Cyber Storm exercise challenged coordination, communications

Cyber Storm, the multilayered cyberattack exercise mounted by the Homeland Security Department in February, highlighted gaps and shortcomings in response planning at all levels of government, but also demonstrated agencies' willingness to try solutions on the fly, according to a report released this week by DHS.

The Cyber Storm Exercise Report found that organizations under cyberattack'whether government agencies or private-sector enterprises'had a hard time understanding the big picture, instead treating most incidents as 'individual and discrete.'

In the Cyber Storm scenario, three primary sectors were targeted'energy, transportation and IT'with telecommunications as an ancillary target. As events cascaded and amplified across these sectors, organizations struggled to continue coordinating responses to the cyberattacks as their frequency and targets expanded.

For instance, the U.S. Computer Emergency Readiness Team, which served as a clearinghouse for much of the attack information, 'found that the sheer volume of information constrained their ability to simultaneously provide situational awareness coordination and conduct second-order technical analysis,' the report stated.

The use of classified information and classified networks makes it more difficult to coordinate among agencies, and between government and the private sector, the report found.

'Greater public-private sector collaboration could be achieved if the private sector was afforded robust connectivity to, or interaction with, the [National Cyber Response Coordination Group] during major incidents such as ' Cyber Storm,' the report found.

The report identified several key achievements in the exercise, including the first-time testing of the full range of cyber-related response policy, doctrine and communications methods that would be needed in a real-world crisis. The exercise established a number of public-private relationships that will be invaluable in responding to cross-sector incidents, DHS concluded.


  • business meeting (Monkey Business Images/

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected