a cybersecurity maturity success story
Modernizing Cyber Readiness/Advancing Maturity: AI-Powered Tabletop Exercises in Action
A large multinational corporation partnered with UTSI to improve its OT cybersecurity program and to align with the NIST Cybersecurity Framework. Over the course of two years, UTSI guided the client from a low maturity level to a sustainable level 3. The transformation included executive buy-in, improved processes, and an innovative approach to incident response using AI-driven tabletop exercises.
Challenge
The client faced several challenges:
- Low Cyber Maturity: Many areas were at or below level 2 within the NIST framework, with policies in name only.
- Lack of Board Support: There was limited funding and no clear cybersecurity vision shared by leadership across IT and OT.
- Internal Misalignment: Departments were misaligned on goals around modernization, cyber response, and system robustness.
- Ineffective Tabletop Exercises: Traditional tabletop drills failed to prepare teams for real-world scenarios, resulting in limited value and poor engagement.
Solution
UTSI deployed a strategic, phased approach to elevate cybersecurity maturity:
- Framework Implementation: Conducted detailed assessments across NIST cybersecurity domains and implemented structured programs to reach level 3 maturity.
- AI-Driven Tabletop Exercises: Leveraged our partner ThreatGEN’s Auto Tabletop platform to simulate real-world incident response scenarios in an automated, immersive, and repeatable way.
- Evergreen Incident Response Planning: Established a continuous improvement feedback loop from tabletop exercises into a living incident response plan.
- Cross-Functional Engagement: Fostered greater field involvement by turning exercises into collaborative learning and planning opportunities.
- Regulatory Expertise: Applied UTSI’s knowledge of TSA compliance to help the client meet and exceed regulatory tabletop requirements.
- Executive Enablement: Helped the C-suite craft a compelling case to the board, leading to buy-in and resource expansion.
Results
- Maturity Growth: Client advanced from an average of 1.5–2.0 to level 2.5-3 maturity across all NIST domains.
- Board Approval: Leadership successfully secured board approval for new OT cybersecurity organizational structure and investment—the first success of this kind in two decades.
- Effective Tabletop Execution: Client called UTSI’s tabletop sessions the “most effective and efficient” they’ve experienced, requesting the approach be extended to non-cyber areas.
- Sustainable Process: Created a repeatable, continuously improving system for cybersecurity preparedness, tailored to evolving threats and organizational change.
- Field Engagement: Increased field participation and ownership in cybersecurity processes, transforming training moments into strategic inputs.
- Collaboration: Increased partnership across IT and OT to tailor solutions that improved OT’s cybersecurity posture, while accounting for the unique constraints of OT.