Every two years, the Department of Homeland Security hosts a large-scale exercise to test critical infrastructure companies’ ability to respond to a disruptive, hypothetical cyberattack. With more threat data to draw on than ever, DHS officials hope next spring’s Cyber Storm exercise will be the most rigorous test of participants’ response plans to date, driving home the interdependence of critical infrastructure sectors in new ways.
Cyber Storm 2020 will focus more on collaborating with state and local officials to recover from an incident than previous drills, according to Brian Harrell, assistant director for infrastructure security at DHS’s Cybersecurity and Infrastructure Security Agency (CISA). In another twist, planners are looking to incorporate insider threats into the scenario, he said.