By Greg Touhill, Deputy Assistant Secretary for Cybersecurity and Communications, NPPD
Cyber threats to critical infrastructure remain one of our Nation’s most serious security and economic sustainability challenges. With over 80 percent of critical infrastructure owned by the private sector, and with millions of cyber-dependent equities owned by individuals or federal, state, local, tribal, and territorial (SLTT) entities and agencies, securing cyberspace must be achieved collaboratively. Exercises are critical to testing this coordination, and more importantly, to building and maintaining strong relationships among the cyber incident response community.
Last week more than 1,100 people from more than 60 organizations across the country and worldwide participated in the nation’s most extensive cybersecurity exercise, hosted by the Department of Homeland Security, Cyber Storm V. The exercise included participants from the healthcare and public health, IT, communications and commercial facilities sectors, as well as federal agencies, eight states, and international organizations.
Participants were presented with a scenario that drove them to exercise their training, policies, processes, and procedures for identifying and responding to a multi-sector cyber attack targeting critical infrastructure. The Cyber Storm V scenario created an environment where no one organization was in a position where they themselves could stop or mitigate the impacts of the attack. The scope of the scenario thus promoted the exercising of cooperation and information sharing across the United States government, states, the private sector, and international partners.
The DHS National Cybersecurity and Communications Integration Center (NCCIC) served as the focal point for federal response and coordination during the exercise. NCCIC is a 24x7 cyber situational awareness, incident response, and management center that is a national nexus of cyber and communications integration for the Federal Government, intelligence community, and law enforcement. NCCIC also is designated as the federal interface for private sector information sharing, cross-sector coordination and incident response.
The Cyber Storm V after action process began with a discussion of initial, high-level findings. An after action conference will help validate these findings and inform the development of an after action report.
For more information about the Cyber Storm exercise series, and to view the final reports from Cyber Storms I-IV, visit https://www.dhs.gov/cyber-storm.