This website does not use cookies. Cookies Policy.

The European Blackout Is the Closest We’ve Been to a Cyberattack, Even if It Wasn’t Caused by One.

This week, a Blackout hit southern Europe, with Spain being the most affected country. Twenty-four hours later, work continues to bring power to a few last places.

A common thought among people, regardless of their background, has been: “This is the result of a cyberattack.” I find it revealing that people sustain such a strong belief despite a complete lack of information or proof; it’s a reflection of the current geopolitical climate.

The truth is, the cause “doesn’t matter”.

This incident will mark a before and after in how industries think of cybersecurity, whether the cause is a cyberattack or not. Cyberattacks and Blackouts seemed remote, like mythical monsters from legends. Suddenly, people and companies have realized that the improbable can happen, that the current situation bears too much resemblance to the worst-case scenario for a cyberattack, and that they don’t want to experience anything similar again.

In this article, we’ll share some testimonials from our clients on the losses caused by the blackout.

We’ll also provide some context on how the power grid works and study a few precedents for blackouts, including some caused by cyberattacks and other factors.

Why do Power Outages Happen?

Power outages happen when the power supply in the grid cannot meet demand. This is a simple, dull, and obvious response, but it gets more interesting the more you dive into how power supply networks work.

You see, it’s almost a miracle that we have stable electricity at all.

First of all, electricity is volatile. At any given moment, you need to produce roughly the same amount of electricity that the network is demanding. On a small scale, you can store energy in batteries for later use, for example, by collecting solar energy during the day to use it after sunset. However, this is not feasible at the country level, and it also takes time to add new power plants to the grid in case demand rises. Planning power production is a challenge that requires some meticulous forecasting.

Second, not all electricity can be dumped into the network. To maintain stability, power needs to work within a narrow margin of frequencies. When a power supplier is “out of sync” with the network, it automatically disconnects to avoid bad things from happening.

Foto de Víctor Jiménez - CMO Safetybits
This last bit reminded me to Real Civil Engineer’s series on the Infra videogame, where you have to investigate a blackout. Especially a part where he had to start a power generator on its own, and nothing went wrong
Víctor Jiménez - CMO Safetybits

There are precedents of power outages driven by cyberattacks, like the one in 2015 in Ukraine.

However, they are usually caused by a series of unfortunate events. For example, in 2021, in Texas, where:

  • A winter storm was more severe than usual.
  • Some power generators broke and couldn’t be repaired on time
  • Other power plants ran low on fuel.
  • They couldn’t turn off many essential services.
Foto de Néstor Salceda - CEO Safetybits

We found these videos from “Practical Engineering” very enlightening, explaining several power outages and the inner workings of the power grid:

Néstor Salceda - CEO Safetybits

Did a Cyberattack cause the Spanish Blackout?

Most probably no.

Here, we try not to attribute to malice what can be explained by stupidity.

It was probably a series of unfortunate events that we will be learning about in the next days. What we know so far is:

  • The Spanish power grid was mainly running on solar energy at that time, which is more challenging to stabilize.
  • Two fluctuations in the electrical grid caused many producers to disconnect automatically from the network.

Although there are many unknowns, too many things have aligned in this incident. It seems too much to have been orchestrated by a bad actor. Also, the network recovery was fairly quick (for this kind of incident); a bad actor would probably have caused greater damage and spread it over a longer period to increase chaos.

Huge Economic Losses for the Industry

This incident has caused significant losses for the industry, beyond just the interruption of operations. A few of our clients in the automotive industry have been kind enough to dedicate a few minutes to tell us the impact they faced and how they are recovering. Here is a summary of their responses:

What was the state of the facilities at the moment of the blackout?

  • We were back in full production after the weekend.
  • We do plan and coordinate on Mondays, so we started in chaos.

How did the power outage affect you?

  • It caused a complete halt of machinery and other equipment.
  • We also shut down all in-house servers, just in case, to avoid further damage when the power came back.

What is the approximate economic impact on the business?

We accounted for an average of 300.000€ among our responses. We asked our surveyees to include salaries, damages for power surges, and business losses.

What other losses have you suffered?

  • Network switches. (This has been a surprisingly common answer)

How long did it take to recover once the power was back? What delayed you?

  • We got the power back around ten at night. We needed two extra hours to run some checks and manually run some software that doesn’t start automatically.
  • Charging back the UPSs took longer than we would have liked.
  • For us, the lack of cellular connection made coordination especially challenging.
  • The lack of information was discouraging. We would often go to the car to turn on the radio and try to stay informed.

A Fire Drill for Future Incidents

An incident like the 2025 European blackout highlights the crucial role key infrastructure plays in our economy.

It has also increased the shadow of uncertainty in which we live nowadays, causing companies to reevaluate risks like cyberattacks.

Given the current geopolitical climate, it doesn’t matter if the cause was a cyberattack (which probably wasn’t). Like a fire drill, this is the closest we’ve come to experiencing the effects of such an attack, and many have realized they are not ready for when the real thing comes.


Seamless Compliance

Safetybits Seamless Compliance continuously checks your security requirements and guides you through mitigation actions.

Discover more →