When power fails by design – how to prepare for grid-targeted cyberattacks

When power fails by design – how to prepare for grid-targeted cyberattacks

Suddenly, lights flicker across multiple provinces. Control rooms lose connection to regional substations. Live grid data goes dark. Energy companies scramble to understand what’s happening, but this time, it’s not a technical failure. It’s deliberate. It’s targeted. And it’s spreading.

In May 2024, a large-scale blackout hit parts of Spain and Portugal. While the official cause was a malfunction, it exposed just how interconnected, and vulnerable, our energy infrastructure has become. Now imagine if the same failure had been caused not by accident, but by hackers targeting operational technology (OT) systems at the heart of our national grid.

From IT to OT: a growing attack surface

Most organizations are investing heavily in digital security, but in the energy sector, that’s only half the picture. The bigger risk lies in the physical systems that make up the grid: substations, turbines, distribution nodes, remote sensors. These systems run on industrial protocols, often decades old, and are rarely built with security in mind.

Hackers know this. And more worryingly, they know how to exploit it.

When attackers breach OT systems, they can disrupt electricity flows, overload circuits, or disconnect entire zones from the grid. The result isn’t just downtime, it’s real-world disruption that affects millions.

The consequences are immediate and public

Unlike a cyberattack on a bank or logistics company, when the power goes out, everyone notices. Hospitals switch to generators. Traffic systems freeze. Business continuity plans kick in across every sector. And the pressure on grid operators is immediate, intense, and very, very public.

This isn’t just about restoring power. It’s about managing communications, coordinating with emergency services, responding to media inquiries, and reassuring regulators. In that moment, the crisis is no longer technical, it’s societal.

Why current crisis plans fall short

Energy providers often have strong incident response for physical faults and operational disruptions. But few are fully prepared for cyber-driven failure that combines OT breach, loss of visibility, and external communication chaos.

Do your control teams know what to do if the SCADA feed goes silent? Does leadership have an offline crisis channel? How quickly can you activate fallback scenarios, without power, without dashboards, without assumptions?

Resilience here isn’t about restarting quickly. It’s about continuing to operate safely while the root cause remains unknown.

From detection to coordination

True readiness means bridging the gap between technical recovery and coordinated crisis leadership. That means testing blackstart procedures not just for natural events, but also for targeted cyber incidents, where systems fail without warning and context is missing.

It requires operators, engineers, and executive teams to train together. Alignment across IT, OT, and communications is only real if it’s been rehearsed under pressure.

Playbooks need to start with one critical scenario: “You’re in the dark. Now what?” If your team can’t answer that calmly and confidently, it’s time to rework the plan.

And just as important: leaders need secure, redundant channels to coordinate response—especially when dashboards, systems, and infrastructure are compromised.

Because when the lights go out, your ability to lead is visible to everyone.

Turning awareness into readiness

If a cyberattack targeted our national grid tomorrow, would your team know what to do in the first 10 minutes? Could you stabilize your part of the network, while communicating clearly with stakeholders, media and government?

Blackouts may feel like a hardware problem. But in the age of cyber-physical threats, they’re also a leadership challenge.

Let’s talk about what it takes to keep the lights on especially when the systems go dark.