Experts Sound the Alarm Over Energy Storage Cybersecurity
Image courtesy of James Keenan under Attribution-NonCommercial 2.0 Generic Deed, resized to 700 x 391 pixels.
According to a panel of experts hosted by the Clean Energy States Alliance (CESA), energy storage cybersecurity is increasingly critical due to the vulnerabilities inherent in these types of systems. Because these systems, as well as similar distributed energy resources (DERs), rely on cloud computing, they can be easily infiltrated. Read on to learn about the panel experts’ recommendations.
What You Need to Know About Energy Storage Cybersecurity
The CESA panel included experts from the North American Electric Reliability Corporation (NERC) and the Electric Power Research Institute (EPRI).
DERs like energy storage technologies are critical elements in terms of the ongoing energy transition. However, their distributed nature requires a heavy reliance on connectivity to the cloud, often relying on insecure Wi-Fi or Bluetooth connections. While this helps enable remote repairs at a mass scale and other impressive feats, it can also present low-hanging-fruit opportunities for hackers.
The cloud element also presents risks outside of a targeted cyberattack; for example, a faulty software update could have a wide-ranging cascading effect that brings one or more systems offline. There are also potential difficulties associated with end-to-end testing of cloud-based systems. Generally speaking, much of the impact of an attack comes down to how the system is configured, how large it is, how interconnected it is, and how critical it is to grid operation.
The speakers offered some recommendations for boosting energy storage cybersecurity. First, systems that leverage 2-way connectivity should have an override mechanism. Also, utilities should collect baseline data on new installations so future anomalies and security issues can be detected. Risk assessments should also be conducted on all storage installations to develop mitigation plans that can be activated in response to a breach.
In the final analysis, energy storage systems are not going anywhere, which means that your energy storage cybersecurity plans and protocols need to be comprehensive, up to date, and practiced regularly.