White House Prepares for Ukraine with Tabletop Exercises

To prepare for Ukraine, White House officials held two tabletop exercises, Washington Post reports.

“What I saw ... was, including at the most senior levels, lightbulbs go on about the way the pieces fit together."

So, how can a TTX help you?

We know that an escalating situation in Ukraine could hit Western critical infrastructure companies with targeted or collateral cyber damage.?

Whether you're preparing for that scenario or just want to stress-test your capabilities, a TTX can be a quick and effective tool.

Having designed and run many TTXs for executives, our team @ghsrm assembled some quick best practices to help you plan a successful TTX (some are cyber-specific but can be generalized):

1. Before embarking on a TTX, determine your TTX Triad: objectives, participants, and key elements of the scenario.

These three things influence each other, so you must decide them together, and they set the path for everything that follows.

- Objectives: Are you trying to test one thing, like a playbook/response, or use the scenario to imagine where things could go and think of things you haven't thought of, or raise awareness, or ... ? TTXs are great for many things, but you (or someone) must define the objective.

- Participants: We're big believers in having senior executives at the table. They'll want to be involved when a real crisis happens, so they should be at the TTX. (cont'd)

- Participants-2: For the same reason, include non-IT/Security executives. And, consider outside parties like legal counsel, forensics, public relations, and crisis mhm't coach.

- Participants-3: Include deputies/back-ups for each principal at least as observers for when a principal won't be there. Many crises last more than 24 hours, and (despite what you read in the papers) even principals sleep, especially smart ones. Deputies need to be ready.

- Key Elements: Are you focused on one thing, like Ukraine, or ransomware, or insider threat, or are you testing your ability to respond to multiple things happening at once? Should the elements be geared towards some participants more than others, or designed to engage everyone?

Again, Objectives, Participants, and Key Elements are the TTX Triad that go together at the start.

2. Make the scenario hard. Really hard.?

The real crisis will be hard. Too much will happen at once. Bad information will flow in. People will miscommunicate. Practice all this.

Some consultants make easy TTXs easy so everyone feels good. This is bad. Make the scenario hard.

3. Focus on substance over style. Having a relevant and realistic scenario is more important than having fancy videos. ??>??

4. Set guidelines for all participants for a productive TTX. Perhaps the most important guidelines are

Don't Fight the Scenario (instead of "that couldn't happen," ask "what would we do if it did?")

&

Don't Get Lost in the Technical Weeds (unless that is your objective)

5. Do Lessons Learned right:

- Designate a scribe who will record Lessons Learned identified by participants on the fly during the TTX??

- Do a group debrief immediately after the TTX ends

- Encourage participants to write down their top take-aways (which cements the learning)

- Do another debrief a few days later

- Follow up on the lessons learned and any capabilities/resources that were identified as missing: Create a *simple* tracker that identifies the issue, who is responsible for it, and a date by which they must follow up

Obviously, a third party facilitator can help (?? we're right here ), especially with senior executives at the table, BUT you can get a lot of value out of a quick, internal TTX too, and we hope these top tips help you do so.

For those of you who have participated in or run TTXs, what would you add? Teamwork makes the dream work ??