The NHS is heavily dependent on IT to deliver essential services. NHS trusts and foundation trusts rely not just on their own IT services but on services provided by partner organisations.
Cyber exercises provide a framework for testing that these essential services are properly protected.
Cyber security incidents require coordination between organisations that may have not traditionally worked closely together. To respond effectively these organisations need to have mutual understanding and trust of how each other reponds.
Cyber exercises help build trust and mutual understanding between organisations so that coordinated action can be taken when a cyber incident happens.
Hospitals are heavily dependent on medical devices that cannot be patched and supported in the same way as typical IT systems. By their very nature these devices are critical to the delivery of essential services.
Exercising allows you to rehearse cyber incidents affecting medical devices without affecting day to day operations. This lets you refine your incident response so you can have confidence that you are ready for a cyber incident.
Penetration tests, red-team exercises, and audits are effective ways of testing technology and compliance but often fail to address the human aspects of cooperation and teamwork.
Cyber exercises allow you to see how both your team and your processes perform in realistic scenarios. They let you build stronger and more confident teams that are better prepared for a cyber incident.