Fact Sheet: Cyber Storm II: National Cyber Exercise

The Department of Homeland Security’s National Cyber Security Division (NCSD) will host Cyber Storm II, a comprehensive, dynamic cyber security exercise, in March 2008. The exercise will simulate a large-scale coordinated cyber attack on critical infrastructure sectors including the chemical, information technology (IT), communications, and transportation (rail/pipe) sectors.

The exercise addresses the increasingly sophisticated cyber security threats that both the public and private sectors face. As the Department's biennial National Cyber Exercise, the goal of Cyber Storm II is to examine the processes, procedures, tools and organizational response to a multi-sector coordinated attack through, and on, the global cyber infrastructure. Exercise planning and execution provides the opportunity to establish and strengthen cross-sector, inter-governmental and international relationships that are critical during the exercise and in actual cyber response situations.

Objectives

Cyber Storm II will exercise government and private sector concepts and processes developed since Cyber Storm I.

Specific objectives of the exercise include:

• Examine the capabilities of participating organizations to prepare for, protect from, and respond to the potential effects of cyber attacks;
• Exercise strategic decision making and interagency coordination of incident response(s) in accordance with national level policy and procedures;
• Validate information sharing relationships and communications paths for the collection and dissemination of cyber incident situational awareness, response and recovery information; and
• Examine means and processes through which to share sensitive information across boundaries and sectors, without compromising proprietary or national security interests.

Exercise Mechanics

Cyber Storm II is intended to act as a catalyst for assessing communications, coordination and partnerships across critical infrastructure sectors. To accomplish this, Cyber Storm II is a distributed exercise that allows players around the world to exercise from their own office locations. The exercise control center will be located at a Department of Homeland Security facility in the Washington, DC metropolitan area. The scenario will progress as players receive “injects” via e-mail, phone, fax, in person, and exercise websites from exercise control. These injects will simulate adverse effects through which the participants can exercise their cyber crisis response systems, policies and procedures.

Scenario

The Cyber Storm II scenario will be executed by persistent, fictitious adversaries with a distinct political and economic agenda. The Cyber Storm II adversary will use sophisticated attack vectors to create a large-scale incident requiring players to focus on response.

Cyber Storm II planners design the scenario around participants’ individual and collective objectives. The scenario is developed over an 18 month planning process during which Cyber Storm II planners interact regularly both in-person and virtually. Throughout the planning process, individual organizations and sectors refine objectives for participation in the exercise. Planners build the scenario to accommodate the objectives of the organizations and sectors participating, but not specific vulnerabilities.

Participants

Participation in Cyber Storm II includes the private sector as well as federal, state, and international governments, including Australia, Canada, New Zealand, and the United Kingdom. Eleven cabinet-level agencies will participate in Cyber Storm II including the Department of Defense and Department of Justice. Nine states have been invited to participate including California, Colorado, Delaware, Illinois, Michigan, North Carolina, Pennsylvania, Texas and Virginia. Private sector participants have been coordinated through the Information Sharing and Analysis Centers, Sector Coordinating Councils, and Government Coordinating Councils. Over 40 private sector companies from the four critical infrastructure sectors will participate in the exercise. It is through the interaction between the public and private sectors that the exercise can accurately simulate the interdependencies of the world’s cyber and communications networks.

Authorities

Cyber Strom II addresses the Training and Exercise requirements found in Homeland Security Presidential Directive 8 “National Preparedness.” Coordinated under the DHS National Exercise Program, it supports the National Strategy to Secure Cyberspace by exercising the national cyber security response. It also exercises the standard operating procedures found in the draft Cyber Incident Annex of the National Response Framework.

Applying Lessons Learned

DHS will apply the lessons learned from Cyber Storm II to strengthen the Nation’s cyber security preparedness and response mechanisms. To achieve this, DHS will host several post-exercise conferences to discuss the findings from the exercise and finalize an After Action Report. In addition, each participating organization will assess its own performance and develop its own plan of action for strengthening its cyber security.