Browse every CISA Tabletop Exercise Package in one searchable library.

Chemical Sector

A threat actor targets a system administrator through a UAS as an entry point into networks/systems. Attackers compromise information technology (IT) and operational technology (OT) networks.

Commercial Facilities

Commercial facility event staff receive a phishing email asking for login credentials.

Communications

A cyber threat actor sends phishing emails to both your personnel and customers, as an entry point into your network/systems. A Distributed Denial of Service (DDoS) attack follows, with an inadvertent Telephony Denial of Service (TDoS) created by customers calling in to report…

Critical Manufacturing

A malicious actor uses a phishing email as an entry point to networks/systems. Attackers compromise information technology (IT) and operational technology (OT) networks, resulting in a shutdown of operations.

Dams Sector

A network compromise resulting from an insider threat leads to the deletion of operation files, causing a shutdown of operations.

Defense Industrial Base

A cyber threat actor targets your employees with a phishing email, gaining elevated access to your network/systems and stealing sensitive data.

Electricity Subsector

A network compromise leads to impacts to information and communication systems, loss of control of power generation output, and customer outages.

Emergency Services Sector

A cyber threat actor targets personnel through a phishing email as an entry point into networks/systems, later compromising devices and data using malware. The communications call center also experiences a Telephony Denial of Service (TDoS) attack.

Executives And Senior Leadership

Vignette 1: A threat actor targets a senior executive through a whaling email as an entry point into networks/systems, then installs ransomware on the network.

Federal Distributed Denial Of Service

A cyber threat actor launches a DDoS attack against Federal Civilian Executive Branch (FCEB) agencies, overwhelming servers.

Financial Services

A TSP compromise leads to impacts to cloud-based applications and systems, online banking services, and institutional reputation.

Food Ag Sector

A malicious actor uses a phishing email as an entry point to networks/systems. Attackers compromise information technology (IT) networks, resulting in a shutdown of operations.

Healthcare And Public Health

A threat actor targets employees through phishing emails. Imaging equipment, patient records, and other medical equipment begin malfunctioning/displaying incorrect data. Personal Health Information (PHI) data is exfiltrated, and ransomware compromises computer systems and…

Industrial Control Systems

During a transition of systems to the cloud, employees receive a possibly fraudulent email, encounter odd vendor activity, and detect suspicious network traffic. After receiving reports of service disruptions, ICS failures occur, and malware encrypts systems.

Information Technology

One of your employees downloads an application infected with malware. A software update your organization pushes to customers is infected with malware as well. Data exfiltration occurs on both your systems and client systems.

Insider Threat

A disgruntled former employee takes advantage of their new position at one of your third-party vendors to exploit vulnerabilities in your systems created by a supply chain issue. An error by another employee discloses personally identifiable information (PII).

K 12

A threat actor targets <your school/district> employees through phishing emails as an entry point into networks/systems. Attackers compromise Personally Identifiable Information (PII) and install ransomware on <your school/district> computers.

Local Governments

A threat actor targets <local government>’s employees through a phishing email as an entry point into networks/systems. Threat actors compromise devices and data using ransomware. Impacts are felt across multiple organizations as additional cyber incidents occur following the…

Maritime Ports

A zero-day vulnerability leads to a cyberattack impacting port and maritime transportation operations.

Open Source

A vulnerability is discovered in your open source community’s toolchain. Before the patch is completed, cyber threat actors activate ransomware on your systems, causing widespread issues across the open source community.

Ransomware

A threat actor targets <Organization>’s system administrator through a phishing email as an entry point into networks/systems. Attackers compromise Personally Identifiable Information (PII) and install ransomware on <Organization> computers.

Vendor Supply Chain Compromise

Your organization’s Managed Service Provider (MSP) is the victim of a cyber incident, leading to impacts on the managed services they provide to your organization.

Water Wastewater Systems

During routine operations, employees receive a possibly fraudulent email, and observe potential insider threat activity and suspicious network traffic.

Chemical Sector Cyber

The Supervisory Control and Data Acquisition (SCADA) and / or business system(s) at a chemical facility is compromised by computer malware.