Cyber Storm VIII, planned for Spring 2022, will allow participants to exercise their incident response plans and identify opportunities for coordination and information sharing. Cyber Storm exercises have historically engaged more than 1,000 distributed players over the course of three days of live exercise play. Building on the success and momentum of Cyber Storm 2020 and lessons learned from real-world events, Cyber Storm VIII is positioned to meaningfully prepare participants for response to emerging and evolving threats.
Enhancing Cyber Incident Response Capabilities
The cyber threat landscape continues to expand and advance, requiring public and private sectors to constantly evaluate their cyber incident response capabilities. Building on the outcomes of previous iterations, Cyber Storm VIII will examine all aspects of cyber incident response including potential or actual physical impacts of a coordinated cyber attack targeting critical infrastructure. Cyber Storm VIII provides a unique opportunity for organizations to evaluate their internal cyber incident response plans, while coordinating with those at the federal, state, and private sector levels. Together, participants will identify areas for growth and improvement to strengthen our national cyber resiliency.
Cyber Storm VIII Quick Facts
Date: Spring 2022
Duration: 3 days of live play
- Federal departments and agencies
- Industry-specific partners from critical infrastructure sectors (e.g., chemical, commercial, critical manufacturing, energy, financial services, healthcare and public health, IT, transportation, energy, and water and wastewater systems)
- State and local governments
Cyber Storm VIII Participation
- Cyber Storm VIII includes organizations across federal, state, and international governments and the private sector
- Participating organizations will work directly with CISA to understand CISA’s role and capabilities in a cyberattack.
- Participants operate in working groups to meet organization- and sector-specific objectives and improve coordination capabilities through the exercise.
- Benefits of participation include improved understanding of current cyber risks, awareness of incident response resources, strengthened relationships with counterparts, and refined communications strategies.
Cyber Storm VIII Goal and Objectives
Cyber Storm VIII’s primary goal is to strengthen cybersecurity preparedness and response capabilities by exercising policies, processes, and procedures for identifying and responding to a multi-sector significant cyber incident impacting critical infrastructure.
Cyber Storm VIII specific objectives include:
- Examine the effectiveness of national cybersecurity plans and policies
- Explore the roles and responsibilities during a cyber incident with potential or actual physical impacts
- Strengthen information sharing and coordination mechanisms used during a cyber incident
- Foster public and private partnerships and improve their ability to share relevant and timely information across partners
- Cyber Storm I, 2006, marked the first time the cyber response community came together to examine the national response to cyber incidents.
- Cyber Storm II, 2008, exercised individual response capabilities and leadership decision making.
- Cyber Storm III, 2010, focused on response according to national-level frameworks and provided the first operational test of the National Cybersecurity and Communications Integration Center (NCCIC).
- Cyber Storm IV included 15 building block exercises between 2011 and 2014 to help communities and states exercise cyber response capabilities for escalating incidents.
- Cyber Storm V, 2016, included more than 1,000 distributed players and brought together new sectors, including retail and healthcare participants.
- Cyber Storm VI, 2018, focused on response an incident affecting to non-traditional IT devices and included new participants from critical manufacturing and the automotive industry.
- Cyber Storm 2020, 2020, provided 2000+ distributed players from approximately 210 organizations the opportunity to stress test incident response procedures in a remote environment and raised awareness of long-standing and ongoing vulnerabilities in the core infrastructure of the Internet.