Deliverables
Teams will submit:
-
A 5–10 minute video presentation (.mp4) summarizing their findings and recommendations
-
A 1-page professional report (.pdf) documenting key points, data, and visuals that support their analysis.
Deliverables should demonstrate clear understanding of the organization’s context, cyber/OT risks, and feasible recommendations.
Professional Report
Develop a professional, consulting-style report that includes the following sections:
1) Current Situation Summary
a) DescribeRoyal Duke Infrastructure Group’s operational role and dependencies.
b) Explain why OT systems are vulnerable and which cyber threats are most relevant.
c) Include regional context—such as rising electricity demand to support existing and future data centers—and the consequences of service disruptions.
2) Risk Identification
a) Identify at least three realistic OT-related cybersecurity risks.
b) For each risk, explain:
i) How it could occur (a short, realistic scenario)
ii) Potential impact (financial, operational, safety, reputational, etc.)
iii) Likelihood (low, medium, or high)
3) Impact and Cost–Benefit Analysis
a) Estimate the potential business or operational impact of a cyber incident.
b) Recommend at least three safeguards or mitigations, including description, relative cost level, and estimated benefit.
c) Summarize how Royal Duke Infrastructure Group can balance investment, operational reliability, and resilience.
4) Recommendations & Roadmap
a) Prioritize recommendations.
b) Provide a timeline showing accomplishments in the short, mid, and long term.
5) References
a) Include a list of credible, properly formatted sources.
Presentation
Teams will present their findings to a panel of judges representing Royal Duke Infrastructure Group’s executive board. Presentation requirements:
1) Format
a) PowerPoint, Google Slides, Canva, Prezi, or similar presentation platform.
b) Slides should be clear, visually consistent, and properly sourced.
2) Content
a) Overview: Introduce Royal Duke Infrastructure Group’s context and the problem statement.
b) Key Risks: Visualize your top three cyber risks (use icons or simplified risk matrix).
c) Threat Scenarios: Explain realistic attack paths and potential consequences.
d) Recommendations: Present three safeguards with rationale (i.e., cost vs. benefit).
e) Implementation Roadmap: Show timeline of short-, mid-, and long-term actions.
f) Business Impact Summary: Explain expected improvements in risk posture and operational resilience.
3) References
a) Include a list of credible, properly formatted sources.
Evaluation Rubric
|
Guidelines
|
Points
|
|
Problem Understanding & Context
-
Does the team clearly describe Royal Duke Infrastructure Group’s operational role and dependencies?
-
Do they explain why OT systems are vulnerable and highlight regional or business consequences of service disruptions?
|
20
|
|
Risk Identification & Assesment
-
Are at least three realistic OT cybersecurity risks identified?
-
Does the team explain how each risk could occur (scenario), its potential impact, and likelihood?
|
20
|
|
Mitigation Strategies & Recommendations
-
Are the proposed safeguards practical, cost-effective, and aligned with business goals?
-
Do they explain trade-offs between investment, reliability, and resilience?
|
20
|
|
Presentation Quality & Communication
-
Is the video/pdf concise, professional, and visually consistent?
-
Are ideas communicated clearly, with strong evidence and reasoning?
|
20
|
|
Implementation Roadmap
-
Does the team provide a clear short-, mid-, and long-term roadmap?
-
Does it show how recommendations strengthen resilience and business continuity?
|
20
|
|
Total
|
100
|
Recommended Frameworks & Methodologies
NIST: Cybersecurity Framework (CSF 2.0)
https://www.nist.gov/cyberframework
NIST: Risk Management Framework (RMF)
https://csrc.nist.gov/projects/risk-management
Lockheed Martin: Cyber Kill Chain®
https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html
CISA: Foundations for OT Cybersecurity – Asset Inventory Guidance for Owners and Operators
https://www.cisa.gov/resources-tools/resources/foundations-ot-cybersecurity-asset-inventory-guidance-owners-and-operators
ASD: Principles of Operational Technology Cyber Security
https://www.cisa.gov/resources-tools/resources/principles-operational-technology-cyber-security
Background Resources
CISA: Industrial Control Systems (ICS) Resources
https://www.cisa.gov/topics/industrial-control-systems
MITRE: ATT&CK for ICS
https://attack.mitre.org/matrices/ics/
MITRE: Common Attack Pattern Enumerations and Classifications (CAPEC)
https://capec.mitre.org/
WEF: The Dangerous Blind Spot in Infrastructure Cybersecurity
https://www.weforum.org/stories/2025/10/dangerous-blindspot-in-infrastructure-cybersecurity/
Dragos: OT Cybersecurity Fundamentals
https://www.dragos.com/insights/ot-cybersecurity-fundamentals
PwC: Global Digital Trust Insights
https://www.pwc.com/us/en/services/consulting/cybersecurity-risk-regulatory/library/global-digital-trust-insights.html
Deloitte: Can US infrastructure keep up with the AI economy?
https://www.deloitte.com/us/en/insights/industry/power-and-utilities/data-center-infrastructure-artificial-intelligence.html
IEEE: A Review of Colonial Pipeline Ransomware Attack
https://ieeexplore.ieee.org/document/10181159
Virginia JLARC: Data Centers in Virginia
https://jlarc.virginia.gov/landing-2024-data-centers-in-virginia.asp
NERC: Electricity Information Sharing and Analysis Center (E-ISAC)
https://www.nerc.com/pa/CI/ESISAC/Pages/default.aspx