The 2025 Los Angeles Defense Support of Civil Authorities (DSCA) Exercise Series centered on one of the most challenging scenarios facing emergency management today: how to manage the consequences of a large-scale cyber event.
A multi-agency, multi-sector tabletop exercise (TTX) and Senior Leadership Seminar (SLS) examined what happens when a single-system cyber disruption cascades across the community lifelines that keep a region running. An operations-based drill introduced testing for the potential impacts to radio system compatibility post-cyberattack.
Representatives from the public and private sector, along with non-profit/non-governmental organizations, military and academia examined how our digital and physical worlds are inextricably linked, and acknowledged that most organizations have not yet built the mental models or dependency maps needed to navigate that reality.
“We live in a world where the digital and physical are no longer separate domains,” said Nitin Natarajan, former Deputy Director of Cybersecurity and Infrastructure Security Agency (CISA). “Every critical function, from water to communications to healthcare, depends on code. And when code is attacked or fails, operations fail.”
The Digital-Physical Convergence
A cyber incident is no longer just an IT problem. It is a complex emergency requiring expertise and coordination from the technical and operational side. The 2025 exercise series explored cascading impacts following a complex cyberattack on power systems, resulting in impacts across energy, water, wastewater, healthcare, transportation, solid waste, communications, finance, and public services.
The goal was not to test technology but to test coordination among the partners responsible for managing the fallout; how decisions are made when lifelines fail, priorities conflict, and information is partial. It asked questions many agencies have never fully answered. In fact, rather than being solution-focused, the exercise challenged participants to think about all the problems and issues that could arise. It was a structured exercise in catastrophic and critical thinking designed to reduce the “red slice,” or “what we don’t know we don’t know.”
As Erik Hooks, former Federal Emergency Management Agency (FEMA) Deputy Administrator, emphasized during the series, these scenarios are uncharted territory. “For decades, we have refined our doctrine and demonstrated effectiveness in responding to natural disasters,” Hooks observed. “However, when cascading failures are triggered by cyber incidents, our established frameworks, playbooks and statutory authorities are not fully aligned in the hyper-connected reality of the cyber-physical world we exist in today.”
A New Kind of Disaster
Unlike a fire, flood, hurricane, or other natural disaster, a cyberattack is deliberate. It adapts. It continues to strike as recovery begins.
“A hurricane doesn’t think and come back 45 days later to hit your new systems,” Natarajan reminded participants. “A hostile actor will.”
That persistence changes how we must think about workforce endurance and business-continuity planning. Many organizations have continuity or continuity of operations (COOP) plans, but few have mapped what “system down” truly means: what functions stop, who is impacted, and which dependencies are hidden inside their information technology (IT) and operational technology (OT) networks.
Even within large agencies and businesses, cyber professionals may be asked to defend or restore systems without knowing which ones are mission-critical. Likewise, executives and operators often hear “the system is down” without understanding which life-safety functions are at stake. Those disconnects can turn minutes of delay into hours of cascading loss.
When the Systems and People Go Offline
Another sobering realization surfaced during discussions beyond the exercise. In a separate real-world incident, when a major healthcare system reverted to paper charting following a ransomware attack, a surprising number of younger professionals walked off the job rather than adapt to the new environment. Risks also exist in policing and other public safety organizations, where most booking and reporting is now digital, and in education, where continuity plans assume availability of online instruction in the post-COVID-19 era. Many manufacturing systems and organizations are now paperless, and the scope and scale of operations means that reversion to paper or manual systems is no easy feat; some of these operations impact national security and are intended targets in a cyberattack.
The non-digital fallback simply doesn’t exist in many sectors anymore. That makes the threat more persistent. When connectivity collapses, so can the workforce.
How will organizations recall staff if they can’t reach them when communications fail? In natural disasters, we learned recently that, even in areas where you can send a text, there is no guarantee of receipt on the other end. This also impacts emergency alerts and warning. And what happens when hundreds of thousands, or millions of students are no longer in school, and daycares are closed? How can people work? These questions rose up repeatedly across nearly all groups.
Rebuilding resilience means teaching people how to operate without a network: how to think in slow time, and understand what “lights out” really means. Micro-exercises can help: five-minute “what-if” drills at the start of shifts, asking simple questions such as, “If this system were down, what would we do?” “If we can’t reach our staff, what process do I need to train for people to meet at strategic locations?” Several participants noted they had never considered these scenarios until the discussion itself.
The point is not nostalgia for paper forms. It is preparedness for degraded reality.
Communications
Every after-action report identifies communications breakdowns – whether technological, human, or both – as an “area to improve.” This is why it was a core focus of the Series’ 2025 Drill. Today’s radios depend on digital infrastructure: cloud-linked repeaters, leased rooftop relays, and internet-based systems that require power. Most cell towers have only 72 hours of backup power, and most repeaters have none. The 5G network is built on those rooftop relays.
If a building loses electricity, every carrier’s repeater on that rooftop fails, no matter how many networks share it. The loss multiplies fast.
Equally concerning is the human side. In many agencies, programming a radio or switching frequencies is not intuitive, and as a result many departments and agencies now rely on their IT staff to do this. In a widespread cyber incident, those specialists may not be available; in fact, it’s a sure bet their skills will be needed elsewhere. The fix isn’t high-tech; it’s training. Field personnel need hands-on familiarity with manual radio programming under pressure. This can be reinforced through small, routine drills; micro-exercises at shift changes rather than annual trainings.
The Information Environment
Participants also acknowledged the growing operational gap in public information. During fast-moving cyber events, misinformation spreads long before official messages are cleared. PIOs are trained to report facts, not to fight an information war at digital speed with degraded systems. And it is an information war—sowing additional chaos is a goal of bad actors. It’s the second disaster and it often starts on impact as response agencies try to understand what even happened.
Trusted community networks become critical. “Presence is a mission. If official voices hesitate or go silent, hostile ones will fill the void. Building pre-trusted relationships with community leaders and private-sector communicators may prove as important as building redundancy into power grids,” stated Hooks.
Expanding the Table
“What made the TTX, and the series as a whole, different was the scale and diversity of stakeholders. We had every level of government, every branch of the military, and numerous private sector, NGOs, and thought partners across multiple community lifelines all at the same tables, and willing to wrestle with hard questions,”said Nedan Rambo, the City of Los Angeles Emergency Management Department (EMD) Project Manager for the DSCA Exercise Series. “We also didn’t wait months to act on lessons learned; within days and weeks, we were already integrating what we learned into the next exercise and are writing and adapting our plans in real time. This requires partners and consultants willing to collaborate openly and share across boundaries. We’re all in this together.”
That inclusivity proved essential. Participants ranged from first response agencies and utilities to logistics companies, academia, and federal partners such as FEMA, CISA, Department of State, and the Federal Bureau of Investigation. The series deliberately expanded participation to include sectors such as water, sanitation, public health, healthcare, vector and animal control, financial institutions, and disability services, among others. All of which are critical components of the community lifelines that must operate together during a complex crisis.
As Los Angeles looks toward hosting the 2026 FIFA World Cup and 2028 Olympic and Paralympic Games, a global perspective matters. In a major cyberattack on an international city, foreign governments could begin evacuating their citizens, creating airport congestion, language barriers, and coordination challenges just as systems are degraded. It’s a scenario few had previously considered, but one that now demands planning in globally connected regions like Los Angeles.
Cyberattacks against critical infrastructure are projected to rise by 25 to 50 percent leading up to such high-visibility events, according to threat assessments. The city’s focus now is on building the relationships and decision frameworks to meet that reality head-on. LA is not alone in hosting World Cup matches or other global events, and this isn’t this a “big event” problem either. International travel is at an all-time high, and tourism is the lifeblood of many towns and cities, but, more often than not, the considerations are overlooked until it’s too late.
Uncharted Decisions
A key unanswered question that we should all be asking: Who has final authority when lifelines compete? How are priorities set between restoring power, water, communications, and transportation when each depends on the others? As you dig deeper into the problem, the surface level answers don’t hold up and neither does deferring to the next level up. Authorities are often mixed, and with limited resources and overlapping jurisdictions, the hard calls will not make themselves.
That is precisely why exercises like these matter. They surface the policy voids and response gaps before crisis fills them.
From Discussion to Doctrine
The 2025 DSCA series reaffirmed that preparedness is not only about plans, but it is about practice. In many cases, exercises become the birthplace of the plans themselves, identifying missing links between sectors and creating a shared understanding of what “mission-critical” truly means.
They also build the mental resilience required for catastrophic thinking. When scenarios feel too large to imagine, people tend to shut down. Talking through the unthinkable is how we learn to act when it happens.
Just as we have long trained for earthquakes, floods, and wildfires, we now need to train for the digital disasters that will follow, and often, accompany them. The digital and the physical are no longer parallel tracks. They are the same road.
“Protecting communities today means defending both networks and neighborhoods,” Natarajan said. “Resilience starts when we accept that reality and prepare for it together.”
