65 ready-to-run ICS/OT cybersecurity exercises — from Foundational to Advanced. AI-powered facilitation, After Action Reports, and live multi-participant sessions. 4 languages. Purpose-built for operational technology environments.
Every exercise maps to the frameworks your regulators expect — from CISA guidance to EU directives to industrial control standards.
All 65 exercises align to CISA CTEP objectives with CISA CPG 2.0 framework alignment and structured AAR export.
Scenarios map to IEC 62443 security levels and control domains for industrial automation and control systems.
Threat scenarios reference NIST SP 800-82 r3 controls for OT and industrial control system environments.
Exercises cover all CSF 2.0 core functions: Govern, Identify, Protect, Detect, Respond, and Recover.
Pro plan includes NIS2 compliance filters for essential and important entity requirements under the EU directive.
Financial sector scenarios address ICT risk management and incident classification under the EU DORA regulation.
Energy sector exercises align to NERC CIP standards for bulk electric system cybersecurity and incident response.
Scenarios support ISO/IEC 27001 Annex A controls for information security risk assessment and incident response.
Generic, poorly facilitated exercises leave critical gaps unaddressed and give teams false confidence in their response capabilities.
Off-the-shelf exercises ignore your sector's specific OT architecture, threat actors, and regulatory requirements. Generic doesn't prepare teams for real incidents.
Without structured injects and discussion prompts, exercises devolve into unfocused meetings. Facilitators are left improvising with no clear path forward.
Exercises end without captured learnings. No structured After Action Report means gaps identified are never addressed and history repeats.
A complete end-to-end platform purpose-built for OT/ICS environments — from scenario selection through to After Action Report export.
Foundational, Intermediate, and Advanced difficulty tiers. OT/ICS Core, Warehousing & Logistics, Pharmaceutical, Oil & Gas, Nuclear, and more — each with complete facilitator guides and timed injects.
Step-by-step facilitation engine: Briefing → Module 1 Injects → Discussion → Module 2 Escalation → Hot Wash. Run world-class exercises without improvisation.
AI Custom Facilitator Briefings personalized to your organization. AI After Action Report summaries. Semantic scenario recommendations based on your exercise history. Powered by Claude claude-3-5-haiku.
Host real-time exercises across distributed teams. Participants join via a 6-digit code and receive live step updates. No video conferencing add-ons needed — built directly into the platform.
Export AI-enhanced AARs as structured .txt files. Track recurring capability gaps with a visual heatmap. Generate executive PDF progress reports for board and regulatory audiences.
Full translations in English, French, Portuguese, and Spanish. AI facilitation outputs are language-aware. Serve global and multilingual critical infrastructure teams seamlessly.
Scenarios mapped to real threat groups: VOLTZITE, BAUXITE, GRAPHITE, ELECTRUM. Every exercise is grounded in real-world TTPs and MITRE ATT&CK for ICS techniques.
Download AES-256-GCM encrypted offline exercise packs for air-gapped or classified environments. Run exercises with zero internet connectivity — Pro and Team plans only.
Every exercise maps to CISA CTEP objectives and IEC 62443 control domains for regulatory defensibility. NIS2, DORA, NERC CIP, and NIST CSF 2.0 filters included.
Start with 3 free exercises — no credit card, no setup. Your first exercise can be running in under 5 minutes.
Foundational to Advanced. Each scenario is a complete exercise package: facilitator guide, participant briefing, timed injects, discussion questions, and AI-powered AAR.
Your organization's first cyber incident. Ransomware appears on IT systems and the OT team is unsure if their PLCs are affected. Roles, escalation paths, and communication are tested for the first time.
Ransomware propagates from WMS servers into WCS controlling automated storage and retrieval systems (ASRS). Shuttle fleets halt. 50,000 pallet locations are locked. Order fulfilment stops entirely.
A nation-state threat actor conducts spear-phishing targeting IT/OT convergence personnel. Lateral movement into OT networks results in adversary access to SCADA HMI.
A malicious firmware update pushed via a compromised vendor remote access channel corrupts WCS logic controlling high-speed cross-belt sorters. 40,000 parcels per hour halt. Next-day delivery SLAs collapse.
A major OT breach goes public. The board convenes an emergency session. Regulatory notifications are required within 72 hours and media inquiries are escalating rapidly.
An insider threat manipulates temperature thresholds in a pharmaceutical warehouse WMS. Vaccines stored at 2–8°C are silently exposed to excursions. DSCSA traceability data is corrupted. Recall procedures activate.
Start free with 3 exercises — no credit card required. Every paid plan includes AI features, live session mode, and all 65 scenarios. Upgrade anytime. Cancel anytime.
Perfect for evaluating the platform
For security teams and consultants
For MSSPs, consultancies, and large organizations
Start free with 3 exercises — no credit card required. Upgrade anytime. Cancel anytime.
Security professionals across 20+ critical infrastructure sectors — from energy grids and hospital operating theatres to school districts and university research labs — trust Skyhigh to deliver measurable exercise outcomes.
"The AI facilitator briefing was genuinely impressive — it referenced our plant's specific configuration in a way a generic exercise never would. Our OT and IT teams left aligned for the first time."
"CISA CTEP alignment gave us instant credibility with our state regulator. The French translation was a game-changer for our cross-border Québec operations team. We ran our first exercise in under an hour of setup."
"We finally have a scenario that covers our ASRS and WCS environment — not just generic IT scenarios. The Foundational tier let our ops team run their first exercise without a cybersecurity consultant in the room."
Everything you need to know about the platform before getting started.
A tabletop exercise is a structured discussion-based exercise where key personnel walk through a simulated cyber incident scenario. Unlike live drills, tabletops focus on decision-making, communication, and process rather than technical response. They are the most cost-effective way to identify gaps in your incident response capabilities.
No. Each exercise includes complete facilitator guides with structured injects, timed discussion prompts, and step-by-step instructions. The guided exercise runner handles the flow so your facilitator can focus on driving discussion rather than managing logistics.
Yes. Every exercise includes a customizable organization name field. All scenario narratives use [ORGANIZATION] placeholders that are replaced with your organization's name during the briefing step, making each exercise feel tailored to your specific environment.
All 65 exercises are designed in alignment with CISA's Cyber Tabletop Exercise Program (CTEP) objectives and reference CISA CPG 2.0 and IEC 62443 security levels, providing a defensible framework for regulatory reporting and audit purposes.
All exercise notes are stored locally in your browser session and exported on demand as a .txt After Action Report. The optional AI AAR Summary calls our Edge Function with only the structured exercise data — no raw notes — and returns a three-part executive summary. No data is retained beyond the request.
Yes. We offer Foundational-difficulty exercises specifically designed for organizations running their first OT/ICS tabletop. Foundational scenarios run 1.5–2 hours, use plain-language facilitation guides, and focus on building basic incident response muscle memory — communication flows, escalation paths, and decision-making authority — before moving to Intermediate or Advanced scenarios that test technical depth.
Yes. The Team plan (up to 250 seats) and white-label branding features make Skyhigh ideal for MSSPs and independent consultants running exercises for multiple clients. You can customize the platform with your firm's logo and accent color, invite client team members as facilitator seats, and download encrypted offline exercise packs for air-gapped client environments. Contact us for partner and volume pricing.
Yes — and this is a growing area of the library. We now include dedicated scenarios for Warehouse Management Systems (WMS), Warehouse Control Systems (WCS), Warehouse Execution Systems (WES), ASRS and shuttle systems, AGV fleets, robotic picking, cross-belt sorters, and pharmaceutical cold chain environments. These scenarios are grounded in real-world CVEs and ICS Advisory Project threat data for logistics and distribution OT environments. Filter by sector in the exercise library to find them.
Yes. Team plan hosts can launch a Live Session that generates a 6-digit code. Participants navigate to the /join page, enter the code, and receive real-time step updates as the facilitator advances the exercise. Participant role cards, inject text, and discussion questions are displayed live in their browser — no app download, no video conferencing integration required. Live participant count is shown in the host control bar throughout the session.
Large organization, procurement process, or want a live demo first? Fill in the form and we'll be in touch within one business day.
Start free with 3 exercises — no credit card required. Upgrade when you're ready. No lock-in. Cancel anytime.