Empirical Study of Information Sharing and Decision-Making in IT/OT Incident Response

Abstract: In recent years, cyberattacks have grown increasingly advanced and sophisticated, requiring organizations to build comprehensive defenses that extend beyond technical controls to include human factors. For critical infrastructure facing IT/OT convergence risks, the establishment of rapid and accurate information-sharing mechanisms is central to strengthening resilience. As part of a human-centered approach, this study designed and conducted a Tabletop Exercise (TTX) with 119 frontline and managerial participants from Japanese critical-infrastructure firms. Using communication logs recorded during the exercise, the analysis examined actual information flows and assessed how differences in security-education levels affect command structures and network dynamics. The results indicate that more advanced education promotes the formation of flexible network structures and can support faster, more autonomous judgment at the operational edge.These findings offer actionable guidance for improving TTX design, concretizing information-sharing protocols, and standardizing incident-response procedures, thereby contributing to enhanced organizational security preparedness and resilience.

Keywords: Cyber Security, Tabletop Exercise (TTX), Operational Technology (OT), Critical Infrastructure (CI), Human Factor, Communication Network Analysis (CNA)

DOI: 10.54941/ahfe1007046

Cite this paper:

​