The Most Overlooked but Critical Component in BESS Security
Most battery energy storage systems (BESSs) are used for backup during outages to ensure reliability and business continuity. But let’s say an adversary manages to hack into your system or the grid and disrupt the power supply. How can you be certain they won’t do the same to your Plan B?
BESSs without proper security measures offer a false sense of security, which can do more harm than good and put you in a gnarly bind.
Most BESSs only have run-of-the-mill cybersecurity measures to protect networks and devices against malware, unauthorized access, insider threats, and other common attack methods. However, they fail to address vulnerabilities in one critical and expensive component — the batteries (i.e., where electricity is stored!)
Your BESS security is only as strong as the weakest link. All bets are off if you build a fortress around your SCADA, DERMS, EMS, etc., only to leave the gate to your batteries wide open. So, how do you apply the latest strategies and best practices to support a layered and proactive approach to protect your battery and BESS?
Why BESS is a high-value target
BESSs are an indispensable component of a modern energy ecosystem. Their appeal to cyber criminals grows with their strategic importance.
As more BESS units are connected to the grid, directly or through distributed energy resources (DERs), microgrids, and virtual power plants (VPPs), disrupting one can create a ripple effect throughout the grid and cause localized blackouts or broader instability. BESSs can, therefore, be a force multiplier for attackers who aim to create systemic disruption.
BESSs have both cyber and physical components, and attacks on these systems have cyber-physical consequences. A successful intrusion could lead to overcharging, overheating, or forced discharge at dangerous rates, causing fires, explosions, etc., events that can impact infrastructure, equipment, and human safety.
The highly connected nature of our energy ecosystem requires BESSs to integrate with energy management systems (EMS), SCADA, inverter controls, cloud-based analytics platforms, etc., creating a broad attack surface across IT and OT environments. Poor segmentation can lead to lateral movements across critical infrastructure, allowing hackers to move freely within a network after they’ve breached the perimeter.
Meanwhile, BESSs generate and transmit valuable operational data (e.g., usage patterns, grid service participation, etc.). Adversaries can exploit the information for intelligence gathering, sabotage, or competitive advantage. Moreover, they can hack into a system to alter battery behavior, disable units, or manipulate energy market participation in real time.
In today’s uncertain geopolitical climate, critical infrastructure is particularly vulnerable. Nation-state attackers may use BESS as a path to disrupting national energy resilience and personal safety. Meanwhile, the high cost of downtime and recovery makes BESS a prime target for cybercriminal groups as an opportunity for ransom extortion.
Common BESS security threats and defenses
As BESS deployments grow in scale and complexity, so do the cybersecurity risks. Extensive connections and integrations with IT networks, operational technology (OT), and the cloud present a broad and attractive attack surface. Reputable BESS manufacturers should address the following threats:
Malware and ransomware attacks may lock authorized users out of critical management systems, halting battery operations or forcing unsafe states. Operators should implement EDR or XDR tools to support 24/7 monitoring, isolate BESS networks from internet-facing systems, apply strict access controls, and conduct cybersecurity awareness training.
Unauthorized remote access, where hackers exploit exposed VPNs, weak passwords, or unsecured APIs, may allow hackers to gain direct access to BESS management interfaces. Operators should enforce least-privilege access, implement role-based permissions, and audit and disable unused accounts.
Insider threats or intentional misconfiguration, like the Stuxnet malware attack, where hackers bypassed perimeter defense at the Natanz nuclear material enrichment facility in Iran to inflict damage (Ocean’s Eleven style). As such, end-to-end encryption is essential for ensuring data integrity.
Supply chain vulnerabilities may allow threat actors to inject malicious code into firmware. BESS builders and operators should only use components from trusted, security-conscious vendors. Also, maintain a rigorous firmware update and validation process and regularly conduct supply chain security assessments.
Network-based attacks through industrial protocols like Modbus, DNP3, or IEC 61850, which may not have encryption or authentication capabilities by default. Operators should segment BESS OT networks from IT and external networks, use protocol-aware intrusion detection systems (IDS), and disable unused services to minimize exposure.
Accidental misconfigurations may introduce vulnerabilities. Operators should conduct regular access reviews and revoke unnecessary privileges. Also, monitor user behavior for anomalies, establish security baselines, and automate configuration audits.
Physical security gaps may allow an attacker to install rogue devices, extract data, or bypass digital protections. Operators should install surveillance and access control systems at BESS sites, monitor for unusual physical access patterns, enforce strict visitor policies, and integrate physical security logs into cybersecurity incident response processes.
The elephant in the room: The cyber-physical gap in BESS security
Most BESS security tactics address vulnerabilities involving connections between IT, OT, and other systems linked to the energy storage component, but not the energy storage component itself — the battery.
Today’s BESSs have minimal battery management capabilities, only sufficient to collect basic telemetry. However, many manufacturers and operators falsely see them as an insurance policy against cyberattacks, especially for critical infrastructure.
Yet, they often fail to consider how these large, connected banks of power backup are making their systems prone to breaches and lateral movements. It’s like the banana industry, which only grows the Cavendish variety commercially. If someone introduces a single virus to kill every banana plant, they can wipe out the global supply in no time.
Poor battery security in BESS may turn a resiliency solution against cyber threats into part of the arsenal adversaries can use in an attack. Instead of counting on the parachute being functional, operators may find the cord missing when they open the pack, discovering they don't have a backup for their backup plan.
So, why are we dancing around the battery security issue instead of addressing it head-on?
Conventional battery technology doesn’t offer the capabilities to merge physical asset management with software-driven features. In other words, they can’t apply cybersecurity principles to physical assets. So, most battery solution providers just sweep the white elephant under the rug.
Over a decade ago, the Tanktwo team was already thinking (and probably overthinking by then-standards) these security challenges. We incorporated battery security into our software-defined battery (SDB) solution to support a seamless, belt-and-suspenders approach to guarding both physical and cyber infrastructures.
Our layered security architecture is not an over-the-top solution. Instead, it’s interwoven into the deep fiber of the Tanktwo Battery Operating System (TBOS). The secure enclave architecture allows us to create unique protection mechanisms that have withstood rigorous testing from the world’s most demanding customers in the defense industry.
For example, our solution can contain a successful attack, which may sabotage one unit but not the entire field. The architecture is naturally resistant to lateral movements, even if an adversary breaches the perimeter or other BESS components.
How does Tanktwo battery security work?
Battery security involves many components to address the multifaceted cyber-physical challenges that BESS builders and operators face. Here’s an overview of how the TBOS enhances BESS security:
>> Download this white paper for the long story
Our battery security architecture supports various types of granular access control to prevent unauthorized tampering. It enables different roles and departments in the battery ecosystem to perform their duties without exposing the architecture to external threats.
Sandboxing requires an airtight cryptographic ecosystem, and we have integrated it into TBOS's battery security architecture to support universal long-tail implementation of electrified products and equipment.
To help product builders and service providers overcome the complexity of battery security, we build the entire architecture into TBOS and abstract it from the battery system’s application.
The plug-and-play solution allows you to customize and sandwich this security layer between any battery system and application. You can also update it via software to ensure ongoing compliance with changing guidelines, business requirements, and regulations.
Our software architecture leverages the internet’s security backbone to protect battery system access with digital keys and certificates. The multidimensional approach involves many components, which intertwine to create a multi-layered web to address physical and cyber threats using principles like security key management and the “battery security onion.”
We start with the battery security processor (BSP), where we burn the serial number and version data into the chip's write-once memory, and no one (not even us) can alter it afterward. Then, we add the BSP to the SDB circuit board and pair it with other chips (e.g., CPU, flash ROM).
Next, we layer different components, like setting low-level limits (e.g., temperature and current limits). Finally, we define details about the owner, application, operator, and user, adding keys to the key repository for granular access control, authentication, and other security features.
Enhancing BESS resiliency through battery security
In March 2023, the White House published an updated National Cybersecurity Strategy. Pillar one concerns the defense of critical infrastructure. The incapacitation or destruction of these physical or virtual assets, systems, and networks would have a debilitating effect on security, the national economy, and/or public health and safety.
BESSs provide resiliency to critical infrastructure, but only if they aren't the target of an attack. Yet, the components’ increased connectivity will leave many critical systems vulnerable to exploitation without proper security measures.
As such, airtight battery security is the prerequisite for effective and reliable BESS implementation.
Battery security isn’t an afterthought in TBOS. We developed our system from the ground up with the BSP as an integral part of the software architecture. Moreover, we leverage best-in-class technologies as much as possible without reinventing the wheel. By using building blocks monitored by security experts worldwide, we can address new vulnerabilities promptly.
Read our Battery Security white paper or get in touch to see how we can help you integrate battery security into your BESS design and implementation.
