A Cyber War Book Built on Real Tabletops
Cyber War: One Scenario
A scenario-based exploration of a coordinated cyberattack on American critical infrastructure , the systems that fail first, the cascading failures, and the decisions made in the first 72 hours. Written by 5x CIO/CISO Mark Lynd.
Cyber War: One Scenario is the cyber war book that shows what a coordinated cyberattack on America actually looks like , not in headlines, but in operations rooms, board calls, and utility control centers. Drawing on patterns from 150+ real C-Suite cyber tabletop exercises facilitated across critical infrastructure, the book walks readers through one realistic 72-hour scenario from initial intrusion through cascading failure, public response, and the decisions that determine whether the country recovers in days or months.
Why This is the Cyber War Book Practitioners Recommend
Most cyber war books either drift into speculative fiction or stay in policy abstractions. Cyber War: One Scenario stays operational. Mark Lynd has facilitated 150+ executive cyber tabletop exercises across energy, water, transportation, finance, healthcare, and defense. The scenario in the book is built from those sessions , what actually happens when intrusion-set X meets utility-control-system Y, what board calls take place at hour four versus hour forty, and which decisions tip a contained incident into a national crisis.
It is the cyberattack book security leaders, infrastructure operators, and policy professionals share with their teams because the failure modes are real. The vendors, the protocols, the human bottlenecks, the regulator timelines, and the cyber insurance dynamics are all drawn from facilitated exercises and incident debriefs.
The book is widely shared in defense, energy, water, and federal-civilian audiences as a starting point for executive conversations about national-scale cyber risk , the kind that does not get clear until someone walks you through the first 72 hours minute by minute.
The Scenario, Hour by Hour
The book’s spine is one realistic 72-hour cyberattack scenario, structured so executives can read it as a tabletop and security teams can read it as a postmortem. Each phase pulls from real-world incident patterns.
Hours 0-6: Initial Intrusion
The first signal, the missed alert, and the fork in the road where containment is cheap if anyone is paying attention. The exact moment most organizations have already lost the next 60 hours.
Hours 6-24: Lateral Movement
How a coordinated adversary moves through OT and IT in parallel, the trust boundaries that fail first, and the detection patterns that work in retrospect but rarely in the moment.
Hours 24-36: First Cascading Failure
The first downstream service drops. Public awareness begins. Federal partners enter the call. The book walks through which agencies, which authorities, and which timelines.
Hours 36-48: National Coordination
CISA, sector-specific ISACs, the FBI, and the carrier’s panel firms all need different things at the same time. The book shows the coordination architecture that holds versus the one that buckles.
Hours 48-60: Public Communications
The press conference, the regulator filings, the cyber insurance carrier’s public-statement gate, and the moment a reassuring statement turns into a deposition exhibit.
Hours 60-72: Recovery Decisions
Restoration paths, backup integrity questions, the choice between fast and forensic, and the residual risk that gets carried into the next quarter regardless of what gets reported.
What You Will Take Away
Lessons drawn from 150+ executive cyber tabletop exercises, distilled into one continuous 72-hour scenario.
How a Cyberattack on America Cascades
Why a single utility intrusion becomes a regional outage, how the cascade reaches finance and healthcare, and the hours when secondary failures compound the primary one.
The Decisions That Define Outcome
The four or five decisions per incident that determine whether you spend the next quarter on restoration or on litigation. The book maps each one to a moment in the scenario.
Where Tabletops Reveal Failure
The recurring failure modes Mark sees during 150+ executive cyber tabletop exercises , the gaps that exist on paper, the ones that surface only under time pressure, and the ones nobody admits to until the postmortem.
National-Security Cyber Threats
A working framework for understanding the cyber threat landscape against critical infrastructure: the actors, the access vectors, and the targeting that defines national-security cyber risk.
Cyber Warfare Beyond the Headlines
A grounded view of cyber warfare for non-specialist readers , what is actually happening, what is overstated, and what executives need to take seriously without panicking.
Incident Response Under National-Scale Pressure
How incident response patterns hold (and break) when the timeline compresses, the regulators multiply, and the press is already on the lawn.
Who This Cyber War Book is For
For Critical Infrastructure Operators
Energy, water, transportation, telecommunications, healthcare, and finance leaders who need a shared mental model for what an infrastructure cyberattack actually looks like in operations.
For Federal and Defense Audiences
Policy makers, federal agency leaders, defense and intelligence professionals, and Congressional staff who need to understand cyber war scenarios at the operational level, not just the headline level.
For Boards and Executives
CEOs, CISOs, CIOs, and board directors who need to understand cyberattack risk at the strategic decision level , including the cyber insurance, regulatory, and reputational dynamics.
For Security Practitioners
SOC leaders, IR managers, threat intel teams, and security architects who want a realistic scenario to walk teams through during readiness training.
For Tabletop Facilitators
Run the book’s scenario as the spine of an executive tabletop. Mark also leads custom executive cyber tabletop exercises drawn from the same material. Hire a tabletop exercise facilitator →
For Educators and Researchers
University programs in cybersecurity, public policy, and national security use the book as a teaching scenario for graduate-level case studies.
Related Resources by Mark
Companion frameworks and articles that extend the book’s scenario into the questions that follow it.
Critical Infrastructure Attack Book
Why this scenario keeps getting cited inside critical-infrastructure briefings.
Cyber Warfare Book
A grounded look at cyber warfare for executives and policy professionals.
Cyberattack on America Book
The scenario in book form, written for the audience reading the headlines.
Cyberattack Book
For readers searching the broad term , what makes this one different.
Cyber War Scenario Book
The scenario-based read for readers who want operational depth.
Best Cybersecurity Book
Why Cyber War: One Scenario keeps making the lists.
Operational Technology Keynote
The OT cybersecurity keynote built around the book’s coordinated-OT scenario.
Critical Infrastructure Keynote
The 16-sector cascade keynote drawn directly from the scenario.
Quantum Keynote Speaker
The harvest-now-decrypt-later thread quietly running through the scenario.
Inside the Scenario (Article)
A walkthrough of the book’s coordinated OT attack and what it teaches executives.
Sector Cascade Map (Article)
The dependency map that anchors the book’s third act.
OT Cybersecurity 2026 (Article)
A practitioner state-of-the-discipline view that pairs with the book.
First-Hour Coordination
The article version of the scenario’s opening hours.
The 72-Hour IR Executive Playbook
A companion playbook that extends the book’s timeline.
Incident Response Keynote Speaker
Conference keynotes built on the same scenario.
What Readers and Operators Say
“The most realistic cyber war book I’ve handed to a board. They finally understood why the first six hours matter more than the next sixty.”
CISO, Energy Utility
“Mark wrote the cyberattack scenario we use to brief incoming federal-civilian leadership on national-scale cyber risk.”
Former Federal CIO
“If you only read one cyber war book this year, this is the one. It is operational, not speculative, and the scenario is dead-on.”
Cybersecurity Practice Lead, Defense Sector
“We assigned the book to every operations leader before our quarterly tabletop. The discussion was at a different altitude after that.”
VP Cyber, Critical Infrastructure
Frequently Asked Questions
Is Cyber War: One Scenario fiction or non-fiction?
It is a non-fiction cyber war book built around one realistic scenario. Every element , the intrusion sets, the failure modes, the federal coordination architecture, the public communications dynamics , is drawn from real-world incident patterns and 150+ executive cyber tabletop exercises facilitated by Mark Lynd.
Is this the best cyber war book to read first?
For executives, board members, and operators who need a working command of cyber war risk, this is the book most practitioners recommend as the operational read. It is short enough for a board prep weekend and substantive enough to drive a quarterly tabletop.
Does the book cover an attack on America’s critical infrastructure?
Yes. The scenario centers on a coordinated cyberattack against American critical infrastructure, structured to show the cascading effects across energy, water, transportation, finance, and healthcare.
Who is the cyber war book for?
Critical infrastructure operators, federal and defense audiences, boards and executives, security practitioners, and tabletop facilitators. Each group reads the same scenario through a different lens.
Can the scenario be used as a tabletop exercise?
Yes. Many security teams use the book’s 72-hour scenario as the spine of an executive tabletop. Mark also leads custom executive cyber tabletop exercises drawn from the same source material. Hire a tabletop exercise facilitator →
Is there a Mark Lynd cyber war keynote drawn from the book?
Yes. Mark delivers keynotes for executive audiences, infrastructure operator events, and policy summits built on the book’s scenario. Critical infrastructure cybersecurity speaker →
How does this compare to other cyber war and cyber warfare books?
The genre tends to be either policy abstraction or speculative fiction. This book stays at the operational level , the actual decisions, the actual federal coordination architecture, the actual incident patterns. That is why it shows up on practitioner reading lists.
Can I order in bulk for a team or briefing?
Yes. Bulk pricing is available for security teams, executive offsites, federal training programs, and academic courses. Contact Mark’s office for quotes and signed copies.
Buy Cyber War: One Scenario
Available in eBook and paperback formats. Bulk ordering available for executive teams, infrastructure operators, federal training programs, and academic courses , contact Mark’s office.
Run the Cyber War Scenario as Your Next Tabletop
Mark facilitates executive cyber tabletop exercises and delivers keynotes drawn directly from the book’s scenario for critical infrastructure, defense, energy, finance, and healthcare audiences.