The World Economic Forum (WEF) determined that the widespread blackout across Spain and Portugal this week intensified concerns over critical infrastructure vulnerabilities, with early speculation from officials and experts raising the possibility of a cyberattack. The Iberian blackout highlights growing fears about the resilience of national power grids in the face of evolving cyber threats. Early investigations said a cyberattack was not to blame, but the incident highlighted growing vulnerabilities in energy infrastructure. Experts stress the need for robust cybersecurity practices and international cooperation to protect energy systems from evolving threats.
“Cybersecurity experts have long warned that electrical grids and critical energy infrastructure systems are vulnerable to cyberattacks and are often targeted by malicious state and non-state actors,” Spencer Feingold, digital editor at the WEF, and Filipe Beato, manager for cyber resilience at Centre for Cybersecurity of the WEF, wrote in a Thursday post.
The WEF post cited that in 2015, Ukraine experienced widespread blackouts after hackers infiltrated the computer systems of regional energy companies using sophisticated malware. The cyberattack, attributed to Russian hackers, was described by U.S. and Ukrainian authorities as ‘synchronized and coordinated,’ likely following extensive reconnaissance of the targeted networks.
Feingold and Beato wrote that in recent years, the U.S. has experienced a surge in cyberattacks targeting utility infrastructure. A 2024 Federal Bureau of Investigation (FBI) report highlighted growing concerns, noting that the expansion of renewable energy initiatives and clean energy incentives has introduced new vulnerabilities, offering cybercriminals more entry points to exploit for malicious purposes.
Across the Atlantic, the European Union has responded by enacting cybersecurity regulations to protect electrical grids and other vital components of its energy infrastructure, under its broader Preparedness Union Strategy. Similarly, the U.K. has raised alarms over the cyber risks facing its national energy grid, emphasizing its status as a high-value target.
The WEF noted in its January Global Cybersecurity Outlook 2025 report that ‘modern technology relies heavily on substantial energy consumption, rendering power grids highly attractive targets for cybercriminals.’ It added that the global transition to renewable energy systems is also creating new vulnerabilities, a concern that has been widely echoed by national authorities around the world.
Experts also observe that cyber resilience must be integrated into every aspect of electrical grids and other utility systems.
“It is essential that these emerging energy systems are designed with security as a foundational priority,” the Global Cybersecurity Outlook 2025 added. “Otherwise, in the effort to address an existential crisis with urgency, there is a risk of introducing vulnerabilities that could undermine the reliability of this new energy infrastructure, with far-reaching consequences for the economy and society.”
Public and private sector cyber experts note that practices such as monitoring network activity for unusual or suspicious traffic, ensuring up-to-date networks are maintained, carefully considering third-party vendors to limit exposure, and reporting cyber intrusion to law enforcement agencies are key steps to bolstering cyber resilience, among other practices.
Feingold and Beato highlighted that increasingly complex supply chains have further complicated the cybersecurity landscape. It found that ‘54% of large organizations cite third-party risk management as a major challenge, with supply chain security remaining top concern.’ In particular, as supply chain attacks become more visible in number and impact, the energy and utility industry has faced more organized cyberattacks with widely reported ramifications.
Moreover, the evolution of technology has reshaped the electricity industry, ushering in smarter grids, the integration of renewable energy, and improved operational efficiencies. These advancements, however, have increased the complexity of the electricity supply chain, creating new challenges, particularly in safeguarding these intricate systems from cyber threats. The increasing interdependencies among power systems across borders and the escalating sophistication of cyberattacks further increase the complexity of governance and actions when a crisis disrupts.
“While regulations play a vital role, experts maintain that the complexity of electricity infrastructure, involving multiple providers and the integration of both legacy and emerging technologies, means that no organization can operate in isolation,” Feingold and Beato mentioned. “Furthermore, within a complex energy value chain, each company is simultaneously a supplier and a user. Therefore, every organization must demonstrate that cybersecurity is not only a top priority but a tangible commitment.”
Feingold and Beato added that this is especially true during times of crisis when it becomes all the more evident that an isolated approach will no longer suffice to secure and achieve a resilient ecosystem.
Earlier this week, industrial cybersecurity company Nozomi Networks wrote in a blog post that the outage is impacting not just residential areas, but also critical infrastructure, transportation networks, and communication systems.” Both Red Eléctrica de España and REN (Portugal’s national energy network) assured the public that investigations are ongoing. Airports, hospitals, and emergency services have reported various degrees of interruption, although many have activated contingency plans and backup systems.”
Initial government statements emphasize that a full technical analysis is still underway, and the public is urged to await verified updates. Some are reporting anticipated outages lasting up to many hours.
“When the outage occurred, Nozomi Networks Labs noticed a spike in the alerts coming from the energy sector of our customers located in Spain and Portugal,” the post added. “We are still investigating if this was just a coincidence, a result of engineers reacting to the outage, or an outcome of a potential cyberattack. We will provide updates as we find something more definitive, and in the meantime, we want to emphasize the importance of mature asset inventory and threat visibility capabilities integrated into modern cybersecurity solutions. Even when outages aren’t linked to cyberattacks, swiftly ruling them out is crucial for efficient root-cause analysis, especially when every moment counts.”
