US flag   Official website of the Department of Homeland Security

Cyber Storm I: National Cyber Exercise

Cyber Storm I was a nationwide cybersecurity exercise that took place in early February 2006 and assessed preparedness capabilities in response to a cyber incident of national significance. Cyber Storm I was the Department's first cyber exercise testing response across the private sector and the international, federal, and state governments. The exercise series is part of an initiative that meets Homeland Security Presidential Directive 8 "National Preparedness" requirements, which is coordinated under the DHS National Exercise Program and is in accordance with Congressional appropriations to conduct exercises that test response to cyber attacks on critical infrastructures. Cyber Storm is intended to act as a catalyst for assessing communications, coordination, and partnerships across critical infrastructure sectors.

Goals and Objectives

Within the context of a large-scale cyber incident affecting the energy, information technology (IT), telecommunications, and transportation critical infrastructure sectors, the goal of Cyber Storm is to exercise the national cyber incident response community with focus on:

  • Interagency coordination through the National Cyber Response Coordination Group (NCRCG) pursuant to the Cyber Annex to the National Response Plan;
  • Identification of policy issues that affect response and recovery;
  • Identification of critical information sharing paths and mechanisms among public and private sectors; and
  • Identification, improvement, and promotion of public and private sector interaction in processes and procedures for:
  • establishing situational awareness;
  • supporting public and private sector decision making;
  • communicating appropriate information to key stakeholders and the public; and
  • planning and implementing appropriate response and recovery activities.

Secondary goals of the exercise include:

  • Highlighting specific tools and analytical capabilities that may be used in preparation for, response to, and recovery from cyber incidents; and
  • Raising awareness of the economic and national security impacts associated with a significant cyber incident.
  • Participants
  • Participants include members of the public sector (federal and state agencies), the private sector (IT, telecommunications, energy, and transportation), and international government partners.
  • Participants provided additional support staff to help plan and control the exercise to ensure it meets their organizations' training needs and supports the interests of their constituents.
  • The Scenario
  • Cyber Storm simulates a sophisticated cyber attack scenario. All "attacks" are pre-scripted and executed in a closed and secure environment, eliminating any external distress to participants' day-to-day systems during the exercise.

Scenarios may include:

  • Cyber attacks disrupting energy and transportation infrastructure elements; and
  • Cyber attacks targeted at federal, state and international governments with the intent of disrupting government operations and degrading public confidence.

Scenarios to generate participant actions through:

  • Identification and efficient use of all communications channels;
  • Escalation to a series of interrelated incidents that, combined, represent a significant enough threat to require (per the terms of the Cyber Annex) the stand-up and operation of the NCRCG;
  • The stand-up and operation of Interagency Incident Management Group (IIMG) while testing the communication relationship between the NCRCG and the IIMG; and
  • Continued coordination of all public and private participants through the planning and recovery activities.

Final Report

The Final Report from the exercise reviews the purpose, scope, planning and execution, scenario and the significant findings of the exercise. 

Download the Final Report

For additional information on Cyber Storm exercises, please contact

Back to Top