Cyber threats to government networks and other critical infrastructure are one of our Nation’s most pressing security challenges. Consequences from attacks threaten the safety and security of the homeland, our economic competitiveness, and our way of life. With the majority of critical infrastructure owned and operated by the private sector, securing cyberspace is only possible through close collaboration, what we described as a “Collective Defense” model of shared responsibility.
Exercises are critical to testing this coordination, and more importantly, to building and maintaining strong relationships among the cyber incident response community. Carried out regularly, these exercises allow us to achieve solutions to some of the biggest challenges facing the homeland as well as raise the overall profile of cyber events and cyberattacks.
Cyber Storm VI was led by the Department of Homeland Security (DHS) and involved more than 1,000 members of the private industry, government and international partners who participated in a three-day distributed exercise that focused on the critical manufacturing and transportation sectors. The exercise evaluated and improved the capabilities of the cyber response community, informed preparedness and resilience planning efforts, and evaluated the effectiveness of the National Cyber Incident Response Plan in guiding response. Growth in this community of partners acknowledges the increasing value of information sharing and the benefits of exercising their organizations cyber response plans.
During the exercise, participants faced a simulated cyber crisis of national and international consequence that required them to use their training, policies, processes, and procedures for identifying and responding to a multi-sector cyberattack targeting critical infrastructure. The Cyber Storm VI scenario was an environment where no single organization was is in a position to stop or mitigate the impacts of the attack by itself. Thus, the scenario promoted cooperation and information sharing across the United States government, states, the private sector, and international partners.
The DHS National Cybersecurity and Communications Integration Center (NCCIC) served as the focal point for federal response and coordination during the event. NCCIC is a 24×7 cyber situational awareness, incident response, and management center that is a national nexus of cyber and communications integration for the Federal Government, intelligence community, and law enforcement. The NCCIC is also designated as the federal interface for private sector information sharing, cross-sector coordination, and incident response.
A comprehensive after-action process will take place to discuss initial, high-level findings. An after-action conference will also be held to validate these findings and inform the development of an after action report. This information, along with the lessons from previous exercises and real-world incidents, is integral for strengthening the Nation’s capacity to respond to a cyber incident. It also assists DHS in creating more challenging scenarios to test the security and resiliency of their partners in the years to come.
For more information about the Cyber Storm exercise series, and to view the final reports from Cyber Storms I-V, visit www.dhs.gov/cyber-storm.