On 2025 September 16-18, Canadian Nuclear Laboratories (CNL) is hosting CSIREX2025-ALPHA, a hands-on cyber security incident response exercise at CNL’s National Innovation Centre for Cyber Security located in Fredericton, New Brunswick.
The exercise scenario simulates a cyber security attack targeting an operational technology (OT) environment.
The objectives of the exercise are to:
- Demonstrate the collaborative capabilities of the Cyber Security Operations and Engineering teams in defining and implementing logging, alerting, and corresponding to incident response procedures (playbooks) tailored for an OT environment—key components of effective cybersecurity incident preparedness.
- Practice and assess the effectiveness of the detection and response mechanisms developed under Objective 1, by applying them in response to a simulated cyber incident.
Event Agenda:
Day 1 – PLAYERS – September 16: Familiarization & Training where players undergo training and become familiar with the equipment and environment to be used during the exercise. In particular, training will be provided to Engineering and Cyber Security Operations teams together, on how to define, implement, and test the security logging, alerting and alert response procedures (playbooks) for one or more instrumentation and control (I&C) systems as required to support the detection and response to cyber security incidents.
Day 2 – PLAYERS & OBSERVERS – September 17: A functional (i.e., hands-on-keyboard) cyber security incident response exercise will be conducted leveraging the training received on Day 1. The exercise will simulate an attack against actual operational technology (OT) (e.g., programmable logic controllers, human-machine interfaces (HMIs) and associated digital equipment), resulting in simulated impacts to plant operations.
Day 3 (half day) – PLAYERS & OBSERVERS – September 18: The last day is dedicated to debriefing the exercise, sharing participant experience and identifying lessons learned. Participants can expect a rich learning experience that will inform improvements to their incident response programs.
*Snacks, lunch, and beverages will be provided. *Observers are only required to be present on Days 2 and 3.