Operational Resilience Series
Communications Disruption Exercise
On August 20, 2025, cybersecurity, IT, and risk management professionals gathered for a scenario-driven exercise to help their organizations better withstand and adapt to telecom disruptions.
By participating, attendees were able to:
Assess Dependencies – Identify how telecom disruptions affect operations and response plans.
Test Resilience Plans – Pinpoint gaps in existing frameworks for managing service failures.
Enhance Communication – Improve internal and external coordination during widespread outages.
Collaborate Across Sectors – Engage with peers and government agencies to strengthen resilience.
Develop Actionable Insights – Walk away with key findings to inform and enhance your organization’s preparedness.
The GRF Business Resilience Council's complimentary tabletop exercise series challenges attendees to test their resilience, refine incident response plans, and share best practices during panel-led discussions with real-time response and data aggregation. Participants are able to further their strategic understanding of their service dependencies and their organization’s ability to adapt and maintain operations in the face of different threats.
Attendees are able to identify gaps in handling disruptions, and set minimum viable service levels to ensure continuity amid any physical or cyber incident. The goal is to bolster collective resilience against operational disruptions and infrastructure failures.
Past Exercises
ACH Payments Disruption Exercise - After Action Report - In the Spring of 2024, Global Resilience Federation and Nacha held free tabletop exercises to allow organizations to assess resilience after a simulated, destructive wiperware incident that included a major ACH outage. The half-day event helped to increase operational resilience awareness and build greater maturity through the sharing of cyber risk, resilience and continuity practices. In addition to IT operations and risk, exercise components included media management, law enforcement and regulatory engagement, and an examination of prioritizations. Players discussed and took simulated action in the emergency as facilitators progressed the exercise timeline and injected additional information.
All-Sectors Payment Disruption Exercise - After Action Report - In the Fall of 2024, Global Resilience Federation hosted free cross-sector tabletop exercises to help organizations assess their resilience following a widespread payment system disruption. The simulated scenario involved a coordinated cyberattack on third-party payment platforms, resulting in a halt to digital transactions and a wave of misinformation. Participants engaged in structured discussions and decision-making as the timeline advanced, revealing insights into operational priorities, third-party dependencies, and internal and external communications. The exercise strengthened awareness of the Operational Resilience Framework and provided a collaborative space to share best practices in cyber risk, continuity, and crisis response.
Sponsors
FAQs
For any questions, please reach out to Brian Katula at bkatula@grf.org
How will the exercise be conducted?
The Communications Disruption Exercise will challenge organizations to test their resilience against communications disruptions, refine contingency plans, and share best practices during a panel-led discussion. Participants are polled anonymously. The crowdsourced responses are discussed by the panel, analyzed, and later captured in an after-action report. Participants will further their strategic understanding of service dependencies and their organization’s ability to adapt and maintain operations.
Do I need to prepare anything in advance?
While no formal preparation is required, participants will benefit from reviewing their organization’s incident response and operational resilience plans. Additionally, reviewing the Operational Resilience Framework is highly encouraged.
Will this be a live cyberattack simulation?
No. This is a strategic discussion exercise, not a hands-on technical simulation. The focus is on decision-making and response planning. IT and third-party dependencies will be on display, and business priorities will determine response objectives.
How long will the TTX last?
The exercise is expected to last 4.5 hours, including scenario discussions and a debrief.
Will there be a post-exercise report?
Yes, an After-Action Report (AAR) will be provided to participants, capturing key findings, lessons learned, and recommended actions.