Cyber Storm VI: National Cyber Exercise
Cyber Storm VI was held in April 2018, sponsored by the Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency's CISA Central.
The sixth iteration of the DHS national-level cyber exercise series, Cyber Storm VI, simulated a cyber crisis of national and international consequence. While no actual systems were attacked during the exercise, Cyber Storm VI provided a venue to simulate discovery of and response to a large-scale, coordinated cyberattack impacting U.S. critical infrastructure. The exercise, which included more than 1,000 players nationwide, helped assess cybersecurity preparedness; examined incident response processes, procedures, and information sharing; and identified areas for improvement.
Enhancing Cyber Incident Response Capabilities
The Nation's cyber incident response capabilities must continue to mature and adapt to ever evolving cyber risks and threats. Cyber Storm is one of the few opportunities for a "whole of community" response - federal, state, local, tribal and territorial entities and the private sector come together to address cyber response for following a nationwide event or incident.
Cyber Storm VI focused on:
- Building upon the outcomes of previous exercises and changes to the cybersecurity landscape;
- Evaluating and improving the capabilities of the cyber response community;
- Promoting public-private partnerships and strengthening relationships between the Federal Government and its partners; and
- Integrating new critical infrastructure partners into exercise play to promote maturation and integration cross the 16 critical infrastructure sectors.
Cyber Storm also provided a venue for DHS' international partners to exercise objectives, improve and strengthen relationships, examine standard operating procedures and communication pathways, and raise the overall profile of cyber events and cyberattacks in their nation.
Cyber Storm VI Quick Facts
Date: April 2018
Duration: One week, with 3 days of live play
Participating Communities:
- Critical Manufacturing
- Transportation
- Information Technology/Communications
- Law Enforcement/Intelligence/Department of Defense
- International
- States
- Federal
Cyber Storm VI Goal
Cyber Storm VI's primary goal was to strengthen cybersecurity preparedness and response capabilities by exercising policies, processes, and procedures for identifying and responding to a multi-sector cyberattack targeting critical infrastructure.
Exercise Objectives
Cyber Storm VI's objective was to assess the Nation's response capabilities to cyber incidents. The assessments will inform preparedness and resiliency planning, thereby strengthening the Nation's capacity to respond to a cyber incident.
Cyber Storm VI's specific objectives included:
- Exercising the coordination mechanisms and evaluating the effectiveness of the National Cyber Incident Response Plan (NCIRP) in guiding response.
- Assessing information sharing to include thresholds, paths, timeliness, usefulness of information shared, and barriers to sharing both internally and externally within the cyber incident response community.
- Continuing to examine the role, functions, and capabilities of DHS as it coordinates with impacted entities during a cyber event.
- Providing a forum for exercise participants to exercise, evaluate, and improve the processes, procedures, interactions, and information sharing mechanisms within their organization or community of interest.
Past Highlights
Each Cyber Storm builds on lessons learned from previous real-world incidents, ensuring that participants face more sophisticated and challenging exercises every two years.
Contact
For additional information on Cyber Storm exercises, contact cyberstorm@mail.cisa.dhs.gov.
Final Report
The Cyber Storm VI Final Report reviews the purpose, scope, planning and execution, scenario, and the significant findings of the exercise.