- A BGP routing error by Cloudflare triggered blackouts and telecom failures in Spain and Portugal.
- Critical infrastructure and services were affected, highlighting the fragility of digital dependencies.
What happened: Routing glitch knocks out utilities and emergency services across Iberia
On Friday, a major internet routing issue linked to Cloudflare caused power and internet outages across large areas of Spain and Portugal. The disruption, which began around 4.30 p.m. local time, was due to a Border Gateway Protocol (BGP) routing problem that redirected internet traffic through the wrong pathways, affecting core services. Spanish power provider i-DE, a unit of Iberdrola, confirmed that the outage affected “tens of thousands” of customers, mostly in southern regions. Reports from social media and emergency agencies described widespread issues with phone networks, internet access, and smart electricity meters.
Cloudflare, which provides internet security and performance services, acknowledged the problem and attributed it to a misconfiguration in their network edge that interfered with major ISPs. Services were gradually restored after several hours. Portugal’s national emergency authority, ANEPC, confirmed that the outage had temporarily disabled emergency lines like 112 in some regions.
Also Read: nLighten teams up with Shell Spain for renewable energy
Also Read: US nuclear plants won’t power up big tech’s AI ambitions right away
Why it is important
This incident underlines the increasing vulnerability of national infrastructure to internet routing failures. Although BGPis a decades-old protocol that helps route data across the internet, it was never designed with security in mind. A single error from a major provider like Cloudflare can cascade across continents. In this case, it interrupted not only household power meters and telecoms but also critical services like emergency response. As nations digitise their utilities and communications, this type of failure is becoming more consequential.
Cybersecurity experts have repeatedly warned about BGP’s weaknesses, with several incidents—such as the Facebook global outage in 2021—linked to routing misconfigurations. Without stronger protections like RPKI (Resource Public Key Infrastructure), BGP remains open to both mistakes and attacks. While Cloudflare has a strong record of resilience, this episode highlights the need for infrastructure providers and governments to prioritise internet routing security as national security.
