Following the large-scale power outage on April 28, Spain is investigating whether cyber security shortcomings at small renewable energy producers caused the problems.
This was reported by the Financial Times. The Spanish National Cybersecurity Institute (Incibe) has questioned dozens of small and medium-sized energy companies about their cybersecurity as part of the investigation into the recent power outage. The government has not ruled out a cyberattack as the cause. Spain lost 15 gigawatts in just five seconds, 60 percent of the power supply. This destabilized the grid, causing several power plants to shut down automatically.
Incibe’s questions focus on installations’ technical vulnerability: Can they be controlled remotely? Were there any anomalies before the incident? Have recent security updates been installed? The concern is that poorly secured installations, especially solar and wind farms, serve as entry points for cybercriminals.
Spain is now one of the world leaders in renewable energy, with tens of thousands of small installations spread across the country. Whereas the energy system used to run on a limited number of large-scale and strictly regulated fossil fuel or nuclear installations, it is now decentralized and potentially more vulnerable. According to grid operator Red Eléctrica, there are 4,000 installations of 1 megawatt or more connected to the grid. Thousands of smaller environments fall outside their direct monitoring.
Heavy investment in cyber resilience
Although Red Eléctrica said there was no evidence of an attack on its own systems, the investigation is still ongoing. A judge from the Audiencia Nacional is investigating whether cybercrime was behind the outage. The Spanish government has announced investing €1.1 billion in national cyber resilience. This comes after more than 100,000 cyber attacks were recorded in 2024.
Experts doubt that a cyberattack was the direct cause, given the scale and coordination required to achieve such an impact. If an attack did occur, some specialists believe it would have taken more than 16 hours to restore the grid fully.
The situation in Spain shows how important it is that robust security measures accompany the digitization of the energy market. For countries committed to decentralized green energy, cybersecurity is no longer an afterthought but a necessity.