Both cybercriminal groups and state-sponsored attackers are increasingly focusing on destructive attacks that cause physical damage. They target systems (ICS) that control real-world facilities like power plants, water treatment plants, and railway systems to directly harm people. 

They manipulate safety systems by finding very small, technical gaps that are hard to detect. For instance, they may damage temperature control devices or disable automatic shutdown functions. This can lead to major incidents such as explosions or fires. 

The recent large-scale blackouts in Spain and Portugal vividly illustrate the risks of such ICS cyber attacks. 

On April 28, 2025, a large-scale blackout across Spain and Portugal began with about 60% of power supply disappearing within five seconds. This paralyzed major infrastructure like hospitals, airports, and railways, plunging the nation into chaos.  

Although the cause of this incident is still under investigation, it clearly showed that cyber attacks targeting ICS can lead to such chaos. 

As these threats are continually evolving, traditional malware defenses are no longer sufficient. We now need to prepare for kinetic threats, those that can impact real-world operations. 

We need to establish monitoring systems that provide better insights into control systems and reassess whether the current safety regulations are effectively functioning. Emergency response plans, including management, must be developed. Strategies are required to protect lives and social safety, extending beyond just IT and data security.