Identification should include software management systems used in the natural resources sectors (e.g., geographical information systems [GIS] data, light detection and ranging [LiDAR], remote sensing, i-Tree) as well as environmental monitoring systems, and climate modeling tools.

Additional considerations include

offshore oil and gas infrastructure cybersecurity risks
- threat actors
- vulnerabilities
- potential impacts
unauthorized access, data manipulation, and/or shutdown of critical environmental systems (e.g., water treatment plants, refineries, manufacturing, chemical production plants)
marine systems (e.g., tanker accidents resulting in the release of crude oil)
water, wastewater, and electric utilities
transportation.

Process/Skill Questions:

Which critical sectors could be affected by a natural resources system breach?
What computer systems are used in natural resources management?
What are the cybersecurity risks for environmental monitoring systems?
How might bad actors interfere with computer systems in natural resources?