Alleged authors of a cyber attack on the Radioactivity Alert Network (RAR) now in detention at Spain

August 4, 2022

Two people have been arrested by the National Police as allegedly guilty of a cyberattack that occurred between the months of March and June 2021 in the radioactivity alert network (RAR) at Spain.

The National Police has informed in a statement of these events whose investigation has been carried out in Madrid and San Agustín de Guadalix, where two homes and a company were registered, under the protection of two orders of the Court of Instruction No. 39 of Madrid; finding numerous computer and communication devices.

Last June, a complaint was filed by the General Directorate of Civil Protection and Emergencies (DGPCE) in which a series of cyber sabotages against the Radioactivity Alert Network (RAR) were reported. After the complaint, the Cyberattacks Group of the National Police took charge of the investigation, determining that the sabotage was directed at two main components of the network.

The attackers made an illegitimate intrusion into the computer system itself, whose objective is to delete the RAR management web application in the control center and also for two months they attacked more than 300 sensors among the 800 existing ones, causing the failure of its connection with the control center and thus reducing the detection capacity and network security. The investigators identified the alleged perpetrators discovering that they had been network workers through a company contracted by the DGPCE. This made them have a deep understanding of the system.

What is the Radioactivity Alert Network (RAR)?

The Radioactivity Alert Network (RAR) is a basic and important element within the alert networks of the National Civil Protection System. Its objective is the constant measurement of gamma radiation levels throughout the national territory, the monitoring of its trends, and the immediate detection of abnormal levels that require the activation of possible measures of the emergency plans defined for nuclear and radiological risk. .

This Network is made up of a mesh of radiation detection sensors that are distributed in various parts of the Spanish geography with the aim of monitoring any occurrence of excessive radiation levels and taking protective measures for collective health and the environment. Each of these sensors is connected by telephone to the control center at the headquarters of the General Directorate of Civil Protection and Emergencies. Through this connection, the control center receives measurement data and sends the necessary orders to the sensors.

Cyberattacks on administrations and public services

Cyberattacks on operators or public service administrations can lead to very high levels of impact and are not comparable with any other sector. Health, Defense, Security, Education, Social Welfare, Transport, Justice,... The services provided by the different administrations to citizens are multiple and varied and very important.

The public sector is highly exposed to cyberattacks, especially due to the high value of the information it stores. Millions of personal data, medical files, bank details are stored by the administrations for all the procedures we carry out in them.

In addition to the theft of personal information, the loss of digital services or the provision of basic services such as electricity or water, if they are compromised by security incidents related to their operation, the consequences can be extremely serious.


  • Dominguez, ML. (2022). Detenidos los presuntos autores de un ciberataque a la Red de Alerta a la Radioactividad (RAR). Retrieved August 1st, 2022, from:

Authored by

Jorge Daniel Tejeda