Cyberattack and Infrastructure Failure: The Invisible Emergency

When It Happened Before

On May 7, 2021, a single compromised password brought the largest fuel pipeline in the United States to its knees. The Colonial Pipeline, responsible for delivering roughly 45% of the East Coast’s fuel supply, was hit by a DarkSide ransomware attack that forced a complete shutdown lasting six days. Within 48 hours, panic buying erupted across a swath of states from Texas to New York. Over 10,000 gas stations ran dry. Lines stretched for blocks. Fistfights broke out at pumps in the Carolinas. People filled plastic bags with gasoline — yes, literally plastic bags. Colonial Pipeline paid a $4.4 million ransom just to get a decryption tool that turned out to be so slow they ended up restoring from their own backups anyway. The kicker? The attack didn’t even target the pipeline’s operational technology. It hit the billing system. The company shut down fuel delivery voluntarily because they couldn’t figure out how to charge for it. A billing glitch starved millions of people of fuel. Let that sink in.

Four years earlier, the NotPetya malware — disguised as ransomware but actually designed to destroy — ripped through global networks in June 2017. Shipping giant Maersk, which handles roughly one-fifth of the world’s shipping capacity, lost its entire IT infrastructure. Every one of its 49,000 endpoints, every server, every network device across 600 sites in 130 countries — wiped. Employees resorted to WhatsApp and personal Gmail accounts to coordinate. For two weeks, container ships couldn’t dock, couldn’t unload, couldn’t be tracked. Total global damages from NotPetya exceeded $10 billion, making it the most destructive cyberattack in history at that time. And Maersk was just collateral damage — the malware was originally aimed at Ukrainian businesses. That’s the thing about cyber weapons: they don’t respect borders or intentions.

Then there’s the one that should keep you up at night even though nothing bad technically happened. In February 2021, an attacker remotely accessed the water treatment plant in Oldsmar, Florida, and adjusted the sodium hydroxide (lye) levels from 100 parts per million to 11,100 parts per million — 111 times the safe level. At those concentrations, the water coming out of taps would have been caustic enough to cause chemical burns internally. A plant operator happened to be watching his screen and saw the mouse cursor moving on its own. He caught it and reversed the change within minutes. If that operator had been on a bathroom break, or if the plant had been less staffed, or if the attack had happened at 3 a.m. — you finish that sentence. And in December 2015, hackers successfully breached Ukraine’s power grid, cutting electricity to 230,000 customers in the dead of winter. It was the first confirmed cyberattack to cause a power outage, and it proved that digital attacks can flip physical switches. Ukrainian operators had to restore power manually, dispatching crews to substations to physically close breakers by hand. They got the lights back on within hours, but only because their older infrastructure still had manual overrides. Many modernized American utilities don’t have that fallback.

How Much Warning You’ll Actually Get

Zero. That’s the honest answer. Infrastructure cyberattack preparedness is uniquely challenging because the warning time is essentially nonexistent. Unlike hurricanes that give you days of forecast data, or even earthquakes with their seconds of seismic alert, a cyberattack is invisible until its effects manifest. One moment your world works. The next moment, the gas station can’t process payments. The traffic lights go dark. Your tap water pressure drops. Your phone can’t connect to anything. You won’t get an emergency broadcast alert telling you that a sophisticated threat actor has penetrated the SCADA systems controlling your regional power grid. You’ll get silence — followed by confusion.

The effects themselves cascade over hours to days, which is what makes this scenario so disorienting. You might notice your credit card gets declined at the grocery store and think it’s a bank glitch. Then you hear the gas station across town is cash-only. Then the power flickers. Each failure seems isolated at first. By the time the pattern becomes clear, the panic buying has already started and you’re behind the curve. In urban areas, the cascade is faster and harder because population density means more competition for fewer resources. Rural areas might not feel the immediate impact as acutely — well water, propane heat, closer community ties — but they’re also farther from supply hubs once distribution chains break. The people who come through this well aren’t the ones who reacted fastest. They’re the ones who prepared before there was anything to react to.

The First 72 Hours

The first hour is defined by confusion, not crisis. The power may or may not be out. Your phone might work for calls but not data. The store’s card reader is down but nobody knows why. This is the critical window where most people shrug and say, “It’ll be back up in a minute.” Meanwhile, the people who take infrastructure cyberattack preparedness seriously are already shifting into action: topping off the car’s gas tank if stations are still operational, pulling cash from the wallet (not the ATM, which may already be down), filling extra water containers from the tap before treatment plants potentially lose functionality, and turning on a battery-powered or solar-powered radio to get actual news rather than relying on social media that may or may not be accessible.

Within the first 12 to 24 hours, the picture clarifies and the mood shifts. If this is a significant attack on energy infrastructure, fuel becomes the first visible crisis — just like Colonial Pipeline showed us. Stations that still have fuel switch to cash-only, then to rationing, then to closed. The psychological effect is immediate and intense: people see lines forming and their lizard brain kicks in. They top off vehicles they don’t need, fill containers they don’t have proper storage for, and generally accelerate the shortage they’re panicking about. If water treatment is affected, you may not know it right away — municipal systems have reservoir buffers that can last hours or even a day or two. But once that buffer is gone and the treatment process is compromised, you’re looking at boil-water advisories at best and contaminated supply at worst. This is why stored water isn’t optional. If you’re new to building out your supplies, The Beginner’s Guide to Survivalism: Prepping for Dummies covers the foundational priorities well.

By 48 to 72 hours, the people who weren’t prepared are genuinely struggling. ATMs are offline. Stores that are open are cash-only, and shelves are thinning fast on water, batteries, canned goods, and fuel containers. If the power grid is affected, refrigerated food is spoiling. Anyone dependent on electric medical equipment — CPAP machines, home oxygen concentrators, powered wheelchairs — is in a real emergency. The thing that kills people in this window isn’t the cyberattack itself — it’s the secondary failures. Traffic accidents from inoperative signals. Carbon monoxide poisoning from generators or grills used indoors. Medication that can’t be refrigerated. Diabetics who can’t get insulin because the pharmacy’s systems are down. Vulnerable people who can’t call for help because communications are degraded. This isn’t hypothetical. These are the documented causes of death in every extended power outage.

When Days Become Weeks

Once you pass the 72-hour mark and systems aren’t restored, the failure cascade accelerates in a predictable order. Fuel goes first, and everything depends on fuel. No fuel means no delivery trucks, which means no restocked grocery stores, no resupplied pharmacies, no diesel for backup generators at cell towers and hospitals. The supply chain doesn’t degrade gracefully; it hits a cliff. The NotPetya attack demonstrated this on a global shipping scale — when Maersk’s systems went down for two weeks, ports around the world backed up, containers were lost in the system, and the ripple effects lasted months. Now imagine that same disruption localized to your region’s fuel distribution, food logistics, and municipal services simultaneously.

Water becomes the critical concern between days 3 and 7 if treatment is compromised. Most municipal water towers and reservoirs have 24 to 72 hours of gravity-fed supply. After that, without power to pumping stations and without functional treatment processes, you’re dealing with low pressure, no pressure, or water of uncertain quality. Your stored supply and your ability to filter and purify become everything. Financial systems are the other slow-burn crisis — even if your local power comes back, banking infrastructure, payment processing networks, and supply chain ordering systems may still be down. Cash is king, but even cash has limits when there’s nothing on the shelves to buy. Neighbors start pooling resources. Communities that have relationships lean on them. Communities that don’t start fracturing. Having the right camping and emergency gear already in your closet means you’re not scrambling to improvise basic daily functions like cooking, lighting, and water purification.

Long-Term: If It Doesn’t Resolve Quickly

History gives us a somewhat reassuring data point here: most infrastructure cyberattacks have been resolved within days to two weeks at the operational level. The Colonial Pipeline was back online in six days. Ukraine’s grid was restored within hours at the local level. But — and this is a significant but — the secondary economic and logistical effects lasted far longer. Fuel prices spiked for weeks after Colonial. NotPetya’s supply chain disruption took Maersk months to fully unwind. And these were single-vector attacks hitting one system or one company. The scenario that keeps defense analysts awake is a coordinated, multi-vector attack targeting power, water, fuel distribution, and communications simultaneously. The U.S. Government Accountability Office and CISA have both warned that adversary nations have pre-positioned access within American critical infrastructure networks — not to attack today, but to have the option available during a future conflict.

If a major coordinated attack occurred and resolution stretched beyond two weeks, daily life changes fundamentally. You’re essentially living in a regional disaster zone without the dramatic visual cues of a hurricane or earthquake. The infrastructure looks fine — the pipes are there, the wires are there, the roads are there — but none of it works because the digital systems controlling it are compromised. Your daily routine revolves around water procurement, food management, fuel conservation, and information gathering. Manual skills become essential: the ability to navigate without GPS, cook without electricity, purify water without municipal treatment, and stay warm or cool without HVAC. This is where practical bushcraft knowledge stops being a hobby and starts being a genuine advantage. The people who thrive in an extended infrastructure failure aren’t the ones with the most stuff — they’re the ones with the most versatile skills.

Your Infrastructure Cyberattack Preparedness Checklist

Before — Ongoing Preparedness Habits

• Keep your vehicle’s fuel tank above half at all times. This isn’t paranoia; it’s the single easiest prep that would have saved millions of people stress during the Colonial Pipeline crisis. Gas shortages hit fast and stations go from full to empty in hours once panic buying starts.
• Maintain a 5–10 gallon fuel reserve in proper jerry cans with fuel stabilizer (PRI-G or STA-BIL). Rotate every 6–12 months. Store in a ventilated area away from living spaces.
• Keep cash on hand in small denominations. Payment processing systems, ATMs, and banking networks are all cyber targets. Even if a store has inventory and power, if their card system is down, cash is the only transaction that works. Aim for at least $200–$500 in fives, tens, and twenties, stored securely at home.
• Store a minimum of one gallon of water per person per day for at least 14 days. Water treatment plants are documented cyber targets. The Oldsmar incident proved this isn’t theoretical. Rotate stored water annually.
• Own a quality water filtration system rated for bacteria, protozoa, and ideally viruses (e.g., Sawyer Squeeze, Berkey countertop filter, or MSR Guardian). If you can’t trust what’s coming out of your tap, you need the ability to make it safe.
• Maintain offline copies of all critical documents. Birth certificates, insurance policies, medical records, prescriptions, bank account information, property deeds — printed and stored in a waterproof container. If cloud services go down, your digital files go with them.
• Own a battery-powered or solar-powered AM/FM/NOAA radio. When the internet is down and cell networks are congested or offline, broadcast radio is the most resilient mass communication system we have. The Midland ER310 or Eton Sidekick are solid choices.
• Invest in manual tools and non-electric alternatives for daily tasks: hand-crank can opener, French press or percolator for coffee, manual grain mill if you store bulk grain, hand-powered water pump, LED lanterns, headlamps, and a quality multi-fuel camp stove.
• Build relationships with your neighbors. This sounds soft, but it’s the most underrated prep on this list. In an extended infrastructure failure, community resilience is the single greatest force multiplier you have.

During — Immediate Response Actions

• Top off your vehicle’s fuel tank immediately if stations are still operational. Don’t wait for confirmation of what’s happening.
• Fill all available containers with tap water while pressure and treatment are still functional — bathtubs, pots, dedicated water containers, WaterBOBs if you have them.
• Verify your cash supply is accessible and secure.
• Turn on your battery radio and tune to local AM/FM news stations and NOAA weather radio for official information.
• Unplug sensitive electronics if power is fluctuating. Grid instability during a cyberattack can produce surges that fry equipment when power cycles.
• Take stock of your food inventory and begin planning meals around perishables first (eat the fridge, then the freezer, then shelf-stable goods).
• Check on vulnerable neighbors — elderly, medically dependent, families with infants. This is both the right thing to do and how functional communities self-organize in a crisis.
• Limit phone usage to essential communication to preserve battery. Switch to airplane mode when not actively making calls. Charge devices from vehicle batteries or solar chargers.

After — Recovery Phase

• Do not trust water supply immediately after systems are reportedly restored. Wait for official all-clear from your water utility and consider flushing your home’s lines before resuming normal use.
• Replenish all supplies you used — fuel reserves, stored water, cash, batteries, food stocks. The first attack proved your plan works; now reload for the possibility of a second event.
• Document what worked and what didn’t. Write it down while it’s fresh. What did you run out of first? What did you wish you had? What was unnecessary?
• Review and update your offline document cache if anything has changed — new insurance, updated prescriptions, changed account information.
• Assess your information gaps. Did you have trouble knowing what was happening? Improve your communication plan — maybe add a ham radio capability, or establish a check-in protocol with family.

What Most People Get Wrong

The number one mistake I see in conversations about infrastructure cyberattack preparedness is assuming it will look like an action movie. People picture dramatic explosions, instant blackouts, and clear villains on the news. The reality is far more mundane and far more dangerous because of it. A cyberattack on infrastructure looks like a Tuesday that slowly gets weird. Your card gets declined. The gas station has a handwritten “NO GAS” sign. Your phone can’t load anything. There’s no dramatic moment that tells you to activate your emergency plan. The insidious nature of it means most people spend the critical first hours assuming everything is fine and will be fixed shortly. By the time they realize it won’t, the easy window for topping off fuel and supplies has closed.

The second major mistake is over-relying on technology for preparedness itself. I’ve met people whose entire emergency plan lives in a cloud-based notes app, whose important documents are only in Google Drive, and whose communication plan depends entirely on smartphones and cellular networks. If the scenario you’re preparing for is the failure of digital infrastructure, your preparation cannot depend on digital infrastructure. Print your plans. Write down phone numbers with a pen. Keep paper maps — and while you’re at it, learn how to actually use them for navigation. The third mistake is thinking this is someone else’s problem. That the government will handle it, that your city has redundancies, that hackers only target big companies. The Oldsmar attack targeted a water plant serving 15,000 people in a small Florida city. No one is too small to be a target, and no one should be too complacent to prepare. If you haven’t started building your preparedness foundation yet, the beginner’s guide is a practical, no-nonsense starting point that covers the essentials without the tinfo