Iberian blackout: Cyberattack is not to blame – but the threat to power grids is real. Here's why

Millions of people across Spain and Portugal experienced a major power outage on Monday, causing significant travel disruptions and bringing much of the economy to a standstill.

The sudden blackout led many private and public sector experts, including top government officials, to question whether the disruption could have been caused by a cyberattack. Spain’s top criminal court, for instance, quickly announced that it was probing the possibility of an “act of cyber sabotage against critical Spanish infrastructure.”

On Tuesday, after power came back online across the Iberian Peninsula, Spain’s electricity grid operator Red Eléctrica said its early investigation showed “no intrusion” into the system. European Council President Antonio Costa also noted on X that so far there were no indications of a cyberattack. Nonetheless, Spanish Prime Minister Pedro Sánchez has stressed that there is “no hypothesis being ruled out” with regards to the cause of the blackouts.

While preliminary findings by energy providers may have excluded a cyberattack, the incident underscores the persistent threat that cyberattacks pose to critical energy infrastructure.

Cybersecurity experts have long warned that electrical grids and critical energy infrastructure systems are vulnerable to cyberattacks and are often targeted by malicious state and non-state actors.

In 2015, for instance, Ukraine suffered widespread blackouts after hackers successfully inflected the computer systems of regional energy companies with malware. The cyberattack, which was attributed to Russia, was “synchronized and coordinated” and likely followed “extensive reconnaissance of the victim networks,” according to US and Ukrainian authorities who investigated the intrusion together.

In January, the World Economic Forum’s Global Cybersecurity Outlook 2025 noted that “modern technology relies heavily on substantial energy consumption, rendering power grids highly attractive targets for cybercriminals.”

The report adds that the global transition to renewable energy systems is also creating new vulnerabilities—a concern that has been widely echoed by national authorities around the world.

In the United States, which has seen an increase in cyberattacks on utility systems in recent years, the Federal Bureau of Investigation warned in a 2024 report that the “implementation of renewable energy and incentives for development of clean energy have created new targets and opportunities for cyber threat actors to disrupt and exploit for their own gain.”

Meanwhile, the European Union has implemented cybersecurity rules for electrical grids and other energy infrastructure systems as part of its bloc-wide Preparedness Union Strategy. The United Kingdom has also warned that its energy grid is a target for cyberattacks.

Experts note that cyber resilience must be integrated into every aspect of electrical grids and other utility systems.

“It is essential that these emerging energy systems are designed with security as a foundational priority,” the Global Cybersecurity Outlook 2025 added. “Otherwise, in the effort to address an existential crisis with urgency, there is a risk of introducing vulnerabilities that could undermine the reliability of this new energy infrastructure, with far-reaching consequences for the economy and society.”

Public and private sector cyber experts note that practices such as monitoring network activity for unusual or suspicious traffic, ensuring up-to-date networks are maintained, carefully considering third-party vendors to limit exposure and reporting cyber intrusion to law enforcement agencies are key steps to bolstering cyber resilience, among others practices.

Increasingly complex supply chains have further complicated the cybersecurity landscape. In fact, the Global Cybersecurity Outlook 2025 found that “54% of large organizations cite third-party risk management as major challenge, with supply chain security remaining top concern.”

In particular, as supply chain attacks become more visible in number and impact, the energy and utility industry has faced more organized cyberattacks with widely reported ramifications.

Moreover, the evolution of technology has reshaped the electricity industry, ushering in smarter grids, the integration of renewable energy and improved operational efficiencies. These advancements, however, have increased the complexity of the electricity supply chain, creating new set of challenges, particularly in safeguarding these intricate systems from cyber threats.

The increasing interdependencies among power systems across borders and the escalating sophistication of cyberattacks further increase the complexity on the governance and actions when a crisis disrupts.

In 2018, the World Economic Forum launched an initiative to improve the cyber resilience of the global electricity infrastructure. The initiative, which was founded in partnership with major energy providers around the world, works to advance best practices in the sector and harmonise regulations.

“As power systems go through rapid digital transformation, the critical link between cybersecurity and the energy landscape becomes increasingly evident,” a 2023 initiative report noted. “The need for global interoperability in cyber regulations in the electricity sector has become paramount.”

In 2021, the initiative worked in collaboration with the European Commission (EC) Energy Directorate to develop recommendations for improvement on the EC Cybersecurity Directive. A few years later, in 2024, the initiative provided guidance to the US government's Office of the National Cyber Director (ONDC) on facilitating interoperability and reciprocity in it's Summary of the Cybersecurity Regulatory Harmonization. The effort advanced the ONCD's exploration of a pilot reciprocity framework to be tested in a critical infrastructure subsector.

While regulations play a vital role, experts maintain that the complexity of electricity infrastructure—involving multiple providers and the integration of both legacy and emerging technologies—means that no organization can operate in isolation. Furthermore, within a complex energy value chain, each company is simultaneously a supplier and a user. Therefore, every organization must demonstrate that cybersecurity is not only a top priority but a tangible commitment.

This is especially true during times of crisis when it becomes all the more evident that an isolated approach will no longer suffice to secure and achieve a resilient ecosystem.