Summary

The Colonial Pipeline ransomware attack from May 2021 is one of the biggest cybersecurity incidents in history in its impact on the United States. ThreatGEN provides a Settings File and an (sample) Incident Response Plan that can be used by an AutoTableTop™ facilitator to run an exercise based upon the situation that the Colonial Pipeline team faced in May 2021.

By uploading these two files into the AutoTableTop™ setting screen, ThreatGEN ran the exercise 10 times with varying outcomes, which are the basis of the Case Study, Scenario discussion, Transcript and End Exercise Analysis Report.

---

Sample Exercise Files

New AutoTableTop™ facilitators can use all of these files to execute their own exercise and review their outcomes with those included in the Case Study. This is meant as a means to become comfortable with the tool and determine effective responses.

Save these files to your PC in order to recreate the Colonial Pipeline ransomware attack exercise yourself.

File Description	File
A Settings File that can be uploaded into AutoTableTop­™ settings window to execute an exercise based on the Colonial Pipeline attack.
A sample Incident Response Plan that can be uploaded into AutoTableTop™ settings window in conjunction with the Settings File so that your actions can be judged against the plan.
A Scenario Document discussing each setting within the Settings File, both general settings and specific to this scenario.
The Case Study Document resulting from running AutoTableTop™ 10 times and taking the resulting analysis against the real-life results.
An End Exercise Analysis Report generated using the Settings File and Incident Response Plan above.
A sample Transcript from an exercise run with the above Settings File and Incident Response Plan.

Copyright © 2025 by Derezzed Inc. D/B/A ThreatGEN.