Cyber Storm, the Department of Homeland Security’s biennial exercise series, provides the framework for the most extensive government-sponsored cybersecurity exercise of its kind.

Congress mandated the Cyber Storm exercise series to strengthen cyber preparedness in the public and private sectors. Securing cyber space is the National Cyber Security Division’s top priority.

Cyber Storm participants perform the following activities:

• Examine organizations’ capability to prepare for, protect from, and respond to cyber attacks’ potential effects;
• Exercise strategic decision making and interagency coordination of incident response(s) in accordance with national level policy and procedures;
• Validate information sharing relationships and communications paths for collecting and disseminating cyber incident situational awareness, response and recovery information; and 
• Examine means and processes through which to share sensitive information across boundaries and sectors without compromising proprietary or national security interests.

Each Cyber Storm builds on lessons learned from previous real world incidents, ensuring that participants face more sophisticated and challenging exercises every two years.

Cyber Storm IV: 2011-2012

The latest installment of the series, Cyber Storm IV (CS IV), is designed as a set of building block exercises, which began in fall 2011 and will conclude in 2012. This exercise design promotes more focused exercise activities, allowing participants to delve deeper into particular cyber issues. Members of the cyber incident response community are actively collaborating with DHS in the design and execution of these building block exercises. Observations from the building block exercises will inform National Level Exercise 2012 planning activities, continue to enhance the cyber incident response community's capabilities, and support the Nation's ongoing resilience efforts.

• Cyber Storm IV (PDF, 1 page - 272 KB)
• Cyber Storm IV's exercise construct (PDF, 1 page - 271 KB)

Cyber Storm III: September 2010

Cyber Storm III built upon the success of previous exercises; however, enhancements in the nation's cybersecurity capabilities, an ever-evolving cyber threat landscape and the increased emphasis and extent of public-private collaboration and cooperation, made Cyber Storm III unique.

• National Cyber Incident Response Plan
  Cyber Storm III served as the primary vehicle to exercise the newly-developed National Cyber Incident Response Plan (NCIRP) - a blueprint for cybersecurity incident response - to examine the roles, responsibilities, authorities, and other key elements of the nation's cyber incident response and management capabilities and use those findings to refine the plan.

• Increased Federal, State, International and Private Sector Participation
  • Administration-Wide - Eight Cabinet-level departments including Commerce, Defense, Energy, Homeland Security, Justice, Transportation and Treasury, in addition to the White House and representatives from the intelligence and law enforcement communities.
  • Eleven States - California, Delaware, Illinois, Iowa, Michigan, Minnesota, North Carolina, New York, Pennsylvania, Texas, Washington, as well as the Multi-State Information Sharing and Analysis Center (ISAC) - compared to nine states in Cyber Storm II.
  • 12 International Partners - Australia, Canada, France, Germany, Hungary, Japan, Italy, the Netherlands, New Zealand, Sweden, Switzerland, the United Kingdom - compared to four international partners in Cyber Storm II.
  • 50 Percent More Private Sector Partners - We will have 60 private sector companies played in Cyber Storm III, up from 40 in Cyber Storm II; several will participate on-site with DHS for the first time. DHS worked with representatives from the Banking and Finance, Chemical, Communications, Dams, Defense Industrial Base, Information Technology, Nuclear, Transportation, and Water Sectors as well as the corresponding Sector Coordinating Councils and ISACs to identify private sector participants.

• National Cybersecurity and Communications Integration Center
  Cyber Storm III represented the first opportunity to test the new National Cybersecurity and Communications Integration Center (NCCIC) - which serves as the hub of national cybersecurity coordination and was inaugurated in October of 2009.

• More on Cyber Storm III

Cyber Storm II: March 2008

• Involves 5 countries (Australia, Canada, New Zealand, United Kingdom, United States); 18 federal cabinet-level agencies (Department of Defense, State Department, Department of Justice, etc.); 9 states (Pennsylvania, Colorado, California, Delaware, Texas, Illinois, Michigan, North Carolina, and Virginia); and over 40 private sector companies (Juniper Networks, Microsoft, McAfee, Cisco, NeuStar, The Dow Chemical Company, Inc., PPG Industries, ABB Group, Air Products & Chemical Inc., Nova Chemical, Wachovia, etc.);
• Affected 4 infrastructure sectors including chemical, information technology, communications and transportation (rail/pipe) and used 10 Information Sharing and Analysis Centers;
• Exercised the processes, procedures, tools, and organizational response to a multi-sector coordinated attack through, and on, the global cyber infrastructure;
• Allowed players to exercise and evaluate their cyber response capabilities to a multi-day coordinated attack and to gauge the cascading effects of cyber disasters on other critical infrastructures, shaping response priorities; and
• Exercised government and private sector concepts and processes developed since Cyber Storm I, requiring great interaction and coordination at the strategic, operational, and tactical levels.
• More on Cyber Storm II

Cyber Storm I: February 2006

• First government-led full-scale cyber exercise;
• Included over 115 organizations, including federal, state and local governments, and the private sector;
• Featured four sectors: information technology, communications, energy and transportation (air); and 
• Allowed participants to respond to a variety of cyber and communications degradations and simulated attacks against critical infrastructures and to collaborate at the operational, policy and public affairs levels.