The article argues that the OT security community itself often contributes to “incident impact inflation” by describing relatively limited industrial cyber incidents in ways that make them sound socially catastrophic. Dale Peterson uses examples such as the Muleshoe water incident, where spilled water from a tank became a much bigger public story than he believes the actual impact justified, and says this kind of framing can distort media coverage and political reaction. His proposed solution is a new OT Incident Impact Score, introduced at S4x26, designed not for specialists but for the general public, journalists, and policymakers who need a fast, intuitive way to judge whether an OT cyber incident is truly serious. The score is meant to be simple, public, and available within 12 hours of an incident becoming known, so that early narratives are shaped by a clearer sense of real-world impact rather than hype.

Peterson explains that the score combines severity, reach, and duration, each rated from 1 to 10, using the formula (Severity × Reach × Duration) / 100, which yields a final result between 0.0 and 10.0. He gives examples to show how the scale works: JLR ransomware scores 3.7, the 2015 Ukraine attack scores 2.9, Colonial Pipeline scores 3.9, Oldsmar scores 0.5, and Muleshoe scores 0.0. The broader point is that an incident only becomes truly severe when all three dimensions are high at once, rather than when one dramatic detail dominates public discussion. To keep the process fast and decentralized, the scoring system is designed as a crowdsourced platform where minimally vetted OT professionals can submit and update their assessments over time, with consensus scores refining the picture as more facts emerge.

‍

Source: https://dale-peterson.com/2026/03/16/reducing-ot-incident-impact-inflation/