US flag signifying that this is a United States Federal Government website   Official website of the Department of Homeland Security

Homeland Security

Cyber Storm: Securing Cyber Space

Cyber Storm, the Department of Homeland Security’s (DHS) biennial exercise series, provides the framework for the most extensive government-sponsored cybersecurity exercise of its kind. Congress mandated the Cyber Storm exercise series to strengthen cyber preparedness in the public and private sectors. Securing cyber space is the DHS Office of Cybersecurity and Communications' top priority.

Cyber Storm participants perform the following activities:

  • Examine organizations’ capability to prepare for, protect from, and respond to cyber attacks’ potential effects;
  • Exercise strategic decision making and interagency coordination of incident response(s) in accordance with national level policy and procedures;
  • Validate information sharing relationships and communications paths for collecting and disseminating cyber incident situational awareness, response and recovery information; and
  • Examine means and processes through which to share sensitive information across boundaries and sectors without compromising proprietary or national security interests.

Each Cyber Storm builds on lessons learned from previous real world incidents, ensuring that participants face more sophisticated and challenging exercises every two years.

Cyber Storm V: First Quarter 2016

DHS is currently in the planning process for Cyber Storm V, which will return to the capstone, distributed exercise format of Cyber Storm I-III. The exercise is slated to occur in Winter 2016, with the Exercise Control located in the Washington. D.C. metropolitan area. DHS is conducting targeted recruitment for the exercise. For more information, contact

Cyber Storm IV

Cyber Storm IV consisted of individual building block exercises at the federal, state, and international levels which provided the cyber incident response community with the opportunity to design focused events to evaluate specific capabilities. The building block approach also introduced cyber exercises to new stakeholders and prepared them for participation in future Cyber Storm exercises.

Cyber Storm IV included 15 tabletop and distributed exercises that involved over 1,250 participants from 16 states, 11 countries, and 14 federal agencies. CyberStorm IV exercises for external stakeholders included:

  • State-specific exercises with Idaho, Maine, Mississippi, Missouri, Nevada, Oregon, and Washington. A state coordination exercise with the Multi-State Information Sharing and Analysis Center (MS-ISAC) that included Delaware, Iowa, Massachusetts, Michigan, Minnesota, New York, North Carolina, Pennsylvania, and Wisconsin.
  • An international exercise with the International Watch and Warning Network that included Australia, Canada, France, Germany, Hungary, Japan, the Netherlands, Norway, Sweden, Switzerland, and the United States.
  • Cyber Storm IV: Evergreen, a distributed national level exercise that engaged hundreds of players from the private sector, state and local entities, and the federal government in operational play.
  • More on Cyber Storm IV

Cyber Storm III: September 2010

Cyber Storm III built upon the success of previous exercises; however, enhancements in the nation's cybersecurity capabilities, an ever-evolving cyber threat landscape and the increased emphasis and extent of public-private collaboration and cooperation, made Cyber Storm III unique.

  • National Cyber Incident Response Plan
    Cyber Storm III served as the primary vehicle to exercise the newly-developed National Cyber Incident Response Plan (NCIRP), a blueprint for cybersecurity incident response, to examine the roles, responsibilities, authorities, and other key elements of the nation's cyber incident response and management capabilities and use those findings to refine the plan.
  • Increased Federal, State, International and Private Sector Participation
    • Administration-Wide - Eight Cabinet-level departments including Departments of Commerce, Defense, Energy, Homeland Security, Justice, Transportation, and Treasury in addition to the White House and representatives from the intelligence and law enforcement communities.
    • Eleven States - California, Delaware, Illinois, Iowa, Michigan, Minnesota, North Carolina, New York, Pennsylvania, Texas, and Washington, as well as the Multi-State Information Sharing and Analysis Center (MS-ISAC) compared to nine states in Cyber Storm II.
    • 12 International Partners - Australia, Canada, France, Germany, Hungary, Japan, Italy, the Netherlands, New Zealand, Sweden, Switzerland, and the United Kingdom compared to four international partners in Cyber Storm II.
    • 50 Percent More Private Sector Partners - 60 private sector companies participated in Cyber Storm III, up from 40 in Cyber Storm II, several of which participated on-site with DHS for the first time. DHS worked with representatives from the Banking and Finance, Chemical, Communications, Dams, Defense Industrial Base, Information Technology, Nuclear, Transportation, and Water sectors as well as the corresponding Sector Coordinating Councils and Information Sharing and Analysis Centers to identify private sector participants.

Cyber Storm II: March 2008

  • Involved 5 countries (Australia, Canada, New Zealand, United Kingdom, and the United States); 18 federal cabinet-level agencies (Departments of Defense, State, Justice, etc.); 9 states (Pennsylvania, Colorado, California, Delaware, Texas, Illinois, Michigan, North Carolina, and Virginia); and over 40 private sector companies (Juniper Networks, Microsoft, McAfee, Cisco, NeuStar, The Dow Chemical Company, Inc., PPG Industries, ABB Group, Air Products & Chemical Inc., Nova Chemical, Wachovia, etc.);
  • Affected 4 critical infrastructure sectors including chemical, information technology, communications, and transportation (rail/pipe) and used 10 Information Sharing and Analysis Centers;
  • Exercised the processes, procedures, tools, and organizational response to a multi-sector coordinated attack through and on the global cyber infrastructure;
  • Allowed players to exercise and evaluate their cyber response capabilities to a multi-day coordinated attack and to gauge the cascading effects of cyber disasters on other critical infrastructure, shaping response priorities; and
  • Exercised government and private sector concepts and processes developed since Cyber Storm I, requiring great interaction and coordination at the strategic, operational, and tactical levels.
  • More on Cyber Storm II

Cyber Storm I: February 2006

  • First government-led full-scale cyber exercise;
  • Included over 115 organizations, including federal, state,and local governments and the private sector;
  • Featured four sectors: information technology, communications, energy,and transportation (air); and
  • Allowed participants to respond to a variety of cyber and communications degradations and simulated attacks against critical infrastructure and to collaborate at the operational, policy,and public affairs levels.
  • More on Cyber Storm I
Last Published Date: October 14, 2015

Was this page helpful?

Back to Top