Yesterday, we witnessed a massive power outage in Spain and Portugal. The root cause of the outage is still not confirmed, but there are speculations about a cyberattack. When critical infrastructure fails, entire nations tremble. Explore how Benelux resilience is redefined with public-private collaboration, proactive cyber strategies, and a relentless focus on safeguarding critical sectors. Actionable insights await for CISOs at the NEXT IT Security Conference in Amsterdam, May 2025.

Catastrophic Consequences: What Happens When Critical Infrastructure Falls?

We do not need to imagine. We just saw this yesterday. According to Spanish newspaper El País: “the power outages have paralyzed the normal operation of infrastructure, communications, roads – with widespread traffic light failures – train stations, airports, businesses, and buildings,” including incidents involving elevators.

Spain’s National Institute for Cybersecurity (INCIBE) is trying to determine if this blackout is as a result of a cyberattack, although it is yet to conclude. The Portuguese deputy minister for territorial cohesion, told broadcaster RTP 3 – as reported by Correio da Manhã – something similar when asked if the issue could be due to a cyberattack, saying “it’s a possibility, but nothing has been confirmed”. According to itpro.com – “If these power outages are proven to be the result of a cyberattack, it will be the most significant attack of its kind since the BlackEnergy attacks on Ukraine in 2015 and far wider reaching. While BlackEnergy affected hundreds of homes in western Ukraine, this incident is affecting millions of people across the Iberian Peninsula and hundreds in at least one other country, if not more.” So, it was not confirmed, but, massive power outage in Spain and Portugal might have been caused by a cyberattack! But this is still just a speculation.

In 2025, Benelux resilience is being tested like never before.

Similar as in Spain and Portugal, imagine waking up in Brussels or Amsterdam to a world where water systems are paralyzed, power grids collapse, and transportation networks grind to a halt. Unfortunately, this is not a hypothetical scenario or movie plot – this actually happened yesterday, but in other European countries.

The critical infrastructure — energy grids, healthcare, finance, transport, and communication networks — is increasingly interconnected. This interconnectedness, while bringing efficiency, also introduces unprecedented vulnerabilities. A breach in one sector can quickly ripple into others, triggering widespread societal and economic chaos.

Recent studies from the Belgian Centre for Cybersecurity (CCB) and the Netherlands National Cyber Security Centre (NCSC-NL) emphasize that an attack on critical infrastructure now has a national security implication. Financial loss, operational paralysis, civil unrest, and erosion of public trust could be the devastating consequences of failing to protect these vital assets.

Why Public-Private Collaboration is No Longer Optional

Public-private collaboration is no longer a ‘nice to have’; it’s a national survival strategy. Cybercriminals, nation-state actors, and hacktivists no longer distinguish between public and private sector targets. In fact, 73% of infrastructure-related cyberattacks in the Benelux region in the past 18 months involved both public systems and private contractors.

New initiatives in Belgium and the Netherlands are trailblazing examples where governments, telecom providers, banks, healthcare institutions, and utility operators coordinate defences. If we don’t bolster public-private collaboration, individual organizations will stand isolated against global cyber threats — a battle they simply cannot win.

At the NEXT IT Security Conference, you’ll hear real-world cases on building successful collaborative models.

Benelux Resilience: Innovative Defenses Against Cascading Threats

How is Benelux resilience being reimagined?

• Red-Teaming Critical Infrastructure: Government agencies now mandate red-team exercises simulating cross-sector cascading failures. The aim: identify systemic weaknesses before adversaries exploit them.
• Cyber Threat Intelligence Fusion Centers: Belgium launched its first Critical Infrastructure Fusion Center in February 2025, pooling threat intelligence from public and private entities in real-time.
• Zero Trust Applied to OT Environments: Dutch companies are increasingly deploying Zero Trust Architecture — even for legacy OT systems in energy and healthcare sectors.
• Legally Binding Cyber Requirements: Luxembourg enforced strict cyber resilience laws, holding private contractors legally accountable for cybersecurity failures in national infrastructure projects.

Actionable Strategies: How CISOs Can Prepare for Safeguarding Critical Infrastructure

To safeguard critical assets, CISOs must lead the charge:

• Integrate Resilience into Board-Level Strategy: Cyber resilience is not just IT concern. Make it a standing boardroom agenda item.
• Prioritize Recovery Over Protection: Assume breaches will happen. Focus investments on response, containment, and recovery capabilities.
• Formalize Public-Private Collaboration Agreements: Draft and sign MOUs (Memoranda of Understanding) with critical partners ahead of time — not during an incident.
• Conduct Realistic Crisis Simulations: Tabletop exercises must include scenarios of supply chain compromise, multi-sector disruption, and ransomware targeting SCADA/ICS environments.
• Adopt National Cyber Guidelines: Follow updated frameworks like Belgium’s 2025 Critical Infrastructure Cybersecurity Guidelines and the Dutch Cyber Resilience Maturity Model (CRMM).

Upcoming Insights at the NEXT IT Security BENELUX Conference

At the NEXT IT Security Conference in Amsterdam (May 2025), CISOs and IT security leaders will deep-dive into:

• How public-private cyber exercises averted real-world disasters
•  How municipalities are building “Cyber Resilience Clusters”
•  Real-world experiences from OT and IT convergence projects across Benelux critical sectors
•  How finance sector is pioneering resilience standards for others to follow

Full agenda and session details can be found here: Next IT Security Conference Agenda

Lesson learned? Critical infrastructure is not “too big to fail.” It’s “too critical to ignore.”

The era of cybersecurity focusing purely on prevention is over. Resilience, defined as the ability to absorb and recover from attacks, is now the ultimate measure of success.

Without public-private collaboration, no single organization — no matter how big or advanced — can protect the interconnected arteries of modern society.

Benelux is setting a global example: Resilience reimagined through unity, preparation, and innovation.

The future is not about avoiding breaches — it’s about surviving them, learning faster, and emerging stronger.

Quick Recap

• How can Benelux safeguard critical infrastructure against evolving cyber threats?
• Through public-private collaboration, threat fusion centers, Zero Trust in OT, and legislative reforms.
• Highlight real-world 2025 incidents and lessons learned.
• Inspire CISOs to prioritize resilience and embed it in strategy.
• Offer actionable, practical frameworks for building future-proof defenses.