Critical infrastructure cybersecurity is dominated by cascade behavior. A failure in one sector becomes a failure in the next, on a timing characteristic that most executives have never seen written down. This is the cascade map I draw in tabletop exercises and in the Cyber War: One Scenario book.

Why a cascade map matters

The 16 sectors CISA designates are not independent. They share dependency arrows, and those arrows have timing characteristics. A grid event at hour 0 produces a water-system event at hour H1, which produces a healthcare event at hour H2, which produces a public-confidence event at hour H3. The timing characteristic is what compresses or expands the executive decision window.

Most operators understand their own sector. Few have a working mental model of the cascade.

The 16 sectors and their primary dependencies

  • Energy → Water, Healthcare, Communications, Financial Services, Transportation
  • Communications → Almost everything (every other sector depends on it)
  • Information Technology → Communications + Almost everything
  • Water and Wastewater → Healthcare, Food and Agriculture, Chemical, Energy (cooling)
  • Transportation → Food and Agriculture, Healthcare (logistics), Energy (fuel logistics), Defense Industrial Base
  • Financial Services → Almost everything (downstream commerce)
  • Healthcare → Public confidence, Emergency Services
  • Emergency Services → Public confidence, every sector during incident response
  • Government Facilities → Defense, public confidence
  • Defense Industrial Base → National security continuity
  • Critical Manufacturing → Energy, Transportation, Defense, Healthcare (medical devices)
  • Chemical → Water, Healthcare, Food and Agriculture, Manufacturing
  • Food and Agriculture → Public confidence, public health
  • Nuclear → Energy + significant public-confidence consequences
  • Dams → Water, Energy, Transportation (locks)
  • Commercial Facilities → Public confidence, financial

The arrows are not symmetrical. Communications failures cascade more aggressively than financial-services failures. Energy failures cascade faster than transportation failures. The cascade map is asymmetric and timing-dependent.

The cascade timing characteristic

The single most useful number in a cascade conversation is the dependency timing — how many hours from a failure in sector A to a measurable failure in sector B. The numbers I use in the book are drawn from observed real-world incident behavior and from the patterns that emerge in tabletop exercises:

  • Energy → Water: hours, depending on backup-generation duration and water-system battery reserve
  • Energy → Healthcare: hours to a day, depending on hospital generation
  • Energy → Communications: minutes to hours; battery reserve at cell sites is typically 4–8 hours
  • Communications → Financial Services: minutes
  • Communications → Emergency Services: minutes; severe public-safety implications
  • Water → Healthcare: hours, particularly for surgery and dialysis
  • Transportation → Food and Agriculture: days, with regional variation
  • Healthcare → Public confidence: hours; the press cycle is faster than the operational cycle

The numbers are approximate. The structure is the point.

How the cascade compresses executive decision windows

An executive deciding at hour 4 of a cyber event is not just deciding for their own sector — they are deciding for the cascade. A grid operator deciding to disconnect at hour 4 makes the water utility’s decision easier. A grid operator deciding to wait at hour 4 makes the water utility’s decision harder.

The cascade map is the artifact that lets executives see the consequence of their own decision on the next sector down the chain. In tabletops, the map produces visibly different decisions from the same executive — once they can see the cascade, they decide differently.

Where the cascade decisions get made today

Honestly: not well. The cascade decisions live across multiple operators, multiple regulators, and multiple federal coordination cells. CISA, the sector ISACs, the FBI, the relevant SLED authorities, and the carrier’s panel firms all touch the cascade decision in different ways. The coordination architecture is improving, but it is still slower than the cascade.

The book Cyber War: One Scenario spends most of its third act on this exact problem. The 72-hour scenario is built around the cascade rather than the intrusion, because that is where executive decisions actually matter most.

How to use the cascade map

Three ways:

  1. Tabletop scenario design. Build the scenario around the cascade rather than the intrusion. The intrusion sets the conditions; the cascade is where decisions get made.
  2. Board briefings. Use the cascade map as the visualization that shifts a board from sector-specific governance to cross-sector accountability.
  3. Operator mutual-aid planning. The cascade map identifies which adjacent-sector relationships matter most, and where mutual-aid agreements would compress the cascade window.

For an executive walkthrough of the full scenario built around the cascade map, see critical infrastructure cyber attack keynote or Cyber War: One Scenario.