Prepared Together – Cyber Storm IX Recap


By CISA Director Jen Easterly

Cyber threat actors continue to infiltrate critical infrastructure networks with increased sophistication, persistence, and malicious intent. While some actors remain financially motivated, others such as nation-state actors aligned with the People’s Republic of China, aim to compromise U.S. critical infrastructure networks to potentially disrupt critical services in the event of a geopolitical conflict. Organizations need to be prepared to respond and remain resilient in the face of these challenging threats, and exercises, such as Cyber Storm, serve as a critical tool to enhance preparedness. 

A few weeks ago, approximately one hundred exercise planners convened at CISA headquarters for the ninth iteration of the national cyber exercise, Cyber Storm. The planners, representing private industry, federal, state, and international government partners, managed an exercise that spanned across the globe to simulate a coordinated cyberattack targeting critical infrastructure. 

What sets Cyber Storm apart from other cyber exercises is the depth and breadth of the exercise.  We hosted over 2,200 participants from 300 organizations from more than 80 private sector companies, 35 federal departments and agencies, 11 states, and nine partner countries. It provided an immersive experience for participants to engage in all aspects of cyber incident response through three days of live exercise play. The exercise scenario centered on adversary exploitation of common misconfigurations of cloud environments to cause various impacts to data confidentiality, integrity, and availability. Initial impacts occurred within the Food and Agriculture Sector but ultimately impacted many organizations across multiple sectors.

Our planners enhanced the realism of the exercise through simulating traditional and social media websites, as well as creating a simulated dark web. Additionally, Cyber Storm IX simulated enemies who employed tactics, techniques, and procedures used by real-world adversaries.  The simulated threat actors had an agenda with sufficient resources to carry out the attacks to meet the exercise’s objectives.

Cyber Storm gave the participants an opportunity to exercise organizational response plans and capabilities, foster relationships with counterparts, and improve organizational and national cyber readiness and resilience. Participating organizations worked directly with CISA and coordinating bodies such as Sector Risk Management Agencies and Information Sharing and Analysis Centers to understand roles and capabilities during a cyberattack.  

Outcomes from Cyber Storm IX will be published later this year at Cyber Storm: Securing Cyber Space | CISA. CISA will continue to assist stakeholders with end-to-end exercise development support upon request to increase resilience to both physical and cyber threats.