Cyber Storm II exercise shows improvement in preparedness

Share this article:

The Department of Homeland Security's second massive cybersecurity exercise has revealed improved preparedness across IT infrastructures and government agencies, compared to the first “Cyber Storm” in 2006, according to the acting director of DHS's National Cybersecurity Division.

More than 100 U.S. and overseas companies and 18 federal departments and agencies participated in the week-long Cyber Storm II exercise, which concluded last Friday. Ten information-sharing and analysis centers across critical IT infrastructures also were deployed.

In this year's exercise, 100 “controllers” – cybersecurity experts from law enforcement and intelligence agencies – staged a simulated disruption of computer networks governing chemical and transportation infrastructure, including rail service and pipelines.

Working from the U.S. Secret Service headquarters, the controllers managed and “injected” the attack scenario – including a mock telecom and internet disruption, coupled with “cyberattacks” on critical control systems – into participants' networks and monitored their efforts to coordinate a response.

Cheri McGuire, the acting director of DHS's National Cybersecurity Division, who organized the exercise, told it was designed to be as realistic as possible.

“It was a continuous exercise, and each scenario builds on itself and becomes more intense. We reward our participants with more and more difficult types of attacks,” she said. “We were looking at individual responses and watching closely to see how everyone worked together in a coordinated response.”

According to McGuire, “our overall preparedness has gotten better and more mature [since the 2006 exercise] across infrastructures, federal agencies and the private sector, in our ability to coordinate and to know who to call and when to call them."

McGuire declined to specify any significant deficiencies uncovered by this year's exercise, which will now be subjected to a three-month “action review” in which participants will convene in teleconferences and share lessons learned from Cyber Storm II.

However, she did admit she was surprised by the heavy reliance of Cyber Storm II participants on the fake online media outlets that were created to lend a bit more realism to the exercise.

"We had more than 500,000 hits over our player sets on one simulated media site,” she told “This indicates the importance of the media's role in informing stakeholders and the general public during this type of crisis.”

Share this article:

Sign up to our newsletters

More in News

Brazilian president signs internet 'Bill of Rights' into law

Brazilian president signs internet 'Bill of Rights' into ...

President Dilma Rousseff signed the legislation on Wednesday at the NetMundial conference in Sao Paulo.

Android trojan sends premium SMS messages, targets U.S. users for first time

Android trojan sends premium SMS messages, targets U.S. ...

An SMS trojan for Android, known as FakeInst, has been observed sending premium SMS messages to users all over the world, including, for the first time, the United States.

Report: DDoS up in Q4 2013, vulnerability scanners leveraged to exploit sites

Report: DDoS up in Q4 2013, vulnerability scanners ...

Researchers observed 346 DDoS attacks in the final quarter of 2013 and attackers used Vega and Skipfish vulnerability scanners to exploit web flaws at financial companies.