Cyber Incident Exercising for a CNI Utilities Provider

The Challenge  

A major UK utilities provider - part of the nation’s Critical National Infrastructure (CNI) - needed to strengthen its incident response capability. With multiple critical OT systems and sites across the country, the organisation faced the risk of highly sophisticated cyber attacks that could disrupt essential services.  

The Solution  

Avella worked closely with the client’s Cyber Security and Resilience teams to design and deliver a programme of bespoke tabletop exercises. This involved:  

• Identifying the highest-risk scenarios, including ransomware targeting OT systems.  

• Crafting realistic attack scenarios based on known real-world incidents, in close collaboration with the engineering and IT teams, to ensure they reflected the organisation’s unique business and technology environments.  

• Running each exercise from the first indicators of compromise through to the conclusion of the disaster recovery process.  

• Tailoring exercises to different stakeholder groups - executives, OT operators, and SOC teams - to test the full spectrum of the organisation’s response capability.  

• Simulating high-pressure conditions to assess decision-making, technical actions, and cross-team coordination.  

  
  

The Outcome  

The exercises gave the client a clear view of its incident response strengths and weaknesses, as well as a practical roadmap for improvement. Avella provided actionable reports, held detailed debriefs with key stakeholders, and delivered targeted recommendations, many of which are now being implemented.   

The organisation now has greater readiness to respond to complex, high-impact cyber incidents and they praised the quality of the exercises, with particular recognition for how realistic and relevant the scenarios were to their operations.