wpadmin

My Story from the Spanish Blackout

July 2, 2025

Hello Cyber-Builders 🖖

In 2017, I published a paper with NATO experts on what had happened to the Ukrainian power infrastructure during early cyberattacks (see doc at the end). At that time, only a few cybersecurity companies were truly exploring the risks tied to power grids and generation plants.

But this April, while visiting Spain, I lived through one of those “someday” moments.

This post starts a three-part series on why blackouts today are no longer random technical failures — they are becoming tools of hybrid warfare and systemic risk.

In Part 1, I’ll share my personal experience from the April 2025 Spanish blackout.

In Part 2, we’ll explore the geopolitics of power grid targeting — why nation-states increasingly view energy infrastructure as a weapon.

In Part 3, we’ll examine how modern grids became fragile and what cyber-builders need to know about protecting them.

April 28th, Sevilla.

I was there with family for a few days’ break, enjoying a warm spring day and the beautiful city of Sevilla with its downtown streets, fortress, and lovely gardens.

Then, out of nowhere:

No more power — across Spain and Portugal.

At first, we thought it was local. It felt almost funny. Some joked:

“Poor Spanish — unreliable traffic lights.”

We crossed a six-lane boulevard near the Sevilla canal with 20 other pedestrians, unaware of the scale.

Then came the strange moments. We tried ordering drinks, and the waiters hesitated. The Wi-Fi was down, and payment terminals stopped working.

We got the news: “Un gran apagón” — a massive blackout.

At first, phones still worked, and we could read the news. Then, slowly, the network faded. We waited. We returned to our apartment, stopping at a small open shop selling cans, water, and snacks.

Around us:

  • No more trains.

  • No more planes.

  • No phone or internet.

  • No traffic lights.

  • Massive traffic jams.

Authorities urged people to stop using cars. Hospitals ran on diesel generators, barely sustaining lifelines for the critically ill. People waited in long lines. We caught ourselves checking our phones constantly. Out of habit, we even tried switching off the bathroom light.

That’s when the realization hit: we are utterly dependent on electricity.

You shop? You pay with power-based systems. You have cash? Barely. Maybe a few bills to buy a drink or a sandwich. That’s it.

We later learnt the truth. In late April 2025, a massive power blackout struck the Iberian Peninsula, leaving most mainland Spain and Portugal without electricity for about ten hours.

The outage on April 28 cascaded across the Spanish grid and even caused minor disturbances in neighboring regions (Andorra and parts of France).

With an estimated 15 GW of power generation (60% of the Spanish production) disconnected from the grid in just 5 seconds, it would have been hard to recover from such a massive disconnect. The disconnect was too massive to recover, even with European solidarity (like power from the French network). Consequently, the automated system disconnected Spain from the rest of Europe to ensure the rest of the EU Grid. For a good overview of the EU Power Grid resilience, see this document.

Millions of people were impacted, and the blackout paralyzed transportation:

  • Closed metro lines

  • Failed traffic lights

  • Air traffic disruptions

  • Commerce largely halted

Tragically, several indirect fatalities were later reported — from fires and generator accidents — underscoring the event’s severity.

From the outset, authorities suspected a possible cyberattack might have triggered the collapse.

Spain’s National Court announced an investigation into a potential “act of cyber sabotage against critical infrastructure.” Prime Minister Pedro Sánchez stated that “no hypothesis [was] being ruled out” — including a coordinated cyber assault — pending complete forensic analysis.

This concern was fueled by:

  • The sudden, systemic nature of the failure

  • Rising awareness of cyber threats to power grids globally

  • Some media reports speculated that the outage bore “the hallmarks of a sophisticated cyberattack.”

For the moment, the results of all these investigations are still uncertain and will take time.

Spain’s grid operator Red ElĂ©ctrica de España (REE) reported no signs of unauthorized intrusion. On April 29, REE publicly attributed the blackout to an internal grid disturbance — a disconnection in the southwest — and ruled out a cyberattack as the cause.

By mid-May, the Energy Minister confirmed that investigators had found “no indication of a cyberattack.”

But on May 26, a judge at the Audiencia Nacional extended a case to determine whether this was deliberate sabotage (which would legally qualify as terrorism). The investigations are continuing. The judge decided to extend the secrecy of the inquiry for one more month. The main question is whether to classify specific actions as acts of terror (or not).

I guess we will know more in the coming months.

To my surprise, people stayed calm. There was no panic, crying, or chaos. People sat outside, waiting. It helped that it was spring—sunny and warm. The power returned around 8 p.m., just before nightfall.

But imagine the same thing in winter. Freezing weather. 2°C. No heating. No food. No light. No way to charge phones or contact loved ones. After just a few days, it would become a humanitarian crisis. Something you remember for a lifetime, like COVID.

And yes, our infrastructure is fragile. And yes, it is being targeted. It reminded me of what I learned (see doc below) while analyzing the Ukrainian grid’s cyberattacks of 2015. There were a few hours of blackout during winter. It was cold. The Russians also prevented people from calling for help by saturating the landlines with a DoS attack.

We later understood, in 2022, that these cyberwarfare operations were an early signal of a full-scale war—one that would cost millions of lives. Russian officers knew exactly what they were doing. They targeted power infrastructure on December 23rd—just before Christmas, a time when families gather, wrap gifts, and prepare for warmth and peace.

The blackout lasted only a few hours and affected fewer than 500,000 citizens. But I now realize I had underestimated the psychological power of plunging a population into darkness.

The incident triggered urgent cybersecurity reviews. Authorities broadened their focus to examine the cyber defenses of smaller power producers:

  • Many renewable energy sites (solar farms, wind parks) operate semi-autonomously.

  • These smaller operators could represent “weak links” that attackers might target, even if the national grid operator is well-protected.

In early May, Spain’s government cybersecurity agency (INCIBE) demanded security audits from small and mid-sized generators. These inquiries are intensifying the scrutiny surrounding the root cause of the blackout. Some suspect a defect (or an attack) in the control systems (or IoT software) of renewable energy providers. 

We’ll dive into this scenario, which has been well-known for over eight years, in an upcoming post! 

I’d love to hear your thoughts. What would you do if the lights went out tonight—and didn’t come back?

Leave a comment below.

Laurent 💚

👉 Part 2 — “The Geopolitics of Power Grids”
How and why nation-states target energy infrastructure as a strategic weapon in modern hybrid warfare.

👉 Part 3 — “How Modern Grids Became Fragile — and What Cyber Builders Must Know”
An inside look at today’s grid vulnerabilities: IoT-driven renewables, outdated industrial systems, and what defenders can do.

Sentryo’s Ebook on Ukrainian PowerGrid Cyberattacks (2015)

2.11MB ∙ PDF file

Download

A ten-year-old (!!) document, published in collaboration with Vytas Butrimas (https://www.linkedin.com/in/vytautas-vytas-butrimas-01116a18/)

Download

Article by wpadmin

Lorem ipsum amet elit morbi dolor tortor. Vivamus eget mollis nostra ullam corper. Natoque tellus semper taciti nostra primis lectus donec tortor fusce morbi risus curae. Semper pharetra montes habitant congue integer nisi.