Cyber Storm VIII, conducted in March 2022, allowed participants to exercise their incident response plans and identify opportunities for coordination and information sharing. Cyber Storm VIII included more than 2,000 players, who uncovered lessons learned related to common vulnerabilities and the policies, processes, and procedures for recovery from a major cyber incident. Cyber Storm VIII is the eighth iteration of the National Cyber Exercise.
Enhancing Cyber Incident Response Capabilities
The cyber threat landscape continues to expand and advance, requiring public and private sectors to constantly evaluate their cyber incident response capabilities. Building on the outcomes of previous iterations, Cyber Storm VIII examined all aspects of cyber incident response including potential or actual physical impacts of a coordinated cyberattack targeting critical infrastructure. Cyber Storm VIII provided a unique opportunity for organizations to evaluate their internal cyber incident response plans, while coordinating with those at the federal, state, and private sector levels. Together, participants identified areas for growth and improvement to strengthen our national cyber resiliency.
Cyber Storm VIII Quick Facts
Date: Spring 2022
Duration: 3 days of live play
- Federal departments and agencies
- Industry-specific partners from critical infrastructure sectors (e.g., chemical, commercial facilities, communications, critical manufacturing, energy, financial services, healthcare and public health, IT, transportation, water and wastewater systems)
- State and local governments
Cyber Storm VIII Participation
- Cyber Storm VIII included organizations across federal, state, and international governments and the private sector
- Participating organizations worked directly with CISA to understand CISA’s role and capabilities in a cyberattack.
- Participants operated in working groups to meet organization- and sector-specific objectives and improve coordination capabilities through the exercise.
- Participants improved their understanding of current cyber risks, awareness of incident response resources, strengthened relationships with counterparts, and refined communications strategies.
Cyber Storm VIII Goal and Objectives
Cyber Storm VIII was designed to strengthen cybersecurity preparedness and response capabilities by exercising policies, processes, and procedures for identifying and responding to a multi-sector significant cyber incident impacting critical infrastructure.
Cyber Storm VIII specific objectives were to:
- Examine the effectiveness of national cybersecurity plans and policies
- Explore the roles and responsibilities during a cyber incident with potential or actual physical impacts
- Strengthen information sharing and coordination mechanisms used during a cyber incident
- Foster public and private partnerships and improve their ability to share relevant and timely information across partners
- Cyber Storm I, 2006, marked the first time the cyber response community came together to examine the national response to cyber incidents.
- Cyber Storm II, 2008, exercised individual response capabilities and leadership decision making.
- Cyber Storm III, 2010, focused on response according to national-level frameworks and provided the first operational test of the National Cybersecurity and Communications Integration Center (NCCIC).
- Cyber Storm IV included 15 building block exercises between 2011 and 2014 to help communities and states exercise cyber response capabilities for escalating incidents.
- Cyber Storm V, 2016, included more than 1,000 distributed players and brought together new sectors, including retail and healthcare participants.
- Cyber Storm VI, 2018, focused on response an incident affecting to non-traditional IT devices and included new participants from critical manufacturing and the automotive industry.
- Cyber Storm 2020, 2020, provided 2000+ distributed players from approximately 210 organizations the opportunity to stress test incident response procedures in a remote environment and raised awareness of long-standing and ongoing vulnerabilities in the core infrastructure of the Internet.