Spain is seeking detailed information from small electricity generators regarding their cybersecurity measures as part of an investigation into a recent blackout, the Financial Times has reported. The outage, which occurred on 28 April 2025, affected large areas of Spain, Portugal, and the south of France, disrupting train services and leaving millions without phone or internet access.
The incident raised questions about the security of renewable energy sources, although Spanish Prime Minister Pedro Sánchez has dismissed claims that the reliance on renewables was responsible for the blackout.
The National Cybersecurity Institute of Spain (Incibe) is intensifying its probe into whether smaller power facilities, such as solar and wind farms, may have been targeted by cyberattacks. A source close to the investigation told the Financial Times that government officials are concerned about the cybersecurity robustness of these facilities.
The cause of the power grid failure has not been identified, and a cyberattack has not been ruled out, according to Spain’s energy and environment ministry. A judge in the country’s National High Court has also launched an investigation into the possibility of a cyberattack.
Red Eléctrica, the national grid operator, stated there was no evidence of a cyberattack on its facilities following the incident but has not provided further updates. The Spanish government recently revealed that the country experienced 100,000 cyberattacks last year, with 70% targeting companies or organisations. In response, a €1.1bn investment has been announced to strengthen cybersecurity.
Renewable energy security debated amidst ongoing investigation
Three renewable energy companies reported receiving numerous inquiries from Incibe about the blackout and their cybersecurity measures. These questions included whether remote control of power plants is possible, if any anomalies were detected before the incident, and whether recent security updates have been installed. A government official clarified that the inquiries are part of multiple lines of investigation and do not suggest a singular focus on one hypothesis.
Spain’s shift from a traditional electricity model, dominated by large fossil fuel and nuclear plants, to a system with numerous smaller renewable generators has increased potential targets for cyberattacks. These smaller units, often connected to the internet, can be vulnerable to malware or power flow disruptions.
Red Eléctrica receives live data from 4,000 renewable installations with at least 1MW of capacity and can issue real-time instructions to those with 5MW or more. However, Red Eléctrica’s parent company has noted risks due to insufficient information from facilities with outputs below 1MW.
Anpier, a trade association, estimates that Spain has around 54,000 solar installations connected to the grid. Some electricity executives doubt that a cyberattack caused the blackout, citing the complexity required for such an attack.
The blackout was triggered by a sudden loss of 15GW of electricity, representing 60% of Spain’s supply, which destabilised the grid and led to further disconnections. Before the incident, renewable sources provided 70% of the country’s electricity.
Read more: AI to propel global data centre electricity demand by 2030
