Tabletop Exercises: Strengthening Municipal Resilience

Those of us lucky enough to attend the end-of-conference tabletop exercise during the 2024 TAGITM Annual Conference got to participate in an interesting and informative session hosted by CISA.  But even if you didn't participate, that doesn't mean you and your organization have to miss out on the experience.

In the face of evolving challenges, municipalities need to embrace a proactive mindset to improve their security posture. Tabletop exercises are a vital component in this mindset, offering opportunities for preparedness and collaboration.  Tabletops with IT folks from other agencies allow for exposure to different viewpoints and security postures that can provide new insights into ways to improve your own agency.

These exercises within your own agency simulate realistic scenarios, allowing municipal leaders, emergency responders, and community stakeholders to navigate crises in a controlled environment. By engaging in tabletop exercises, municipalities can identify vulnerabilities, refine response protocols, and enhance intra-agency communication.  Moreover, these exercises foster interdisciplinary cooperation, breaking down silos between departments and fostering a unified response to crises. They also serve as invaluable training tools, building up personnel with the skills and confidence necessary to tackle real-world emergencies effectively.  In the ever-evolving landscape of cybersecurity, the importance of tabletop exercises cannot be overstated. They serve as a lynchpin in the resilience framework, equipping municipalities with the foresight and readiness essential for identifying weaknesses and ensuring a swift and coordinated response when it matters most.

Remember, tabletop exercises are not only about testing technical execution, they also builds trust between the teams involved and fosters collaboration. Most importantly, performing these exercises ensures incident response team members know what the communication cadence will be and ensures they “KNOW” what their responsibilities will be.

For those that don’t know where to start, we have an article on getting started with what’s need in an incident response plan for those the are just getting started and will help point you in the right direction of what should be cover in a tabletop: I’ve Been Hacked, Now What? (naylornetwork.com) 

Kevin A. Joyner, Leigh Johnson and Lindsay Rash all contributed to this article.