Cyber Storm IX: National Cyber Exercise

In April 2024, CISA hosted the ninth iteration of the biennial National Cyber Exercise, Cyber Storm IX. Cyber Storm IX provided over 2,200 participants the opportunity to examine their response to an attack on cloud resources, identifying ways to increase their organization’s cyber resilience under the cloud shared responsibility model. 

View CISA’s Cyber Storm IX Fact Sheet Below:

Cyber Storm IX Fact Sheet 508c(PDF, 1,018.64 KB )

Strengthening Cybersecurity Preparedness

Today’s dynamic cyber threat environment requires constant reassessment of our nation’s cyber incident response capabilities. Cyber Storm IX examined all aspects of cyber incident response by depicting a coordinated cyberattack impacting critical infrastructure system confidentiality, integrity, and availability. Organizations evaluated internal cyber incident response plans, while coordinating with those at the federal, state, local, and private sector levels. Throughout the exercise lifecycle, participants worked together to identify applicable strengths and weaknesses, and ultimately find solutions to strengthen their cybersecurity preparedness.

Cyber Storm IX Quick Facts

Date: April 2024

Duration: 3 days of live play

Exercise Stakeholders

  • Federal departments and agencies
  • Industry partners from critical infrastructure sectors
  • International partners
  • State and local governments

Cyber Storm IX Participation

  • Cyber Storm IX included organizations across federal, state, and international governments, and the private sector.
  • Participating organizations worked directly with CISA to understand CISA’s role and capabilities in a cyberattack
  • Participants operated in working groups to meet organization- and sector-specific objectives.
  • Benefits of participation included exercising organizational response plans and capabilities, fostering relationships with counterparts, and improving organizational and national cyber readiness.

Cyber Storm IX Goal and Objectives

Cyber Storm IX’s primary goal was to strengthen cybersecurity preparedness and response capabilities by exercising policies, processes, and procedures for identifying and responding to a multi-sector significant cyber incident impacting critical infrastructure.

Cyber Storm IX specific objectives were to:

  1. Examine the effectiveness of national cybersecurity plans and policies
  2. Explore the roles and responsibilities during a cyber incident with potential or actual physical impacts
  3. Strengthen information sharing and coordination mechanisms used during a cyber incident
  4. Foster public and private partnerships and improve their ability to share relevant and timely information across partners

Past Highlights

  • Cyber Storm I, 2006, marked the first time the cyber response community came together to examine the national response to cyber incidents.
  • Cyber Storm II, 2008, exercised individual response capabilities and leadership decision making.
  • Cyber Storm III, 2010, focused on response according to national-level frameworks and provided the first operational test of the National Cybersecurity and Communications Integration Center (NCCIC).
  • Cyber Storm IV included 15 building block exercises between 2011 and 2014 to help communities and states exercise cyber response capabilities for escalating incidents.
  • Cyber Storm V, 2016, included more than 1,000 distributed players and brought together new sectors, including retail and healthcare participants.
  • Cyber Storm VI, 2018, focused on response an incident affecting to non-traditional IT devices and included new participants from critical manufacturing and the automotive industry.
  • Cyber Storm 2020, 2020, provided 2000+ distributed players from approximately 210 organizations the opportunity to stress test incident response procedures in a remote environment and raised awareness of long-standing and ongoing vulnerabilities in the core infrastructure of the Internet.
  • Cyber Storm VIII, 2022, engaged 2000+ participants through a multi-layered scenario that impacted both industrial control systems (ICS)/operational technology (OT) and enterprise IT networks, raising awareness of the rapidly expanding cyberattack surface.