A new white paper from The Brattle Group and cybersecurity firm Dragos is sounding the alarm about the potential cybersecurity vulnerabilities posed by battery energy storage system infrastructure.
Between widespread equipment standardization, foreign-sourced equipment and the increasingly networked nature of BESS installations, the paper says now is the time to implement cybersecurity measures. A 400-MWh BESS that is compromised could result in more than $1 million in damages from an outage, according to the paper, released Dec. 9.
“There are already many cases where battery systems have been compromised,” Phil Tonkin, field chief technology officer of Dragos and paper co-author, said in an interview.
BESS infrastructure is growing rapidly across the U.S. and Europe. According to Brattle’s analysis, roughly a third of the nameplate megawatt-hours added to the U.S. grid will be battery systems between now and 2029. Most of these systems are controlled remotely and are standardized across the industry, lowering barriers to attack.
With standardization of BESS components, a dedicated attacker could “copy and paste” an attack across hundreds of sites, Tonkin said. Because batteries can be critical for local reliability and grid operations, they present a tempting target to state actors, he explained.
“The grid is a deeply interconnected, essentially zero-latency machine,” said Brattle principal and paper co-author Peter Fox-Penner. A malicious actor with access to hundreds of BESS sites could shut them down unexpectedly, which could propagate a blackout. “You’ll surprise the grid operator. They won’t have enough reserves, and the supply-demand balance will be disrupted.”
Fox-Penner went on to say that a sophisticated attacker might attempt to oscillate the batteries slightly above or below the normal operating frequency by controlling the power inverters. Oscillations in the grid can create disruptions. The Iberian Blackout this year was caused partly by mismanaged grid oscillation and voltage dynamics. (See European Regulator Issues ‘Factual Report’ on Iberian Outages.)
Tonkin said BESS systems could become compromised when they are “overly connected” to the internet. The paper highlights various components of storage systems as particular security concerns. The Battery Management System, a combined hardware and software package, is a potential vector for cybersecurity threats. In some BESS, power conversion systems also are a potentially troubling spot. If improperly protected, these components create “attack surfaces” for cybersecurity threats to exploit.
“Electric infrastructure has for a long time been the No. 1 target of state actors trying to disrupt infrastructure,” Tonkin said during a recent webinar. Dragos has been tracking groups attacking Ukrainian substations, and they have evolved from exploiting vulnerabilities of specific facilities to using more “IT-based” attacks, he said.
Cybersecurity Hygiene
Fox-Penner and Tonkin recommend that owners and operators of BESS audit software and hardware to know all the components of their systems. They should use a software and hardware “bill of materials” to verify that all components of a BESS are produced by trusted parties and meet functional requirements. Software bills can also be used to identify unnecessary packages and programs that may inadvertently increase the vulnerability of a battery system.
Beyond this, establishing appropriate communication segmentation on-site, creating and maintaining firewalls, and establishing secure remote access need to be priorities to secure a battery system. Hardware, software and network safety measures need to be taken proactively rather than retroactively, they said. Establishing secure supply chains also is critical for maintaining grid safety.
“There’s tremendous growth in the battery installed base over the next five years,” Fox-Penner said. “This is our chance to, say, vaccinate it before it gets installed when it’s more effective and cheaper to do.”
