Cyber Storm exercise challenged coordination, communications

Cyber Storm, the multilayered cyberattack exercise mounted by the Homeland Security Department in February, highlighted gaps and shortcomings in response planning at all levels of government, but also demonstrated agencies' willingness to try solutions on the fly, according to a report released this week by DHS.

The Cyber Storm Exercise Report found that organizations under cyberattack'whether government agencies or private-sector enterprises'had a hard time understanding the big picture, instead treating most incidents as 'individual and discrete.'

In the Cyber Storm scenario, three primary sectors were targeted'energy, transportation and IT'with telecommunications as an ancillary target. As events cascaded and amplified across these sectors, organizations struggled to continue coordinating responses to the cyberattacks as their frequency and targets expanded.

For instance, the U.S. Computer Emergency Readiness Team, which served as a clearinghouse for much of the attack information, 'found that the sheer volume of information constrained their ability to simultaneously provide situational awareness coordination and conduct second-order technical analysis,' the report stated.

The use of classified information and classified networks makes it more difficult to coordinate among agencies, and between government and the private sector, the report found.

'Greater public-private sector collaboration could be achieved if the private sector was afforded robust connectivity to, or interaction with, the [National Cyber Response Coordination Group] during major incidents such as ' Cyber Storm,' the report found.

The report identified several key achievements in the exercise, including the first-time testing of the full range of cyber-related response policy, doctrine and communications methods that would be needed in a real-world crisis. The exercise established a number of public-private relationships that will be invaluable in responding to cross-sector incidents, DHS concluded.


  • senior center (vuqarali/

    Bmore Responsive: Home-grown emergency response coordination 

    Working with the local Code for America brigade, Baltimore’s Health Department built a new contact management system that saves hundreds of hours when checking in on senior care centers during emergencies.

  • man checking phone in the dark (Maridav/

    AI-based ‘listening’ helps VA monitor vets’ mental health

    To better monitor veterans’ mental health, especially during the pandemic, the Department of Veterans Affairs is relying on data and artificial intelligence-based analytics.

Stay Connected