With cyber threats growing in scale and sophistication, the UK is encountering heightened challenges in protecting its public services and critical national infrastructure. In response, initiatives such as Defending the Core are becoming essential tools in the country’s effort to build and sustain meaningful cyber resilience.
Developed following strategic consultations with government agencies, the exercise was shaped by a shared recognition that prepositioned nation-state malware represents one of the most significant risks to both digital and physical security. What followed was a considered and collaborative response aimed at improving collective preparedness through realistic, scenario-based engagement.
As a GRC and regulatory professional, my perspective is often rooted in the structures that support secure operations-standards, legislation, and assurance frameworks. While these are fundamental, they must ultimately be reflected in the actions of the teams they are designed to support. Observing Defending the Core provided a valuable opportunity to see that alignment in action.
The exercise centred on a simulated cyber-attack targeting the Institute of Engineering and Technology. Participants, drawn primarily from Security Operations Centres across UK infrastructure organisations, were placed into an immersive, high-pressure environment where they were required to defend operationally significant assets, including a fictional small office network and a critical power grid operations centre. The scenario was designed to mirror the pressures of an actual security incident, encouraging real-time decision-making and coordinated response across different roles.
The value of this approach was evident throughout. The simulation challenged participants to move beyond technical execution and engage with the broader demands of cyber defence. I observed adaptive thinking, continuous communication, and collective awareness which were all necessary for scaling the leaderboard. These qualities are not always captured by conventional training models, yet they are essential in a real incident response. By creating space for those behaviours to emerge, the exercise cultivated a culture of both mutual support and operational focus.
Beyond team dynamics, the exercise also provided a clear link to structured capability development. The use of the NIST/NICE Framework to evaluate participant performance introduced a formal mechanism for tracking knowledge, skills and abilities. Importantly, this evaluation did not function solely as an assessment. It formed the basis for tailored learning pathways, allowing individuals and teams to advance based on their current profile and future development needs. This iterative, personalised model is particularly well suited to increasing maturity and in turn, resilience within our operational teams.
From a governance standpoint, one of the most significant observations was how the exercise enabled collaboration across organisational and sectoral boundaries. Critical infrastructure systems are inherently interconnected, and the threats they face are rarely confined to a single operator or domain. Defending the Core reflected this reality by bringing together professionals from multiple parts of the infrastructure ecosystem. This created a setting where coordination was not only encouraged, but essential.
In this kind of environment, the value of information sharing becomes clear. Trust and understanding built through joint exercises translate directly into faster, more coherent responses during actual incidents. These relationships are difficult to create under pressure but are vital to national resilience. What the exercise demonstrated is that structured, scenario-based collaboration offers a practical way to build those networks and test them in conditions that mirror real-world complexity.
The broader policy relevance of Defending the Core cannot be overstated. The UK government’s proposed Cyber Resilience Bill is designed to embed resilience into the fabric of public and private sector operations. It seeks more than surface-level compliance, calling instead for a demonstrable, proactive commitment to readiness. Exercises of this kind show exactly what that looks like. They offer a credible example of how policy can be realised through action, and how regulatory goals can support, not replace, practical capability building.
This alignment between operational readiness and legislative direction is critical. Where traditional training may be limited in scope or theoretical in nature, Defending the Core integrates strategic thinking with operational realism, and sustained learning. It promotes a mindset not only equipped to prevent incidents, but also prepared to contain and recover from them. As regulatory expectations evolve, these competencies will become increasingly necessary to demonstrate through auditable evidence and repeatable practice.
Perhaps most importantly, the exercise reaffirmed that resilience is as much a cultural achievement as it is a technical one. The ability to collaborate under pressure and respond flexibly to evolving circumstances evidences the organisations best positioned to withstand today’s cyber threats.
Defending the Core offers a compelling example of what progress looks like in this space. It connects strategy with implementation, and regulation with real-world execution. In doing so, it illustrates that while cyber threats continue to evolve, so too does our ability to meet them in a more united, informed manner.
Cyber Security on a Budget: How Small Businesses Can Stay Secure Without Spending A Fortune
AI-Powered Cyber Attacks: Why SMEs Need to Level Up Their Defences
Quishing: The Rise of QR Code Phishing and How SMEs Can Stay Safe
Why Businesses Can’t Afford Not Having A Cyber Security Strategy
Small businesses are now the primary target for 43% of cyber attacks, gone are the days when cyber security used to be a problem just for big corporations.
Artificial intelligence (AI) is no longer just a buzzword in the digital world, it’s reshaping cyber security for both defenders and attackers.
If you run a small or medium-sized business (SME) in the UK, you most likely use QR codes for various purposes, such as payments, check-ins, or marketing.
As more companies transition to a digital approach, cyber security has become a critical concern due to ongoing cyber threats.
Join industry leaders on cyber projects to create a global impact and ensure a secure digital future.
