Europe Warns of Rising Threats to Energy Grids and Undersea Infrastructure
European officials and industry reporting have highlighted a widening threat to critical infrastructure as cyber risks to electricity networks grow alongside military monitoring of subsea assets. An International Energy Agency assessment cited in Spanish reporting said cyberattacks on critical energy infrastructure rose 30% in 2023 to 420 million globally, while attacks on energy service companies have quadrupled since 2020. Recent incidents include the 2022 satellite communications disruption that knocked 5,800 wind turbines offline in Germany and breaches affecting more than 20 Danish energy companies. Authorities have also warned that compromised smart meters, solar inverters, and battery systems could be used to destabilize grid frequency or trigger broader outages.
The concern extends beyond direct hacking to supply-chain and geopolitical exposure tied to digitally connected clean-energy equipment and other strategic infrastructure. European and U.S. authorities reviewed communications modules in imported solar and battery systems, while Lithuania moved to block remote access by Chinese suppliers to solar, wind, and storage control platforms. Separately, the UK said British and Norwegian forces carried out a month-long operation to track a Russian attack submarine and two GUGI-linked spy submarines near North Atlantic cables and pipelines, underscoring fears that hostile states could target the seabed networks that carry 99% of international telecommunications traffic and support a major share of regional energy supplies.
Timeline
Apr 9, 2026
UK publicly discloses operation targeting suspected Russian seabed espionage
On 2026-04-09, the UK revealed the joint operation with Norway and said the Russian vessels withdrew. Defence Secretary John Healey said no damage to UK cables or pipelines was found and warned against interference with critical seabed infrastructure.
Mar 1, 2026
UK and Norway conduct covert operation against Russian submarines
Before April 2026, British and Norwegian forces carried out a month-long secret operation in the North Atlantic to monitor and deter three suspected Russian spy submarines near undersea cables and pipelines north of the UK.
Jan 1, 2025
US and EU review imported solar and battery communication modules
In 2025, U.S. and EU authorities examined communication modules in imported solar and battery equipment over concerns they could enable remote manipulation or strategic disruption.
Jan 1, 2024
Lithuania blocks Chinese suppliers' remote access to energy controls
In 2024, Lithuania barred Chinese suppliers from remotely accessing control systems for solar, wind, and energy storage installations, citing national security concerns.
Dec 31, 2023
Cyberattacks on critical energy infrastructure rise 30% in 2023
The International Energy Agency reported that cyberattacks on critical energy infrastructure reached 420 million worldwide in 2023, up 30% from the previous year.
Feb 1, 2023
More than 20 Danish energy companies suffer security breaches
About a year after the February 2022 turbine disruption, more than 20 Danish energy companies were hit by security breaches, marking a significant multi-victim incident in the Nordic energy sector.
Jan 1, 2023
Cyberattacks on energy service companies begin sharp rise
By 2023, attacks on energy service companies had quadrupled compared with 2020 levels, reflecting a sustained escalation in targeting of the energy sector.
Feb 1, 2022
Satellite disruption knocks 5,800 German wind turbines offline
In February 2022, a satellite communications disruption affected 5,800 wind turbines in Germany, illustrating how attacks on supporting communications infrastructure can disrupt renewable energy operations.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Sources
Related Stories
European Power Grid Resilience and Security Challenges
A massive power outage affected Spain, Portugal, and parts of southwestern France, leaving tens of millions without electricity for hours due to cascading failures in the power generation and transmission systems. The incident, which was not caused by a cyberattack but by technical and operational failures, highlighted the fragility of interconnected European grids and raised concerns about the preparedness of critical infrastructure against both accidental and malicious disruptions. Experts noted that fragmented incident handling and lack of coordination among European operators exacerbate the risk of widespread outages, drawing parallels to past cyberattacks on power grids such as the 2015 Ukraine incident. In response to increasing threats, industry analysts and regulators are urging grid operators to unify cybersecurity and physical security strategies. The convergence of operational technology (OT) and information technology (IT) has exposed critical infrastructure to a broader range of cyberthreats, including ransomware and malware, while physical attacks on grid assets have also surged in recent years. Surveys indicate that grid operators are equally concerned about cyber and physical risks, emphasizing the need for integrated security approaches to safeguard the reliability and resilience of power delivery systems.
3 weeks ago
Cybersecurity Risks and Threats to Aging Critical Infrastructure and Renewable Energy Systems
Critical infrastructure worldwide, including power grids, water systems, and transportation networks, is increasingly vulnerable due to aging hardware and outdated cybersecurity measures. Many of these systems, built between the 1950s and 1970s, were never designed for the hyperconnected digital environment of today, leaving them exposed to both physical decay and cyber threats. In the United States, nearly 70% of the power grid is over 25 years old, and similar conditions exist in Europe, with a significant portion of bridges and other infrastructure in need of repair. As operators modernize these systems with digital controls and cloud-based monitoring, new attack surfaces emerge, such as legacy interfaces, unpatched software, and unsupported protocols, which can be exploited by threat actors. The interconnectedness of these systems means that a single vulnerability, such as an infected maintenance laptop or a misconfigured firewall, can have cascading effects across multiple sectors. The adoption of digital twins and shared data platforms is helping operators predict failures and coordinate responses, but the risk remains high. The rapid growth of renewable energy, particularly solar power, has introduced additional cybersecurity challenges. Solar inverters, aggregators, and control software have become attractive targets for cybercriminals, as demonstrated by real-world incidents where hackers exploited default credentials and known software flaws to hijack remote monitoring devices. The FBI has issued alerts about threats to renewable energy systems, and experts warn that tampering with connected infrastructures, including EV charging networks, could lead to widespread blackouts. The transition to renewables is outpacing the implementation of robust cybersecurity measures, making the sector a potential weak link in national energy resilience. High-profile attacks, such as the hijacking of 800 monitoring devices in Japan using a Mirai botnet-linked vulnerability, highlight the global nature of the threat. Hacktivist groups have also targeted solar monitoring systems, further exposing the sector's vulnerabilities. The integration of renewables into the grid, often outside the direct control of traditional operators, complicates efforts to secure the entire energy ecosystem. As the share of renewables in power generation is projected to rise significantly by 2030, the urgency to address these cybersecurity gaps is growing. Experts emphasize the need for proactive monitoring, regular updates, and coordinated information sharing between engineers and security teams to mitigate risks. The resilience of critical infrastructure now depends not only on physical maintenance but also on the ability to anticipate and defend against sophisticated cyber threats targeting both legacy and emerging technologies.
1 months ago
Munich Cyber Security Conference Highlights Shift Toward Deterrence, Supply-Chain Risk, and Critical Infrastructure Resilience
Senior officials from the **EU, NATO, the United States, Sweden, Estonia, and Taiwan** used the Munich Cyber Security Conference to warn that cyber and “hybrid” operations are now a persistent feature of geopolitical competition and are increasingly aimed at **critical infrastructure** (energy, health, government services, satellites, and military command networks). EU Executive Vice President **Henna Virkkunen** argued Europe cannot be “naive” about adversaries’ ability to disrupt essential services and pointed to proposed revisions to the **EU Cybersecurity Act** intended to strengthen the EU cybersecurity agency and reduce critical ICT supply-chain risk, including phasing out designated **high-risk suppliers**. NATO Deputy Secretary General **Radmila Shekerinska** said Russia and China are challenging the alliance in both physical and digital domains and cited attempted disruptions to Poland’s energy infrastructure as an example of the threat environment. U.S. officials signaled a shift from primarily defensive “resilience” toward **deterrence** by “imposing real costs” on malicious actors, while also emphasizing deeper cyber partnerships with allies and industry to send a coordinated message to adversaries; National Cyber Director **Sean Cairncross** said a forthcoming U.S. cyber strategy will align with broader national security strategy and rely on whole-of-government tools. Estonia’s intelligence chief **Kaupo Rosin** urged Europe to invest in **homegrown offensive cyber capabilities** to reduce reliance on non-European tools, while Swedish defense official **Lisa Gustafsson** said societies must be designed to function under sustained disruption under Sweden’s “total defense” model. Taiwan’s National Security Council adviser **Yuh-Jye Lee** warned China may be rehearsing a “digital siege,” referencing activity like **Volt Typhoon** and reporting on alleged Chinese training infrastructure (“**Expedition Cloud**”) designed to simulate foreign power grids and communications networks; separate reporting also underscored that much of the technology stack underpinning cyber defense is controlled by **U.S. firms**, complicating sovereignty and supply-chain decisions.
1 months ago