Cyber Storm VIII: National Cyber Exercise

The cyber threat landscape continues to expand and advance, requiring public and private sectors to constantly evaluate their cyber incident response capabilities. Building on the outcomes of previous iterations, Cyber Storm VIII examined all aspects of cyber incident response including potential or actual physical impacts of a coordinated cyberattack targeting critical infrastructure. Cyber Storm VIII provided a unique opportunity for organizations to evaluate their internal cyber incident response plans, while coordinating with those at the federal, state, and private sector levels. Together, participants identified areas for growth and improvement to strengthen our national cyber resiliency.

Date: Spring 2022

Duration: 3 days of live play

Exercise Stakeholders:

• Federal departments and agencies
• Industry-specific partners from critical infrastructure sectors (e.g., chemical, commercial facilities, communications, critical manufacturing, energy, financial services, healthcare and public health, IT, transportation, water and wastewater systems)
• International
• State and local governments

• Cyber Storm VIII included organizations across federal, state, and international governments and the private sector
• Participating organizations worked directly with CISA to understand CISA’s role and capabilities in a cyberattack.
• Participants operated in working groups to meet organization- and sector-specific objectives and improve coordination capabilities through the exercise.
• Participants improved their understanding of current cyber risks, awareness of incident response resources, strengthened relationships with counterparts, and refined communications strategies.

Cyber Storm VIII was designed to strengthen cybersecurity preparedness and response capabilities by exercising policies, processes, and procedures for identifying and responding to a multi-sector significant cyber incident impacting critical infrastructure.

Cyber Storm VIII specific objectives were to:

1. Examine the effectiveness of national cybersecurity plans and policies
2. Explore the roles and responsibilities during a cyber incident with potential or actual physical impacts
3. Strengthen information sharing and coordination mechanisms used during a cyber incident
4. Foster public and private partnerships and improve their ability to share relevant and timely information across partners

• Cyber Storm I, 2006, was the first time the cyber response community came together to examine the national response to cyber incidents.
• Cyber Storm II, 2008, exercised individual response capabilities and leadership decision making.
• Cyber Storm III, 2010, focused on response according to national-level framework and provided the first operational test of CISA Central.
• Cyber Storm IV included 15 building block exercises between 2011 and 2014 to help communities and states exercise cyber response capabilities for escalating incidents.
• Cyber Storm V, 2016, included more than 1,000 distributed players and brought together new sectors including retail and healthcare participants.
• Cyber Storm VI, 2018, focused on response an incident affecting to non-traditional IT devices and included new participants from Critical Manufacturing and the Automotive industry.
• Cyber Storm 2020, 2020, provided 2000+ distributed players from approximately 210 organizations the opportunity to stress test incident response procedures in a remote environment and raised awareness of long-standing and ongoing vulnerabilities in the core infrastructure of the Internet.

The Cyber Storm VIII Final Report reviews the purpose, scope, planning and execution, scenario, and the significant findings of the exercise.

Download the Final Report