Incident Response, Network Security, TDR

Cyber Storm II exercise shows improvement in preparedness

The Department of Homeland Security's second massive cybersecurity exercise has revealed improved preparedness across IT infrastructures and government agencies, compared to the first “Cyber Storm” in 2006, according to the acting director of DHS's National Cybersecurity Division.

More than 100 U.S. and overseas companies and 18 federal departments and agencies participated in the week-long Cyber Storm II exercise, which concluded last Friday. Ten information-sharing and analysis centers across critical IT infrastructures also were deployed.

In this year's exercise, 100 “controllers” – cybersecurity experts from law enforcement and intelligence agencies – staged a simulated disruption of computer networks governing chemical and transportation infrastructure, including rail service and pipelines.

Working from the U.S. Secret Service headquarters, the controllers managed and “injected” the attack scenario – including a mock telecom and internet disruption, coupled with “cyberattacks” on critical control systems – into participants' networks and monitored their efforts to coordinate a response.

Cheri McGuire, the acting director of DHS's National Cybersecurity Division, who organized the exercise, told it was designed to be as realistic as possible.

“It was a continuous exercise, and each scenario builds on itself and becomes more intense. We reward our participants with more and more difficult types of attacks,” she said. “We were looking at individual responses and watching closely to see how everyone worked together in a coordinated response.”

According to McGuire, “our overall preparedness has gotten better and more mature [since the 2006 exercise] across infrastructures, federal agencies and the private sector, in our ability to coordinate and to know who to call and when to call them."

McGuire declined to specify any significant deficiencies uncovered by this year's exercise, which will now be subjected to a three-month “action review” in which participants will convene in teleconferences and share lessons learned from Cyber Storm II.

However, she did admit she was surprised by the heavy reliance of Cyber Storm II participants on the fake online media outlets that were created to lend a bit more realism to the exercise.

"We had more than 500,000 hits over our player sets on one simulated media site,” she told “This indicates the importance of the media's role in informing stakeholders and the general public during this type of crisis.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.