With the increased digitalization and adoption of cost-effective off-the-shelf components and cyber connectivity, Critical Infrastructures (CI) operators have benefited in many ways, but the attack surface has also become larger. In addition, besides growing cyber and physical risks, COVID-19 pandemic revealed more human and societal risks, creating a stronger need for the unified cyber-physical resilience (CPR), risk management and protection system. SUNRISE project, co-funded by the European Commission, aims at tackling the cyber-physical resilience of CI with the integration of different strategies, risk indicators, and tools into such solution. This paper describes the initial approach for the toolset named TERME (ThrEat and Risk Management Engine), based on the main outcomes of the initial project workshops, whose objective was to understand the circumstances in which the CI operators and authorities found themselves during the COVID-19 pandemic.