The war in Ukraine and the broader clash between Russia and Western powers have intensified the risk of cyberattacks across the board. Critical infrastructure remains a prime target, with attackers aiming to disrupt essential services and economic stability. Spain’s National Security Department, which reports directly to the Presidency, has highlighted a surge in cyber threats during the conflict year, calling attention to a rapid rise in sabotage against strategic assets.
Public and private sectors together faced a notable spike in cyber incidents—15,507 in total—reported to the Cyber Security Coordination Office of the Ministry of Interior. This represents a strong increase of 43% from the previous year, which saw 10,831 incidents. Among these events, 9,321 were classified as high threat (60.1%), and 494 as very high risk (3.2%), with none designated as critical in that year’s assessment.
Half of attacks against transports
Cyber threats are a leading concern for Spain’s critical infrastructures, with transportation-related targets representing almost half of all detected attacks in 2022, totaling 7,676 incidents. The persistence of such risks threatens national and global supply chains during a period marked by wartime disruption and post-pandemic economic recovery. These patterns underscore the importance of safeguarding public administrations (3,033 incidents), the financial system (2,247), and water services, which together accounted for a substantial portion of attempted sabotage. A notable share of incidents involved data theft through malware and service disruption, signaling a broader push by attackers to access personal information.
Spain recognizes 647 facilities spanning energy, water management, telecommunications, transportation, and financial sectors as critical infrastructure. These facilities are operated by 240 entities, both public and private, highlighting the broad scope of guardianship required to maintain resilience.
Upcoming cyber threats
Homeland Security has warned of imminent risks and identified the sectors most vulnerable to disruption. The government’s executive office has cautioned that exposure to cyber incidents, including sabotage, has risen significantly—raising concerns about potential ransomware and cyberactivism (denial-of-service) targeting national critical infrastructure, especially energy.
In 2022, incidents that compromised supply chains increased, and the trend is expected to continue. There has also been heightened activity against critical transport-related infrastructures by actors from NATO-aligned states with pro-Russian sympathies, as noted by the DSN. Analysts expect more disruptive cyberattacks on networks tied to foreign state operations, spanning both information technology and operational networks.