Automatic Playbook Generation to Support OT Resiliency & Recovery

This project will create a web-based tool that will generate tailored cybersecurity playbooks to help organizations implement industrial control system (ICS) responses to a variety of attack vectors.


Many small and medium-sized manufacturers (SMMs) face cybersecurity attacks that they are unable to resolve and/or prevent on their own. A National Cybersecurity Alliance report found that 43% of cyberattacks are directed toward small businesses, with just 14% of firms saying that they consider their ability to mitigate cyber risks and attacks highly effective. The average data attack results in an estimated $4.35 million in damages to facility systems and often results in unrecoverable loss.

As manufacturers transition to Industry 4.0, SMMs often don’t understand the type of threats they face. Many SMMs do not have in-house information technology (IT) or cybersecurity teams, pushing the need for standardized and best-practice protocols in case of an attack.

Proposed Solution

The Ohio State University-led team’s software playbook generator will provide SMMs with cybersecurity strategies and guidelines to prepare for and react appropriately to a cyberattack. The team will develop hands-on testbeds to illustrate key attack vectors and responses supported in part by the Ohio Cyber Range Institute.

The playbooks will be a publicly available resource to create a proactive plan to help protect ICS networks from cybersecurity attacks. The playbooks will support manufacturers transitioning to Industry 4.0, including as they merge IT and operational technology (OT) systems and process large quantities of information between networks. Additionally, this project will support in-house IT or cyber teams’ securing of OT networks by helping them to understand the current threats and providing access to standardized protocols.


These tailored playbooks will give manufacturers access to the best tools they can use to structure IT/OT in a safe and resilient way and respond to cyber events.