When Systems Are Tested, Coordination Decides: Tabletop Exercise on Cyber Resilience
May 04, 2026
When a cyber incident hits, the first minutes rarely look organised. Information is incomplete. Responsibilities overlap. Decisions must be taken before the full picture is clear. For institutions protecting critical infrastructure, the real test is not only technical capacity, but how well they work together.
This was the scenario behind Trident Resilience 2026, a regional tabletop exercise held on 27–28 April in Bucharest, Romania. Across the region, cyber attacks are increasingly combined with disinformation, hybrid pressure and attempts to influence democratic processes. Critical infrastructure is no longer only a technical target; it sits at the centre of a wider security environment.
The exercise was co-organised by EUAM Ukraine in cooperation with the National Cyber Security Coordination Center of Ukraine, the Romanian National Cybersecurity Directorate, the Agency for Cyber Security of the Republic of Moldova, and regional and international partners, including the European Union Partnership Mission in the Republic of Moldova, BitSentinelpartners, the Euro-Atlantic Resilience Centre, and the National University of Political Studies and Public Administration. It brought together Ukrainian, Romanian and Moldovan institutions responsible for safeguarding critical infrastructure, alongside experts from academia, the private sector and observers from the European Union Agency for Cybersecurity.
Participants were placed directly into a simulated crisis, where cyber incidents escalated across sectors and borders. Systems were disrupted. Information flows were fragmented. Each decision carried consequences beyond a single institution.
In this setting, technical expertise alone was not enough. Participants had to coordinate responses, align messages and maintain control under pressure. The scenarios moved between incident response, crisis management, strategic communication and cyber diplomacy. This reflected how modern threats unfold in parallel, not in sequence.
A “Capture the Flag” competition added a practical dimension. It focused on hands-on skills: identifying vulnerabilities, responding to attacks, and working as a team in real time. It offered a clear test of how prepared specialists are when facing evolving threats.
“What emerged from the exercise was a simple conclusion: coordination shapes outcomes. Delays in communication, unclear roles or fragmented responses can turn an incident into a wider crisis. Strong links and trusted relationships between institutions, on the other hand, can contain it,” noted Dragos Dima, Senior Adviser on Cyber Security at EUAM Ukraine.
On the margins of the event, EUAM experts presented operational conclusions and discussed next steps with Romanian counterparts. Together with the Ukrainian delegation, they explored how to build on the trilateral Cybersecurity memorandum between Ukraine, Romania and Moldova, turning cooperation into practical mechanisms.
When systems are tested, it is not only technology that matters, but how institutions work together when it matters most.
