Over three days last week, the Cybersecurity and Infrastructure Security Agency (CISA) drew together more than 2,000 representatives from approximately 200 international organizations for an extensive cybersecurity exercise revolving around critical infrastructure: Cyber Storm VIII.
“Over the last several months, we have been encouraging organizations to have their ‘Shields Up’ to ensure they’re prepared to respond to potential disruptive cyber activity,” CISA Director Jen Easterly said. “An important part of building cyber preparedness and resilience is exercising incident response capabilities, something CISA and our cybersecurity partners do regularly through exercises like Cyber Storm. CISA will continue to work with government and industry to safeguard our critical infrastructure, but everyone has a role to play. I encourage all organizations – regardless of size – to adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets.”
The eighth iteration of the biennial exercise drew together public and private elements to assess cybersecurity preparedness and examine incident response processes, procedures, and information sharing. It did this through a simulated, widespread coordinated cyberattack that utilized operational and traditional enterprise systems. Participants were met with various impacts such as ransomware and data exfiltration scenarios.
Following the event, CISA stated that it would work with participating organizations to identify, share and assess the lessons learned from this exercise. Through this, they can improve cyber incident response planning, information sharing, and overall response to such disastrous events in the real world.