Since Critical National Infrastructures (CNIs) have become one of the main targets for nation state threat actors, keeping them both safe and operational during an adversarial campaign is particularly challenging. Especially the increase of their interconnectivity with Internet devices is exposing them to even more potential attack paths, making risk identification and consequently incident handling impossible. Traditional risk assessment methods fall short to address the rapidly evolving nature of vulnerability landscape. Hence, there is a need for a near-real-time dynamic risk assessment approach which aims to keep a CNI operational during an on-going attack, albeit at reduced capacity, by applying the minimum necessary mitigations. We suggest a model which identifies how/if an adversarial campaign could potentially escalate to an unsafe state of the CNI, such as physical damage or threatening life, and isolates the part of the network that could lead to such escalation. This approach combines Fault Tree Analysis, Dempster-Shafer Theory and the MITRE ATT&CK framework for deriving a near-real-time model which can adapt while an attack unfolds.