Organizational Template A. Identify the Vulnerability Type(s) B. List the Impact C. Analyze and Outline the Mitigation Plan D. Source Example: A. Vulnerability Type: Insufficient Verification of Data Authenticity Active Scanning: Vulnerability Scanning Spearphishing and Social Engineering Methods B. Impact: Remote Code Execution Directory Traversal Structured Query Language (SQL) Injection Web Shell Uploads C. Mitigation Plan: 1. Network Segmentation: use proper network-protection devices to isolate industrial robots that need to process data coming from other networks, possibly with a physical cable, to make spoofing only possible to an attacker who is physically onsite. 2. Secure Programming: in addition to adopting secure network architectures, system integrators should promote secure programming guidelines among their control-process engineers and programmers, to minimize the attack surface exposed by automation code. 3. Automation Code Management: knowing and keeping track of the automation code produced by a system integrator and running in a factory is a fundamental prerequisite to find, manage, and resolve vulnerabilities and other security issues that may arise. D. Source: AA20-304A (https://us-cert.cisa.gov/ncas/alerts/aa20-304a) .