Getting Ready for “Day Zero”: Building True Cyber Resilience

Aria Grace Law CIC continues our look at resilience and emergency responses to cyber attacks.

“We began literally with a box of candles…”

Exercise Mighty Oak tested what happens when energy supplies fail and technology goes dark.

Across government, agencies and businesses rehearsed how to rebuild governance and system control from zero.

The lesson was simple: when the network is down, resilience depends on key people knowing who to contact, what to do, with what tools, and in what order.

The UK’s Resilience Action Plan reminds us that recovery is a wide group task: government, business and communities have to try and align.

The National Cyber Security Centre (NCSC) adds that resilience matters as much as defence - speed, clarity of roles and the ability to recover are almost as vital as prevention.

Drills can be enormously helpful in guiding effective responses if a company later suffers an attack. Realistic simulations expose weak spots, clarify decision-making lines and build collective confidence.   

Lord Hunt told Parliament earlier this year, “Mighty Oak was a successful programme to test plans for full electricity restoration in the event of a national power outage. It was very successful and generated a number of learning points, and we now have a strong governance framework for oversight of the implementation of those recommendations.”(Ministerial Extracts: Energy Grid Resilience – 6 May 2025)

Aria Grace Law CIC Partner, Mark Parkhouse, summarises 9 practical actions points for preparing your resilience plan: Getting Ready for “Day Zero”

1. Emergency playbook - physical and digital

Keep a printed, off-system file naming key roles, numbers, escalation paths, trusted vendors and fallback processes. When IT is down, this becomes the authoritative plan for recovery.

2. Power your people and communications

Ensure staff trained to respond have mobile phones charged and turned on during agreed hours. It can be supportive to have at least one charged, independent communications option - landline, satellite link or handheld radio.

Businesses may pre-arrange meeting points, runners or courier routes. Mighty Oak showed that simple tool, like candles and manual logs, helped anchor early recovery. Emergency food or drink may be helpful for those in a security operations environment.

3. Run realistic, tiered simulations

Go beyond IT-only breaches. Practise degraded conditions: no connectivity, limited power, partial data loss, ongoing attack threats. Rehearse stakeholder messaging, regulator engagement and manual workflows. State and other agencies may be able to provide support. Their resources may be thinly spread and resilient businesses will plan to self-support at least in the earliest stages.

4. Embed clear roles and escalation lines

In crisis, uncertainty extends response times.  Define who decides what, and under which triggers. Map interactions between legal, technical, comms and leadership teams.

5. Maintain shadow telemetry and situational awareness

Even if systems are compromised, key leaders need read-only access to logs, external threat feeds and status dashboards, if possible, via hardened or air-gapped outstations.

6. Pre-position fallback assets and contracts

Secure standby agreements. These might be contracted couriers, or staff trained to consider and deliver alternative roles. Consider: is there offsite power and emergency communications? Who will hold offline backup kits (for example encrypted laptops, satellite modems, batteries)?

7. Legal and regulatory readiness

Align with upcoming UK Cyber Security and Resilience Bill requirements (likely to include 24-hour reporting, wider). Prepare pre-drafted notifications, evidence chains and regulator narratives.

8. Learn, adapt, embed

After every drill, test or incident, capture and consider lessons and feed them into your maturity cycle. The UK Resilience Lessons Digests note that improvement after the drill is often the most transformative stage.

9. Leaders and executives keep in mind moral and welfare. 

Keep people informed and remain optimistic.  It won’t be the first time British resilience succeeds when we keep calm and carry on.