Anticipating Trouble: Mapping Dependencies and Challenging Assumptions

After the hard work of assessing cyber-physical risks in advance of National Special Security Events (NSSEs) such as the Olympics or World Cup, the next step is discussing systemic vulnerabilities and planning for blind spots. Every major event runs on a complex, interconnected web of systems, yet the full chain of critical dependencies is rarely mapped and tested.

This session explores complex “what if” scenarios that challenged common assumptions underlying security and resilience planning, with a particular focus on limited visibility into the operational technology (OT) environments connected to IT systems.

Learning Objectives:

• Outline the process for “gaming out” possible scenarios
• Establish methods for decision-making during moments of uncertainty or ambiguity
• Evaluate criteria for partnerships to strengthen responses
• Delineate best practices for developing effective incident response plans at a scale appropriate to the NSSE
• Identify where regulatory frameworks may conflict with operational needs