HomeServicesTable Top Exercises

OT / ICS Table Top Exercises

We lead your team through realistic disaster scenarios to build the coordination and muscle memory required to handle the unexpected with professional grace. Scenario customisation builds bad day drills specifically around your facility's most critical assets.

Book a ConsultationAll Services

Mastering the Response Before the Alarm Sounds

When a cyber incident hits an industrial environment, the decisions made in the first two hours determine whether you recover in days or weeks. The worst time to discover that your incident response plan has gaps is during an actual incident. Table top exercises find those gaps safely — without production risk, without real consequences.

NEXUS designs and facilitates scenario-based exercises built specifically for OT environments. We draw on real-world ICS attack patterns — ransomware campaigns targeting industrial operators, supply chain compromises, and nation-state intrusion scenarios — to create exercises that feel real and produce actionable lessons.

Exercise Scenarios We Run

  • Ransomware encryption of historian and engineering workstations
  • PLC firmware modification via compromised vendor remote access
  • Insider threat — disgruntled employee with SCADA access
  • Supply chain compromise via software update
  • Nation-state pre-positioning detected in OT network
  • IT/OT boundary crossing — corporate breach spreading into OT

Exercise Formats

  • Operational TTX — Engineering and operations team focus. Who calls whom, what gets isolated, when does production stop?
  • Strategic TTX — Leadership and management focus. Decision-making under uncertainty, regulatory notification, stakeholder communication.
  • Full-Stack TTX — Engineering, operations, IT/OT security, and management together. Tests the interfaces between layers.
  • Red Cell Injection — NEXUS provides a live adversary role, introducing new injects throughout to stress-test your response.

Our Exercise Process

01
Scenario Design & Pre-Brief
Scenario context, participant roles, and exercise rules. No prior knowledge of the specific scenario — that is the point.
02
Facilitated Exercise
NEXUS facilitates the scenario, introducing injects at key points and observing decisions, communications, and escalation paths.
03
Hot Debrief & After-Action Report
Immediate post-exercise discussion while observations are fresh, followed by a documented after-action report with prioritised gap closure actions.

The measure of a good exercise is not the report. It is whether your team responds differently next time — faster escalation, clearer decision authority, fewer communication gaps under pressure. The after-action report is the record. The behavioural change is the outcome.

Exercise Formats

  • Operational (engineering)
  • Strategic (leadership)
  • Full-stack (all layers)
  • Red cell injection

Typical Duration

  • Half-day: 4 hours
  • Full-day: 7 hours
  • Multi-day: custom
  • Remote delivery available

Sample Report

See what a real Tabletop Exercise After-Action Report looks like — including scenario summary, gap findings, and remediation actions.

View Sample Report

Test Your Response

Before an attacker does. Talk to a NEXUS engineer directly.

Book a Consultation
Related Services

You May Also Need