DHS ‘Cyber Storm’ exercise tests manufacturing and transportation sectors

A global cybersecurity drill hosted by DHS that began Tuesday should “push participants out of their comfort zone," top DHS cybersecurity official Jeanette Manfra said.

A global cybersecurity drill hosted Tuesday by the Department of Homeland Security served to “push participants out of their comfort zone” to practice information sharing at a time of heightened risk to critical infrastructure, top DHS cybersecurity official Jeanette Manfra said.

“Cyberthreats to critical infrastructure continue to grow and represent one of the most serious national security challenges we must confront,” Manfra told reporters, adding that participants will respond to a simulated global threat to infrastructure over the course of the three-day exercise.

This week’s exercise includes participants from the transportation and “critical manufacturing” sectors, the latter which DHS recently warned Russian government hackers were targeting in a multi-stage attack campaign. Aviation giant Boeing was hit by malware last month in an attack that stirred fears that the potent WannaCry ransomware had struck again.

More than 1,000 people, including corporate executives, law enforcement personnel and intelligence and defense officials, are participating in this sixth iteration of the exercise known as Cyber Storm, which DHS touts as “the most extensive government-sponsored cybersecurity exercise of its kind.” While a group of participants gathered at Secret Service headquarters in Washington, D.C., many others joined the drill from their own offices across the country.


Manfra defended the fact that voting systems are not an explicit focus of this year’s exercise despite ongoing concerns over their cyber vulnerabilities. Hackers targeted U.S. voting systems in multiple states ahead of the 2016 presidential election, and DHS last year designated those systems as part of the critical infrastructure the department is mandated to protect.

“We want to ensure that … different sectors have an opportunity to participate,” Manfra said, adding “we have concerns going on with critical manufacturing [and] industrial control systems.”

Multiple U.S. states, which oversee voting systems, are participating in the exercise, she said, adding that just because a sector isn’t singled out as a focus of the exercise doesn’t mean it isn’t tested.

The seven participating states are Colorado, Delaware, Iowa, Montana, Texas, Virginia and Washington.

The latest version of the congressionally-mandated DHS exercise includes a simulated social media platform that bombards participants with information, which could include reports of a new software vulnerability. Manfra said that some vulnerability researchers have in recent years posted their discoveries to social media rather than going through a disclosure process, presenting a new challenge to government analysts.


Phyllis Schneck, DHS’s former deputy undersecretary for cybersecurity and communications, told CyberScoop that the biennial exercise had evolved considerably since its 2006 inception to keep pace with the threat landscape.

“Cyber Storm has evolved to focus on exercising multi-sector response to severe cyber events, building the muscle memory for action as a team so everyone knows what to do when, not if, a cyber-adversary appears,” said Schneck, now the managing director and global leader of cyber solutions at consultancy Promontory.

The Cyber Storm exercise takes place as sophisticated hackers continue to probe the soft underbelly of U.S. critical infrastructure. DHS last month alerted industry that Russian government hackers had been using spearphishing and watering-hole attacks to collect information on industrial control systems used in critical U.S. energy sectors.

The energy sector, led by regulator North American Electric Reliability Corp., has been carrying out its own regular cyber drills to prepare for sophisticated attacks. The most recent version of that exercise, known as GridEx, revealed a shortage of security clearances for utility employees to share classified information.

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts