In late April 2025, Spain and Portugal were hit by one of the most extensive power outages in recent European history. Nearly 60 million people were affected, with electricity lost across cities, rural areas, transport networks, and essential services. While authorities have yet to confirm the cause, Spain’s highest criminal court has launched an investigation into possible computer sabotage.
Whether or not this event turns out to be a cyber incident, it has exposed a deeper issue — our critical infrastructure systems are more fragile than many realise. And behind that fragility often lies an overlooked, yet vital, layer of defence: operational technology (OT) cybersecurity.
The Systems Behind the Services We Rely On
From power grids and railways to manufacturing lines and water treatment facilities, OT systems quietly run the physical processes that underpin modern life. These systems operate in the background, controlling real-world actions — starting motors, opening valves, or routing electrical flow — often with little public awareness until something goes wrong.
Traditionally, OT environments were considered isolated and secure by design. But increasing digitalisation, remote access, and IT/OT convergence have blurred that boundary. Many industrial systems still depend on legacy devices, proprietary protocols, and minimal authentication — a combination that makes them attractive targets for cyber attackers.
Attacks on OT Systems Are Growing
Recent data underscores just how rapidly the OT threat landscape is evolving:
- 73% of organisations reported OT-related intrusions in 2024, according to Fortinet’s Global OT Security Report — up sharply from 49% in 2023.
- Forescout’s threat analysis found a 668% year-on-year increase in cyber incidents targeting critical infrastructure, particularly those exploiting industrial control protocols.
- A SANS Institute survey noted that over half the OT workforce has fewer than five years of experience, highlighting a growing gap in both skills and preparedness.
Cyber threats against industrial environments are no longer theoretical — they are happening now, and they are escalating.
Incidents Don’t Have to Be Cyberattacks to Be a Wake-Up Call
The Iberian blackout may not have been caused by malicious actors, but the scale and consequences offer a compelling lesson. Critical infrastructure systems, especially in sectors like energy, transport, and public services, must be protected not just from failure, but from deliberate disruption.
Imagine if the outage had been the result of a compromised control system or unauthorised access to a PLC (programmable logic controller). The effects would have been the same — or worse — but the recovery would have been more complex and the threat, more persistent.
Cybersecurity in OT environments needs to be proactive, not reactive. That means securing every access point, authenticating every connection, and understanding the risks unique to industrial systems.
A Shared Responsibility Across Industries
Whether it’s a hospital managing life-critical equipment, a water utility monitoring treatment operations, or an airport controlling runway lighting, the stakes are high. The need for OT cybersecurity spans all sectors, and solutions must be tailored to each environment’s unique needs.
If you’re involved in a critical industry — whether in power, chemicals, manufacturing, or public administration — your OT systems are part of the frontline. You can explore how your sector is affected and how authentication can help by visiting our newly launched industry-specific pages.
Looking Forward
The blackout across the Iberian Peninsula reminds us that critical systems, once thought to be untouchable, are now deeply vulnerable — not only to physical faults, but to digital threats as well. Strengthening OT cybersecurity isn’t about ticking compliance boxes; it’s about ensuring resilience in the face of growing uncertainty.
At swIDch, we’re proud to support this mission with OT authentication solutions designed for industrial realities — from PLC access control to IoT authentication for connected infrastructure. But ultimately, securing OT is not the responsibility of any single company. It’s a shared priority for everyone who depends on modern infrastructure — in other words, all of us.
--------------------
swIDch will continue its quest to innovate and pioneer next-generation authentication solutions. To stay up-to-date with the latest trends sign up to our newsletter and check out our latest solutions.
