Contents
EXECUTIVE SUMMARY 1
INTRODUCTION 2
ALL OF IT IS CRITICAL, SO WHAT MATTERS? 3
OPERATIONAL TECHNOLOGY 4
RISKS AND VULNERABILITIES IN OPERATIONAL TECHNOLOGY AND CRITICAL INFRASTRUCTURE 5
A SCORING METHODOLOGY FOR CROSS-SECTOR ENTITY PRIORITIZATION 6
HOW TO USE THE METHODOLOGY 7
ANALYSIS AND CALCULATIONS 8
CASE STUDY: PRISON OT CYBERSECURITY 10
CONCLUSION 13
Table 1. Severity Indicators-Qualitative Assessment to Determine Severity Score in Table 2 8
Table 2. Severity Rating 9
Table 3. Weighting Likelihood to Cause Public Panic and to Overwhelm Resources 9
Figure 1. Priority Based on Severity Rating Alone (Table 1) 11
Figure 2. Weighted Priority for Impact A (panic) 11
Figure 3. Weighted Priority for Impact B (resources) 12
Figure 4. Weighted Priority for Impact A and B (both panic and resources) 12