Cyber Storm Exercise

From Wikipedia, the free encyclopedia
Jump to: navigation, search

The Cyber Storm exercise was a simulated exercise overseen by the Department of Homeland Security that took place February 6 through February 10, 2006 with the purpose of testing the nation's defenses against digital espionage.[1][2] The simulation was targeted primarily at American security organizations but officials from the United Kingdom, Canada, Australia and New Zealand participated as well.[3]


The exercise simulated a large scale attack on critical digital infrastructure such as communications, transportation, and energy production. The simulation took place a series of incidents which included:

  • Washington, D.C. Metro trains mysteriously shutting down.
  • Bloggers revealing locations of railcars containing hazardous materials.
  • The airport control towers of Philadelphia and Chicago mysteriously shutting down.
  • A mysterious liquid appearing on a London subway.
  • Significant numbers of people on "no fly" lists suddenly appearing at airports all over the nation.
  • Planes flying too close to the White House.
  • Water utilities in Los Angeles getting compromised.

Internal difficulties[edit]

During the exercise the computers running the simulation came under attack by the players themselves. Heavily censored files released to the Associated Press reveal that at some time during the exercise the organizers sent every one involved an e-mail marked "IMPORTANT!" telling the participants in the simulation not to attack the game's control computers.[4]

Performance of participants[edit]

The Cyber Storm exercise highlighted the gaps and shortcomings of the nation's cyber defenses. The cyber storm exercise report found that institutions under attack had a hard time getting the bigger picture and instead focused on single incidents treating them as "individual and discrete."[5] In light of the test the Department of Homeland Security raised concern that the relatively modest resources assigned to cyber-defense would be "overwhelmed in a real attack".[6]


  1. ^ Fact Sheet: Cyber Storm Exercise (Department of Homeland Security). Accessed February 1, 2008.
  2. ^ Cyber Storm Exercise Report (Department of Homeland Security)
  3. ^ Kapica, Jack. A blogger’s paranoia, The Globe and Mail, Accessed February 1, 2008.
  4. ^ "Cyber ‘War’ Games Highlight Vital Security Flaws". Retrieved 2017-03-13. 
  5. ^ Wait, Patience. Cyber Storm exercise challenged coordination, communications (Government computer news). Accessed February 1, 2008.
  6. ^ DHS releases report on Cyber Storm exercise. Accessed February 18, 2008.

See also[edit]