The Spanish government is investigating whether a cyberattack on small electricity generators contributed to the April 28 blackout that left the country without power for an entire day.

According to the Financial Times, officials are collecting data on the cybersecurity defenses of small and medium-sized energy facilities (especially solar and wind farms) as part of an ongoing national security review.

“Senior government officials are ‘concerned’ about the strength of the cyber defenses of small and medium-sized electricity facilities,” a source told the Financial Times.

While the exact cause of the blackout remains unknown, Prime Minister Pedro Sánchez said during a May 7 address to Congress that “it will take some time” to complete the investigation. Analysts are reviewing approximately 756 million pieces of data, including information from “4,200 plants between 12:15 and 12:35 that day,” Sánchez noted.

The Spanish government has not ruled out a cyberattack. A spokesperson for the Ministry for the Ecological Transition and the Demographic Challenge (MITECO) said, “As of today, we are not ruling out any possibility. Everything remains on the table.”

In response, Spain established a Technical Analysis Committee led by MITECO’s Minister Sara Aagesen. The committee includes two specialized working groups, one focused on cybersecurity and another on the electrical system’s technical performance.

The final report on the “zero” electricity incident is due by August, as mandated by the European Commission. The European Electricity Coordination Group in Brussels will issue a separate, independent report.

A parallel criminal investigation is also underway in Spain’s National Court. However, Red Eléctrica, the national grid operator, said the day after the outage that it found “no evidence of a cyberattack” on its systems. The company has not commented further.