HazardNow icon

HazardNow

Real-time situational awareness

← HazardNow Learn

Internet, Cyber & Communications

Internet / Cyber Card Explained

3 min read

The Internet / Cyber card separates observed connectivity disruption from public cyber tempo. Internet outage signals and cyber advisories are related context, but one does not prove the other.

Open dashboardCheck sources

Quick read

Useful for
Connectivity, DNS, cloud services, carrier networks, and cyber incidents can affect alerts, work, travel, payments, and emergency communication.
Watch
status, Out %, cyber sub-rating, tempo, new KEVs, CISA advisories, critical-infrastructure references, source, confidence, completeness, and updated time.
Confirm with
CISA cybersecurity advisories and CISA Known Exploited Vulnerabilities catalog
Remember
Public internet telemetry is not a complete outage map and cyber tempo is not proof of a local incident.

How to read this card

  • Status: current observed internet-disruption bucket such as Normal, Degraded, Disrupted, or Unknown after source normalization.
  • Out %: provider/telemetry-derived outage percentage when available; if unavailable the card shows Out —.
  • Cyber sub-rating: public cyber context based on available advisories and confidence, not a local breach claim.
  • Cyber Threat Tempo: recent CISA KEV/advisory activity; it is displayed above observed disruption details in the hover card.
  • Updated: cache/source timing for the specific rows shown.

Hover card metrics explained

  • Tempo: compact label for recent public cyber activity; higher means more public defensive urgency.
  • New KEVs, 7d: newly added CISA Known Exploited Vulnerabilities during the last seven days.
  • CISA advisories, 7d: recent CISA advisory count when available.
  • Critical infra: advisories or context tagged to critical infrastructure sectors.
  • Ransomware/state: recent advisories with ransomware or nation-state relevance.
  • Source: normally CISA KEV/advisory context for tempo rows.
  • Observed Internet Disruption: rows such as outage percentage, affected scope, source, confidence, completeness, and last updated for connectivity context.
  • Confidence/completeness: whether the data is broad enough to trust as more than a fallback or partial signal.

What can make this status change?

  • Cloudflare Radar or other provider telemetry indicates broader disruption.
  • CISA publishes new KEVs or advisories, especially with active exploitation or critical-infrastructure relevance.
  • A cached snapshot becomes stale or a provider becomes unavailable, lowering confidence.
  • A disruption clears or public advisory tempo slows.

Limitations

Internet telemetry can miss local ISP, last-mile, Wi-Fi, DNS, device, or power problems. CISA advisory counts do not identify victims and do not mean a specific organization is compromised.

Sources and update behavior

The dashboard reads cached internet snapshots and can use Cloudflare Radar, CISA KEV/advisories, and fallback reachability/provider context depending on credentials and source availability. Some rows are live-like; others are cached or provider-reported.

Visual reference

Internet / Cyber signal map

Read the signal as one layer in a larger source stack, not as a standalone instruction.

Source
Time
Place
Scope

Official/public sources

Use these links to verify current source text, update timing, and agency caveats.

CISA cybersecurity advisoriesCISA Known Exploited Vulnerabilities catalogCloudflare RadarFederal Communications Commission

FAQ

Does elevated cyber tempo mean the internet outage is cyber caused?

No. The card intentionally separates cyber tempo from observed internet disruption. Correlation is not attribution.

Related terms

Cyber threat tempoInternet outageTelecom disruption