Cyber Storm IX: National Cyber Exercise
Cyber Storm IX, the ninth iteration of the series, is scheduled for Spring 2024. Participants will exercise their cyber incident response plans and identify opportunities for coordination and information sharing in a simulated environment. Like previous iterations, Cyber Storm IX will engage over 2,000 distributed participants throughout three days of live exercise play. Cyber Storm IX will assess the most recent national cybersecurity guidance and clarify federal roles and responsibilities as cyber threats continue to evolve.
View CISA’s Cyber Storm IX Fact Sheet
Strengthening Cybersecurity Preparedness
Today’s dynamic cyber threat environment requires constant reassessment of our nation’s cyber incident response capabilities. Cyber Storm IX will examine all aspects of cyber incident response by depicting a coordinated cyberattack impacting critical infrastructure system confidentiality, integrity, and availability. Organizations will evaluate internal cyber incident response plans, while coordinating with those at the federal, state, local, and private sector levels. Throughout the exercise lifecycle, participants work together to identify applicable strengths and weaknesses, and ultimately find solutions to strengthen their cybersecurity preparedness.
Cyber Storm IX Quick Facts
Date: Spring 2024
Duration: 3 days of live play
Exercise Stakeholders:
- Federal departments and agencies
- Industry partners from critical infrastructure sectors
- International partners
- State and local governments
Cyber Storm IX Participation
- Cyber Storm IX includes organizations across federal, state, and international governments, and the private sector
- Participating organizations work directly with CISA to understand CISA’s role and capabilities in a cyberattack
- Participants operate in working groups to meet organization- and sector-specific objectives
- Benefits of participation include exercising organizational response plans and capabilities, fostering relationships with counterparts, and improving organizational and national cyber readiness
Cyber Storm IX Goal and Objectives
Cyber Storm IX’s primary goal is to strengthen cybersecurity preparedness and response capabilities by exercising policies, processes, and procedures for identifying and responding to a multi-sector significant cyber incident impacting critical infrastructure.
Cyber Storm IX specific objectives include:
- Exercise and evaluate cybersecurity response, operational collaboration, and support
- Examine and clarify roles and responsibilities in response to a significant cyber event
- Assess information sharing capabilities and resource needs during a cyber incident
- Review and evaluate relevant national cybersecurity policy, guidance, and doctrine
Past Highlights
- Cyber Storm I, 2006, marked the first time the cyber response community came together to examine the national response to cyber incidents.
- Cyber Storm II, 2008, exercised individual response capabilities and leadership decision making.
- Cyber Storm III, 2010, focused on response according to national-level frameworks and provided the first operational test of the National Cybersecurity and Communications Integration Center (NCCIC).
- Cyber Storm IV included 15 building block exercises between 2011 and 2014 to help communities and states exercise cyber response capabilities for escalating incidents.
- Cyber Storm V, 2016, included more than 1,000 distributed players and brought together new sectors, including retail and healthcare participants.
- Cyber Storm VI, 2018, focused on response an incident affecting to non-traditional IT devices and included new participants from critical manufacturing and the automotive industry.
- Cyber Storm 2020, 2020, provided 2000+ distributed players from approximately 210 organizations the opportunity to stress test incident response procedures in a remote environment and raised awareness of long-standing and ongoing vulnerabilities in the core infrastructure of the Internet.
- Cyber Storm VIII, 2022, engaged 2000+ participants through a multi-layered scenario that impacted both industrial control systems (ICS)/operational technology (OT) and enterprise IT networks, raising awareness of the rapidly expanding cyberattack surface.