Cyber Storm VI was held in April 2018, sponsored by the Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency National Cybersecurity and Communications Integration Center (NCCIC).
Cyber Storm VI is the latest iteration of the DHS national-level cyber exercise series that simulates a cyber crisis of national and international consequence. It remains the Nation's most extensive cybersecurity exercise, with over a thousand players nationwide. While no actual systems are attacked during the exercise, Cyber Storm provides a venue to simulate discovery of and response to a largescale, coordinated cyberattack impacting U.S. critical infrastructure. The exercise helps assess cybersecurity preparedness; examines incident response processes, procedures, and information sharing; and identifies area for improvement.
Enhancing Cyber Incident Response Capabilities
The Nation's cyber incident response capabilities must continue to mature and adapt to ever evolving cyber risks and threats. Cyber Storm is one of the few opportunities for a "whole of community" response - federal, state, local, tribal and territorial entities and the private sector come together to address cyber response for following a nationwide event or incident.
Cyber Storm VI focused on:
- Building upon the outcomes of previous exercises and changes to the cybersecurity landscape;
- Evaluating and improving the capabilities of the cyber response community;
- Promoting public-private partnerships and strengthening relationships between the Federal Government and its partners; and
- Integrating new critical infrastructure partners into exercise play to promote maturation and integration cross the 16 critical infrastructure sectors.
Cyber Storm also provided a venue for DHS' international partners to exercise objectives, improve and strengthen relationships, examine standard operating procedures and communication pathways, and raise the overall profile of cyber events and cyberattacks in their nation.
Cyber Storm VI Quick Facts
Date: April 2018
Duration: One week, with 3 days of live play
- Critical Manufacturing
- Information Technology/Communications
- Law Enforcement/Intelligence/Department of Defense
Cyber Storm VI Goal
Cyber Storm VI's primary goal was to strengthen cybersecurity preparedness and response capabilities by exercising policies, processes, and procedures for identifying and responding to a multi-sector cyberattack targeting critical infrastructure.
Cyber Storm VI's objective was to assess the Nation's response capabilities to cyber incidents. The assessments will inform preparedness and resiliency planning, thereby strengthening the Nation's capacity to respond to a cyber incident.
Cyber Storm VI's specific objectives included:
- Exercising the coordination mechanisms and evaluating the effectiveness of the National Cyber Incident Response Plan (NCIRP) in guiding response.
- Assessing information sharing to include thresholds, paths, timeliness, usefulness of information shared, and barriers to sharing both internally and externally within the cyber incident response community.
- Continuing to examine the role, functions, and capabilities of DHS as it coordinates with impacted entities during a cyber event.
- Providing a forum for exercise participants to exercise, evaluate, and improve the processes, procedures, interactions, and information sharing mechanisms within their organization or community of interest.
- Cyber Storm I, 2006, was the first time the cyber response community came together to examine the national response to cyber incidents.
- Cyber Storm II, 2008, exercised individual response capabilities and leadership decision making.
- Cyber Storm III, 2010, focused on response according to national-level framework and provided the first operational test of the NCCIC.
- Cyber Storm IV included 15 building block exercises between 2011 and 2014 to help communities and states exercise cyber response capabilities for escalating incidents.
- Cyber Storm V, 2016, included more than 1,000 distributed players and brought together new sectors including retail and healthcare participants.
DHS ensures that privacy, confidentiality, civil rights, and civil liberties are not diminished by its cybersecurity initiatives. Accordingly, the Department has strong privacy, civil rights, and civil liberties standards implemented across all cybersecurity programs.
DHS' Cybersecurity and Infrastructure Security Agency (CISA) is responsible for safeguarding our Nation's critical infrastructure from physical and cyber threats that can affect national security, public safety, and economic prosperity. Through CISA, DHS actively engages the public and private sectors as well as international partners to prepare for, prevent, and respond to catastrophic incidents that could degrade or overwhelm these strategic assets.
For more information on DHS cyber programs, visit www.dhs.gov/cyber