Across Ukraine, crews scramble to reconnect power and restore heating after repeated strikes. Emergency teams and power‑station staff work long shifts in dangerous, changeable conditions—repairing transformers, mending high‑voltage lines and rigging mobile generators—often under the threat of renewed bombardment. Their work keeps hospitals running, water pumping and shelters heated; it also exposes a wider truth flagged by industry experts at a recent security forum: Europe’s electricity networks are now explicit targets in geopolitical conflict, vulnerable not only to bombs but to hybrid attacks—sabotage, cyber intrusions and disinformation campaigns.
The immediate lesson is practical: sustaining service during deliberate attacks depends on skilled frontline crews, fast logistics and prearranged priorities. The broader lesson is strategic: utilities, regulators and governments must move beyond one‑off technical fixes and invest in planning, cross‑border cooperation and governance that anticipates both physical and cyber shocks.
Frontline realities
Repair work in a combat or crisis zone demands a mix of engineering skill and improvisation. Teams pre‑position equipment, operate in rotating shifts, and coordinate closely with local authorities to prioritise life‑saving sites. When a substation or plant is hit, crews first secure the area and isolate damaged circuits; they then deploy temporary bypasses, mobile generation or partial restorations to get critical loads back online while permanent repairs are arranged.
Speed matters. The risk to human welfare rises with every hour of outage, and delayed action can complicate later rebuilds. That’s why operators must keep spare parts on hand, train crews for working under fire and practise rapid assessment and secure deployment procedures. Redundant communications—radio, satellite and hardened control links—are equally essential when primary channels fail.
Prioritising what matters
When resources are scarce, choices are inevitable. Utilities concentrate on critical loads: hospitals, water treatment and pumping stations, emergency shelters and other life‑supporting facilities. Effective prioritisation depends on pre‑approved lists of assets, mutual‑aid agreements with neighbouring utilities, and clear escalation protocols so field teams know what to restore first.
Good documentation speeds decisions. Accurate asset registers, audited supply‑chain maps and maintenance logs cut precious minutes from assessments and avoid logistical bottlenecks when demand for parts and heavy equipment spikes.
What the report found
The industry report presented at the forum exposes recurring weaknesses across Europe: fragmented inventories, dependence on single suppliers, small spare‑part stockpiles and poor cross‑border coordination. It also highlights how limited redundancy in communications and control systems amplifies outages and slows recovery.
To close these gaps, the report urges a mix of regulatory action and practical steps by companies. Regulators are leaning toward mandatory resilience standards that would require supply‑chain mapping, minimum stock levels and verified mutual‑aid protocols. For operators, the immediate checklist includes updating asset registers, stress‑testing supplier continuity plans, investing in interoperable communications and using RegTech tools to monitor inventories and maintenance in real time.
Concrete measures to boost resilience
The report offers concrete, actionable recommendations:
- – Regular vulnerability assessments across transmission and distribution networks covering physical security, OT/IT convergence and supply‑chain exposure. Aggregated findings should be shared to build sector‑wide situational awareness.
- Network segmentation and redundancy to limit cascades: separate operational technology from business IT, provide diverse communication paths and pre‑position mobile generation at critical sites.
- Joint incident exercises that bring utilities, security agencies and local authorities together to rehearse restoration priorities and test escalation procedures under combined physical‑cyber scenarios.
- Stronger incident reporting and intelligence‑sharing channels so operators and public agencies can trade timely indicators of compromise, attribution details and mitigation playbooks.
- Human‑centred cybersecurity: role‑specific playbooks, regular phishing drills and cross‑sector tabletop exercises to ensure staff can respond under pressure.
- Targeted public funding for hardening grid‑edge equipment, securing remote control interfaces and growing the cyber/OT workforce.
Compliance and accountability
Regulators are expected to increase scrutiny. Utilities will likely face more inspections, mandatory tests of fallback systems and requirements to publish aggregated performance data demonstrating progress. Embedding GDPR, data protection and supply‑chain due diligence into resilience planning is also essential—not just to meet legal obligations but to reduce operational risk.
The immediate lesson is practical: sustaining service during deliberate attacks depends on skilled frontline crews, fast logistics and prearranged priorities. The broader lesson is strategic: utilities, regulators and governments must move beyond one‑off technical fixes and invest in planning, cross‑border cooperation and governance that anticipates both physical and cyber shocks.0
The immediate lesson is practical: sustaining service during deliberate attacks depends on skilled frontline crews, fast logistics and prearranged priorities. The broader lesson is strategic: utilities, regulators and governments must move beyond one‑off technical fixes and invest in planning, cross‑border cooperation and governance that anticipates both physical and cyber shocks.1