An educational tabletop simulation designed by the Norwich University Applied Research Institutes (NUARI) to help local leaders and community stakeholders understand and prepare for the impacts of a cyber-attack.
Map
General Information
A role-playing game that simulates a cyber-attack on a community's critical infrastructure. Participants must collaborate to prioritize resources, communicate with the public, and maintain essential services under stress.
Developed to address the growing vulnerability of municipal services (water, power, emergency services) to cyber threats, moving beyond IT-centric solutions to a "whole community" preparedness model.
Hazard Type
Geographical Scope - Nuts
Population Size
Population Density
Needs Addressed
The lack of coordination and communication between non-technical community leaders and technical staff during a cyber-induced crisis.
Those most dependent on critical infrastructure (power for medical devices, water, emergency response) that may be disrupted during a cyber-attack.
Requires collaboration between government, private sector (utilities), and civil society during the simulation.
Designed to move communities from "no plan" to an "organized response" through simulated experience.
Focuses on the interdependencies of critical infrastructure (SCADA [Supervisory Control And Data Acquisition] systems, municipal networks).
To facilitate cross-sector discussion and identify gaps in existing response protocols.
Tabletop exercise (TTX), role-playing, and facilitated group debriefing.
Participants make critical decisions in real-time regarding resource allocation and public messaging during the game.
Builds "muscle memory" for crisis management and identifies the need for long-term cybersecurity investments.
Vulnerable Groups
Governance
Emergency Preparedness
Infrastructure Readiness
Engagement Level
Empowerment Level
Implementation
Gamification of technical concepts for non-technical audiences, using a fictional community to lower the stakes of initial learning.
English
Norwich University Applied Research Institutes (NUARI).
Extensive history in national-level cybersecurity exercises and critical infrastructure protection.
Local officials, utility operators, emergency managers, IT staff, and community communication officers.
- Set-up/Context briefing.
- Role assignment.
- Gameplay rounds (Injects).
- After-Action Review (AAR).
Requires the game kit and a trained facilitator to guide the simulation and debrief.
A half-day or full-day workshop format.
Experience of the Implementing Organisation in DRM
Target Audience
Resources Required
Timeframe & Phases
Participation Results
Effective response depends more on communication and clear roles than on technical tools alone.
Overcoming the "it won't happen here" mindset by showing direct local impacts of global cyber threats.
Identifying single points of failure in municipal infrastructure through the game's scenarios.
Risk & Mitigation Plan
Scalability and Sustainability
Knowledge transfer to local leaders who can then update municipal emergency plans.
Highly scalable; the scenario can be adapted to different sizes of communities or specific industrial sectors.
Use of simulation software or structured cards/boards to represent digital system interdependencies.
Purchase of the game or hiring facilitators.
Minimal; primarily the time commitment of participants.
Cybersecurity is not just an IT issue; it is a community safety and continuity issue