Turning Tabletop Exercises Into Real‑World Cyber Resilience

by , | Apr 21, 2026 | Cybersecurity, Digital Transformation | 0 comments

Cybersecurity is not and never has been a set-and-forget solution. Every day attackers identify new strategies and exploits they can use to create havoc across global infrastructure. But cybersecurity software rarely—if ever—feels like a value-add. For process manufacturers, it’s a cost to bet against something that isn’t their core business, and with benefits that are often not tangible. Moreover, cybersecurity for operational technology (OT) is often complex, as OT systems require high uptime and low latency, both of which can be impacted by cybersecurity technologies.

To ensure that critical infrastructure is protected, many countries are implementing cybersecurity regulations, including the Cyber Resilience Act (CRA) and the updated Network and Information Security (NIS2) directive. In a recent article in Control magazine, Emerson’s Alexandre Peixoto shared his thoughts on how this changing atmosphere impacts cybersecurity for OT.

Expanding regulation

CRA and NIS2 are currently EU-based regulations. However, that doesn’t necessarily mean that organizations operating in other countries will never need to worry about them. First and foremost, any regulation that works well is likely to be replicated in other nations. Preparing for such an eventuality is an important success strategy.

In addition, most multinational companies, including automation and cybersecurity solutions providers themselves, will want consistency across their operations. Available software and hardware solutions will increasingly be designed around these regulations, and companies will adopt them more often in order to standardize their solutions.

Why wait?

Increased regulation is obviously a good reason to implement strong cybersecurity policies, however, there’s really no reason to wait. Companies can no longer rely on “cybersecurity-by-obscurity”. Today, Alexandre explains, everyone is a target all the time.

“While laws and regulations are compelling reasons for shifting and improving cybersecurity postures, more companies are simply reacting to the cybersecurity events they see happening day-to-day. People no longer need to look hard to find an example of industrial sites experiencing cybersecurity breaches. Companies must be vigilant, and vigilance means going beyond the low-hanging fruit. Having just a firewall and antivirus is no longer enough. Companies need to start moving to the next level. That means starting a journey toward continuous cybersecurity improvement.”

So how do they do that effectively? By refocusing on people, technology, and processes—the cybersecurity triad. Such a focus, coupled with expert guidance from an automation solutions provider not only helps teams implement the best possible solutions from the earliest stages, but also drives consistency, and helps organizations maintain their solutions long-term, a key metric of success for cybersecurity.

Cybersecurity in action

To demonstrate the value of modern cybersecurity and the benefits of working with an expert partner, Alexandre shared the example of a simulated ransomware attack Delek US performed with the assistance of Emerson’s cybersecurity team. Delek leaders created a tabletop simulation to mimic a cyberattack and test how well their response plans and technologies would work in a real event. The exercise helped the team see where their plans had gaps (and how to close them) and gave them practical experience in navigating the challenges of a time-sensitive event.

“Delek’s exercise was a resounding success. We went through the whole process with everyone following their guidebooks over the course of a four-hour exercise with stakeholders co-located in different parts of Delek in the U.S. to simulate a real-life event as closely to reality as possible. Even beyond the lessons learned and the gaps closed, having so many people invested and working together drove home the importance of cybersecure operation to the company’s entire staff, and connected every element of the people, technology and processes in the cybersecurity triad.”

Delek’s forward-thinking approach is something any organization can and should undertake. The value of preparedness cannot be overstated. Even if your current cybersecurity and software expertise is limited, an expert partner like Emerson can help you engineer, deploy, and maintain cybersecurity solutions that will meet both regulatory standards and your organization’s unique needs. Checking out Emerson’s Zero-Trust Cybersecurity White Paper is a great place to start.

Don’t wait for regulation, or worse, an attack. Even a small step today can make a critical improvement in your cybersecurity posture.

Comments

Author

  • Emerson's Todd Walden
    Technical Specialist | 15+ Years in Industrial Automation Software & Digital Transformation

Featured Expert

Follow Us

We invite you to follow us on Facebook, LinkedIn, Twitter and YouTube to stay up to date on the latest news, events and innovations that will help you face and solve your toughest challenges.

Do you want to reuse or translate content?

Just post a link to the entry and send us a quick note so we can share your work. Thank you very much.

Our Global Community

Emerson Exchange 365

This blog features expert perspectives from Emerson's automation professionals on industry trends, technologies, and best practices. The information shared here is intended to inform and educate our global community of users and partners.

 

Privacy Policy | Cookie Policy | Data Protection Statement

PHP Code Snippets Powered By : XYZScripts.com