The Cyber Guild

Major, globally visible events—such as the World Cup or Olympic Games—fundamentally change how cyber-physical risk must be identified and prioritized. Events such as these usually are designated as National Special Security Events (NSSEs), based on factors like national significance, projected attendance, and potential threat levels, with the U.S. Secret Service leading security operations.

Cyber-physical risk is the potential for cyberattacks on networked systems—such as IoT devices, industrial control systems, or medical equipment—to cause real-world damage, including physical injury, environmental catastrophes, or destruction of infrastructure. These risks occur at the intersection of digital, networked software and physical, mechanical processes. NSSEs increase the potential for attacks on such devices as credential readers, environmental control systems (heating, cooling, and water), and hospitals near the events.

Join us as thought leaders from government and industry discuss how organizations can prepare to support a major event by identifying, quantifying, and prioritizing cyber-physical risks pertaining to operational technologies (OT) deployed for the event.

Learning Objectives:

• Understand the distinct risks to OT in major event environments, especially when systems are temporary, shared across public and private owners, or rapidly deployed
• Identify which OT-related threats or vulnerabilities tend to have the most significant downstream or cascading impacts, and which are most often underestimated during planning
• Learn how to assess and model cyber-physical risk across interconnected systems, such as venues, transportation, and broadcast infrastructure
• Delineate what effective integration between cybersecurity, physical security, and operational stakeholders looks like in practice – and where it breaks down most often

After the hard work of assessing cyber-physical risks in advance of National Special Security Events (NSSEs) such as the Olympics or World Cup, the next step is discussing systemic vulnerabilities and planning for blind spots. Every major event runs on a complex, interconnected web of systems, yet the full chain of critical dependencies is rarely mapped and tested.

This session explores complex “what if” scenarios that challenged common assumptions underlying security and resilience planning, with a particular focus on limited visibility into the operational technology (OT) environments connected to IT systems.

Learning Objectives:

• Outline the process for “gaming out” possible scenarios
• Establish methods for decision-making during moments of uncertainty or ambiguity
• Evaluate criteria for partnerships to strengthen responses
• Delineate best practices for developing effective incident response plans at a scale appropriate to the NSSE
• Identify where regulatory frameworks may conflict with operational needs

• How cyber incidents escalate into a kinetic attack, affecting the ability to respond to the critical incident

• What first responders need to manage the incident

• What preparations should be made in advance of a critical event

• When a cyber incident escalates into real-world public safety impacts, how CISA defines its operational role in the first 24–72 hours—coordinating with DHS components, FEMA, state and local emergency management, and private sector owners—while balancing the need for decisive federal coordination with respect for state authority and private ownership

• The importance of executing a coordinated recovery plan to rapidly restore safety and service to the event