**2.3 Why considering the cyber related risk to CI and CII?**

The most feared phenomenon by states is the cascading effect due to dependencies between CIs and CIIs. When one CI or CII is disrupted or destroyed, cascading disruption(s) may occur through the dependency of other (critical) infrastructure(s). Another important risk factor to CI and CII is a common cause failure: "*a failure where the function of multiple infrastructures is disrupted or destroyed by the same cause or hazard affecting these infrastructures at the same location or area in the same time frame*" [2]. Common cause failures may for instance be triggered by extreme weather, flooding, wildfires, and common use of the same vulnerable ICT or OT application, software, or equipment.

In modern societies, the (cyber) risk to society and the economy due to inadvertent and deliberate CI/CII disruptions and cascading and common cause phenomena increases due to:


Therefore, the analysis and mitigation of the cyber risk in CIs and CIIs pose major challenges to states and their operators of essential services.
