This last week was the week of Battery Energy Storage System (BESS). Joe Weiss released a blog post titled Cyber-vulnerable battery systems are catching fire and communicate directly to China where he discusses his concerns about threat actors from the People Republic of China (PRC) remotely accessing BESS deployments in the United States. While I share the concern I am not a fan of “reading between the lines” to correlate an event with threat actor activities.
Perhaps a better and more accurate read is the research released by Dr. Emma Stewart’s team over at Idaho National Labs. This team conducted some serious research into the effects of BESS on the North American grid and businesses leveraging battery technologies. Their research gives a comprehensive background to understand the technologies, source of minerals, and the supply chain of supporting equipment. Like Joe, the research identifies significate issues with BESS implementations with more supporting details to help organizations make better decisions. The integration of the BESS research with Ginger Wright and the rest of the team’s expertise in Cyber-Informed Engineering (CIE) helps provide an excellent example of how to use the CIE process to gather information for a Detailed Risk Assessment that should proceed any BESS acquisition efforts.
As you know, I am obsessed with managing access to ICS mediums. The complexity of BESS technologies and the risks of lithium fires makes the consequences for not continuously monitoring the BESS’ state a critical risk. Hence, at a minimum, condition monitoring by the vendor or manufacturer is necessary to reduce this risk. The report states:
“To facilitate the data exchange, the BESS must communicate outside the firewall of its utility or integrator connection. While many large vendors—including Tesla, Fluence, and Flexgen— operate this way, the risk is mitigated via the separation of communications and control, along with other features to isolate it from other networks. "
This means that one or more of the BESS technologies will require remote connectivity to, at a minimum, each BESS unit. The number of components, and the different equipment sources, increases the risk that each BESS unit will have some type of radio (cellular or satellite) that allows remote access. Best case is that this connectivity does not provide access to the rest of the owner/operator network. Worst case is that this connectivity, via configuration or vulnerability, provides control access to the individual BESS units which can be leveraged by threat actors. The impact of this remote access is outlined in the report considering the role BESS units have when supporting the stability of different portions of the North American electrical grid.
I would like to thank Dr. Emma Stewart for leading this team to outlining this valuable information. I would also like to emphasize the team work required to research all of this information to provide accurate details without hyperbole or conjecture. To ensure this information remains public, I have created the INL BESS Reports GitHub repository for these reports.
References#
- Center for Securing Digital Energy Technology - Battery & Energy Storage Supply
- CIEBAT: Cyber-Informed Engineering (CIE) Tool for Battery Energy Storage System Analysis
- Securing Digital Energy Infrastructure: Procurement, Contracting, and Supply Chain Risk Management Guidance
- Application of Cyber-Informed Engineering for Protecting BESS
- Battery Energy Storage Systems Report
- Cyber-vulnerable battery systems are catching fire and communicate directly to China
- Image generated using MidJourney on 20250219