Spain and Portugal blackouts spark cyberattack concerns across Europe

Blackouts in Spain and Portugal Raise Cybersecurity Alarms Across Europe

While no digital tampering is confirmed, the outages highlight growing concerns over cyber threats to critical infrastructure

Widespread blackouts that swept across Spain and Portugal this week have renewed fears about the cybersecurity vulnerabilities of Europe’s power grids. Although no conclusive evidence of a cyberattack has been found, the nature of the outages—disrupting hospitals, businesses, transit, and air traffic—has drawn intense scrutiny from cybersecurity experts and European officials alike.

Initial reports from the European Union Agency for Cybersecurity attributed the incident to a technical malfunction. But by midweek, Spanish authorities confirmed that a cyberattack has not been ruled out.

“Unless a hacker claims responsibility, it is impossible to know if cyber was at least partly responsible,” said Rob Lee, CEO of Dragos, a company that specializes in industrial cybersecurity.

Investigations under way

Uncovering the root cause of such blackouts is notoriously complex. Full forensic investigations often require weeks of system-level analysis, say security experts.

“Determining whether the cause is mechanical or malicious involves highly specialized expertise in operational technology and industrial control systems,” said Tom Pace, CEO of NetRise and a former Department of Energy cybersecurity lead.

Investigators will now begin combing through system logs, network traffic data, and the behavior of automation systems to search for signs of unauthorized access, malware, or anomalies in operational activity.

Why cyber experts are concerned

Despite the lack of definitive cyber evidence, the disruption bears hallmarks of a coordinated digital sabotage: sudden failure across multiple regions, ripple effects across infrastructure sectors, and delayed restoration timelines.

“If this were a cyberattack, it’s likely that the intruders had been inside the system for some time—probing, mapping, and waiting for the right moment,” said Vincent Stoffer, CTO at Corelight.

Stoffer notes that attributing such attacks is notoriously difficult, and public disclosure is rare, even when state-sponsored activity is suspected.

A familiar pattern: Russia’s digital influence

The Iberian blackouts follow a broader trend of increasing cyber activity across Europe, much of it linked to Russian state-sponsored groups.

Just days before the outages, French authorities publicly accused Russian military hackers of carrying out nearly a decade’s worth of cyberattacks against defense contractors, government ministries, and media outlets.

In the wake of Russia’s invasion of Ukraine in 2022, Microsoft reported a sharp rise in Russian cyber espionage and malware activity, targeting Ukrainian and allied infrastructure systems—including energy transmission networks. Similar tactics were seen in Ukraine as early as 2016.

European cyber resilience under pressure

Europe has taken significant steps in recent years to bolster its cybersecurity defenses. These include:

• The Network and Information Systems Directive 2 (NIS2), which mandates national cyber strategies and improved cross-border enforcement.

• The Cyber Resilience Act, which came into effect in December 2023, requiring “security by design” across digital products sold in the EU.

“No system is immune to increasingly sophisticated threats,” said Antoine Hautin, executive director at France-based security firm Almond.

He warns that the blending of IT and operational technology—common in energy and industrial sectors—has created new vulnerabilities, especially as systems become more digitized and remotely managed.

What comes next

Now that electricity has been restored in most affected areas, the focus shifts to forensic diagnostics, inter-agency collaboration, and potentially intelligence-sharing across borders.

Depending on findings, authorities may opt to tighten regulations or call for new investment in critical infrastructure cybersecurity. For now, officials across Europe are on alert, with many watching closely to determine whether the outages in Spain and Portugal were isolated—or part of a broader threat landscape.

As investigations continue, the incident serves as a stark reminder: Europe’s interconnected digital infrastructure is increasingly attractive to cyber adversaries. Whether through state-sponsored sabotage or opportunistic hacking, the stakes for critical systems like electricity, transportation, and communications are growing by the day.

Stay tuned to The Horizons Times for updates on cybersecurity threats, infrastructure resilience, and European policy responses.