47 ready-to-run ICS/OT cybersecurity exercises. Guided facilitation engine. After Action Reports. 4 languages. Purpose-built for operational technology environments.
Every exercise maps to the frameworks your regulators expect — from CISA guidance to EU directives to industrial control standards.
All 47 exercises align to CISA CTEP objectives with CISA CPG 2.0 control mappings and structured AAR export.
Scenarios map to IEC 62443 security levels and control domains for industrial automation and control systems.
Threat scenarios reference NIST SP 800-82 r3 controls for OT and industrial control system environments.
Exercises cover all CSF 2.0 core functions: Govern, Identify, Protect, Detect, Respond, and Recover.
Pro plan includes NIS2 compliance filters for essential and important entity requirements under the EU directive.
Financial sector scenarios address ICT risk management and incident classification under the EU DORA regulation.
Energy sector exercises align to NERC CIP standards for bulk electric system cybersecurity and incident response.
Scenarios support ISO/IEC 27001 Annex A controls for information security risk assessment and incident response.
Generic, poorly facilitated exercises leave critical gaps unaddressed and give teams false confidence in their response capabilities.
Off-the-shelf exercises ignore your sector's specific OT architecture, threat actors, and regulatory requirements. Generic doesn't prepare teams for real incidents.
Without structured injects and discussion prompts, exercises devolve into unfocused meetings. Facilitators are left improvising with no clear path forward.
Exercises end without captured learnings. No structured After Action Report means gaps identified are never addressed and history repeats.
A complete end-to-end platform purpose-built for OT/ICS environments — from scenario selection through to After Action Report export.
OT/ICS Core, Cross-Sector Threats, Sector-Specific, and Executive & Leadership. Each scenario includes complete facilitator guides with timed injects.
Step-by-step facilitation engine: Briefing → Module 1 Injects → Discussion → Module 2 Escalation → Hot Wash. No improvisation needed.
Full translations in English, French, Portuguese, and Spanish. Serve global teams and international critical infrastructure operators seamlessly.
Export complete session notes as a structured AAR .txt file. Document findings, action items, and next steps automatically from within the runner.
Scenarios mapped to real threat groups: VOLTZITE, BAUXITE, GRAPHITE, ELECTRUM. Grounded in real-world TTPs targeting critical infrastructure.
Every exercise maps to CISA Cyber Tabletop Exercise Program (CTEP) objectives and IEC 62443 control domains for regulatory defensibility.
Each scenario is a complete exercise package: facilitator guide, participant briefing, timed injects, discussion questions, and AAR template.
A nation-state threat actor conducts spear-phishing targeting IT/OT convergence personnel. Lateral movement into OT networks results in adversary access to SCADA HMI.
Ransomware encrypts enterprise IT systems while a second payload targets OT historian servers and engineering workstations, threatening operational continuity.
A major OT breach goes public. The board convenes an emergency session. Regulatory notifications are required within 72 hours and media inquiries are escalating.
Start free with 3 exercises. Upgrade anytime with no lock-in.
Perfect for evaluating the platform
For security teams and consultants
For MSSPs, consultancies, and large organizations
All plans include a 14-day free trial. No credit card required for Starter. Cancel anytime.
Security professionals across energy, utilities, and industrial sectors trust Skyhigh to deliver measurable exercise outcomes.
"The exercise runner alone saved us hours of preparation time. Our OT and IT teams were aligned after the first session in a way we hadn't achieved in years of meetings."
"The CISA CTEP alignment gave us instant credibility with our regulators. The French translation was a game-changer for our Canadian operations team."
"We ran the ICS Compromise scenario with our board and got more meaningful discussion in 3 hours than in 3 years of tabletop history."
Everything you need to know about the platform before getting started.
A tabletop exercise is a structured discussion-based exercise where key personnel walk through a simulated cyber incident scenario. Unlike live drills, tabletops focus on decision-making, communication, and process rather than technical response. They are the most cost-effective way to identify gaps in your incident response capabilities.
No. Each exercise includes complete facilitator guides with structured injects, timed discussion prompts, and step-by-step instructions. The guided exercise runner handles the flow so your facilitator can focus on driving discussion rather than managing logistics.
Yes. Every exercise includes a customizable organization name field. All scenario narratives use [ORGANIZATION] placeholders that are replaced with your organization's name during the briefing step, making each exercise feel tailored to your specific environment.
All 47 exercises are designed in alignment with CISA's Cyber Tabletop Exercise Program (CTEP) objectives. Each scenario maps to CISA CPG 2.0 controls and IEC 62443 security levels, providing a defensible framework for regulatory reporting and audit purposes.
All exercise notes are stored locally in your browser session and exported on demand as a .txt After Action Report. No data is transmitted to external servers during the exercise. Your sensitive findings remain entirely under your control.
Join critical infrastructure teams running professional tabletop exercises with Skyhigh.