The Cascade — Coordinated Infrastructure Attack Analysis

Section 01

The Moment Nobody Has Planned For

I want to start with a scenario I have thought about seriously — because in the current threat environment, I believe every security professional should. It is a Tuesday morning. My phone shows no signal. I assume it is a temporary outage. I wait. Five minutes pass. Ten. I try to connect to WiFi and the router blinks but produces nothing. I turn on the television and get a static screen on every channel. I step outside. My neighbor is standing in her driveway, phone in hand, the same confusion on her face.

My children are home. My mother lives in New York City — she does not own a car, she depends entirely on public transportation, and her building has no landline. I have no way to reach her. I do not know whether to stay, to drive toward her, or to wait for instructions that are not coming — because every system designed to deliver those instructions has gone silent simultaneously.

This is not a disaster movie premise. It is the logical outcome of a coordinated attack on three infrastructure systems that the United States has spent the last two decades making faster, more connected, and more interdependent — while stripping away every analog backup that once provided resilience. The attack does not require nuclear weapons. It does not require boots on the ground. It requires pre-positioned access, a coordinated trigger, and the patience to wait for the right moment. All three of those conditions already exist.

Analytical Framing: This analysis is not a prediction of imminent catastrophe. It is a professional assessment of documented vulnerabilities, confirmed pre-positioning by nation-state actors, and the structural gaps in civilian preparedness that transform a technical attack into a societal crisis. Every vulnerability described in this report is publicly confirmed. Every gap is currently unfixed. Every recommendation is actionable today.

device_hub Figure 1 — The Dependency Stack: Why Three Failures Become Everything

cell_tower

Phase 1 — Communications

Cellular, Internet, EAS go dark. No signal, no news, no 911. The population cannot talk to each other. Emergency services cannot coordinate. The government cannot reach citizens.

psychology

Triggers — Panic and Disorientation

No coordination. No situational awareness. Each person acts alone on incomplete information. Attacker achieves social fracture without firing a shot.

bolt

Phase 2 — Electric Grid

Power and distribution fail. Water pumps stop. Food spoils within hours. Heat and cooling fail. Hospitals shift to generator power with fuel clocks running immediately.

remove_shopping_cart

Triggers — Scarcity Within 72 Hours

Food gone. Water fails. Medications at risk. Generators depleting. An already divided population does not need to be pushed into chaos — it only needs to lose the thin infrastructure holding it together.

train

Phase 3 — Transportation

Rail, aviation, and ports freeze. Supply chain halts entirely. No resupply possible. Goods in transit cannot be delivered. Emergency resources cannot be moved.

dangerous

Outcome — Society Cannot Defend Itself

No communication. No food. No movement. Three failures close the trap. A society unable to coordinate, supply, or respond to an external threat — without a single shot fired.

Three failures cascade into one outcome: a society unable to coordinate, supply, or defend itself

Section 02

The Strategic Doctrine — Why America Defeats Itself

A sophisticated nation-state adversary — China, Russia, or a proxy coalition — does not need to defeat the American military. It needs to make the American military unable to function by ensuring that everything the military depends on for domestic stability has collapsed. When police and National Guard are overwhelmed managing civilian unrest driven by food scarcity and communications blackout, they are not available to respond to the external threat.

Core Strategic Assessment: The most effective attack on a superpower is not destruction of its military capacity — it is destruction of the civilian coordination infrastructure that allows a society to function, organize, and respond. The attacker wins not by defeating America but by making America defeat itself.

Pre-Positioning: The War That Is Already Underway

This analysis does not describe a hypothetical future threat. The pre-positioning phase is confirmed and active. Volt Typhoon — a Chinese state-sponsored threat actor — has maintained persistent access inside US power grid infrastructure, water systems, communications networks, and transportation systems since at least 2021, with the FBI confirming some footholds will never be found. Russia's Sandworm unit has demonstrated destructive capability against power grid infrastructure in Ukraine. Iranian-linked actors executed a mass wipe of 200,000 devices across a US medical technology company in March 2026.

Actor	Confirmed Capability	Trigger Condition	Assessment
China / Volt Typhoon	Embedded in US power, water, comms, transport — 5+ years persistent access	Taiwan military conflict	Active — Confirmed
Russia / Sandworm	Demonstrated OT grid destruction capability — Ukraine 2015, 2016, 2022	NATO escalation in Europe	Active — Confirmed
Iran / IRGC Proxies	Destructive wiper attacks — Stryker March 2026, Saudi Aramco 2012	US-Israel military action against Iran	Active — Escalating
Sleeper Networks	Physical human assets confirmed in NYC, Texas, and other major cities by FBI and NCTC	Coordinated with cyber activation	Suspected — Partially Confirmed

Section 03

Phase 1 — Kill the Voice: The Communications Strike

Three out of four American adults now live in wireless-only households. For adults aged 25–34, that figure reaches 90%. Cellular infrastructure is no longer a convenience technology — it is the only emergency communications infrastructure most Americans possess. When it fails, the silence is total.

The Vulnerability Is Confirmed: Security researchers documented 119 vulnerabilities across LTE and 5G implementations in 2025. Salt Typhoon, a Chinese state-sponsored actor, has already achieved persistent real-time access to US cellular networks, including the law enforcement wiretapping infrastructure. Security professionals now operate under the explicit assumption that US cellular networks are compromised channels.

The Weaponized Information Vacuum: The most dangerous aspect of a communications strike is not silence — it is controlled noise. A coordinated attack would first flood social media and broadcast channels with contradictory disinformation. By the time the actual infrastructure disruption begins, the population is already fragmented by competing false narratives. That disagreement is more paralyzing than silence.

The Landline Question — A Critical Policy Failure in Progress

The analog copper landline has no software, no operating system, no remote attack surface. It cannot be jammed at scale. It does not require external power at the handset. The United States is deliberately dismantling it. AT&T announced in December 2024 its intention to shut down virtually all POTS lines by 2029, saving $6 billion annually.

The Infrastructure Paradox: Decommissioning the most resilient communications infrastructure in the country, at the moment when nation-state adversaries have confirmed access to its cellular replacement, is not a technology upgrade. It is a preparedness failure disguised as modernization.

phone_disabled Figure 2 — The Landline Collapse: A Century of Resilience Being Dismantled

2000

Peak coverage

~95% of Homes Had a Landline

Analog copper infrastructure — a century in the making. No software. No attack surface. Independent of external power at the handset. The most resilient communications technology in the country.

2008

iPhone era begins

63% — The Cellular Migration Begins

The smartphone era shifts consumer behavior. Landlines begin a steady decline driven by commercial convenience, not any deliberate policy choice about emergency resilience.

2019

FCC removes price caps

~40% — Policy Accelerates Abandonment

FCC declares POTS “outmoded legacy service.” Price caps removed — carriers immediately raise residential prices to $40–70/month to accelerate customer abandonment.

2026 — Now

73% wireless-only

27% Landline Penetration — Nation-State Actors Hold Cellular Access

Salt Typhoon confirmed persistent access to US cellular networks. The resilient backup is being decommissioned while the replacement is already compromised.

2029

AT&T shutdown target

~0% — Full Decommissioning

AT&T announced December 2024: shut down virtually all POTS lines by 2029, saving $6B annually. The most cyber-resilient communications infrastructure in the country eliminated for commercial efficiency.

A commercial efficiency decision is being made with national security consequences that have not been adequately assessed

Section 04

Phase 2 — Kill the Power: The Grid Failure

The moment power fails, every clock starts ticking simultaneously. Hospital generators are sized for 72–96 hours of fuel. Refrigerated food stays safe for approximately four hours. Emergency food distribution systems do not carry 72 hours of supply for their service populations. Insulin requires refrigeration. Dialysis requires power and ultra-pure water simultaneously. At 72 hours, the reserves that allow adaptation run out simultaneously.

The Volt Typhoon Pre-Position: Dragos confirmed in 2025 that a single US electric utility had an adversary with 300 days of confirmed dwell time inside its control systems. The FBI Director has confirmed that some footholds inside US grid infrastructure will never be found.

Section 05

Phase 3 — Freeze the Supply Chain: Transportation

The average retail grocery store carries approximately three days of inventory. Under disrupted conditions, the shelves are bare within 72 hours — precisely when the power grid failure has made food storage impossible anyway. Every one of approximately 45,000 daily US flights depends on GPS for navigation, and GPS spoofing has moved from theoretical threat to documented operational reality.

The Rail and Port Dimension: A communications blackout disrupts train dispatch and creates collision risk that forces immediate network shutdown. Container ports depend on networked crane systems and logistics management software. A simultaneous disruption of aviation, rail, and port operations does not merely slow supply chains — it stops them entirely.

Section 06

The Human Layers — Sleeper Networks and Surveillance Inversion

Physical human assets are most valuable not after the attack but before it — as the initial penetration capability that establishes the cyber footholds that make the technical attack possible. A human asset — a recruited insider, a coerced employee, a vendor technician whose company was compromised — can provide credentials, network diagrams, and physical access tokens that no remote cyber operation can easily obtain. They are the crowbar that opens the door.

Confirmed Intelligence Assessment: Declassified FBI cases confirm longstanding Hezbollah networks with documented sleeper and surveillance capabilities in NYC, Texas, and other major cities. Russia's SVR has run long-term human intelligence operations inside US critical infrastructure for decades. China's Ministry of State Security is assessed as running the most sophisticated and patient long-term human recruitment operations of any foreign intelligence service.

The post-attack role of physical assets: disrupting the repair and restoration operations that would end the crisis. A power grid that can be restored in two weeks becomes a years-long crisis if repair crews face physical interference.

The Surveillance Inversion — Every Smart Device Is a Window In

The modern American home contains an average of 20 internet-connected devices. Each is in principle a surveillance endpoint that can be accessed remotely to map the schedule, habits, and vulnerabilities of the person who operates critical infrastructure. The consumer IoT layer — insecure by design, rarely patched, connected to home networks also used for remote work — provides exactly the reconnaissance capability a nation-state would need.

Section 07

The 72-Hour Collapse — Hour by Hour

timer Figure 3 — The 72-Hour Collapse Timeline

play_circle

Hour 0 — Grid Goes Dark

Lights out. Traffic systems fail. Gas pumps stop. ATMs dark. Door access systems fail. Cellular towers running on battery backup — clock starts immediately.

cell_tower

Hours 1–4 — Communications Begin Failing

Cellular towers exhaust battery backup. Internet goes dark. 911 goes silent. No emergency broadcasts. The information vacuum is complete.

local_hospital

Hour 24 — Hospital Crisis Begins

Refrigerated food spoiling. Generator fuel depleting. Water pressure failing. Insulin and vaccines at risk. Dialysis centers in immediate crisis.

dangerous

Hour 72 — The Cliff

Hospital generators run dry. Emergency food exhausted. Insulin, vaccines, blood products fail. Law enforcement capacity unsustainable. No tested national plan exists for what happens next.

update

Recovery — Weeks to Years

Grid: weeks to months. Supply chain: months. Social stability: years. Puerto Rico after Hurricane Maria 2017 — grid failure lasted 11 months in some areas, with no adversary actively preventing repair.

Puerto Rico after Hurricane Maria 2017: grid failure lasted 11 months in some areas — with no adversary actively preventing repair

Section 08

Prevention Architecture and the Case for Civilian Resilience

Halt the POTS Decommissioning — Mandate Emergency Analog Preservation

Federal policy should mandate preservation of analog POTS capability in all public facilities, hospitals, emergency services, and community centers regardless of carrier commercial incentives. The cost of maintaining this infrastructure is a fraction of the cost of a national emergency caused by its absence.

CRITICAL — Communications Resilience

Mandatory OT Modernization with Federal Funding Mechanism

Legacy operational technology running on unpatched firmware from the 2000s represents a direct threat to civilian survival. Cybersecurity must carry identical mandatory status to physical safety standards. Existing infrastructure grants should require OT security modernization as a condition of funding.

CRITICAL — OT Infrastructure

Security Clearances and Home Security Requirements for Critical Infrastructure Personnel

Anyone with privileged access to critical infrastructure systems should undergo background investigation commensurate with their access level. Personnel in the most sensitive roles should receive guidance for securing their home networks and consumer IoT devices — because the intelligence preparation for an attack may be occurring through devices in their living rooms.

HIGH — Personnel Security

EAS Hardening and Anti-Spoofing Authentication

Mandatory authentication for all EAS activations, cryptographic signing of alert messages, centralized security monitoring, and mandatory patch management are baseline requirements. A system that can be hijacked to issue false evacuation orders is not a resilience asset — it is an attack surface.

HIGH — Emergency Communications

Resilience Measure	What It Provides	Cold War Precedent	Current Status
Community emergency communication centers	Physical location with functioning analog communications when cellular fails	Civil defense neighborhood wardens and community shelters	Does not exist in most communities
Free analog landline at public facilities	Emergency voice capability independent of cellular infrastructure	Public telephone infrastructure maintained as essential service	Being actively decommissioned
Emergency broadcast radio distribution	Battery-powered AM/FM receivers — analog EAS reception independent of cellular or internet	Civil defense radio distribution programs	No current program
Public preparedness education	Citizens who know what to do at hour zero — designated meeting points, 72-hour protocols, family communication fallback plans	CONELRAD and Civil Defense public education campaigns	FEMA Ready.gov exists but minimal public awareness
Unified national response authority	Single accountable command structure for simultaneous multi-domain civilian infrastructure failure	Office of Civil Defense Mobilization	No equivalent exists for this scenario

Section 09

Conclusion — The Gap Between What Is Possible and What We Have Planned For

The scenario described in this report is not a distant hypothetical. Every technical capability required to execute it is confirmed in the hands of at least two nation-state adversaries. The infrastructure vulnerabilities that make it possible are documented, public, and currently unfixed. The pre-positioning is confirmed by the FBI, CISA, the NSA, and the Air Force cyber commander who called its potential activation “total war.”

The analytical conclusion is not that this attack will happen. It is that the structural conditions that would make it catastrophic rather than merely severe are currently in place and trending in the wrong direction — the decommissioning of POTS, the absence of a unified civilian response authority, the dismantlement of Cold War civil defense infrastructure without a modern replacement, and the 73% of Americans who have no fallback communication capability if cellular fails.

The Question That Should Drive Policy: If cellular goes down tonight, how does a parent in Connecticut reach their mother in New York? How does a family know where to go, whether the roads are safe, whether help is coming, and how long they need to sustain themselves independently? The answer today is: they cannot, they do not know, and they have no plan. That gap is not a technology problem. It is a policy decision. It can be fixed. It should have been fixed before this analysis needed to be written.

This analysis is a hypothetical strategic assessment based entirely on publicly documented infrastructure vulnerabilities, confirmed nation-state capabilities, and published emergency preparedness research. All threat actor capabilities referenced are confirmed in public reporting from CISA, NSA, FBI, Dragos, Microsoft, the Congressional Research Service, and the National Counterterrorism Center. No classified information is referenced or implied. This represents the author's independent analysis for educational and professional purposes and does not reflect the views of any employer, client, or government agency.

Yana Ivanov

Security Analyst · CMMC Compliance Analyst · SiteWave Studio

Yana Ivanov is a security analyst and CMMC consultant based in Connecticut, specializing in cybersecurity risk assessment for defense contractors in the Connecticut defense industrial base. With 15 years of enterprise technology experience and an MS in Information Systems, she brings a practitioner perspective to threat intelligence that bridges technical analysis and human impact. She is pursuing CompTIA Security+ and CMMC Registered Practitioner certification. This analysis was produced independently as a contribution to the national security community's understanding of civilian infrastructure vulnerability and the preparedness gaps that transform technical attacks into societal crises.

Portfolio