The rise of battery energy storage systems (BESS) brings both high-value stored energy and an attractive target for cyber attackers. Rafael Narezzi, CEO of Centrii, explains why securing BESS assets is crucial to prevent data breaches and power outages and outlines the key questions operators should consider.

Centrii Co-Founder Rafael Narezzi on BESS

Centrii Co-Founder Rafael Narezzi

Battery Energy Storage Systems (BESS) play a critical role in grid stability and renewable energy utilisation. But as these infrastructures become more sophisticated, the risk of cyberattacks grows, potentially compromising operations, safety and energy reliability.

These are not passive assets. They are software-controlled, grid-interactive systems that directly influence frequency, load balancing and stability. The integration of IT and OT in energy storage systems increases their vulnerability.

As the UK and Europe move toward long-duration energy storage, we can expect these systems to be targeted. But are operators putting security front and centre and do they have the visibility and control to withstand such an attack?

Here we look at the questions every operator should be asking:

1. Do we have visibility into our distributed assets?

When operators lose visibility into distributed assets, whether that’s down to communication failures, misconfigurations, or malicious interference, the response becomes reactive rather than coordinated.

Unlike centralised generation, battery assets are often remote and dispersed, and heavily dependent on real-time telemetry. Last year’s attacks on Poland’s power grid shows just how threat actors understand how to manipulate remote locations simultaneously to destabilise critical power networks.

Without continuous, validated visibility into operational states, operators are effectively managing blind.

2. What happens if dispatch signals are manipulated?

Battery systems do not just store energy; they respond to it.

Charging and discharging decisions are driven by automated signals tied to grid frequency, market conditions and control system inputs. If signals are altered, delayed, or spoofed, the behaviour of the battery changes accordingly.

A coordinated manipulation of dispatch signals could cause batteries to discharge during peak stress or charge when supply is already constrained. At scale, this could become a major grid stability event.

3. How secure is our remote access infrastructure?

Remote access is critical to today’s energy operations. But it’s also one of the most consistently exploited pathways into operational environments.

The challenge is not just whether remote access exists, but whether it is continuously monitored, authenticated and segmented.

A BESS example of a UK battery facility revealed remote connectivity and VPN management as key vulnerabilities before improvements to security were made. Without robust controls these pathways could directly access systems responsible for charging discharging and grid interaction.

Remote access must be treated as a critical control point, or it becomes the attacker’s shortcut.

4. Are our OT systems designed for today’s threat environment?

Many battery installations rely on industrial control systems (ICS) originally designed for isolated environments. But in today’s environment, SCADA platforms, battery management systems and programmable logic controllers are connected to external networks. While this enables efficiency and scalability, it also exposes them.

Advisories by CISA in the US have highlighted vulnerabilities in widely used ICS components, including unauthorised command execution, denial-of-service conditions, or system manipulation.

In the UK BESS example, outdated firewalls, irregular patching and poor segmentation led to exploitable conditions within the operational environment.

5. Are we managing cybersecurity at the speed of deployment?

The simple fact is that battery storage is being deployed faster than many operators can secure it. According to the IEA, global energy storage capacity is expected to grow more than six-fold by 2030. As growth accelerates, it creates a gap between what is operationally critical and what is operationally secured.

In practice, this gap shows up in incomplete asset inventories, delayed patch cycles and limited monitoring of newly deployed systems. When basic vulnerabilities exist, attackers will always sense an opportunity.

6. Do we understand how cyber risk translates into physical and financial impact?

Cybersecurity in energy is often framed as a data protection issue. In BESS environments, it is both an operational and financial issue.

In the example previously cited, cybersecurity improvements led to a measurable 12% increase in operational uptime, as well as the reduced risk of disruption. That is the inverse of the risk equation – if security can improve uptime, insecurity can degrade it.

This is not about abstract threats. For operators, it’s about revenue, reliability and regulatory exposure.

In essence, the grid is becoming far more distributed, connected and automated – and BESS is at the heart of this transformation. Distributed control without distributed visibility creates fragility rather than resilience.

For operators the question is not whether cybersecurity matters but why it matters.

Learn more: https://centrii.com/en/

For more news: https://essmag.co.uk/category/news/