Securing Battery Energy Storage Systems from Cyberthreats: Best Practices and Trends for Protecting Critical Energy Infrastructure
Prepared with Dragos
As battery energy storage systems (BESS) rapidly scale to become essential components of modern power grids, ensuring their cybersecurity has never been more critical. With BESS deployment expected to grow by 30% annually in the United States and 45% in the European Union over the next five years, these systems are increasingly becoming targets for sophisticated cyber threat actors.
A new whitepaper developed jointly by experts at The Brattle Group and Dragos examines the emerging cybersecurity landscape for utility-scale BESS installations. Drawing on expert interviews with industry leaders and former federal officials, the report provides an in-depth analysis of current threats, evolving regulatory frameworks in the US and Europe, supply chain considerations, and actionable strategies that battery storage owners, developers, operators, and maintainers can implement to protect their assets.
Key themes and insights from the whitepaper include:
- The Growing Threat Landscape: Analysis of 18 active threat groups targeting the electric sector – including state-sponsored actors – and the risks posed by foreign-sourced components.
- Financial and Operational Impacts: Potential revenue losses of $400,000 to $1.2 million per month for a single compromised 100 MW system, plus broader grid stability implications.
- Regulatory Trends: How US federal and state policies, along with EU directives like NIS2 and the Cyber Resilience Act, are reshaping technology procurement and compliance requirements.
- Proactive Risk Mitigation: Practical recommendations for secure design, supply chain management, network segmentation, remote access controls, and long-term software maintenance.
The report emphasizes that by taking a proactive approach to cybersecurity, asset owners and operators can reduce risk while also saving time and money in the long run. Addressing well-understood threats during the design and construction phases allows firms to implement effective controls with greater efficiency and lower cost. Although new threats will continue to emerge, requiring flexibility and ongoing adaptation, many proven solutions are already available and can be integrated early to avoid more expensive retroactive fixes later. As BESS capacity approaches levels equivalent to major baseload generation, protecting these assets is essential not only for individual operators but also for national energy security.
“Securing Battery Energy Storage Systems from Cyberthreats: Best Practices and Trends” was coauthored by Brattle Principal Dr. Peter-Fox Penner, Energy Associate Dr. Noah Rauschkolb, and Senior Energy Analyst Purvaansh Lohiya, along with Phil Tonkin and Justin Pascale from Dragos. The full whitepaper is available below.
