The government is willing to reach the background in the investigation of the blackout of April 28. The president of the Government, Pedro Sánchez, has decided to maintain two parallel research lines -The electric and digital- to try to rule out that the light cut was not caused by a cyber attack.
The Executive insists on keeping both ways open by warnings received over the last months From the various European security services, although those responsible for Red Electrica ruled out this possibility from the first hours.
As this newspaper has been able to know, the working group that has been constituted to carry out the analysis It has representatives of the National Intelligence Center (CNI), the National Cybersecurity Institute (INCIBE) and the National Cryptological Center. All of them are carrying out face -to -face inspections in Electric, Endesa, Iberdrola and control centers such as Ignis and others to verify if indications of threats or safety violations were detected.
Executive sources point out that “caution is forced” in a context of growing international instability and sophistication of threats. In fact, this week Spain has advanced in its commitment to NATO to reach 2% of GDP In defense spending, and a significant part of the last plan presented by President Sánchez (about 3,000 million euros) will be used to reinforce cybersecurity.
While in Spain, its cybersecurity policy is reactivated to forced marches, other countries have been warning of an escalation in hybrid attacks for months.
NATO, Germany, the Netherlands and the European Commission have indicated a rebound in Russian operations that combine sabotage, misinformation and cyber attacks.
In Germany, the head of the German Federal Intelligence Service (BND), Bruno Kahl, He publicly warned that the intensive use of sabotage and cyberoperations It could end up invoking article 5 of NATO. In the Netherlands, the Military Intelligence and Security Service (MIVD) warned of its annual report of 2025 on the first documented attempt of cyberbully sabotage to a public installation. In the United Kingdom, the Chief of the MI6, Richard Moorehe described the Russian campaign as “surprisingly reckless” in an official speech in Paris.
In Spain, for the moment, the National Security Department still publish its annual report corresponding to the year 2024 in which the main threats faced by the country is taken.
The NATOwith which Sanchez maintained direct contact On the back of the blackout, the Baltic Sentry operation announced in January 2025, designed to protect underwater infrastructure after the damage suffered by two telecommunications cables in the Baltic Sea in October 2024. That incident affected the C-Lion1 and the BCS EAST-West Interlink, which generated suspicions of interstate sabotage. Finland, Germany and Sweden opened joint investigations.
In January, the report Global cybersecurity outlook 2025 The Davos World Economic Forum said that “modern technology depends largely on high energy consumption, which makes the electrical networks in highly attractive objectives For cybercriminals. “
The report also warns that the global transition towards systems renewable energy is generating new vulnerabilitiesa concern that has been widely shared by national authorities worldwide.
In any case, the annual reports of the National and Incibe Cryptological Center agree that the energy sector is one of the main objectives of cyber attacks in Spain. The increase in digital interconnections, the proliferation of IoT devices and the exposure of SCADA systems make the electrical system a high value white.
In fact, in the US, the FBI warned in a 2024 report that the “implementation of renewable energy and incentives for the development of Clean energy have created new objectives and opportunities that cyber threat actors can explode for their own benefit. “
In spite of this, both experts and internal sources agree that there is a gap between the speed at which the threats and the ability to respond to the institutional system evolve.
Expired strategy
With the National Cybersecurity Strategy expired for months and a growing International pressure on the defense of critical infrastructurethe Executive has been forced to urgently activate the renewal of the same.
Despite the growing threat of digital attacks and the increase in episodes classified as hybrid threats in Europe, Spain still operates under a planning without renewing. The DSN has already begun work to prepare a new strategy, at a key meeting held in April, just weeks before the blackout.
As Eleconomista.es advanced, to the situation of the cybersecurity strategy, the delay in the national energy strategy is also added, which is also outdated, which accentuates the sensation of vulnerability to threats that combine digital with the physical.
The current Minister of Digital Transformation, Óscar López, and formerly Chief of Cabinet of the President of the Government, Pedro Sánchez was the national head of National Security. Now his department leads the working group that will try to determine if there was a deliberate action after the blackout of April 28.
Although for now No cyber attack tests have been foundthe activation of all intelligence and cybersecurity resources by the Government indicates the high degree of concern generated by the incident.
“Nothing can be ruled out,” says knowledgeable sources of the research group. “What is evident is that the institutional response has been forced to react quickly to an unforeseen situation.”
The government has assured that the New cybersecurity strategy will be ready before the end of the year and will adapt to the European Directive. It will include new protocols for critical infrastructure, compliance demands for operators and greater coordination between public and private organizations.
The European Union, meanwhile, has implemented cybersecurity standards for electrical networks and other energy infrastructure systems as part of its union for preparation.
The Council of Ministers approved in March 2022 the National Cybersecurity Plan, complying with the mandate issued by the National Security Council on Development of the National Cybersecurity Strategy 2019.
The plan, coordinated by the DSN of the Government Presidency, approved about 150 initiatives, with 1,000 million euros of budget. Among the main actions planned, the creation of the National Notification and Monitoring of Cybercidents and Threats that allows to exchange information, in real time, between public and private organizations; Promote the implementation of the Cybersecurity Operations Center of the General State Administration and its public bodies; the development of an integrated system of cybersecurity indicators nationwide; increase the creation of cybersecurity infrastructure in autonomous communities and cities and local entities; Promote cybersecurity of SMEs, micropymes and freelancers and, finally, promote a higher level of cybersecurity culture.
Nord Stream: A turning point in critical infrastructure
Sabotage to the Nord Stream 1 and 2 gas pipelines in September 2022, in Baltic Sea waters, marked a before and after in European perception about hybrid threats. The explosions, whose authorship has not yet been officially clarified, highlighted the vulnerability of underwater energy infrastructure and activated all NATO defense protocols.
Since then, the Atlantic Alliance has deployed naval surveillance missions and has reinforced cooperation with private companies responsible for the maintenance of submarine cables and gas pipelines. In particular, military presence in sensitive areas such as the Baltic and the Eastern Mediterranean Sea has increased.
In the case of southern Europe, coordination between riverside countries has intensified and joint exercises have been launched to simulate hybrid attacks. Energy infrastructure – including cross -border electrical gas pipelines and bonds – are now subject to reinforced protection, especially in international tension scenarios such as war derivatives in Ukraine.
The blackout investigation is still open, and although no attacks have been confirmed, the episode has been enough for the government to step on the accelerator in cybersecurity. The expired strategies have been exposed, and the urgency to adapt to the new scenario is already a matter of state.
In a context of hybrid war, geopolitical instability and digital dependence, shielding critical infrastructure is not just a technical priority: it is a democratic guarantee. The digital transformation of the State and national security can no longer go on separate roads and proof of it is that the government includes it in the defense budget.
Twitter
LinkedIn
Beloud
Bluesky
#NATO #security #services #alerted #risk #cybersabotajes
