🇸🇬 Singapore CCoP 2.0 / CII Toolkit

Meet Singapore CCoP 2.0 Exercise Expectations
with AI-Powered CII Tabletop Scenarios

Singapore's Cybersecurity Act and the Cybersecurity Code of Practice (CCoP 2.0) require CII owners to report prescribed incidents to CSA on a short clock, conduct an annual risk assessment, and undergo a biennial audit. CyberICS delivers 300+ ready-to-run OT scenarios with AI-generated After Action Reports that feed the risk assessment, demonstrate the CCoP incident-response and BCM requirements, and build readiness for national exercises like Cyber Star.

CSA Prescribed-Incident Reporting — Short Initial Clock
Annual CII Risk Assessment (Statutory)
Biennial CII Audit — Exercise Evidence Ready
National-Exercise Readiness (Cyber Star Pattern)
Start Free — 14-Day Trial Talk to Our Singapore / APAC Team
Compliance Note: CyberICS's exercise scenarios reference the Singapore Cybersecurity Act and CCoP 2.0 as part of a structured training and preparedness program. Exercising on this platform supports — but does not replace — the statutory CSA reporting, annual risk assessment, and biennial audit obligations, which require engagement with the Commissioner of Cybersecurity, your sector lead, and qualified counsel. Consult your compliance and legal advisors for official determinations.
Applicability

Who Must Comply with CCoP 2.0

The Cybersecurity Act and CCoP 2.0 apply to owners of Critical Information Infrastructure across the designated sectors. Exercise records demonstrate the CCoP incident-response and BCM requirements and feed the statutory assessment and audit cycles.

⚡ CII Owners in Designated Sectors

Owners of Critical Information Infrastructure — energy, water, telecom, transport, health, and more — must report prescribed incidents to CSA, run an annual risk assessment, and demonstrate CCoP incident-response and BCM requirements.

🏢 OT-Reliant Essential Services

Operators delivering essential services from dense urban infrastructure must exercise containment-versus-continuity decisions with no slack, and OT-DMZ intrusion response threatening essential-service delivery.

👥 Sector Leads & National-Exercise Participants

CII owners expected to participate in national exercises (Cyber Star pattern) must exercise reporting cadence, sector information sharing, and inter-agency coordination on national templates.

Standards Alignment

Cybersecurity Act / CCoP 2.0 — How CyberICS Maps to Each

The CSA reporting duty, CCoP incident-response and BCM requirements, and the statutory assessment/audit cycles are the ones most directly addressed by tabletop exercises. The annual risk assessment and biennial audit are tracked as live clocks.

CCoP 2.0 Requirement Mapping Reference

Relevance: Direct = exercise explicitly required  |  Supporting = exercise validates controls  |  Scenario = scenario content covers the threat domain

Standard Title Key Requirement Addressed CyberICS Capability Relevance
CS Act Reporting Prescribed-Incident Reporting to CSA Report prescribed cybersecurity incidents to the Commissioner within the short statutory notification window, with supplementary detail. Scenarios drill the reporting workflow live; in-exercise reporting timestamps and supplementary-report structuring captured in the compliance log. Direct
CS Act — RA Annual CII Risk Assessment (Statutory) Conduct a cybersecurity risk assessment of the CII at least once every 12 months. Exercise AARs and recurring-gap memory feed the assessment as primary input, tracked on the 12-month statutory clock. Direct
CS Act — Audit Biennial CII Compliance Audit Undergo a CII compliance audit at least once every 2 years, demonstrating CCoP requirements in practice. The capstone audit-walkthrough exercise plus full evidence-pack export demonstrate the requirements, tracked on the 24-month clock. Direct
CCoP IR CCoP Incident Response Maintain and demonstrate an incident-response capability for the CII. A live drill inject demonstrates the reporting workflow and response capability; AARs are the evidence. Direct
CCoP OT CCoP OT & Essential-Service Requirements Protect OT delivering essential services; manage containment-versus-continuity in dense service areas. OT-compromise scenarios exercise segmentation decisions that risk service interruption, with documented reasoning and CSA coordination. Scenario
CCoP BCM Third-Party Dependency & BCM Manage third-party/cloud dependency risk and business-continuity arrangements. Vendor/cloud-failure scenarios exercise restoring coverage with internal means, BCM activation, and CSA sector-dependency questions. Scenario
Platform Capabilities

How CyberICS Directly Supports CCoP 2.0 Compliance

Three platform capabilities work together to feed the statutory risk assessment and demonstrate the requirements at audit.

🎲
Risk Assessment Evidence

Documented Exercise Execution

Live Session mode provides a structured, real-time exercise environment. Participants join by code, respond to scenario steps, and all activity is timestamped — creating an auditable exercise record.

  • Timestamped participant activity log
  • Step-by-step scenario walkthrough record
  • Host control bar with session metadata
  • Exercise duration and completion record
📋
Risk Assessment Evidence

AI-Generated After Action Report

CyberICS's AI engine generates a structured AAR immediately after each exercise — documenting gaps identified, recommended corrective actions, and framework alignment.

  • Structured gap analysis with severity ratings
  • Framework reference per identified gap
  • Corrective action recommendations
  • Downloadable PDF in minutes, not days
📄
Audit Evidence Package

Compliance Evidence Export

The Compliance Dashboard generates per-framework evidence packages — a multi-page audit PDF covering exercise log, controls mapping, gap analysis, remediation timeline, and formal attestation page.

  • Exercise date, participants, and scenario record
  • Framework controls coverage map
  • Gap-to-remediation timeline
  • Attestation page for compliance files
Scenario Library

Singapore CII Scenarios — Ready to Run

Six high-fidelity CII scenarios are immediately available, sequenced from foundational to advanced. Each exercises CCoP procedures across your OT, reporting, and executive teams.

Incident Reporting
CSA Reporting — The Short Clock

Malware is confirmed on the SCADA network of a power-distribution CII. Tests prescribed-incident determination, rapid initial notification within the short statutory window, and structuring the supplementary report.

CS Act Short Clock Reporting
Essential Services
OT Compromise with Service Impact

An attacker in the OT DMZ probes controllers serving a district's essential service. Tests containment-versus-continuity decisions where minutes matter, with documented reasoning and CSA coordination.

CCoP OT Continuity CSA
Dependency Risk
Vendor / Cloud Dependency Failure

The managed-detection provider watching your CII goes dark after its own breach — and serves half the sector. Tests restoring monitoring internally, BCM activation, and CSA sector-dependency questions.

CCoP BCM Third-Party Sector
National Exercise
National-Exercise Readiness (Cyber Star)

Coordinated injects hit your CII and two peers with CSA cell messages on national templates. Tests reporting cadence, sector information sharing, and playing well in a national structure.

CCoP Exercise National Coordination
Data Integrity
Integrity Attack on Operational Systems

Sensor telemetry feeding operational decisions shows manipulation over days — decisions made on corrupted data. Tests establishing a trusted baseline, suspending automated actions, and public-confidence management.

CCoP Protect Integrity Forensics
Audit Readiness
Audit-Readiness Walkthrough

A mock audit of CCoP incident-response and BCM requirements: present exercise AARs as evidence, demonstrate reporting live on a drill inject, and map findings into the annual risk assessment.

CS Act Audit CCoP Evidence

Plus 59 additional scenarios across Energy, Water, Transport, Health, Manufacturing, and more. Browse the full library →

Evidence Artifacts

Audit-Ready Documentation — Every Exercise

Every CyberICS exercise automatically generates four categories of evidence that map directly to the risk assessment and CII audit.

📋
After Action Report (AAR)

AI-generated structured PDF with gap analysis, corrective actions, and framework references. Ready within minutes of exercise completion.

Risk Assessment Input
📈
Compliance Evidence Package

Multi-page per-framework audit PDF: exercise log, controls mapping, gap analysis, remediation timeline, and signed attestation page.

CII Audit Evidence
🕑
Session Activity Transcript

Timestamped record of all participant responses, host actions, and step progression. Demonstrates real exercise activity to auditors.

CSA Reporting Log
🔗
Gap-to-Ticket Tracking

Gaps identified in the exercise are automatically pushed to ServiceNow or Jira as remediation tickets — creating a documented corrective action trail.

Remediation Evidence

Explore the Full Regulatory Toolkit Library

CyberICS exercise evidence maps to multiple frameworks simultaneously. One exercise program — complete regulatory coverage.

Ready to Feed Your Annual CII Risk Assessment?

Start free with a 14-day trial — no credit card required. Or talk to our APAC team about CCoP exercise programs feeding your assessment and audit cycles.

Also explore: ISO 27001 Toolkit  ·  IEC 62443 Toolkit  ·  NIST CSF 2.0 Toolkit