The blackout that proved the need for DORA

On April 28, 2025, a widespread power outage swept across Spain, Portugal, and parts of France, Germany, Italy, and Andorra. It lasted for half a day and impacted more than 55 million people. ATMs and point-of-sale (POS) systems were down, cutting off access to cash and disrupting both in-store and online purchases.

The core issue? While ATMs and POS devices may have limited backup power, they rely on internet or mobile connectivity to authorize and process transactions. When telecommunications providers lost power, their networks went dark, leaving financial systems unable to function.

When power isn’t the problem, connectivity is

Data centers are generally prepared for power outages. Generators and fuel reserves keep critical infrastructure running during blackouts. But in this case, many data centers remained operational while the internet did not. Connectivity, not utility power, became the bottleneck for data centers.

To stay online, some organizations turned to satellite internet. According to the Financial Times, satellite internet usage in Spain surged by 60% as businesses sought alternative connectivity. But satellite connectivity brought new risks:

• Expanded attack surface: Satellite systems rely on a complex mix of satellites, ground stations, control centers, and user terminals. Each introduces new vulnerabilities.

• Privacy concerns: Satellite internet providers operate outside the scope of mobile telecommunications regulations, raising questions about how data is routed and stored.

• Monitoring gaps: Traditional security monitoring tools may not be optimized for satellite networks, making threat detection slower and more difficult.

• Rapid deployment: Human error might lead to misconfigurations or overlooked security protocols in crisis situations.

DORA compliance was built for this situation

The Digital Operational Resilience Act (DORA) is a European Union regulation designed to strengthen the IT security and resilience of financial institutions and their ICT (information and communication technology) service providers. It is built on a simple but critical idea: In a digital economy, operational risk is business risk.

One of the first steps toward DORA compliance is knowing exactly what lives in your IT environment and how everything works together. This includes:

• Every server, switch, application, and cloud resource

• Locations for all 

• How they interact and depend on one another

This is where IT asset management (ITAM) and dependency mapping become essential.

• ITAM answers the question: What do we have?

• Dependency mapping answers: How does it all work together?

With this visibility, you can:

• Spot failure points before they cause problems

• Understand the downstream impact of outages or cyberattacks

• Identify third-party and supply chain risks

• Build recovery plans based on real system relationships

Device42 and the path to DORA resilience

Device42 helps financial institutions meet DORA requirements through comprehensive, automated discovery and intelligent dependency mapping. Here’s how:

Article 7: ICT asset management and governance

• Automated discovery delivers comprehensive visibility across physical, virtual, and cloud environments.

• Capacity and performance tracking helps prevent outages by monitoring utilization.

• Change impact analysis through dependency mapping allows teams to plan safely and avoid cascading failures.

Article 10: Data integrity, confidentiality, and availability

• Comprehensive inventory reduces blind spots and shadow IT risk.

• Security context includes port scanning and environment tagging to spot vulnerable or misconfigured assets.

• Attack surface mapping reveals how systems are interconnected, exposing weak points before attackers do.

Article 11: ICT risk management and vulnerability assessment

• Proactive issue detection enables early identification of risks and accelerates response, helping your team stay ahead of potential threats.

• Regulatory reporting makes audit preparation easier with pre-built dashboards and reports.

• Infrastructure mapping provides a living blueprint of how your IT environment functions.

Bottom line

DORA is pushing the financial industry and ICT service providers to take operational resilience seriously. That means being ready not just for cyberattacks, but for unexpected disruptions like a regional blackout.

To comply, and to truly be resilient, you need more than a static inventory. You need a comprehensive up-to-date view of your entire IT ecosystem.

That starts with clean IT data. And Device42 is built to deliver it.

Want to see how Device42 can support your DORA journey? Don’t miss our recent webinar, now available on demand. Register here: Finding DORA: Are you ready to prove compliance? 

_{Legal disclaimer: The functionalities of Device42 services discussed in this webinar may help companies with certain aspects of DORA compliance. However, the use of Device42 services does not guarantee compliance with DORA or any other applicable laws or regulations. It is the sole responsibility of the customer to ensure full compliance with all relevant regulatory requirements. Device42 (a Freshworks company) does not accept liability for any failure to achieve compliance, and no warranty, express or implied, is offered regarding the services’ ability to ensure regulatory compliance.}