Home Information Sharing & Analysis Prevention & Protection Preparedness & Response Research Commerce & Trade Travel Security Immigration
About the Department Open for Business Press Room
Current National Threat Level is elevated

The threat level in the airline sector is High or Orange. Read more.

Page Tools

Share icon Share this page Email icon Email Updates Feed icon Subscribe to Feeds

Cyber Storm: Securing Cyber Space

Cyber Storm, the Department of Homeland Security’s biennial exercise series, provides the framework for the nation’s largest cyber security exercise.

Congress mandated the Cyber Storm exercise series to strengthen cyber preparedness in the public and private sectors. Securing cyber space is the National Cybersecurity Division ’s top priority and one of the Department’s four key priorities for 2008.

Cyber Storm participants do the following:

  • Examine organizations’ capability to prepare for, protect from, and respond to cyber attacks’ potential effects;
  • Exercise strategic decision making and interagency coordination of incident response(s) in accordance with national level policy and procedures;
  • Validate information sharing relationships and communications paths for collecting and disseminating cyber incident situational awareness, response and recovery information; and 
  • Examine means and processes through which to share sensitive information across boundaries and sectors without compromising proprietary or national security interests.

Each Cyber Storm builds on lessons learned from previous real world disasters, ensuring that participants face more sophisticated and challenging exercises every two years.

Cyber Storm II: March 2008

  • Involves 5 countries (Australia, Canada, New Zealand, United Kingdom, United States); 18 federal cabinet-level agencies (Department of Defense, State Department, Department of Justice, etc.); 9 states (Pennsylvania, Colorado, California, Delaware, Texas, Illinois, Michigan, North Carolina, and Virginia ); and over 40 private sector companies (Juniper Networks, Microsoft, McAfee, Cisco, NeuStar, The Dow Chemical Company, Inc., PPG Industries, ABB Group, Air Products & Chemical Inc., Nova Chemical, and Wachovia);
  • Affects 4 infrastructure sectors including chemical, information technology, communications and transportation (rail/pipe) and used 10 information sharing and analysis centers;
  • Exercises the processes, procedures, tools and organizational response to a multi-sector coordinated attack through, and on, the global cyber infrastructure;
  • Allows players to exercise and evaluate their cyber response capabilities to a multi-day coordinated attack and to gauge the cascading effects of cyber disasters on other critical infrastructures, shaping response priorities; and
  • Exercises government and private sector concepts and processes developed since Cyber Storm I, requiring great interaction and coordination at the strategic. operational, and tactical levels.
  • More on Cyber Storm II

Cyber Storm I: February 2006

  • First government-led full-scale cyber exercise;
  • Included over 115 organizations, including federal, state and local governments;
  • Featured 4 sectors: information technology, communications, energy and transportation (air); and 
  • Allowed participants to respond to a variety of cyber and communications degradations and simulated attacks against critical infrastructures and to collaborate at the operational, policy and public affairs levels.
  • More about Cyber Storm I

This page was last reviewed/modified on October 20, 2008.