The security issues of Cyber-Physical power Systems (CPS) have attracted widespread attention from scholars. Vulnerability assessment emerges as an effective method to identify the critical components and thus increase the system resilience. While efforts have been made to study the vulnerability features of power systems under the occurrence of a single, discrete disturbance or failure at a specific time instant, this paper focuses on identifying the critical components of the cyber-physical system considering time-varying operational states. To investigate the potentially ever-changing CPS vulnerability features, in this paper we construct a database of cascading failure chains using quasi-dynamic simulations to capture the vulnerability relationships among components under time-varying operational states. Then, by adopting sequential mining algorithms, we mine the most frequent cascading failure patterns and identify the critical components based on the data mining results. Simulation studies are conducted on IEEE 39-bus and IEEE RTS-96 systems to evaluate the effectiveness of the proposed method for the identification of critical components at both cyber and physical layers.