Utility-scale battery energy storage systems are facing heightened risks of attack from nation-state and criminal threat groups, and immediate action needs to be taken to secure critical industries from potential disruption, according to a white paper from Brattle Group and Dragos.
BESS deployments are expected to grow between 20% and 45% over the next five years, driven by increased demand for data centers and other power requirements. At the same time, state-inked actors have turned their attention toward disrupting critical industries, such as utilities and rival nations competing with the U.S. for dominance in AI and clean energy.
Experts warn that the need for such systems is outpacing the ability to manage the sector in a secure manner, and steps need to be taken to make sure they are better able to withstand malicious hacking or an extended outage.
“Battery storage systems are being used across the grid to enable the deployment of variable demand sources such as solar and wind,” Phil Tonkin, field chief technology officer at Dragos told Cybersecurity Dive. “This growing dependence makes them an attractive target.”
For example, a single outage involving a 100 megawatt system for four hours in the U.S. could cost up to $1.2 million in revenue, according to the report. A more large-scale outage could lead to regional impacts, for example an outage that impacted 100,000 customers losing access to 3,000 MWh for a day would have an economic impact of $39 million.
Dragos is currently tracking about 18 groups that are known to pose a threat to the electrical grid. Some have previously attacked electrical utilities or are known to have capabilities that can impact electrical grids.
As previously reported, groups like Volt Typhoon, which Dragos tracks under the name Voltzyte, pose a threat to various critical sectors in an effort to potentially distract U.S. public attention in the event of a kinetic military attack in the Asia-Pacific region.
Some groups have developed malware that is designed to help manipulate industrial control systems, while other groups, including Volt Typhoon, have demonstrated the ability to hide their malicious actions through the use of existing technologies inside a system, a technique known as living off the land.
Concerns about threats to energy storage systems were previously raised in a panel hosted by the Clean Energy States Alliance.