• United States



CyberStorm II Panel discusses Key Takeaways at RSA Conference

Apr 13, 20083 mins
Business ContinuityIT Leadership

On April 9, I participated in an excellent panel at the RSA Conference in San Francisco. The topic was Cyberstorm II, and although participants didn’t discuss exercise scenarios or detailed action items, the discussion was interesting and received substantial press coverage. A top message: the importance of planning and communication across traditional and new boundaries.

For starters, a brief overview on the session is posted at the RSA Conference website.  The coverage of the event ranged from Government Computer News (GCN) which picked up on the challenges in implementing public/private partnerships to Internet which focused on comments from Greg Garcia, assistant secretary for cyber security and communications for the Department of Homeland Security (DHS).  

“It fundamentally was about identifying and responding to a fast-breaking cyber-epidemic. It tested our ability to identify an attack, validate or correct the analysis with our partners — because we were all getting different pieces of information — and to respond individually and collectively.”

InfoWorld also ran a piece on the RSA panel which added several other quotes. “By participating in Cyber Storm II, emergency response mangers could find out if their plans worked out as expected, and, in particular, if people wound up doing what the planners thought they would do, said Christine Adams, a senior information systems manager at the Dow Chemical Company, speaking during a panel discussion at the conference.

ComputerWorldUK was one of several international publications that reported on the panel. Like many of the the other articles, their focus was on coordination, communication, and better cross-boundary planning prior to events.

Information Week reported this, “One pony-tailed RSA attendee, presumably a security pro, expressed dissatisfaction with the lack of specific information disclosed about Cyber Storm II and asked bluntly, “Was there a red team and did they win?”

“We don’t have a firm answer about winning or losing,” said panel moderator Jordana Siegel, acting deputy director at Department of Homeland Security. She however did allow that the exercise had taught everyone a lot.

So what new can I add to this coverage? Not much right now, but I encourage a closer look at the final report when it comes out later this summer. Our team grew and learned a tremendous amount. We were also in CyberStorm I, and this time we had many more people participating.

As I mentioned on the panel, Michigan greatly benefitted from the opportunity to get senior executives involved in CyberStorm II from across government. It was a great training and awareness day, and many managers told me some rendition of  “I had no idea how important our cyber infrastructure was and is.”  That was perhaps my favorite take-away from CyberStorm II. It was well worth the time investment.  


Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist and author. During his distinguished career, Dan has served global organizations in the public and private sectors in a variety of executive leadership capacities, including enterprise-wide Chief Security Officer (CSO), Chief Technology Officer (CTO) and Chief Information Security Officer (CISO) roles in Michigan State Government. Dan was named: "CSO of the Year," "Public Official of the Year," and a Computerworld "Premier 100 IT Leader." Dan is the co-author of the Wiley book, “Cyber Mayday and the Day After: A Leader’s Guide to Preparing, Managing and Recovering From Inevitable Business Disruptions.” Dan Lohrmann joined Presidio in November 2021 as an advisory CISO supporting mainly public sector clients. He formerly served as the Chief Strategist and Chief Security Officer for Security Mentor, Inc. Dan started his career at the National Security Agency (NSA). He worked for three years in England as a senior network engineer for Lockheed Martin (formerly Loral Aerospace) and for four years as a technical director for ManTech International in a US / UK military facility. Lohrmann is on the advisory board for four university information assurance (IA) programs, including Norwich University, University of Detroit Mercy (UDM), Valparaiso University and Walsh College. Earlier in his career he authored two books - Virtual Integrity: Faithfully Navigating the Brave New Web and BYOD For You: The Guide to Bring Your Own Device to Work. Mr. Lohrmann holds a Master's Degree in Computer Science (CS) from Johns Hopkins University in Baltimore, Maryland, and a Bachelor's Degree in CS from Valparaiso University in Indiana.

More from this author