What is 'command and control' (C2) in cyber operations?

In the context of cyber operations, 'command and control' (C2) refers to the methods and protocols used by attackers to maintain communication with compromised devices, often referred to as bots or zombies within a botnet. These C2 systems allow attackers to send commands, receive data, and manage multiple infected devices efficiently, facilitating coordinated malicious activities such as data exfiltration, network intrusion, or launching distributed denial-of-service (DDoS) attacks.

The effectiveness of a C2 setup is critical for sustaining operations, as it enables the attacker to control the actions of the compromised systems remotely and respond to changing circumstances in the environment. This communication is typically established through various channels, which may include the use of legitimate web services, encrypted connections, or sometimes even peer-to-peer networks, making it challenging for defenders to detect and disrupt the malicious efforts.

The other options, while important concepts in cybersecurity, do not accurately define C2. Securing data involves encryption and similar methods, gathering intelligence focuses on threat analysis and suspicion, while disaster recovery strategies pertain to business continuity and data restoration plans. None of those directly capture the essence of maintaining communication with compromised devices as C2 does.