Is there a way to protect db2 commands issued from a console:

#stop db2

Can this be secured via the OPERCMDS resource?

The only way to prevent the stopping of DB2 is by ensuring that the users who attempt to stop DB2 have either:

STOPALL privilege
SYSOPR authority
SYSCTRL authority
SYSADM authority

Note that when the commands are issued from the MVS console, it is only the issuers authority that is checked and not that of secondary auth IDs.
But there is no way to control the actual issuance of the command - only whether the command will be successful or not.

This is due to the fact that the commands issued to the console do not go through standard "MVS" operator command authorities as they are directly intercepted by the DB2 subsystem.

The above listed authorities are set within DB2.

So that means that Top Secret cannot be used to control who can stop DB2 - it is dependent on the operator's internal DB2 authority.