Cyber Storm I: National Cyber Exercise

In February 2006, the Department of Homeland Security (DHS) executed Cyber Storm I, a nationwide cybersecurity exercise which assessed response capabilities during a cyber incident of national significance. Cyber Storm I was the first DHS-sponsored cyber exercise that tested response across the private sector and international, federal, and state governments. The exercise helped to fulfill part of an initiative to meet Homeland Security Presidential Directive 8 "National Preparedness" requirements and was coordinated under DHS's National Exercise Program in accordance with Congressional appropriations to conduct exercises that test response to cyber attacks on critical infrastructures. Cyber Storm I acted as a catalyst for assessing communications, coordination, and partnerships across critical infrastructure sectors.

Goals and Objectives

Within the context of a large-scale cyber incident affecting the energy, information technology (IT), telecommunications, and transportation critical infrastructure sectors, the goal of Cyber Storm I was to exercise the national cyber incident response community with focus on:

  • Interagency coordination through the National Cyber Response Coordination Group (NCRCG) pursuant to the Cyber Annex to the National Response Plan;
  • Identification of policy issues that affect response and recovery;
  • Identification of critical information sharing paths and mechanisms among public and private sectors; and
  • Identification, improvement, and promotion of public and private sector interaction in processes and procedures for establishing situational awareness; supporting public and private sector decision making; communicating appropriate information to key stakeholders and the public; and planning and implementing appropriate response and recovery activities.

Secondary goals of the exercise included:

  • Highlighting specific tools and analytical capabilities that may be used in preparation for, response to, and recovery from cyber incidents; and
  • Raising awareness of the economic and national security impacts associated with a significant cyber incident.

Participants

Participants included members of the public sector (federal and state agencies), the private sector (IT, telecommunications, energy, and transportation sectors), and international government partners. Participants provided additional support staff to help plan and control the exercise to ensure it met their organizations' training needs and supported the interests of their constituents.

Scenario

The Cyber Storm Exercise scenarios simulated a sophisticated cyber attack. The planning team pre-scripted all simulated attacks and executed the exercise in a closed and secure environment, eliminating any external distress to participants' day-to-day systems during the exercise.

Scenarios included:

  • Cyber attacks disrupting energy and transportation infrastructure elements; and
  • Cyber attacks targeted at federal, state, and international governments with the intent of disrupting government operations and degrading public confidence.

Scenarios generated participant actions through:

  • Identification and efficient use of all communications channels;
  • Escalation to a series of interrelated incidents which, combined, represented a significant enough threat to require (per the terms of the Cyber Annex) the stand-up and operation of the NCRCG;
  • The stand-up and operation of Interagency Incident Management Group (IIMG) while testing the communication relationship between the NCRCG and the IIMG; and
  • Continued coordination of all public and private participants through the planning and recovery activities.

Exercise Report

The Cyber Storm I Final Report reviews the purpose, scope, planning and execution, scenario, and the significant findings of the exercise.

Download the Final Report

For additional information on Cyber Storm exercises, contact cyberstorm@cisa.dhs.gov.