GFCE Report on “Introduction to Tabletop Exercises”, by Working Group B on Cyber Incident Management and Critical Information Infrastructure Protection

News Article | The Hague 20 April 2023

The GFCE Working Group B has launched a new deliverable on “Introduction to Tabletop Exercises (TTX): A Practical Guidebook for Organizations”. 

In March 2023 members of the Working Group B on Cyber Incident Management and Critical Information Infrastructure Protection of the GFCE joined forces to create a new Project Team and developed a new initiative to raise awareness on the topic of “Introduction to Tabletop Exercises (TTX): A Practical Guidebook for Organizations”. The deliverable provides guidance in designing, developing and evaluating how and when to conduct a tabletop exercise as a tool to improve an organization’s cyber security policymaking and operations capacities. The guide aims to offer a public-private cross organizational scope, and is part 1 of a three-deliverable package that will assist practitioners in identifying areas that would benefit from TTXs, as well as designing and implementing them in a way that increases cyber security capabilities.

A tabletop exercise is a simulation where personnel with roles and responsibilities in a particular Information Technology (IT) & Operational Technology (OT) plan and meet in various settings (e.g. breakout groups, virtually, etc). Through these simulation exercises, team members practice responding to a variety of threat scenarios in a setting that mimics the constraints of a real crisis. TTXs allow organizations and individuals to test the content and functioning of an incident response plan and to identify risks and draw lessons from it.

Key benefits of conducting TTXs:

  • Team Building
  • Process Development and Refinement
  • Gap Analysis
  • Awareness
  • Technology Integration
  • Cooperation
  • Compliance with UN Norms for Responsible State Behaviour in Cyberspace


This first deliverable provides an introduction to what, who, how and why  TTXs are essential for improving cyber resilience as well as providing an array of scenarios. The following two deliverables that form the rest of the package provide more operational information on how to organise and execute a TTX so that organisations can benefit from TTXs effectively.

We want to thank the Project Team of Working Group B for their work and efforts in putting this together: Gerard Elfa García (Capgemini, The Netherlands), Rachel Splinters (Capgemini, The Netherlands), Fokko Dijksterhuis (Capgemini, The Netherlands), Richard B. Harris (MITRE, USA), Kerry-Ann Barret (Organization of American States), Mark T Kajicek (SEI, USA), Vilius Benetis (GFCE Working Group B CIM TF Lead, NRD CS), Marc Henauer (GFCE Working Group B, CIP TF Lead, Switzerland), Klée Aiken (GFCE Working Group B, Chair, FIRST) and Manuel Precioso Ruiz (GFCE Secretariat).


Want to know more? Read the report here!