NDMA Hosts Cybersecurity Tabletop Exercises to Strengthen Public Sector Preparedness
In a bid to foster digital transformation and reinforce national cybersecurity resilience, the National Data Management Authority (NDMA), through its Cybersecurity Division, hosted a series of critical Tabletop Exercises (TTX) in February, March and June 2025. These sessions engaged public sector employees from multiple government agencies in simulated cyber incident response scenarios designed to enhance policy understanding, inter-agency coordination, and institutional readiness.
The most recent exercise, held on 5th June focused on Government’s Router and Switch Security Policy. This session zeroed in on securing router and switch configurations, offering both a policy deep-dive and practical implementation guidance. Participants reviewed the policy’s key components, including the importance of secure configurations and baseline backups. A live demonstration, using a networking simulation software, allowed attendees to simulate a small government network and configure routers and manage switches according to the policy. The exercise emphasized the significance of each configuration step in protecting critical infrastructure and concluded with a discussion on real-world challenges and solutions for maintaining secure network environments.
Earlier this year, NDMA also conducted two other targeted tabletop exercises. The first was held in February and focused on the Malware Incident Prevention Policy. This session included a detailed simulation of a malware attack triggered by a phishing email. The scenario required participants to navigate the various stages of incident response, including detecting compromised systems, isolating affected devices, and containing the spread of the malware across the network.
Participants reviewed NDMA’s policy provisions such as real-time antivirus scanning, software update protocols, and staff training requirements. As the scenario unfolded attendees were expected to respond in alignment with the policy’s guidance on communication procedures, reporting obligations, and system recovery using secure backups. The session concluded with reflections on post-incident analysis and the importance of ongoing employee awareness campaigns.
In March, attention shifted to NDMA’s Log Retention Policy with a scenario simulating a suspected data exfiltration from a critical government server. Participants were presented with signs of unusual outbound traffic and were tasked with conducting a forensic investigation using log data. They explored key elements of the policy, including requirements for maintaining immediate log availability for 30 days, archiving for one year, and performing daily secure backups.
The scenario challenged participants to retrieve logs from multiple systems, identify anomalies such as failed login attempts and suspicious IP addresses, and piece together the timeline of a potential breach. A demonstration of a ransomware attack added a real-world dimension to the session, emphasizing the urgent need for reliable backup systems and illustrating how inadequate log retention can impede timely incident response.
All three sessions highlighted the importance of embedding cybersecurity protocols into the daily operations of public agencies and demonstrated the critical role of preparedness in protecting government infrastructure. The interactive exercises not only deepened understanding of policy frameworks but also encouraged collaboration, critical thinking, and strategic decision-making among public sector stakeholders.
The NDMA remains committed to advancing digital transformation by building capacity across the public service through targeted training and continuous policy reinforcement. The success of these Tabletop Exercises reflects the agency’s proactive approach to strengthening cybersecurity at every level of government.
