Operational Resilience Series

AI Interrupted: A Multi-Sector
Tabletop Exercise

June 24th

12 - 3 PM UTC / 8 - 11 AM ET

Testing Resilience Amidst AI Disruption

Cybersecurity, IT, risk, AI and operations leaders worked through a disruptive, AI-driven scenario developed by Business Resilience Council members. Participants pressure-tested plans, decision processes, and coordination under real-world constraints.

Exercise Goals Included:

‍ ‍1. Identifying areas of dependence on AI and the risks those dependencies create.

2. Identifying gaps in governance, trust, and oversight of AI systems, including agentic AI.

3. Identifying vulnerabilities in existing processes and controls that could be exposed by AI misuse or failure.

4. Identifying where AI adoption may outpace organizational policies and cross-functional understanding.

5. Identifying strategies to strengthen organizational and cross-sector readiness for AI-driven disruptions.

6. Exploring how AI threats could exploit organizational dependencies and response weaknesses.

About the Exercise Series
The GRF Business Resilience Council’s ORF Tabletop Exercise series challenges teams to test resilience, refine incident response, and share best practices through panel-led discussions with real-time inputs and data aggregation. Participants deepen their understanding of service dependencies and their ability to adapt and maintain operations across threat types.

Outcomes
Participants discover and expose failure paths in AI workflows, uncover gaps in disruption handling, test Minimum Viable Service Levels (MVSLs), and gain actionable insights, advancing collective resilience against operational disruptions.

TTX Panelists

2026 AI TTX
Charles Blauner
Charles Blauner

Operating Partner
Crosspoint Capital Partners

John Carlson
John Carlson

VP of Cybersecurity Regulation and Resilience
American Bankers Association

Simon Chard
Simon Chard

Pulsar Consulting

Francesco Chiarini
Francesco Chiarini

VP CXO in Residence
Rubrik

Byron Collie
Byron Collie

Partner
Next Peak

Chris Meserole, PhD
Chris Meserole, PhD

Executive Director
Frontier Model Forum

Mark Orsi
Mark Orsi

CEO
Global Resilience Federation

Matthew B. Welling
Matthew B. Welling

Partner
Holland & Knight LLP

Preliminary AAR findings from the January 28th iteration of the exercise:

Download

ACH Payments
Disruption Exercise
After Action Report

In spring 2024, the Global Resilience Federation and Nacha ran free, half-day tabletop exercises simulating a destructive wiperware attack and a major ACH outage.

What participants practiced:

  • Drilled IT operations response under pressure as timed injects advanced

  • Improved prioritization and decision-making during cascading outages

  • Rehearsed media handling and external communications

  • Practiced law-enforcement and regulatory engagement

  • Shared cross-organization practices to strengthen operational resilience

Past Exercises

Download

Telecommunications Disruption Exercise
After Action Report

In summer 2025, the Business Resilience Council ran an all-sector tabletop exercise series on a prolonged regional telecom outage, bringing together hundreds of participants across a dozen industries to test how organizations sustain important services during degraded connectivity.

  • Core lesson: telecom outages cascade via shared carriers, platforms, and third parties.

  • Strengths: many had applicable continuity plans, had exercised comms-outage response, and mapped key dependencies.

  • Gaps: 58% couldn’t confirm Day 3 impaired-state targets; 80% couldn’t confirm DROs; 48% lacked distributed critical data backups.

Download

All-Sectors Payment Disruption Exercise
After Action Report

In fall 2024, the Global Resilience Federation ran free, cross-sector tabletop exercises focused on a widespread payments disruption driven by coordinated attacks on third-party platforms and a surge of misinformation.

Key takeaways:

  • Participants made timed decisions to quickly surface real-world priorities

  • Identified vendor dependencies and critical third-party points of failure

  • Exposed communications gaps (internal, external, and cross-sector)

  • Reinforced the Operational Resilience Framework

  • Enabled best-practice sharing across industries

Download

FAQs

For any questions, please reach out to Brian Katula at bkatula@grf.org

How will the exercise be conducted?

Exercises challenge organizations to test their resilience against communications disruptions, refine contingency plans, and share best practices during a panel-led discussion. Participants are polled anonymously. The crowdsourced responses are discussed by the panel, analyzed, and later captured in an after-action report. Participants further their strategic understanding of service dependencies and their organization’s ability to adapt and maintain operations.  

Do I need to prepare anything in advance?

While no formal preparation is required, participants will benefit from reviewing their organization’s incident response and operational resilience plans. Additionally, reviewing the Operational Resilience Framework is highly encouraged.

Will this be a live cyberattack simulation?

No. This is a strategic discussion exercise, not a hands-on technical simulation. The focus is on decision-making and response planning. IT and third-party dependencies will be on display, and business priorities will determine response objectives.

How long will the TTX last?

The exercise is expected to last 3 hours, including scenario discussions and a debrief.

Will there be a post-exercise report?

Yes, an After-Action Report (AAR) will be provided to participants, capturing key findings, lessons learned, and recommended actions.