Cybersecurity Tabletop Workouts: How Far Ought to You Go?


With international cyber threats and different worldwide tensions rising, what eventualities ought to state and native governments contemplate when conducting workout routines to check their folks, processes and expertise?  

March 31, 2024 • 

Dan Lohrmann

Adobe Inventory/Tetlak

When conducting cybersecurity and different emergency administration tabletop workout routines, how far do you have to push your groups into uncomfortable conditions?

Whereas objectives of those workout routines typically concentrate on testing the folks, processes and expertise that might be used if a big incident happens, what eventualities go too far?

How can federal, state and native governments, and the private-sector teams that help them, greatest put together for international occasions that would shift paradigms and impression the enterprise of presidency in main methods, such because the occasions that occurred earlier than, throughout and after the COVID-19 pandemic?
Or, to present a selected instance as we enter April 2024, ought to non-Division of Protection organizations be getting ready for eventualities like China invading Taiwan?


Backing up for a second, contemplate these latest cyber threat-related media headlines and see in case you can join any dots:

Right here’s a quote from the final merchandise (final week’s weblog), which lined the alarming replace from a number of three-letter businesses earlier this month in Washington, D.C.:

“My favourite session was entitled ‘China in Your Digital Yard’ with T.J. Sayers, director of intelligence and incident response with the Middle for Web Safety; Dave Frederick, assistant deputy director for China with the Nationwide Safety Company; and Andrew Scott, affiliate director for China operations with the Cybersecurity and Infrastructure Safety Company. The session was moderated by Katherine Gronberg, head of presidency companies at NightDragon. What frankly shocked me from that session was the extent of concern from the intelligence group over present assaults which might be coming from China.

“Scott stated, ‘Within the final six months, our incident response effort has confirmed that the Folks’s Republic of China cyber actors have been on our vital infrastructure networks for in some instances as much as the final 5 years.’

“‘They’ve the entry that they want, and if the order was given, they might disrupt some companies on this nation proper now,’ he added.”

Listed below are a number of more moderen headlines to think about:


So how might a corporation put together with tabletop or different workout routines?

As well as, one other article from The Hill mentioned different classes realized from these workout routines: “The wargame was carried out behind closed doorways on Capitol Hill as a tabletop train between lawmakers, taking part in the position of the Taiwanese, and protection consultants on the Middle for a New American Safety, taking part in the a part of the Chinese language. The sport lasted for about two hours and bolstered the resolve of many lawmakers to deal with vulnerabilities they have been already involved about, stated Andrew Metrick, a fellow with the Protection Program at CNAS and co-creator of the wargame.

“’I used to be impressed with all the members and their thoughtfulness, their seriousness, and I might say their dedication to taking the teachings from a majority of these workout routines and making use of them to deterrence in order that this by no means involves move,’ he stated.”

Listed below are a number of tabletop train examples from main trade consultants on geopolitical conditions that will come up ought to China invade Taiwan:


I need to be clear on one level: I sincerely hope this situation by no means occurs. The truth is, I imagine that getting ready and speaking overtly about this subject could make cyber occasions with China invading Taiwan much less doubtless.

Nonetheless, I wrote this text to assist get away of the field that has been positioned round a lot of the present cyber tabletop eventualities I’m seeing governments check across the nation.

Even in case you disagree that this situation is vital for federal, state and native governments to incorporate in near-term tabletop workout routines, I problem you to search out different new eventualities, presumably different cyber conflicts or escalations wanting a China invasion of Taiwan, to think about as a way to check your groups.

I additionally acknowledge that almost all of presidency organizations are focusing tabletop workout routines on the 2024 elections and varied eventualities surrounding ransomware assaults and/or information breaches, that are vitally vital studying conditions. I applaud these efforts.

But when historical past teaches us something concerning getting ready our groups for the unknown, it’s that we are able to’t turn into complacent concerning present world occasions.

Prior to now 4 years, we’ve got seen Russia invade Ukraine, a world pandemic and an ongoing surge in nation-state cyber assaults towards U.S. and NATO nation civilian targets. Ransomware and different cyber assault statistics proceed to climb, and authorities expertise leaders should work with our emergency administration companions to do our greatest to arrange to answer these conditions it doesn’t matter what comes subsequent. This implies transferring additional out of our consolation zone.

This message will definitely imply various things to totally different audiences. However I ask you: When is the precise time for a tabletop train situation that features China invading Taiwan?


Dan Lohrmann

Daniel J. Lohrmann is an internationally acknowledged cybersecurity chief, technologist, keynote speaker and writer.

See Extra Tales by Dan Lohrmann

*** It is a Safety Bloggers Community syndicated weblog from Lohrmann on Cybersecurity authored by Lohrmann on Cybersecurity. Learn the unique submit at:


Lascia un commento

Il tuo indirizzo email non sarà pubblicato. I campi obbligatori sono contrassegnati *