Germany’s critical infrastructure is under pressure, as series of power outages, a potential blackout, and drone espionage combine to create a complex mix of risks. At the same time, redundancy to mitigate individual failures is lacking in many places. A single network outage is now enough to cause all communication chains to collapse. (thepioneer: 10.01.26)
Berlin as a Case Study for Critical Infrastructure
In early January, an attack in Berlin struck a vulnerable point, even though network operators generally rely on stable networks. Perpetrators damaged a cable bridge over the Teltow Canal, leaving 45,400 households and 2,200 businesses without electricity, heating, mobile phone service, and internet access for up to four and a half days. The incident demonstrates how quickly critical infrastructure can collapse.
The next shock came as early as September 9, 2025, when two 110-kilovolt pylons caught fire in Berlin-Treptow. High-tech parks and companies like Rohde & Schwarz and the German Aerospace Center (DLR) were left without power for up to 60 hours. This brought the concept of a blackout closer to reality, even if it remained “only” regional.
Open data makes power outage scenarios predictable
Many critical points are visible online, even though such details were previously considered sensitive. Maps show transformers, transmission lines, and network junctions, allowing a situational overview to be built with a few clicks. This makes power outages more predictable because attackers can more easily prioritize vulnerabilities.
While the German grid is considered reliable, statistics don’t protect against targeted attacks. On average, power outages last only 11.7 minutes per year, and this is precisely why many underestimate the risk. Nevertheless, the situation can quickly escalate when several events occur in rapid succession, or when a key node, like the one in Berlin, fails.
AI Provides Details That Perpetrators Can Exploit
Jan Syré from the Association for Secure Transport and Distribution Networks tested common AI chatbots, and the answers were precise. Syré says, “That’s all accurate.” He also warns, “You don’t need any specialized knowledge; you just need to use AI criminally. Then you can get there, too.” This makes it significantly easier to grasp the logic of a blackout attack.
The problem lies not only in the technology but also in the availability of explanations. Terminology, network logic, and vulnerabilities appear in seconds, lowering the barrier to entry. A large-scale outage can thus become a reality more quickly if perpetrators combine motivation and opportunity.
Redundancy Determines Consequences and Duration
Many areas have more than one power supply. In Berlin, however, critical connections converged at the cable bridge, which is why the damage had particularly severe consequences. A lack of redundancy is especially detrimental there because alternative routes are either missing or activate too late. In Berlin, lines converged at the cable bridge, meaning that a single hit isolated a large region.
Restoration took days, and initially only a temporary solution was possible. Emergency generators sometimes didn’t arrive until the fourth day, which is why the power supply remained unreliable for a long time. A backup system could have limited the damage, but it was lacking.
Drones over facilities: Espionage is becoming commonplace
The situation is escalating because drones are appearing more and more frequently over critical locations. Lower Saxony’s Interior Minister Daniela Behrens says: “We now see this practically every day in the police situation report.” In October 2025, Lower Saxony registered as many drone sightings as in the entire previous year, 2024, and the locations are conspicuous: often sites with critical infrastructure.
The Federal Office for Information Security (BSI) also describes a shift in targets, with President Claudia Plattner stating: “If you as business representatives used to be the primary target, you now have to share that top spot with politicians.” Security providers also report hundreds of spy flights, and countermeasures often cost high six-figure sums. Unmanned aerial vehicles costing less than €1,000 can thus spy on expensive facilities.
A mix of measures: Protection, priorities, stand-alone operation
Holger Berens from the Federal Association for the Protection of Critical Infrastructures emphasizes that the consequences remain the same regardless of the perpetrator, saying: “The effects are identical.” He calls for clear priorities and adds: “The special fund should be used for this.” Cameras, fences, access controls, and protection at network nodes have a rapid impact, while mere documentation changes little.
Kai Strunz from TU Berlin warns against coordinated attacks, stating: “In a temporally and spatially coordinated attack on multiple points in the network—for example, using armed drones—greater impacts or even nationwide outages are possible.” Therefore, decentralization is gaining in value, and microgrids can disconnect themselves in an emergency. Increased network redundancy and local reserves reduce the risk of a domino effect from a power outage.
Disaster relief and legislation are lagging behind the threat.
In a crisis, personnel are crucial, but the structures remain inadequate. Former General Martin Schelleis, now with the Order of Malta, says: “We’re talking about 1.4 million firefighters and 1.7 million volunteers in civil protection. That sounds like a lot, but these general figures tell us nothing about how many would actually be available for deployment.” He therefore demands: “We need a kind of volunteer register that shows who would be available to volunteer where in a crisis. We don’t have that yet.”
Political implementation is also proving sluggish, even though the threat is clearly visible. Manuel Atug of the Critical Infrastructure Working Group criticizes the planned overarching law on critical infrastructure, particularly its effectiveness, saying: “There will be a lot of bureaucracy and documentation, but documents don’t make critical infrastructure more resilient.” Anyone who wants to protect critical infrastructure needs measurable resilience, and for that, redundancy must become mandatory, not optional.