E.J. Hilbert, the heads Kroll's cyber unit for Europe, the Middle East and Africa, told CNBC that hundred, if not thousands attacks were already taking place—and that more attacks were coming.
Read MoreTop 5 cybersecurity risks for 2015
"There are hundreds of attacks taking place against the U.K. and U.S. nuclear industry and financial system every day. There is this non-stop badgering of the system by hackers who are hoping that one day the system will crack," said Hilbert, a former FBI agent in the cybercrime and counterterrorism field.
He was emphatic that national governments were unprepared for a cyberattack on critical infrastructure. He said that the proposed "war games" would have limited effect in acting as a pre-warning to governments on the weaknesses of critical systems.
"These tests don't do what the bad guys are going to do, they don't go far enough. If the bad guys want to shut a system down, they'll shut it down and unless you've tested for that, you don't actually know if there's a way of bringing a system back," Hilbert said.
If an attack is so bad that all else has failed, governments can always choose to shut down their own infrastructure systems. But taking such steps can have alarming consequences, such as lack of power if power plants are shut down, lack of water if water facilities are closed, and permanent system failure.
With that in mind, Hilbert said "it might be better to fight the attack then shut down the system."