Cyber Storm: Securing Cyber Space

Cyber Storm, the Department of Homeland Security’s (DHS) biennial exercise series, provides the framework for the most extensive government-sponsored cybersecurity exercise of its kind. Congress mandated the Cyber Storm exercise series to strengthen cyber preparedness in the public and private sectors. Securing cyber space is Cybersecurity and Infrastructure Security Agency's (CISA) Cybersecurity Division's top priority.

Cyber Storm participants perform the following activities:

  • Examine organizations’ capability to prepare for, protect from, and respond to cyber attacks’ potential effects;
  • Exercise strategic decision making and interagency coordination of incident response(s) in accordance with national level policy and procedures;
  • Validate information sharing relationships and communications paths for collecting and disseminating cyber incident situational awareness, response and recovery information; and
  • Examine means and processes through which to share sensitive information across boundaries and sectors without compromising proprietary or national security interests.

Each Cyber Storm builds on lessons learned from previous real world incidents, ensuring that participants face more sophisticated and challenging exercises every two years. DHS is currently planning for Cyber Storm VI.

Cyber Storm VI: Spring 2018

The sixth iteration of the Cyber Storm exercise series, Cyber Storm VI, is scheduled for Spring 2018. Cyber Storm VI will focus on the critical manufacturing and transportation sectors, with participation from the information technology and communications sectors; law enforcement, defense, and intelligence agencies; state and local governments; and international partners. For more information, email

For more information on Cyber Storm VI, please visit

Cyber Storm V: March 2016

Cyber Storm V returned to the capstone, distributed exercise format of Cyber Storms I-III. The exercise took place March 8-10, 2016, with the Exercise Control located at the United States Secret Service headquarters in Washington, DC.

Cyber Storm V Highlights

  • For the first time in the Cyber Storm exercise series, the exercise featured dedicated participation from the Healthcare and Public Health sector and Commercial Facilities: Retail subsector. The Information Technology and Communications sectors also played significant roles in the exercise.
  • Federal agencies, and organizations from the law enforcement, intelligence, and defense communities also participated.
  • Eight states participated as full players, with other states playing through the Multi-State Intelligence and Analysis Center (MS-ISAC).
  • Participation included over 100 organizations and more than 1,200 registered players from across the globe.

More on Cyber Storm V

Cyber Storm IV

Cyber Storm IV consisted of individual building block exercises at the federal, state, and international levels which provided the cyber incident response community with the opportunity to design focused events to evaluate specific capabilities. The building block approach also introduced cyber exercises to new stakeholders and prepared them for participation in future Cyber Storm exercises.

Cyber Storm IV included 15 tabletop and distributed exercises that involved over 1,250 participants from 16 states, 11 countries, and 14 federal agencies. CyberStorm IV exercises for external stakeholders included:

  • State-specific exercises with Idaho, Maine, Mississippi, Missouri, Nevada, Oregon, and Washington. A state coordination exercise with the Multi-State Information Sharing and Analysis Center (MS-ISAC) that included Delaware, Iowa, Massachusetts, Michigan, Minnesota, New York, North Carolina, Pennsylvania, and Wisconsin.
  • An international exercise with the International Watch and Warning Network that included Australia, Canada, France, Germany, Hungary, Japan, the Netherlands, Norway, Sweden, Switzerland, and the United States.
  • Cyber Storm IV: Evergreen, a distributed national level exercise that engaged hundreds of players from the private sector, state and local entities, and the federal government in operational play.
  • More on Cyber Storm IV

Cyber Storm III: September 2010

Cyber Storm III built upon the success of previous exercises; however, enhancements in the nation's cybersecurity capabilities, an ever-evolving cyber threat landscape and the increased emphasis and extent of public-private collaboration and cooperation, made Cyber Storm III unique.

  • National Cyber Incident Response Plan
    Cyber Storm III served as the primary vehicle to exercise the newly-developed National Cyber Incident Response Plan (NCIRP), a blueprint for cybersecurity incident response, to examine the roles, responsibilities, authorities, and other key elements of the nation's cyber incident response and management capabilities and use those findings to refine the plan.
  • Increased Federal, State, International and Private Sector Participation
    • Administration-Wide - Eight Cabinet-level departments including Departments of Commerce, Defense, Energy, Homeland Security, Justice, Transportation, and Treasury in addition to the White House and representatives from the intelligence and law enforcement communities.
    • Eleven States - California, Delaware, Illinois, Iowa, Michigan, Minnesota, North Carolina, New York, Pennsylvania, Texas, and Washington, as well as the Multi-State Information Sharing and Analysis Center (MS-ISAC) compared to nine states in Cyber Storm II.
    • 12 International Partners - Australia, Canada, France, Germany, Hungary, Japan, Italy, the Netherlands, New Zealand, Sweden, Switzerland, and the United Kingdom compared to four international partners in Cyber Storm II.
    • 50 Percent More Private Sector Partners - 60 private sector companies participated in Cyber Storm III, up from 40 in Cyber Storm II, several of which participated on-site with DHS for the first time. DHS worked with representatives from the Banking and Finance, Chemical, Communications, Dams, Defense Industrial Base, Information Technology, Nuclear, Transportation, and Water sectors as well as the corresponding Sector Coordinating Councils and Information Sharing and Analysis Centers to identify private sector participants.

Cyber Storm II: March 2008

  • Involved 5 countries (Australia, Canada, New Zealand, United Kingdom, and the United States); 18 federal cabinet-level agencies (Departments of Defense, State, Justice, etc.); 9 states (Pennsylvania, Colorado, California, Delaware, Texas, Illinois, Michigan, North Carolina, and Virginia); and over 40 private sector companies (Juniper Networks, Microsoft, McAfee, Cisco, NeuStar, The Dow Chemical Company, Inc., PPG Industries, ABB Group, Air Products & Chemical Inc., Nova Chemical, Wachovia, etc.);
  • Affected 4 critical infrastructure sectors including chemical, information technology, communications, and transportation (rail/pipe) and used 10 Information Sharing and Analysis Centers;
  • Exercised the processes, procedures, tools, and organizational response to a multi-sector coordinated attack through and on the global cyber infrastructure;
  • Allowed players to exercise and evaluate their cyber response capabilities to a multi-day coordinated attack and to gauge the cascading effects of cyber disasters on other critical infrastructure, shaping response priorities; and
  • Exercised government and private sector concepts and processes developed since Cyber Storm I, requiring great interaction and coordination at the strategic, operational, and tactical levels.
  • More on Cyber Storm II

Cyber Storm I: February 2006

  • First government-led full-scale cyber exercise;
  • Included over 115 organizations, including federal, state, and local governments and the private sector;
  • Featured four sectors: information technology, communications, energy, and transportation (air); and
  • Allowed participants to respond to a variety of cyber and communications degradations and simulated attacks against critical infrastructure and to collaborate at the operational, policy, and public affairs levels.
  • More on Cyber Storm I


Was this webpage helpful?  Yes  |  Somewhat  |  No