Critical mission functions and cybersecurity risk management are considered to establish post-incident operational norms