Identify cybersecurity vulnerabilities in natural resources and environmental systems.

Identification should include software management systems used in the natural resources sectors (e.g., geographical information systems [GIS] data, light detection and ranging [LiDAR], remote sensing, i-Tree) as well as environmental monitoring systems, and climate modeling tools. 

Additional considerations include

• offshore oil and gas infrastructure cybersecurity risks
  • threat actors
  • vulnerabilities
  • potential impacts
• unauthorized access, data manipulation, and/or shutdown of critical environmental systems (e.g., water treatment plants, refineries, manufacturing, chemical production plants)
• marine systems (e.g., tanker accidents resulting in the release of crude oil)
• water, wastewater, and electric utilities
• transportation.

Process/Skill Questions:

• Which critical sectors could be affected by a natural resources system breach?
• What computer systems are used in natural resources management?
• What are the cybersecurity risks for environmental monitoring systems?
• How might bad actors interfere with computer systems in natural resources?