A method, and a corresponding apparatus, provide for real-time
network-based recovery from information warfare (IW) attacks on a network
that includes subnets, with each subnet including one or more nodes. The
method includes executing a pre-IW attack routine to identify IW attack
recovery information, in response to an IW attack, executing an IW attack
response routine, and executing a real-time network-based recovery
routine. The pre-IW attack routine includes monitoring conditions on the
network and at each of the subnets and nodes. When an IW attack occurs at
an entity in the network, a condition flags are set to indicate the
specific entity or entities being attacked. A condition flag set to 0
implies full operational capability of the entity, a condition flag set
to 1 implies recent IW attack or IW attack in progress at the entity, and
a condition flag set to 2 implies recovery of the entity from the IW
attack.