Cyber Storm V: National Exercise

In March 2016, the Department of Homeland Security (DHS) executed Cyber Storm V, the fifth iteration of Cyber Storm, DHS’s capstone national-level cyber exercise series. Mandated by Congress, these biennial exercises are part of the Department’s ongoing efforts to assess and strengthen cyber preparedness, examine incident response processes, and enhance information sharing among federal, state, international, and private sector partners. Each Cyber Storm event builds on lessons learned from previous exercises and real world incidents, ensuring that participants face more sophisticated and challenging exercises every two years.

Cyber Storm exercises give the cyber incident response community a safe venue to coordinate and practice plans, response mechanisms and recovery tasks, and build and maintain relationships. Most importantly, the exercises provide the community with the opportunity to identify strengths and areas for improvement, incorporating those lessons into operations to help reduce cyber risks to the nation.


Cyber Storm V focused on the following main objectives:

  1. Continue exercising coordination mechanisms, information sharing efforts, development of shared situational awareness, and decision-making procedures of the cyber incident response community;
  2. Evaluate relevant policy, statutory, and fiscal issues that govern cyber incident response authorities and resource prioritization;
  3. Provide a forum for exercise participants to exercise, evaluate, and improve the processes, procedures, interactions, and information sharing mechanisms within their organization or community of interest; and
  4. Assess the role, functions, and capabilities of DHS and other government entities in a cyber event.

Exercise Mechanics

Cyber Storm V was a distributed exercise that allowed players around the world to participate from their normal work locations. The Exercise Control (EXCON) cell was located at a DHS facility in the Washington, D.C. metropolitan area. The scenario progressed as players received "injects" through e-mail, phone, in person, and via exercise web sites from exercise control. Exercise play simulated adverse effects through which the participants executed their cyber crisis response systems, policies, and procedures.

Participating Communities

The significance of the Cyber Storm exercise series has grown since its inception with Cyber Storm I. As cyber-based threats continue to increase, more government agencies, private sector companies, and critical infrastructure organizations have acknowledged the benefits of good cyber hygiene. This maturation in the cybersecurity incident response community is reflected in Cyber Storm V participation.

Cyber Storm V communities include:

  • Federal Partners
  • Law Enforcement/Intelligence/Department of Defense
  • State Governments
  • International
  • Information Technology (IT)/Communications
  • Commercial Retail Facilities
  • Healthcare and Public Health
  • Public Affairs


The Cyber Storm V scenario introduced participants to multiple adversaries – some working together, some independently. These adversaries distributed complex new malware that resulted in crippling effects throughout several critical infrastructure sectors. This challenging scenario gave partners the opportunity to practice and assess their policies and procedures for responding to cyber attacks, and required them to cooperate and share information about cyber threats.

For more information, contact

Final Report

The Cyber Storm V Final Report reviews the purpose, scope, planning and execution, scenario, and the significant findings of the exercise.

Download the Final Report

For additional information on Cyber Storm exercises, contact