The Department of Homeland Security (DHS) executed Cyber Storm I in early February 2006; the nationwide cybersecurity exercise assessed response capabilities during a cyber incident of national significance. Cyber Storm I was the first DHS-sponsored cyber exercise that tested response across the private sector and international, federal, and state governments. The exercise helped to fullfill part of an initiative to meet Homeland Security Presidential Directive 8 "National Preparedness" requirements and was coordinated under DHS' National Exercise Program, in accordance with Congressional appropriations to conduct exercises that test response to cyber attacks on critical infrastructures. Cyber Storm I acted as a catalyst for assessing communications, coordination, and partnerships across critical infrastructure sectors.
Goals and Objectives
Within the context of a large-scale cyber incident affecting the energy, information technology (IT), telecommunications, and transportation critical infrastructure sectors, the goal of Cyber Storm I was to exercise the national cyber incident response community with focus on:
- Interagency coordination through the National Cyber Response Coordination Group (NCRCG) pursuant to the Cyber Annex to the National Response Plan;
- Identification of policy issues that affect response and recovery;
- Identification of critical information sharing paths and mechanisms among public and private sectors; and
- Identification, improvement, and promotion of public and private sector interaction in processes and procedures for:
- Establishing situational awareness;
- Supporting public and private sector decision making;
- Communicating appropriate information to key stakeholders and the public; and
- Planning and implementing appropriate response and recovery activities.
Secondary goals of the exercise include:
- Highlighting specific tools and analytical capabilities that may be used in preparation for, response to, and recovery from cyber incidents; and
- Raising awareness of the economic and national security impacts associated with a significant cyber incident.
- Participants include members of the public sector (federal and state agencies), the private sector (IT, telecommunications, energy, and transportation), and international government partners.
- Participants provided additional support staff to help plan and control the exercise to ensure it met their organizations' training needs and supports the interests of their constituents.
- The Scenario
- The Cyber Storm Exercise scenarios simulated a sophisticated cyber attack. The planning team pre-scripted all simulated attacks are executed the exercise in a closed and secure environment, eliminating any external distress to participants' day-to-day systems during the exercise.
Scenarios may include:
- Cyber attacks disrupting energy and transportation infrastructure elements; and
- Cyber attacks targeted at federal, state and international governments with the intent of disrupting government operations and degrading public confidence.
Scenarios to generate participant actions through:
- Identification and efficient use of all communications channels;
- Escalation to a series of interrelated incidents that, combined, represent a significant enough threat to require (per the terms of the Cyber Annex) the stand-up and operation of the NCRCG;
- The stand-up and operation of Interagency Incident Management Group (IIMG) while testing the communication relationship between the NCRCG and the IIMG; and
- Continued coordination of all public and private participants through the planning and recovery activities.
The report from the exercise reviews the purpose, scope, planning and execution, scenario and the significant findings of the exercise.
For additional information on Cyber Storm exercises, please contact CEP at CEP@dhs.gov.