Singapore's Cybersecurity Act and the Cybersecurity Code of Practice (CCoP 2.0) require CII owners to report prescribed incidents to CSA on a short clock, conduct an annual risk assessment, and undergo a biennial audit. CyberICS delivers 300+ ready-to-run OT scenarios with AI-generated After Action Reports that feed the risk assessment, demonstrate the CCoP incident-response and BCM requirements, and build readiness for national exercises like Cyber Star.
The Cybersecurity Act and CCoP 2.0 apply to owners of Critical Information Infrastructure across the designated sectors. Exercise records demonstrate the CCoP incident-response and BCM requirements and feed the statutory assessment and audit cycles.
Owners of Critical Information Infrastructure — energy, water, telecom, transport, health, and more — must report prescribed incidents to CSA, run an annual risk assessment, and demonstrate CCoP incident-response and BCM requirements.
Operators delivering essential services from dense urban infrastructure must exercise containment-versus-continuity decisions with no slack, and OT-DMZ intrusion response threatening essential-service delivery.
CII owners expected to participate in national exercises (Cyber Star pattern) must exercise reporting cadence, sector information sharing, and inter-agency coordination on national templates.
The CSA reporting duty, CCoP incident-response and BCM requirements, and the statutory assessment/audit cycles are the ones most directly addressed by tabletop exercises. The annual risk assessment and biennial audit are tracked as live clocks.
| Standard | Title | Key Requirement Addressed | CyberICS Capability | Relevance |
|---|---|---|---|---|
| CS Act Reporting | Prescribed-Incident Reporting to CSA | Report prescribed cybersecurity incidents to the Commissioner within the short statutory notification window, with supplementary detail. | Scenarios drill the reporting workflow live; in-exercise reporting timestamps and supplementary-report structuring captured in the compliance log. | Direct |
| CS Act — RA | Annual CII Risk Assessment (Statutory) | Conduct a cybersecurity risk assessment of the CII at least once every 12 months. | Exercise AARs and recurring-gap memory feed the assessment as primary input, tracked on the 12-month statutory clock. | Direct |
| CS Act — Audit | Biennial CII Compliance Audit | Undergo a CII compliance audit at least once every 2 years, demonstrating CCoP requirements in practice. | The capstone audit-walkthrough exercise plus full evidence-pack export demonstrate the requirements, tracked on the 24-month clock. | Direct |
| CCoP IR | CCoP Incident Response | Maintain and demonstrate an incident-response capability for the CII. | A live drill inject demonstrates the reporting workflow and response capability; AARs are the evidence. | Direct |
| CCoP OT | CCoP OT & Essential-Service Requirements | Protect OT delivering essential services; manage containment-versus-continuity in dense service areas. | OT-compromise scenarios exercise segmentation decisions that risk service interruption, with documented reasoning and CSA coordination. | Scenario |
| CCoP BCM | Third-Party Dependency & BCM | Manage third-party/cloud dependency risk and business-continuity arrangements. | Vendor/cloud-failure scenarios exercise restoring coverage with internal means, BCM activation, and CSA sector-dependency questions. | Scenario |
Three platform capabilities work together to feed the statutory risk assessment and demonstrate the requirements at audit.
Live Session mode provides a structured, real-time exercise environment. Participants join by code, respond to scenario steps, and all activity is timestamped — creating an auditable exercise record.
CyberICS's AI engine generates a structured AAR immediately after each exercise — documenting gaps identified, recommended corrective actions, and framework alignment.
The Compliance Dashboard generates per-framework evidence packages — a multi-page audit PDF covering exercise log, controls mapping, gap analysis, remediation timeline, and formal attestation page.
Six high-fidelity CII scenarios are immediately available, sequenced from foundational to advanced. Each exercises CCoP procedures across your OT, reporting, and executive teams.
Malware is confirmed on the SCADA network of a power-distribution CII. Tests prescribed-incident determination, rapid initial notification within the short statutory window, and structuring the supplementary report.
An attacker in the OT DMZ probes controllers serving a district's essential service. Tests containment-versus-continuity decisions where minutes matter, with documented reasoning and CSA coordination.
The managed-detection provider watching your CII goes dark after its own breach — and serves half the sector. Tests restoring monitoring internally, BCM activation, and CSA sector-dependency questions.
Coordinated injects hit your CII and two peers with CSA cell messages on national templates. Tests reporting cadence, sector information sharing, and playing well in a national structure.
Sensor telemetry feeding operational decisions shows manipulation over days — decisions made on corrupted data. Tests establishing a trusted baseline, suspending automated actions, and public-confidence management.
A mock audit of CCoP incident-response and BCM requirements: present exercise AARs as evidence, demonstrate reporting live on a drill inject, and map findings into the annual risk assessment.
Plus 59 additional scenarios across Energy, Water, Transport, Health, Manufacturing, and more. Browse the full library →
Every CyberICS exercise automatically generates four categories of evidence that map directly to the risk assessment and CII audit.
AI-generated structured PDF with gap analysis, corrective actions, and framework references. Ready within minutes of exercise completion.
Multi-page per-framework audit PDF: exercise log, controls mapping, gap analysis, remediation timeline, and signed attestation page.
Timestamped record of all participant responses, host actions, and step progression. Demonstrates real exercise activity to auditors.
Gaps identified in the exercise are automatically pushed to ServiceNow or Jira as remediation tickets — creating a documented corrective action trail.
CyberICS exercise evidence maps to multiple frameworks simultaneously. One exercise program — complete regulatory coverage.
Start free with a 14-day trial — no credit card required. Or talk to our APAC team about CCoP exercise programs feeding your assessment and audit cycles.
Also explore: ISO 27001 Toolkit · IEC 62443 Toolkit · NIST CSF 2.0 Toolkit