Cyber Storm IV: National Cyber Exercise

Cyber Storm IV was the fourth installment of the Cyber Storm exercise series, which is part of the Department of Homeland Security’s (DHS) ongoing effort to assess and strengthen cyber preparedness, examine incident response processes in response to ever-evolving threats, and enhance information sharing among federal, state, international, and private sector partners. Through these efforts, the cyber incident response community improves both their capabilities and response processes, thus bolstering the nation’s cyber resilience. Cyber Storm IV consisted of individual building block exercises at the federal, state, and international level that provide the cyber incident response community with the opportunity to design focused events that evaluate specific capabilities.

State Exercises

State exercises were two-day tabletop events where representatives from a variety of state departments and agencies assessed their cyber response plans. They identified and simulated how to engage elements across state governance as well as cybersecurity partners such as law enforcement entities and the private sector. Throughout the event, participants validated policies, plans, and procedures that enabled response, recovery, and continuity of operations. Players, planners, and observers represented a variety of positions, including technical and non-technical staff, emergency managers, public affairs representatives, and leadership.

Through Cyber Storm IV, DHS designed, conducted, and evaluated exercises for seven states including Maine, Oregon, Washington, Idaho, Missouri, Mississippi, and Nevada.

International Exercise

CISA Central sponsored the International Watch and Warning Network (IWWN) Exercise on March 20-21, 2013. Eleven of the fifteen IWWN nations participated in the distributed, functional event. Participating nations included Australia, Canada, France, Germany, Hungary, Japan, The Netherlands, Norway, Sweden, Switzerland, and the United States. The session featured a distributed exercise control (ExCon), with ExCon members located at operational centers across the world. Participants examined the IWWN’s common plans, standard operating procedures, policies, and capabilities necessary to ensure the security of the interdependent global cyber infrastructure and, where applicable, applied lessons learned from Cyber Storm III, conducted in September 2010. The scenario engaged operational staff, such as civil computer emergency response teams (CERTs) and policy-level stakeholders within the IWWN. IWWN member nations participated at varying levels; some organizations participated continuously (24x7), and others participated solely during their respective normal operating hours.


During Cyber Storm IV: Evergreen, DHS used a controlled environment to observe and evaluate a simulated cyber attack targeting infrastructure at the local level, focusing on escalation from internal discovery and communication to national and international information sharing. Evergreen engaged hundreds of players from the private sector, state and local entities, and the federal government in operational play. The exercise used a distributed, functional concept where players participated from their normal work locations and received injects containing details of simulated attacks. Players then responded according to established policy and procedures using normal communication means. Participants successfully executed the exercise from November 19-21, 2013 at distributed player locations in the State of Washington and the Washington, D.C. metropolitan area.

Applying Lessons Learned

Overall, these efforts have and will continue to enable DHS and its partners to increase their overall cyber preparedness and the resiliency of critical infrastructure. The results of the exercises and the ongoing planning activities have greatly improved the readiness and response times in responding to any cyber incident impacting the nation’s critical infrastructure. The Department is applying the Cyber Storm IV observations to further strengthen the nation’s cybersecurity preparedness and response mechanisms. DHS worked in close partnership with public and private sector stakeholders to capture all relevant information in the Final Report. In addition to the Cyber Storm IV Final Report, many participants developed their own internal summary and observation reports.

Final Report

The Cyber Storm IV Final Report reviews the purpose, scope, planning and execution, scenario and the significant findings of the Cyber Storm IV exercises.

Download the Full Report

For additional information on Cyber Storm exercises, contact