Yesterday, chaos broke out in Spain and Portugal due to an incident in the electrical grid interconnection with France and consequently with the European energy supply. As a consequence, the electricity supply collapsed, which caused a failure in telecommunications and almost immediately also in the gas and water supply. In the worst case, the power supply was interrupted for up to 10 hours.
In fact, the TIP scheduled for yesterday, Monday, April 28, was not sent correctly. We have therefore chosen to adapt the content to the current event.
It cannot yet be determined that the cause was a cyber-attack, since it may have been caused by a mere voltage decompensation that has led to a massive drop in supply in both countries. However, in the case of Spain, the National Intelligence Center (CNI) does not rule it out and continues to investigate in case it could be an attack on the supply chain, in this case on critical infrastructures of electricity, water, gas and telecommunications.
What are supply chain or critical infrastructure attacks?
Cyber-attacks derived from our Suppliers are becoming more and more common, both at the corporate and domestic level. Since 2021 there has been a 300% increase in this type of cyber-attacks and, in fact, it is predicted that by 2025, 45% of the attacks suffered by companies, entities and individuals will be due to cyber-attacks on their suppliers. It is true that in most cases, both attempted cyber-attacks and successful incidents cause micro outages or supply deficiencies that are easy to remedy. Yesterday’s situation was an unprecedented case and could be a turning point, if it is determined that it was intentionally provoked by a cyber-attack.
How can we detect and deal with them in our company or organization and at home?
- At the level of basic supplies of the company or entity: We must assess whether it is necessary to have more than one Supplier or alternative or backup systems (for example, a UPS – electricity generator), especially in those activities that cannot be paralyzed by a cut in supplies. Example: Entities that are considered critical infrastructures and provide services to the public (hospitals, airports, water treatment plants, etc.) and any company whose activity, whether industrial or service, cannot be interrupted, since this would cause serious economic and product losses, or a large number of people would be affected.
- At the domestic level: Recently the European Commission issued a communiqué recommending that everyone in our homes should have an Emergency Kit. What does this Kit consist of? We should always have a stock of bottled water, toilet paper, canned or packaged food and medicines, even in small or reasonable quantities. And additionally, portable batteries, battery or solar lanterns, candles, matches or lighters and cash. This is recommended precisely to avoid chaos and shortages in supermarkets when similar incidents occur (pandemics, natural disasters, wars, terrorist attacks, cyber-attacks, etc.).
IMPORTANT NOTE: If, even if you comply with all these measures, you encounter this type of situation, do not hesitate to inform your line manager, the CISO Security Manager and the IT department, and if this is not possible, stay calm. We must be aware that at a private or domestic level we could become victims of a cyber-attack on our suppliers, and that this type of situation could become more and more frequent. The sooner we know how to react, the sooner we can keep the situation under control in case something similar happens.
*Shipment date: April 29, 2025