Cyber Storm VIII
CISA Holds Three-Day Critical Infrastructure Cybersecurity Exercise
The Cybersecurity and Infrastructure Security Agency said it has concluded a three-day cyber exercise involving more than 2,000 participants across 200 organizations from the private and public sectors.
Cyber Storm VIII saw participants respond to a simulated cybersecurity crisis affecting U.S. critical infrastructure. The exercise was intended to test the cybersecurity community’s preparedness, incident response procedures and ability to share information, CISA said Monday.
The latest iteration of the biennial event simulated ransomware and data exfiltration attacks against traditional enterprise systems and industrial control systems, which are often used to support critical infrastructure.
CISA recently warned about the increasing number of cybersecurity threats targeted at industrial control systems used by the manufacturing sector.
The agency noted that Cyber Storm VIII had been in the works for months and was not conducted in response to any specific or credible threat.
According to the Cyber Storm VIII web page, the participants included organizations from critical infrastructure sectors such as the chemical, commercial facilities, communications, critical manufacturing, energy, financial services, health care, information technology, transportation and wastewater systems sectors.
The organizations were divided into working groups to better address sector-specific objectives. They also strengthened relationships with their peers and improved communications strategies, according to the web page.
Jen Easterly, director of CISA, added that the agency regularly holds such exercises with its partners to ensure incident response preparedness.
“Everyone has a role to play,” Easterly said, urging organizations of all sizes to strengthen their ability to defend their critical assets.
Tags: CISA critical infrastructure Cyber Storm VIII cybersecurity industrial control system Jen Easterly