Municipal Cyber Preparedness: Lessons from a Tabletop Exercise
Enhancing Cyber Readiness Across Government Departments
Overview
A mid-sized municipal government faced growing concerns over its cyber readiness, particularly with the rising number of ransomware attacks targeting public sector entities and their critical impact on municipal services. While they had a basic incident response plan on paper, it hadn’t been rigorously tested, and departments often operated within silos without clearly defined roles during a cyber crisis.
Challenge
The municipal agency needed to modernize its incident response plan and test it against current threats to improve cyber resiliency and interdepartmental coordination. The agency was challenged with unclear communication protocols, siloed operations, outdated IR plans, and slow decision-making processes.
PNG Cyber’s Approach
Pre-Exercise Review and Customization
Before conducting the Tabletop Exercise, PNG Cyber worked closely with municipal staff to perform a detailed review of the agency’s security architecture, policies, critical assets, business processes, and current risk landscape. Using this insight, we customized the Tabletop scenarios to align with the agency’s unique risk profile. Special emphasis was placed on addressing a top priority: establishing clear communication protocols for executive leadership and frontline IT staff, ensuring defined roles, responsibilities, and the ability to respond rapidly to emerging threats.
Tailored Tabletop Exercise Delivery
PNG Cyber worked with the municipality to build and deliver a tailored Tabletop Exercise addressing technical and non-technical stakeholders. We ran parallel sessions: one for IT and security personnel focused on containment and response, and one for executives and department heads focused on decision-making, communications, and business continuity.
Realistic Threat Scenarios and Guidance
Each session featured realistic threat scenarios, including ransomware, business email compromise, and a cloud service outage. Our experts guided participants through each phase of incident response, identifying gaps in documentation, coordination, and communication, and leading the discussion to fill those gaps with best practices that fit their operations.
Lessons Learned
Updated and refined their current IR plan to be more detailed and pragmatic for currently active threats.
Identified potential technology risks around backups and cloud systems.
Highlighted the lack of defined accountability for vendors and system ownership.
Key deficiencies in escalation paths and executive communication workflows were identified and corrected with new streamlined protocols.
Attendees left with a clearer understanding of roles, responsibilities, and communication protocols during an incident.
The agency left the exercise with a prioritized list of recommendations to improve cyber maturity.
