Rule out cyberattacks! Progress in the investigation of the Spanish power outage in April

At a meeting of the Chamber of Deputies on May 14, the Minister of Ecological Transition and Demographic Challenges of Spain, Sara Aagesen Muñoz, explicitly ruled out a cyberattack as the cause of the blackout that affected Spain and Portugal on April 28, 2025.

During Wednesday's meeting, Aagesen stressed that "there is no evidence that the system operator Red Eléctrica was attacked by a cyberattack", while explaining the latest developments in the blackout.

During Wednesday's meeting, Minister Aagesen was asked to provide an update on the blackout that affected Spain, Portugal and southern France last month.

Aagesen also reported the details of the "abnormal" event that caused the Iberian Peninsula to lose power for several hours. After several rounds of meetings, the special investigation committee has ruled out hypothetical causes such as grid coverage, backup capacity and grid size. "We confirm that the power outage started in Granada, Badajoz and Seville," Aagesen added.

At present, the incident investigation committee is still analyzing all the data to restore the truth of the accident. "We are identifying possible power outages due to overvoltage, which may have been the trigger for the cascading blackouts at a critical moment on April 28."

Another detail that needs to be clarified is the two grid fluctuations detected 30 minutes before the blackout (at 12:03). The minister pointed out that the first fluctuation lasted less than five minutes, during which both voltage and frequency fluctuated violently.

The second fluctuation occurred at 12:19 and lasted for three minutes. Aagesen said: "The second fluctuation characteristics are more common in the European system, specifically from the eastern, central and western regions of the Iberian Peninsula. Its fluctuations are generated relative to the European synchronous on grid system (including countries such as Germany, Italy, Austria, Denmark, etc.)."

A few minutes later (12:30), Spain's electricity demand fell to 25,184MW. The minister pointed out that this was a "low demand" state due to weather conditions and time of day. Coinciding with the low electricity prices, 3GW of pumped storage units were pumping water into reservoirs for subsequent power generation.

Just a few minutes later (12:32:57), continuous power losses began in the southern province of Granada. 19 seconds later, the same incident occurred again in the western province of Badajoz, and 20 seconds later, a third failure occurred in the southern province of Seville. These three events resulted in a cumulative loss of power generation of 2.2GW in 20 seconds.

"These events directly triggered cascading disconnections due to overvoltage," Aagesen explained. The Iberian grid then lost synchronization with the European main grid and became an island. It was not until around 7 am the next day that the Spanish grid restored 99.95% of power supply.

Previously, the European Solar Manufacturers Association (ESMC) and the industry organization SolarPower Europe have been calling for stronger cybersecurity protection for European inverters. ESMC also called for restrictions on remote access to inverters from "high-risk" Chinese manufacturers.

Previously, a report by SolarPower Europe and consulting company DNV highlighted the security risks posed by digital inverters. The report said the risks were “beyond acceptable limits” as just 3GW of inverter capacity attacked – far less than the production capacity of leading suppliers – could have a “significant impact” on the power system.