OT Tabletop Cyber Crisis Management

Cyber-attacks can seriously impact the processes of Operational Technology (OT) and Industrial Control systems (ICS). It is essential to prepare. The OT Tabletop Workshop simulates a cyber-attack. It can help you perfect your OT Disaster Recovery Plan and Crisis Management Plan.

> OT | SITE ASSESSMENT & MORE > OT Tabletop Cyber Crisis Management

Cyber "Fire" drill for OT environments

Cyber-attacks can seriously impact the processes of Operational Technology (OT) and Industrial Control systems (ICS). Being well prepared is essential. A Tabletop Cyber Crisis Management Workshop helps you prepare your response to a cyber-attack. It can also help you perfect your OT Disaster Recovery Plan and Crisis Management Plan.

Are you prepared?

Is your organization prepared for a cyberattack or a large-scale security incident on your OT systems? Ask yourself these questions:

  • Does your team know what to do and how to recover when all Operator Interfaces (HMIs) are unavailable?
  • What is the impact on production or safety?
  • What are everyone's responsibilities?
  • Is external support from the industrial control system (ICS) vendor required?
  • Who are the first points of contact?

You don't want to look for the answer to these questions during an incident. Secura can help you prepare with the OT Tabletop Cyber Crisis Management Workshop. It is a cyber "Fire" drill for OT environments.

Challenges in OT

As a long established and leading expert in cybersecurity, Secura is aware of the challenges within OT environments. Often the responsibilities are less well defined than in IT departments.

Most organizations lack dedicated OT security specialists. Engineers don’t always have the necessary expertise to deal with complex security issues. This increases the importance of a solid and verified plan.

Especially because cyber incidents in your industrial control systems can directly impact primary business processes and safety of your staff. That's why we advice you to do an OT Tabletop Cyber Crisis Management Workshop to raise cyber resilience of your organization.

Practicing for disaster

During the OT Tabletop Cyber Crisis Management Workshop, you will practice operational procedures for dealing with high impact cyber incidents, for example a ransomware scenario. Think of this as the cyber equivalent to the annual fire drill.

The goal of the Tabletop is to help you to:

  • Verify and improve your plans for Disaster Recovery and/or Crisis Management.
  • Identify gaps in policies for backup, restoring, security monitoring and disaster recovery.
  • Gain insight into different roles during a crisis.

The scenarios and our approach are based on NIST standard SP 800-84 to effectively prepare and execute cyber incident exercises.

How does the Tabletop session work?

Over the course of the exercise, the participants will receive information, simulated reports and challenges that contribute to the scenario. We will take the time to evaluate the steps taken during the simulation.

The participants learn how to act effectively as a team during an incident. This means the exercise also contributes to team building and developing mutual respect.


During preparation, we jointly determine the scope of the exercise. We will collect the documents about the OT environment, such as OT system diagrams, the OT disaster recovery plans and the crisis infrastructure within the organization.

The scenario will be tailored to the specific OT network and organizational structure in scope. Based on the defined goals and content of the exercise we can determine the required participants, like OT, IT, Management, or vendors.

Crisis training

The tabletop begins with an introduction of high impact OT cyber security incidents. Secura gives a presentation about ransomware and the threat it can pose to your organization. The second part of the training focuses on the crisis process and disaster recovery in your organization. We engage participants in an interactive discussion about the current processes within your organization and whether they are up-to- date.

Cyber crisis exercise

The main part of the tabletop is built around a simulated incident in which the participants conduct a crisis consultation. The simulated incident covers everything from initial detection of a small security issue to the full-scale escalation, crisis management and disaster recovery.


You will receive a report with observations, lessons learned and recommendations for adjusting the Disaster Recovery and Crisis Management plans.

Disaster Recovery Plan and Crisis Management Plan

The exercise works best if you have a Disaster Recovery Plan (DRP) or a Crisis Management Plan (CMP) in place.

OT Disaster Recovery Plan (DRP)

A Disaster Recovery Plan, or DRP, is a comprehensive plan that covers full recovery of the OT network, including the industrial controllers, SCADA systems and other vital components. Recovery order, system dependencies, required resources and tools, reliable backups, tested procedures and validation processes are all required for a successful and fast recovery.

During the preparation of the OT Tabletop, we check whether this plan exists and is successfully implemented. If you do not have a Disaster Recovery Plan, Secura can provide support to review or create one, based on relevant controls specified in NIST CSF and IEC 62443-2-1 and matched to the current infrastructure.

OT Crisis Management Plan (CMP)

A Crisis Management Plan, or CMP, is all about managing the crisis on a company level, including decision-making and communication. Most organizations have a general plan, but they don’t always cover disasters caused by cyber and/or cyber incidents in OT.

During the Tabletop we will review the existing Crisis Management Plan. If needed, Secura can help you improve or create this plan.

Download Factsheet


Download Factsheet

Discover more about the OT Tabletop Cyber Crisis Management Workshop.


Take action now

Would you like to learn more about our OT Tabletop Cyber Crisis Management Workshop? Please fill out the form below and we will contact you within one business day.



Secura is a leading cybersecurity expert. Our customers range from government and healthcare to finance and industry worldwide. Secura offers technical services, such as vulnerability assessments, penetration testing and red teaming. We also provide certification for IoT and industrial environments, as well as audits, forensic services and awareness training. Our goal is to raise your cyber resilience.

Secura is a Bureau Veritas company. Bureau Veritas (BV) is a publicly listed company specialized in testing, inspection and certification. BV was founded in 1828, has over 80.000 employees and is active in 140 countries. Secura is the cornerstone of the cybersecurity strategy of Bureau Veritas.