Get to meet our content writer

Annika is a leading innovator at Cybersecurity Redefined, where she spearheads strategic development and fosters collaboration across various sectors within the cybersecurity field. With a rich background that includes roles as Business Development Manager at VICCON GmbH and International Stakeholder Relations Officer at the Institute for Security and Safety at UAS Mannheim, Annika brings extensive experience in building global partnerships and advancing security initiatives.

Blackout & Bright Side: How April 28 Tested Our Grids and Our Grit

Critical infrastructures are safe and sound? Think again. April 28 definitely served as a little lesson in humbleness and as a reminder: critical infrastructures are truly critical. But also, resilient communities are truly critical.

Let’s refresh our memories: April 28 was when approximately 60% of Spain’s and Portugal’s power grid experienced a cascading blackout, plunging tens of millions into darkness for several hours. According to official investigations by Spanish authorities, it wasn’t caused by a cyber attack or sabotage. Having said that, if you are part of the cyber bubble (that you most likely are since you are reading this article), you definitely thought: oh, shoot, now it really has happened. 

But even if in this case a combination of technical failures, voltage instability, failure in automatic protection systems, delayed responses and so on have been the root cause, the initial fear had us thinking: are we really that safe and sound? And it, once again, put the oh so often neglected topic of cyber right on top of the agenda and in the very spotlight of public discourse.

And although not caused by a cyberattack, the investigations that have been carried out in response to the outage, very much did highlight cyber issues. To mention only a few of them (and no, this is not a blame game): poor cybersecurity in smaller energy producers, lack of real-time anomaly detection systems or concerns over dependency on automated and remotely managed systems, which, if compromised, could enable a genuine cyber-induced blackout. So this is the worst-case cyber scenario.

But now, let’s talk about the positives. Within minutes of the grid failure, national energy operators coordinated emergency protocols and started restoring service in a phased and controlled manner. This is the emergency drill that I am constantly preaching about paying off! Power was restored to 80% of affected users within 6 hours, largely due to automated islanding systems and microgrid capabilities in some regions. Look at that recovery time! Amazing! Some operators used digital twins post-event to replay the cascade failure and understand weak spots - a great lesson in predictive modelling. To talk about money, the incident led to greater public and political support for cyber and energy infrastructure funding - Spain committed €1 billion to infrastructure hardening, including AI-powered anomaly detection systems and secure SCADA updates. Very good news, right? 

And last but very very much not least my favourite positive of them all: look at that cross-border cooperation! Spain and Portugal jointly created a task force to investigate and to think regionally! When grids are interconnected, so are we as humans.

Bonus: Aren’t you stunned by how the Iberian population reacted to the outage? To a large extent, with calm, humour and flexibility. Many people actually treated the outage as an unexpected pause, enjoying the sunshine in the outdoors. In rural areas, people helped one another, sharing food or generators. This is community spirit. The event became more of a civic bonding moment than a crisis. What’s left to say? Resilience is not just technical. It is social.