National Cyber Exercise and Planning Program

The National Cybersecurity and Communications Integration Center (NCCIC) develops and supports integrated cyber incident response plans and guidance and cyber-focused exercises for governmental and critical infrastructure partners. NCCIC's National Cybersecurity Exercises and Training conducts a full spectrum of exercises in cooperation with the public and private sector and international partners, particularly those who support U.S. critical infrastructure.

DHS established the Cyber Exercise Program in 2004 as a resource responsible for developing and managing a portfolio of cyber exercises ranging from small-scale, limited scope, discussion-based exercises (e.g., two-hour seminars) to large-scale, internationally scoped, operations-based exercises (e.g., multi-day, full scale exercises like the Cyber Storm national-level cyber exercise.

NCCIC's National Cybersecurity Exercises and Training goals are to:

  • Strengthen U.S. national cybersecurity resilience through cyber exercise planning and execution
  • Advance exercise stakeholder relationships and cooperation
  • Expand opportunities for engagement across the stakeholder spectrum.

Cyber Continuity Planning Support

NCCIC works with is public and private sector partners to develop and revise integrated cyber incident response plans and guidance.

Key planning products available include:

  • Cyber Capabilities Planning Framework
  • Sector-Specific Operations Playbooks
  • State, Local, Territorial, Tribal (SLTT) Cyber Incident Annex Template

National, Statewide and International Exercises

NCCIC's National Cybersecurity Exercises and Training directly supports DHS stakeholders in the public sector, including both federal and SLTT organizations on cyber-focused exercise initiatives. Since 2012, NCCIC has co-sponsored the Cyber Guard exercise series, the largest tactical-level cyber exercise series in the nation, in cooperation with the U.S. Cyber Command and the Federal Bureau of Investigation.

NCCIC's exercises and training support to SLTT government partners includes cyber exercise design, development, conduct, and analysis. NCCIC's cyber exercises familiarize the public sector on roles, responsibilities, policies, plans, and procedures to prepare for significant cyber incident.

Recognizing that there are no borders in cyberspace, NCCIC supports DHS operational and policy initiatives to improve international cybersecurity cooperation. NCCIC's Exercise and Training sponsored exercises and workshops help raise awareness and advance cybersecurity coordination globally.

Critical Infrastructure Exercises

NCCIC's National Cybersecurity Exercises and Training provides direct support to critical infrastructure assets, assisting in the development and execution of cyber exercises for individual organizations and critical infrastructure sectors

Cyber Storm Exercise Series

Cyber Storm is the Department’s capstone national-level cyber exercise series. Congress mandated the Cyber Storm exercise series to strengthen cyber preparedness in the public and private sectors. Participation spans across federal, SLTT, international, and public and private sector critical infrastructure stakeholders.

These capstone exercises are typically a week long and involve more than a thousand distributed players. Participating organizations respond to simulated attacks by practicing response policies and procedures, which help to identify findings, including relative strengths, interdependencies, and areas for improvement.

Special Event Support

NCCIC's Exercises and Training also conducts cyber exercises to help public and private sector partners prepare for special events, such as Special Event Assessment Rating (SEAR) events or National Special Security Events (NSSE). These exercises take into account the risk profiles and multi-stakeholder coordination mechanisms unique to each event.

Cyber Exercise Toolkit (CTEP)

NCCIC's National Cybersecurity Exercises and Training has developed a comprehensive, adaptable, and scalable cyber tabletop exercise package (CTEP) as a toolkit for interested organizations. CTEP allows stakeholders to produce and customize their own tabletop cyber exercise, tailored for their organization.

Enhancing Cyber Incident Response Capabilities

The nation’s cyber incident response capabilities need to mature and adapt to ever-evolving cyber risks and threats. Cyber exercises like Cyber Storm allow the cyber incident response community to practice and measure the effectiveness of their capabilities and continuously improve.  

For more information on the National Cyber Exercise and Planning Program, email

Was this webpage helpful?  Yes  |  Somewhat  |  No