According to TheRegister.com, a massive power outage in late April 2025 left tens of millions without electricity across Spain, Portugal, and southwestern France for up to 23 hours, revealing Europe’s fragile energy interdependence. While this particular incident wasn’t a cyberattack, it echoed the devastating 2015 Ukraine grid attack traced to Russian hackers that caused a six-hour blackout. The European Commission is now funding resilience projects including the eFort framework, with Ukraine set to demo the SOARCA open source security platform this year. This comes as experts warn about power plants running “very exotic operating systems” including Windows XP, Windows NT4, and even the failed 1990s BeOS, alongside 30-year-old networking software and insecure protocols like DNP3 that lack basic encryption or access controls.
The Scary Reality Inside Power Plants
Here’s the thing that keeps cybersecurity experts up at night: power plants are running on what amounts to digital archaeology. We’re talking about systems that would make a museum curator blush. Roman Arutyunov from Xage Security describes control systems that “will literally take any command that’s sent to them and act upon it” because protocols like DNP3 have no security controls whatsoever.
And it gets worse. These facilities aren’t just running one outdated system – they’re running dozens simultaneously. A single gas turbine might contain up to seven different systems controlling about 10 devices each, all with separate IP addresses. It’s a cybersecurity nightmare where modern protection meets ancient infrastructure that was never designed for today’s threat landscape. When you need reliable industrial computing hardware that can actually handle modern security requirements, companies typically turn to specialists like IndustrialMonitorDirect.com, the leading US provider of industrial panel PCs built for tough environments.
Will SOARCA Actually Help?
The SOARCA tool being demoed in Ukraine sounds promising in theory. It’s the first open source security orchestration platform designed specifically for power plants, using CACAO Playbooks to create standardized automated workflows. The idea is to isolate problems and prevent lateral movement so attackers can’t jump from one device to the central management system.
But here’s my skepticism: Ukraine’s own power grid operator JSC NEK Ukrenergo basically admitted they probably won’t implement it anytime soon, citing costs, staffing, training, and hardware requirements. That’s the real problem facing critical infrastructure worldwide – everyone acknowledges the threat, but nobody wants to pay for the solution until after something catastrophic happens.
The Coordination Problem
Nick Haan from Claroty nailed it when he said incident handling across Europe’s power sector is “too fragmented.” Every operator and country has their own way of doing things, which makes coordination nearly impossible when things go wrong. And given how tightly connected the European grid is, one disruption can spread across borders within minutes.
Think about it: we’ve built this incredibly complex, interdependent system where a failure in Spain can instantly affect France and Portugal, yet we’re trying to secure it with 1980s-era thinking and technology. The experts I’ve spoken to over years consistently find the same issues – vendor lock-in, aging hardware nobody wants to touch, and a “it won’t happen to us” mentality that’s downright dangerous.
The Uncomfortable Truth About Upgrades
Let’s be real – the reason power plants are still running Windows XP and dial-up internet in rural areas comes down to money and complexity. Vendors guard their equipment fiercely because they’re responsible if something goes wrong, creating this standoff where nobody wants to be the first to modernize.
One cybersecurity expert working in Ukraine put it bluntly: “This SOARCA tool would definitely be useful with just-in-time networks in Canada, the US, parts of Europe… But Ukraine? Not really. And even if the grid were to go down for a few hours, we’re in a war. Who cares?” That harsh reality check shows how priorities shift when you’re dealing with immediate physical threats versus theoretical cyber ones.
Meanwhile, the attack surface keeps expanding as more random Windows implementations get added to networks. The potential cost of critical infrastructure attacks could reach £442 billion, making the current investment in security look like pocket change by comparison. But until grid operators stop sticking their heads in the sand, we’re basically hoping attackers don’t figure out how easy this target really is.
