The US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) concluded on Friday a three-day simulated cybersecurity exercise dubbed “Cyber Storm” aimed at preparing the United States and ally nations to stand against potential real attacks on critical systems, Brian Harrell, CISA first Assistant Director for Infrastructure Security, said in a Friday statement.
Harrell described the three-day Cyber Storm exercise, attended by 2,000 participants the fields of US private industry and federal government and groups of international partners, as “the most extensive” cybersecurity simulation in the country. He said it was conducted to increase coordination against potential real attacks.
“We’re more connected than ever, which means our nation’s critical infrastructure faces increased risks from cyber-attacks,” Harrell told reporters following the end of the training, which was held remotely, quoted by The Hill. “No one company or government agency can be expected to go it alone, which is why exercises like Cyber Storm bring everyone together to discuss and exercise how we would respond collectively to a cyber-attack. Each Cyber Storm our coordination and capabilities get better, and this year was no different.”
Modeled on capabilities of real-world adversaries, the Cyber Storm involved an “all out attack on different sectors”, according to the official.
“Now is the time to exercise under blue sky conditions, you don’t want to exchange business cards during a hurricane. The Cyber Storm exercise elements represented actual and potential risks and attacks were made to be as realistic as possible,” Harrell told reporters. “Did we move the needle when it comes to cyber response, and I think this time around [...] we are seeing some marketable improvement across the critical infrastructure space.”
Harrell pointed out that election security, a key issue of concern recently as Election Day is approaching in the US, was not included in the exercise.
CISA is expected to release a detailed report on the findings of the Cyber Storm exercise in the near future.
The last Cyber Storm exercise took place in 2018, with around 1,000 participants.
US authorities have been concerned recently of cyberattacks targeting the country’s key infrastructure, with CISA and the National Security Agency (NSA) issuing a joint alert in mid-July about increasing attack attempts.
In late June, some 250 gigabytes of video, audio, and other data from a broad range of US law enforcement agencies was released to the public in a so-called 'BlueLeaks' collection. In response to the incident, the DHS recognized transparency activist organization Distributed Denial of Secrets (DDoSecrets), as having released the documents, and accused the entity of being a "criminal hacker group", although DDoSecrets was later found to not be responsible for the hack and release of sensitive data.