Iberian blackout raises fears of growing cyber-attack risks
Large areas of both countries were left without electricity, disrupting transportation, communications, and daily routines.
The power failure started when a key international power line was disconnected, causing cascading disturbances across regional energy grids.
This blackout, which persisted for hours in certain regions, was traced to a fault in the high-voltage transmission network managed by Spain's Red Eléctrica de España (REE).
Speculation about the possibility of a cyberattack arose swiftly after the incident, driven in part by recent high-profile cyber incidents globally.
Early reports cited a 'rare atmospheric phenomenon' as a likely cause, but suspicions of malicious activity persisted, underscoring the heightened concern surrounding cyber threats to critical infrastructure.
Comparisons were drawn with previous cyberattacks, such as the Colonial Pipelines ransomware incident in the United States in 2021.
Nevertheless, both REE and Portugal's grid operator Redes Energéticas Nacionais (REN) ruled out signs of unauthorised access after reviewing SCADA (Supervisory Control and Data Acquisition) logs, telemetry, and firewall data.
Despite these assertions, the cause remains under investigation by Spain's National Cybersecurity Institute, and a cyberattack has yet to be definitively discounted by all parties.
Certain factors led to the initial suspicion of a cyber-attack. These included simultaneous failures at multiple points, which was reminiscent of coordinated cyber-induced grid events observed in Ukraine in 2015 and 2016.
Moreover, the collapse of mobile and internet services, coinciding with the blackout—and the failure of some backup systems—encouraged further speculation.
The situation unfolded during a period of elevated cybersecurity alertness in Europe, amid ongoing geopolitical tension. The absence of immediate, clear communication from grid operators allowed conjecture to fill the resulting information gap.
Specops Software explored these questions, highlighting the broader context in which such concerns arise. Their analysis stated, "The suspicion around malicious activity shows how wary people around the globe are of cyber-attacks and the devastating impacts they could have."
"Nation-state actors often probe or attack energy grids to gain leverage in broader conflicts. Disabling power generation or transmission can undermine civilian morale, disrupt military logistics, and signal coercive intent without immediate kinetic engagement."
n the Russo-Ukrainian context, the 2015–16 attacks on Ukraine's grid by the Sandworm group demonstrated how precision outages (tripping substations via malware like BlackEnergy) can be used as a tool of statecraft." the analysis also outlined the motivations that hackers may have for targeting a national energy grid, noting.
Financial motives are also a consideration, as highlighted in the analysis: "Financially motivated cybercriminals view energy companies (often large, highly automated, and reliant on digital controls) as lucrative ransomware targets. Encrypting SCADA backups or operator workstations can halt operations swiftly, pressuring victims to pay ransoms to restore power. Groups like BlackCat/ALPHV and LockBit 3.0 have increasingly targeted energy and critical-infrastructure firms."
Beyond immediate disruptions, adversaries may use access to grid networks to understand the control system's architecture, harvest valuable data, or develop custom malware. The blog noted, "The Chinese group RedEcho have been accused of infiltrating India's power grids in recent years."
Security specialists look for several indicators to determine if a power grid outage may be the work of cyber attackers.
According to Specops Software, these include unexplained network reconnaissance, unauthorised access attempts, anomalous commands within control systems, discrepancies between physical measurements and logged data, the discovery of malware, and disruptions in monitoring and alerting systems.
They noted, "Coordinated multi-vector anomalies—simultaneous disruptions in power and ICT (telecom networks, NMS servers) that outpace what one physical fault could explain," are a particular cause for concern.
Passwords and credential management routinely contribute to the vulnerability of both IT and operational networks.
Specops Software highlighted, "Weak or default passwords are one of the simplest and most common footholds an attacker can use to break into both IT and OT (SCADA/ICS) environments in a power-grid operator."
They explained how remote access points protected by weak credentials, reused passwords, or insufficient multi-factor authentication can provide an entry route for attackers. The risk is multiplied if such vulnerabilities exist across both office and control-system environments, as happened during Ukraine's blackout in 2015.
The incident in the Iberian Peninsula is still being examined, but the debate it triggered reflects a growing awareness of the risks facing critical infrastructure operators worldwide.
Specops Software commented, "Ultimately, the Iberian blackout served as a powerful reminder of the potential risks of infrastructure being targeted by a cyber-attack. In the midst of a sudden grid collapse, it was all too easy to leap to the cyber-attack hypothesis, fueled by recent headlines and geopolitical anxiety. Even if the true cause was natural phenomena as the current evidence points to, the very real threat of a targeted intrusion demands vigilance."
The analysis concluded, "Operators must treat every incident as an opportunity to harden their defenses, from enforcing airtight password policies and multifactor authentication to rigorous network segmentation and 24/7 anomaly monitoring. If nothing else, this episode underscores that preparation (not panic) is the best antidote to both technical failures and malicious assaults."
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Otago Daily Times
5 days ago
- Otago Daily Times
Something to drone on about
A headline in the Washington Post this week caught the eye of Civis: "Police nationwide are embracing a new first responder: drones." Just last week, another headline grabbed attention: a drone dropping a bicycle to help an isolated Ukrainian soldier escape. Well, I never. What next? Perhaps it's time for a little drone about drones because they really are everywhere. A fascinating, and somewhat frightening, development is how drones are revolutionising modern warfare. Will they one day rank alongside chariots, composite bows, phalanxes, heavy armour, Roman engineering, and the longbow of Agincourt? Could they match the impact of gunpowder (the death knell for castles) or muskets, artillery, bayonets, rifles, railroads, machine guns, and ironclad ships? The modern accelerating pace of change is clear when you consider 20th century innovations: tanks, aircraft, carriers, radar, the atomic bomb, missiles, jets, and precision-guided munitions. The 21st century has already brought drones and unmanned systems, along with cyber and electronic warfare. Now, AI and autonomous weapons are rapidly emerging. Drones deliver low-cost, high-impact capabilities. They can loiter for hours as reconnaissance outposts and overwhelm defences in swarms. Ukraine has demonstrated how drones cripple armoured columns, strike infrastructure and reshape strategy. The drone's hum, like the whine of an artillery shell before it, has become one of the most chilling sounds of modern combat. ★★★ Like any major technology, drones come with both benefits and risks, and we're seeing both on display. Matariki celebrations in Dunedin over the past two years have been lit up by dazzling LED drones dancing in complex patterns — a shining alternative to fireworks and a better bang for our buck. Aerial photography and videography can be striking, and drones feature at weddings, in real estate marketing and promotion campaigns. Surveying and mapping are changing course, and agriculture boasts a growing list of uses. Search and rescue, disaster response, infrastructure inspection, and environmental monitoring have all been transformed by drones. Civis found some unusual and innovative uses: firing seed pods in remote areas to replant forests, acting as robotic bees to pollinate crops, and even patrolling beaches as shark spotters. Tracking athletes from above and delivering emergency supplies are also on the rise. And Civis wonders, how many farmers now use drones to herd sheep or cattle? New Zealand holds a special place in drone history. In November 2016, Domino's Pizza and drone company Flirtey successfully delivered two pizzas by drone to a customer in Whangaparaoa, just north of Auckland. This was one of the world's first commercial food deliveries by drone, a clear example of the potential. The event made headlines worldwide. For the record, the pizzas were peri-peri chicken and chicken and cranberry. Flirtey devoured another slice of the action and global attention soon after when it delivered medical supplies in Nevada. Commercial drone deliveries never truly took off, perhaps for the best. We don't need buzzing drones crowding our skies and assaulting our ears. Fortunately, rules stand in the way of widespread use in such circumstances. Many fail to realise how circumscribed their legal use is in New Zealand. Operators are "pilots" of "unmanned aircraft". Drones are banned near airports, generally over private property or people without permission, and in national parks. The regulations are extensive and complex. They have flown a long way from their beginnings as toys — even conveying that rescue bike in the middle of a war zone. civis@
NZ Herald
23-05-2025
- NZ Herald
Syos wins company of the year at Hi-Tech Awards, Sir Peter Beck named Flying Kiwi
The contract meant Syos' Tauranga-based founder, Samuel Vye, will now fulfil his prediction that revenue would jump from $4m to more than $55m this year. His firm's website says Syos drones have 'proven operational success in conflict zones'. Willis said Syos was 'creating some of the most world-leading drone technology, and they are literally helping fight the conflict in Ukraine - because they do it better than any other country in the world, from Mt Maunganui.' The British deal was announced when Prime Minister Christopher Luxon met his counterpart Sir Keir Starmer in April, when the countries' joint efforts to train Ukrainian forces were on the agenda. Last September, Vye was on an Aerospace New Zealand summit panel covered by the Herald, where a strong theme was that NZ is too squeamish about defence contracts. 'Silicon Valley VCs are happy with defence and dual-use investing. New Zealand is behind, in my opinion. We're still allergic to anything that could be considered used by the Navy or Army or Air Force – whether it's got 1080 on it or it's got guns on it,' Vye said. 'You could say we just make Toyota Hiluxes ... and then the payload goes on it.' Syos drones were also used for agriculture and environmental monitoring. Vye also told the Christchurch summit: 'We couldn't raise from New Zealand VCs because every single group – well, most groups – couldn't invest in dual-use technology because it was against their investment criteria and ESG [environmental, social and governance] policies so hence we went down the high-net-worth individual route.' After Syos' banner 2025, more options are likely to open up. Total immersion Deep Dive Division, a robotic diving company founded in 2018 by Tua and Courtney Karalus, was named Māori Company of the Year. The company is based in the Waikato but has done a significant volume of work in Tauranga, including laying artificial reefs in Tauranga Harbour as part of Cyclone Gabrielle restoration work. Deep Dive Division's founders joked they were 'social housing for crayfish'. It bills itself as NZ's only Māori and Pacific-owned commercial and scientific diving company. Its services range from hull cleans and biosecurity to film production – including work on blockbuster Avatar: The Way of Water. Beefy AI Wellington's Mindhive Global won the start-up and agritech categories. It uses AI to detect 25 types of defects in cowhides within seconds, combining machine learning, image recognition, and industrial hardware in a way that's technically robust and commercially viable, the award judges said. Mindhive has recently landed business in Brazil and Italy, the home of leather. The Most Innovative Tech Solution and Most Innovative Manufacturer gongs were picked up by The Village Goldsmith - which is also disrupting a long-standing industry with its development of a unique platform, developed over 17 years and many lasers, that allows diamonds to float without visible prongs, claws, or clasps. It was an innovation the judges said was recognised globally as the most significant change in diamond solitaire ring design since 1886, leading to a deal with Tiffany & Co. Beck joins 'Flying Kiwi' hall of fame Sir Peter Beck was recognised as the 2025 Flying Kiwi and inducted into the NZ Hi-Tech Hall of Fame. He received the honour for taking his company Rocket Lab from a start-up 20 years ago to the multibillion-dollar company it is today, while at the same time contributing to the development of the Kiwi aerospace industry and personally investing in a slate of homegrown start-ups. Watch Beck's pre-recorded acceptance clip below: The 2025 NZ Hi-Tech Award winners PwC Hi-Tech Company of the Year Xero Hi-Tech Young Achiever Winner: Luke Campbell (co-founder & CEO of VXT) Advertise with NZME. Spark Best Hi-Tech Solution for the Public Good Winner: Optimation Consult Recruitment Best Contribution to the NZ Tech Sector Winner: Talent RISE Datacom Hi-Tech Inspiring Individual Winner: Lee Timutimu Winner: Kitea Health Poutama Trust Hi-Tech Kamupene Māori o te Tau – Māori Company of the Year Tait Communications Flying Kiwi Winner: The Village Goldsmith Advertise with NZME. Duncan Cotterill Most Innovative Hi-Tech Software Solution Winner: Toku Eyes Highly commended: Carepatron Braemac Most Innovative Hi-Tech Manufacturer of the Year Winner: The Village Goldsmith Kiwibank Most Innovative Hi-Tech Solution for a More Sustainable Future Advertise with NZME. Winner: Cleanery Winner: Mindhive Global Punakaiki Hi-Tech Start-up Company of the Year Advertise with NZME. Winner: Mindhive Global ASX Hi-Tech Emerging Company of the Year Winner: Projectworks Highly commended: Calocurb
Techday NZ
29-04-2025
- Techday NZ
Iberian blackout raises fears of growing cyber-attack risks
The recent widespread blackout affecting Spain and Portugal has sparked discussion over whether a cyber-attack could have been responsible, despite initial reports pointing to a technical fault. Large areas of both countries were left without electricity, disrupting transportation, communications, and daily routines. The power failure started when a key international power line was disconnected, causing cascading disturbances across regional energy grids. This blackout, which persisted for hours in certain regions, was traced to a fault in the high-voltage transmission network managed by Spain's Red Eléctrica de España (REE). Speculation about the possibility of a cyberattack arose swiftly after the incident, driven in part by recent high-profile cyber incidents globally. Early reports cited a 'rare atmospheric phenomenon' as a likely cause, but suspicions of malicious activity persisted, underscoring the heightened concern surrounding cyber threats to critical infrastructure. Comparisons were drawn with previous cyberattacks, such as the Colonial Pipelines ransomware incident in the United States in 2021. Nevertheless, both REE and Portugal's grid operator Redes Energéticas Nacionais (REN) ruled out signs of unauthorised access after reviewing SCADA (Supervisory Control and Data Acquisition) logs, telemetry, and firewall data. Despite these assertions, the cause remains under investigation by Spain's National Cybersecurity Institute, and a cyberattack has yet to be definitively discounted by all parties. Certain factors led to the initial suspicion of a cyber-attack. These included simultaneous failures at multiple points, which was reminiscent of coordinated cyber-induced grid events observed in Ukraine in 2015 and 2016. Moreover, the collapse of mobile and internet services, coinciding with the blackout—and the failure of some backup systems—encouraged further speculation. The situation unfolded during a period of elevated cybersecurity alertness in Europe, amid ongoing geopolitical tension. The absence of immediate, clear communication from grid operators allowed conjecture to fill the resulting information gap. Specops Software explored these questions, highlighting the broader context in which such concerns arise. Their analysis stated, "The suspicion around malicious activity shows how wary people around the globe are of cyber-attacks and the devastating impacts they could have." "Nation-state actors often probe or attack energy grids to gain leverage in broader conflicts. Disabling power generation or transmission can undermine civilian morale, disrupt military logistics, and signal coercive intent without immediate kinetic engagement." n the Russo-Ukrainian context, the 2015–16 attacks on Ukraine's grid by the Sandworm group demonstrated how precision outages (tripping substations via malware like BlackEnergy) can be used as a tool of statecraft." the analysis also outlined the motivations that hackers may have for targeting a national energy grid, noting. Financial motives are also a consideration, as highlighted in the analysis: "Financially motivated cybercriminals view energy companies (often large, highly automated, and reliant on digital controls) as lucrative ransomware targets. Encrypting SCADA backups or operator workstations can halt operations swiftly, pressuring victims to pay ransoms to restore power. Groups like BlackCat/ALPHV and LockBit 3.0 have increasingly targeted energy and critical-infrastructure firms." Beyond immediate disruptions, adversaries may use access to grid networks to understand the control system's architecture, harvest valuable data, or develop custom malware. The blog noted, "The Chinese group RedEcho have been accused of infiltrating India's power grids in recent years." Security specialists look for several indicators to determine if a power grid outage may be the work of cyber attackers. According to Specops Software, these include unexplained network reconnaissance, unauthorised access attempts, anomalous commands within control systems, discrepancies between physical measurements and logged data, the discovery of malware, and disruptions in monitoring and alerting systems. They noted, "Coordinated multi-vector anomalies—simultaneous disruptions in power and ICT (telecom networks, NMS servers) that outpace what one physical fault could explain," are a particular cause for concern. Passwords and credential management routinely contribute to the vulnerability of both IT and operational networks. Specops Software highlighted, "Weak or default passwords are one of the simplest and most common footholds an attacker can use to break into both IT and OT (SCADA/ICS) environments in a power-grid operator." They explained how remote access points protected by weak credentials, reused passwords, or insufficient multi-factor authentication can provide an entry route for attackers. The risk is multiplied if such vulnerabilities exist across both office and control-system environments, as happened during Ukraine's blackout in 2015. The incident in the Iberian Peninsula is still being examined, but the debate it triggered reflects a growing awareness of the risks facing critical infrastructure operators worldwide. Specops Software commented, "Ultimately, the Iberian blackout served as a powerful reminder of the potential risks of infrastructure being targeted by a cyber-attack. In the midst of a sudden grid collapse, it was all too easy to leap to the cyber-attack hypothesis, fueled by recent headlines and geopolitical anxiety. Even if the true cause was natural phenomena as the current evidence points to, the very real threat of a targeted intrusion demands vigilance." The analysis concluded, "Operators must treat every incident as an opportunity to harden their defenses, from enforcing airtight password policies and multifactor authentication to rigorous network segmentation and 24/7 anomaly monitoring. If nothing else, this episode underscores that preparation (not panic) is the best antidote to both technical failures and malicious assaults."
