**1. Introduction**

This chapter 'Analyzing the Cyber Risk in Critical Infrastructures' discusses the concepts of critical infrastructure (CI) and critical information infrastructure (CII), highlights the need for addressing the cyber risk to CI/CII, discusses methods and challenges in assessing the cybersecurity risk for CI/CII, and highlights upcoming cyber risk. This chapter brings together views on what comprises CII in the light of technological and societal developments, and how to analyze the cyber risk of CI and CII given the complexity of CI sector structures, dependencies, and service chains.

Following this introduction section, Section 2 introduces the concept of CII, its relation to the classical CI, and discusses the importance of analyzing the cyber risk to CI/CII. Section 3 discusses methods and challenges in analyzing the cyber risk to CI/CII both from the perspective of a single organization and across organizations e.g. across a CI sector or along a CI/CII service chain. Section 4 analyses the vulnerabilities and cyber risk of operational technology (OT) in CI. Section 5 discusses methods to analyze the cyber security risk across multiple organizations including

supply chains. Section 6 provides an outlook at new technological and regulatory developments and their possible impact on the cybersecurity risk for CI and CII. This chapter concludes with the conclusions in Section 7.
