OT-Aware Incident Response Training

Overview

Most incident response training was written for IT-only environments. It does not prepare a SCADA engineer for ransomware crossing into a control network, an operations director for the decision to isolate a substation, or a CISO for the moment when “shut it down” is not a technically acceptable answer.

xCIRT’s OT-Aware Incident Response Training puts your operations, engineering, and security staff in the same room with realistic, sector-tuned scenarios.

What’s included

• Sector-specific scenarios — Tailored to electricity, water, gas, ports, rail, or aviation contexts. Threats range from OT-aware ransomware to IIoT botnets, insider misuse, and supply-chain compromise.
• Blended IT/OT exercises — Designed to expose the friction points between IT, OT, and operations decision-making.
• Joint participation — Operations and engineering staff invited alongside security and IT, because the real decisions cross all three.
• Decision-tree validation — Pressure-testing the containment, escalation, and recovery decisions in your IR plan.
• Post-exercise debrief — Documented findings, decision-quality observations, and prioritised improvements.

Delivery formats

• Single tabletop exercise — Half-day, focused on one scenario.
• Full-day workshop — Multiple scenarios, including a “tip and run” scenario where new information arrives mid-exercise.
• Multi-day programme — Combining tabletops, classroom modules on OT incident concepts, and (subject to safety) hands-on lab exercises.

Outcomes

A team that has practised making the hard calls before they have to make them under pressure — and a documented set of improvements to feed back into your IR plan, your playbooks, and your operational decision rights.