The massive blackout on April 28, 2025, which left Spain and Portugal without electricity for almost ten hours, not only paralyzed metros, trains, and public services but also exposed the vulnerability of our digital and data infrastructure. The outage caused up to an 80% drop in Internet traffic in Spain and 90% in Portugal, with severe impacts on telecommunications, data centers, and critical services such as banking and healthcare. This incident underscores the need to strengthen energy resilience and cybersecurity strategies—from power redundancy to defense against cyberattacks—as well as to implement disaster recovery plans that ensure the continuity of digital services.

1. Context and Scope of the Blackout
1.1 Cause and Magnitude of the Incident
On Monday, April 28, 2025, at 12:33 CEST, a failure occurred in two substations in southwestern Spain, triggering the disconnection of 60% of the electrical demand in just five seconds. Although the hypothesis of a cyberattack was initially ruled out, investigations remain open to rule out sabotage or terrorist attacks.
1.2 Spatial and Temporal Impact
The outage affected more than 60 million people in Spain and Portugal and spread to border regions of France. Partial restoration of supply began within a few hours, but operator REE declared the network fully normalized almost 23 hours later, reflecting the severity of the failure.
2. Consequences on Digital Infrastructure
2.1 Internet Traffic Drop
During the blackout, Internet traffic dropped by 80% in Spain and 90% in Portugal, according to Kentik data. Telecommunications towers and data centers switched to backup batteries, which in many cases lasted only a few hours, causing interruptions in telephony, online banking, and cloud services.
2.2 Paralysis of Critical Services
- Healthcare: Several hospitals lost access to electronic medical records and remote monitoring systems during the peak of the emergency, compromising the care of critical patients.
- Transport: More than 35,000 travelers were trapped in powerless trains, being manually evacuated by emergency services and railway staff.
- Public Administration: City halls, tax offices, and state agencies went offline, delaying essential procedures and services.
3. Key Lessons and Energy Resilience Measures
3.1 Energy Redundancy and Diversification
- Uninterruptible Power Systems (UPS): Have UPS sized to keep data centers and telecommunications operational for at least 8–12 hours.
- Backup Generators: Install and periodically test generators with guaranteed fuel for prolonged emergencies.
- International Interconnections: Greater capacity for electricity exchange with France and Morocco to balance local failures.
3.2 Cloud Decentralization
Distributing critical services across different regions and cloud providers—both public and private—allows for isolating localized failures and keeping systems active in case of a data center outage.
3.3 Disaster Recovery Plan (DRP)
An effective DRP includes:
- Hot Standby Backup: Real-time replicas of databases at alternative sites.
- Periodic Backup: Daily incremental and weekly full backups in locations outside the affected area.
- Failover Procedures: Regular drills to automatically switch to the secondary site in less than 15 minutes.

4. Strengthening Cybersecurity
4.1 Secure Network Architecture
- Network Segmentation: Separate user, administration, and critical service environments to contain breaches.
- Zero Trust Policy: Continuous verification of identity and device before granting access, even within the corporate network.
4.2 Data Protection
- End-to-End Encryption: AES-256 for rest and TLS 1.3 for transit, ensuring confidentiality if systems are exposed.
- Key Management and RBAC: Key storage in HSM (Hardware Security Modules) and granular permission control by role.
4.3 Automated Monitoring and Response
- SIEM and SOAR: Real-time correlation of network and application logs, with automatic playbooks for incident containment and mitigation.
- Red Team/Blue Team Drills: Regular attack and defense tests to improve detection and response times.
5. Maintenance, Audits, and Security Culture
5.1 Updates and Patches
Automate the application of critical patches on operating systems, databases, and network devices to close known attack vectors.
5.2 Audits and Compliance
Schedule quarterly vulnerability audits and compliance analysis according to ISO 27001, NIST CSF, or GDPR to identify and remediate risks.
5.3 Training and Awareness
- Continuous Training: Courses and phishing drills for employees, with compliance metrics and improvement.
- Clear Protocols: Escalation and internal communication guides to report incidents immediately.

The blackout on April 28, 2025, has been a stark reminder of our dependence on electricity supply and digital interconnection. Companies and organizations must invest in redundant infrastructures, robust DRP plans, and advanced cybersecurity policies. Only then can we ensure the continuity of critical services and data protection in the face of high uncertainty events.
For more information, check out the rest of our articles at consultoriaehero.com or follow us on LinkedIn, Facebook, Instagram, YouTube and X.
