Cyber Storm VI: National Cyber Exercise

Cyber Storm VI was held in April 2018, sponsored by the Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency's CISA Central.

The sixth iteration of the DHS national-level cyber exercise series, Cyber Storm VI, simulated a cyber crisis of national and international consequence. While no actual systems were attacked during the exercise, Cyber Storm VI provided a venue to simulate discovery of and response to a large-scale, coordinated cyberattack impacting U.S. critical infrastructure. The exercise, which included more than 1,000 players nationwide, helped assess cybersecurity preparedness; examined incident response processes, procedures, and information sharing; and identified areas for improvement.

Enhancing Cyber Incident Response Capabilities

The Nation's cyber incident response capabilities must continue to mature and adapt to ever evolving cyber risks and threats. Cyber Storm is one of the few opportunities for a "whole of community" response - federal, state, local, tribal and territorial entities and the private sector come together to address cyber response for following a nationwide event or incident.

Cyber Storm VI focused on:

  • Building upon the outcomes of previous exercises and changes to the cybersecurity landscape;
  • Evaluating and improving the capabilities of the cyber response community;
  • Promoting public-private partnerships and strengthening relationships between the Federal Government and its partners; and
  • Integrating new critical infrastructure partners into exercise play to promote maturation and integration cross the 16 critical infrastructure sectors.

Cyber Storm also provided a venue for DHS' international partners to exercise objectives, improve and strengthen relationships, examine standard operating procedures and communication pathways, and raise the overall profile of cyber events and cyberattacks in their nation.

Cyber Storm VI Quick Facts

Date: April 2018

Duration: One week, with 3 days of live play

Participating Communities:

  • Critical Manufacturing
  • Transportation
  • Information Technology/Communications
  • Law Enforcement/Intelligence/Department of Defense
  • International
  • States
  • Federal

Cyber Storm VI Goal

Cyber Storm VI's primary goal was to strengthen cybersecurity preparedness and response capabilities by exercising policies, processes, and procedures for identifying and responding to a multi-sector cyberattack targeting critical infrastructure.

Exercise Objectives

Cyber Storm VI's objective was to assess the Nation's response capabilities to cyber incidents. The assessments will inform preparedness and resiliency planning, thereby strengthening the Nation's capacity to respond to a cyber incident.

Cyber Storm VI's specific objectives included:

  • Exercising the coordination mechanisms and evaluating the effectiveness of the National Cyber Incident Response Plan (NCIRP) in guiding response.
  • Assessing information sharing to include thresholds, paths, timeliness, usefulness of information shared, and barriers to sharing both internally and externally within the cyber incident response community.
  • Continuing to examine the role, functions, and capabilities of DHS as it coordinates with impacted entities during a cyber event.
  • Providing a forum for exercise participants to exercise, evaluate, and improve the processes, procedures, interactions, and information sharing mechanisms within their organization or community of interest.

Final Report

The Cyber Storm V Final Report reviews the purpose, scope, planning and execution, scenario, and the significant findings of the exercise.

Download the Final Report

For additional information on Cyber Storm exercises, contact

Past Highlights

  • Cyber Storm I, 2006, was the first time the cyber response community came together to examine the national response to cyber incidents.
  • Cyber Storm II, 2008, exercised individual response capabilities and leadership decision making.
  • Cyber Storm III, 2010, focused on response according to national-level framework and provided the first operational test of CISA Central.
  • Cyber Storm IV included 15 building block exercises between 2011 and 2014 to help communities and states exercise cyber response capabilities for escalating incidents.
  • Cyber Storm V, 2016, included more than 1,000 distributed players and brought together new sectors including retail and healthcare participants.


DHS ensures that privacy, confidentiality, civil rights, and civil liberties are not diminished by its cybersecurity initiatives. Accordingly, the Department has strong privacy, civil rights, and civil liberties standards implemented across all cybersecurity programs.

About CISA

DHS' Cybersecurity and Infrastructure Security Agency (CISA) is responsible for safeguarding our Nation's critical infrastructure from physical and cyber threats that can affect national security, public safety, and economic prosperity. Through CISA, DHS actively engages the public and private sectors as well as international partners to prepare for, prevent, and respond to catastrophic incidents that could degrade or overwhelm these strategic assets.