Grid-scale battery energy storage systems face heightened risk of cyberattack – Cybersecurity Dive

Report on Cybersecurity Risks to Utility-Scale Battery Energy Storage Systems and Implications for Sustainable Development Goals

Introduction

Utility-scale battery energy storage systems (BESS) are increasingly vulnerable to cyberattacks from nation-state and criminal threat groups. Immediate measures are required to secure these critical energy infrastructures to prevent potential disruptions. This report, based on a white paper by Brattle Group and Dragos, highlights the growing cybersecurity risks and their implications for sustainable development.

Growth of Battery Energy Storage Systems and Associated Risks

1. Expansion of BESS Deployments: Deployments are projected to grow between 20% and 45% over the next five years, driven by rising demand from data centers and other power-intensive sectors.
2. Increased Threats from State-Linked Actors: Nation-state actors are targeting critical industries, including utilities, to disrupt operations and gain strategic advantages in AI and clean energy sectors.
3. Security Management Challenges: The rapid growth in BESS outpaces the sector’s ability to manage cybersecurity risks effectively, necessitating enhanced protective measures against hacking and outages.

Economic and Operational Impact of Cyberattacks

• A single outage of a 100-megawatt battery storage system lasting four hours in the U.S. could result in revenue losses up to $1.2 million.
• Large-scale outages affecting 100,000 customers and 3,000 MWh for one day could cause economic impacts estimated at $39 million.

Threat Landscape and Cyberattack Techniques

1. Dragos monitors approximately 18 threat groups targeting the electrical grid, some with prior attacks on utilities or capabilities to disrupt grid operations.
2. Groups such as Volt Typhoon (tracked as Voltzyte) aim to threaten critical sectors to divert U.S. public attention during potential military conflicts in the Asia-Pacific region.
3. Malware developed by these groups manipulates industrial control systems, while advanced techniques like “living off the land” allow attackers to conceal malicious activities using existing system technologies.

Relevance to Sustainable Development Goals (SDGs)

• SDG 7 – Affordable and Clean Energy: Securing BESS is critical to maintaining reliable access to clean energy sources such as solar and wind, which depend on energy storage for grid stability.
• SDG 9 – Industry, Innovation, and Infrastructure: Strengthening cybersecurity in energy infrastructure promotes resilient and sustainable industrial development.
• SDG 11 – Sustainable Cities and Communities: Protecting energy storage systems ensures uninterrupted power supply, supporting sustainable urban environments.
• SDG 13 – Climate Action: Reliable energy storage systems facilitate the integration of renewable energy, contributing to climate change mitigation efforts.

Recommendations and Best Practices

1. Implement robust cybersecurity frameworks tailored to BESS to mitigate risks from sophisticated cyber threats.
2. Enhance collaboration between government agencies, industry stakeholders, and cybersecurity experts to monitor and respond to emerging threats.
3. Invest in advanced detection technologies to identify and neutralize malware and covert attack techniques.
4. Promote awareness and training programs focused on cybersecurity best practices within the energy sector.

Conclusion

The increasing reliance on utility-scale battery energy storage systems for integrating renewable energy sources underscores the importance of securing these assets against cyber threats. Addressing these challenges aligns directly with multiple Sustainable Development Goals, ensuring the resilience and sustainability of critical energy infrastructure worldwide.

1. Sustainable Development Goals (SDGs) Addressed or Connected

1. SDG 7: Affordable and Clean Energy
   • The article discusses battery energy storage systems (BESS) that support renewable energy sources like solar and wind, which are central to clean energy deployment.
2. SDG 9: Industry, Innovation and Infrastructure
   • Focus on securing critical energy infrastructure against cyber threats highlights the importance of resilient infrastructure and innovation in cybersecurity.
3. SDG 11: Sustainable Cities and Communities
   • The reliability of energy systems is critical for urban centers and communities, especially with the growing demand for data centers and power.
4. SDG 16: Peace, Justice and Strong Institutions
   • Addressing cyber threats from nation-state and criminal groups relates to promoting peaceful and secure societies and strengthening institutions.

2. Specific Targets Under Those SDGs

1. SDG 7: Affordable and Clean Energy
   • Target 7.2: Increase substantially the share of renewable energy in the global energy mix.
   • Target 7.3: Double the global rate of improvement in energy efficiency.
2. SDG 9: Industry, Innovation and Infrastructure
   • Target 9.1: Develop quality, reliable, sustainable and resilient infrastructure.
   • Target 9.c: Increase access to information and communications technology and strive to provide universal and affordable access to the Internet.
3. SDG 11: Sustainable Cities and Communities
   • Target 11.b: Increase the number of cities adopting integrated policies and plans towards inclusion, resource efficiency, and disaster risk reduction.
4. SDG 16: Peace, Justice and Strong Institutions
   • Target 16.6: Develop effective, accountable and transparent institutions at all levels.
   • Target 16.7: Ensure responsive, inclusive, participatory and representative decision-making.
   • Target 16.a: Strengthen relevant national institutions, including through international cooperation, for building capacity at all levels to prevent violence and combat terrorism and crime.

3. Indicators Mentioned or Implied to Measure Progress

1. For SDG 7 (Affordable and Clean Energy)
   • Indicator 7.2.1: Renewable energy share in the total final energy consumption – implied by the deployment of battery energy storage systems supporting solar and wind energy.
   • Indicator 7.3.1: Energy intensity measured in terms of primary energy and GDP – implied by the need to improve energy efficiency and prevent outages.
2. For SDG 9 (Industry, Innovation and Infrastructure)
   • Indicator 9.1.1: Proportion of the rural population who live within 2 km of an all-season road – indirectly related to infrastructure resilience.
   • Indicator 9.c.1: Proportion of population covered by a mobile network, by technology – implied by the need for secure communication networks in energy infrastructure.
3. For SDG 11 (Sustainable Cities and Communities)
   • Indicator 11.b.2: Number of countries with national and local disaster risk reduction strategies – implied by the need to mitigate risks from energy system outages.
4. For SDG 16 (Peace, Justice and Strong Institutions)
   • Indicator 16.a.1: Existence of independent national human rights institutions in compliance with the Paris Principles – related to strengthening institutions to combat cyber threats.
   • Indicator 16.6.2: Proportion of the population satisfied with their last experience of public services – indirectly related to trust in institutions managing critical infrastructure.

4. Table of SDGs, Targets and Indicators

Source: cybersecuritydive.com