Cyber Storm: Securing Cyber Space

Cyber Storm, the Department of Homeland Security’s biennial exercise series, provides the framework for the most extensive government-sponsored cybersecurity exercise of its kind.

Congress mandated the Cyber Storm exercise series to strengthen cyber preparedness in the public and private sectors. Securing cyber space is the Office of Cybersecurity and Communication’s top priority.

Cyber Storm participants perform the following activities:

  • Examine organizations’ capability to prepare for, protect from, and respond to cyber attacks’ potential effects;
  • Exercise strategic decision making and interagency coordination of incident response(s) in accordance with national level policy and procedures;
  • Validate information sharing relationships and communications paths for collecting and disseminating cyber incident situational awareness, response and recovery information; and 
  • Examine means and processes through which to share sensitive information across boundaries and sectors without compromising proprietary or national security interests.

Each Cyber Storm builds on lessons learned from previous real world incidents, ensuring that participants face more sophisticated and challenging exercises every two years.

Cyber Storm IV

Cyber Storm IV is the fourth installment of the Cyber Storm exercise series.  The series is part of the Department of Homeland Security’s ongoing effort to assess and strengthen cyber preparedness, examine incident response processes in response to ever-evolving threats, and enhance information sharing among Federal, state, international, and private sector partners.  Through these efforts, the cyber incident response community will improve both their capabilities and response processes, thus bolstering the nation’s cyber resilience.  Cyber Storm IV consists of individual, building block exercises at the Federal, state, and international level that provide the cyber incident response community with the opportunity to design focused events that evaluate specific capabilities. 

State Exercises

State exercises are two-day tabletop events where representatives from a variety of state departments and agencies assess their cyber response plans.  They identify and simulate how to engage elements across state governance, as well as cybersecurity partners such as law enforcement entities and the private sector.  Throughout the event, participants can validate policies, plans, and procedures that enable response, recovery, and continuity of operations.  Players, planners, and observers represent a variety of positions, including technical and non-technical staff, emergency managers, public affairs representatives, and leadership. 

State exercises conducted/scheduled:

  • Maine, February 2012
  • Oregon, May 2012
  • Washington, August 2012
  • Idaho, October 2012
  • Missouri, June 2013
  • Mississippi, August 2013

International Exercise

The National Cybersecurity and Communications Integration Center (NCCIC) sponsored the International Watch and Warning Network (IWWN) Exercise on March 20-21, 2013.  Eleven of the fifteen IWWN nations participated in the distributed, functional event.  The participating nations included: Australia, Canada, France, Germany, Hungary, Japan, The Netherlands, Norway, Sweden, Switzerland, and the United States.  The session featured a distributed exercise control (ExCon), with ExCon members located at operational centers across the world.  Participants examined the IWWN’s common plans, standard operating procedures, policies, and capabilities necessary to ensure the security of the interdependent global cyber infrastructure and, where applicable, applied lessons learned from Cyber Storm III, conducted in September 2010.  The scenario engaged operational staff, such as civil computer emergency response teams (CERTs) and policy-level stakeholders within the IWWN.  The IWWN member nations participated at varying levels; some organizations participated continuously (24x7), and others participated solely during their respective normal operating hours.


Evergreen (formerly the “Concluding Event”) is the largest Cyber Storm IV event.  It is a distributed, functional cyber exercise sponsored by the NCCIC and scheduled to take place in Fall 2013.  Players will represent the State of Washington, the Federal Government, an international partner, the private sector, and several coordination bodies.  The exercise will leverage a controlled environment to observe and evaluate a simulated cyber attack originating in a municipality, focusing on escalation from internal discovery and communication to national and international information sharing and incident management. 

Overall, these efforts have and will continue to enable DHS and its partners to increase their overall cyber preparedness and the resiliency of critical infrastructure.  The results of the exercises and the ongoing planning activity have greatly improved the readiness and response times in responding to any cyber incident impacting the nation’s critical infrastructure.