activities focused on detecting and reporting time-sensitive information about foreign developments that could threaten national security.

Cybercriminals who specialize in gaining unauthorized access to corporate networks and then selling that access to other threat actors, typically ransomware operators.

A coordinated network of radars, command centers, and surface-to-air missiles designed to detect and engage aerial threats.

UN agency responsible for promoting peaceful use of nuclear energy and preventing nuclear weapons proliferation through inspections and safeguards.

Intelligence derived from visual imagery collected by satellites, aircraft, or drones. Used to identify military installations, movements, and activities.

The process of converting raw information into finished intelligence: Planning & Direction, Collection, Processing, Analysis, Dissemination, and Feedback.

Forensic artifacts that indicate a potential security breach, including IP addresses, domain names, file hashes, email addresses, or behavioral patterns associated with malicious activity.

A systematic process of analyzing threat, terrain, weather, and civil considerations to support military decision-making and operations planning.

Iran's elite military force responsible for protecting the Islamic Republic's political system. Includes ground, naval, aerospace forces, and the Quds Force for external operations.

Coordinated acquisition, processing, and dissemination of accurate, relevant, and timely information about adversaries and the operational environment.

The 2015 nuclear agreement between Iran and world powers that limited Iran's nuclear program in exchange for sanctions relief. The U.S. withdrew in 2018.

The joint force version of IPB that analyzes adversary capabilities, the operational environment, and potential threats to support joint operations.

CISA's catalog of vulnerabilities that are actively being exploited in the wild. Federal agencies are required to remediate KEV entries within specified timeframes.

Malicious software designed to damage, disrupt, or gain unauthorized access to computer systems. Types include viruses, worms, trojans, ransomware, spyware, and rootkits.

A globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. Used to understand threat actor behavior and improve defensive capabilities.

U.S. Treasury Department office that administers and enforces economic sanctions against targeted foreign countries, terrorists, and narcotics traffickers.

The hierarchical organization, command structure, strength, and disposition of military forces. ORBAT analysis identifies units, commanders, and capabilities.

Intelligence collected from publicly available sources including news media, social media, academic publications, government reports, and commercial data.

A social engineering attack that uses fraudulent emails, messages, or websites to trick victims into revealing sensitive information or installing malware. Spear-phishing targets specific individuals.

An analytical framework for understanding the operational environment by examining six interconnected systems that affect stability and conflict.

An Iraqi state-sponsored umbrella organization of predominantly Shia militias, many with close ties to Iran's IRGC Quds Force.

A non-state armed group that receives support (funding, weapons, training) from a state sponsor to advance that state's interests while providing deniability.

The IRGC's extraterritorial operations branch responsible for intelligence, unconventional warfare, and support to proxy forces across the Middle East.

Malware that encrypts victim files and demands payment for the decryption key. Modern ransomware groups also exfiltrate data and threaten to publish it (double extortion).

Malware that provides an attacker with remote control over an infected system, enabling surveillance, data theft, and further malicious activities.

Directives that define the circumstances and limitations under which military forces may engage adversaries. ROE balance mission requirements with legal and policy constraints.

A missile designed to be launched from the ground to destroy aircraft or other aerial targets. Iran operates various SAM systems including S-300 and indigenous designs.

Economic and diplomatic penalties imposed on countries, entities, or individuals to change behavior. Iran faces extensive U.S., EU, and UN sanctions.

Methodologies designed to improve intelligence analysis by making reasoning explicit, challenging assumptions, and reducing cognitive biases.

Software that aggregates and analyzes security data from across an organization's IT infrastructure to detect threats, generate alerts, and support incident response.

Intelligence derived from intercepted electronic signals and communications, including COMINT (communications) and ELINT (electronic emissions).

A ballistic missile capable of being launched from submarines, providing a sea-based nuclear or conventional strike capability.

A centralized facility where security professionals monitor, detect, analyze, and respond to cybersecurity incidents using technology and processes.

Elite military units trained for unconventional warfare, counterterrorism, direct action, and special reconnaissance missions.

An assessment of how trustworthy and credible an intelligence source is, typically rated on a scale from A (completely reliable) to F (reliability cannot be judged).

Malware designed to secretly monitor user activity and collect information such as keystrokes, screenshots, and browsing history without the user's knowledge.

Strategic waterway between the Persian Gulf and Gulf of Oman through which approximately 20% of global oil passes. Iran has threatened to close it during crises.

Iran's highest authority (currently Ali Khamenei), who controls the armed forces, judiciary, and state media, and sets overall policy direction.

An individual or group that conducts malicious cyber activities. Categories include nation-state actors, cybercriminals, hacktivists, and insider threats.

An evaluation of the capabilities, intentions, and activities of potential adversaries to determine the level of threat they pose.

The behavior patterns of threat actors describing how they conduct attacks. Tactics are the 'why', techniques are the 'how', and procedures are the specific implementation.

Remotely piloted or autonomous aircraft used for surveillance, reconnaissance, and strike missions. Iran has developed extensive drone capabilities.

Destructive malware designed to permanently delete or corrupt data on infected systems, often used in state-sponsored attacks for sabotage rather than financial gain.

Nuclear, chemical, biological, and radiological weapons capable of causing mass casualties. Iran is suspected of pursuing nuclear weapons capability.

A vulnerability that is unknown to the software vendor and has no available patch. Zero-day exploits are highly valuable and often used in sophisticated attacks.