While energy companies race to install battery storage systems across the power grid, cyber attackers aren’t far behind. Battery energy storage systems (BESS) are projected to grow up to 45% over the next five years. Great news for renewable energy. Terrible news for security experts.
The numbers don’t lie. Cyberattacks against utilities have quadrupled since 2020. At least 18 distinct threat groups are actively targeting electrical grids worldwide. Nation-states and criminal organizations aren’t just testing the waters—they’re diving in headfirst.
These aren’t your average hackers. They’re sophisticated actors with specific toolsets designed to wreak havoc on industrial control systems. Remember Industroyer? BlackEnergy? Those were just warm-ups. The new generation of malware is being custom-tailored for battery systems.
The financial stakes are enormous. A single four-hour outage of a 100MW battery system could cost $1.2 million in lost revenue. But that’s pocket change compared to the regional impact—a large-scale outage affecting 100,000 customers could trigger economic damage around $39 million. In a day. The Ukraine power outage in December 2015 demonstrated how advanced hackers could cause widespread blackouts affecting thousands of people.
What makes batteries so vulnerable? For starters, they’re multiplying faster than security can keep up. Thousands of exposed devices, inconsistent firmware updates, and weak network segmentation create a hacker’s paradise. Many systems still use internet-accessible management interfaces. Seriously.
The attack methods aren’t particularly novel—phishing, credential theft, denial-of-service attacks. What’s new is the target and potential impact. Hackers can potentially trigger physical damage by manipulating charge cycles or remotely disconnecting batteries during peak demand. These vulnerabilities are especially concerning as energy storage becomes essential for managing the intermittency of wind and solar power.
The worst part? Many utilities and co-ops aren’t prepared. Their security teams are understaffed and overwhelmed. Meanwhile, ransomware incidents in the energy sector continue to surge year after year. Advanced threat actors like Volt Typhoon are specifically targeting U.S. critical infrastructure to potentially disrupt operations during conflicts.
As our grid becomes more distributed and battery-dependent, the attack surface grows exponentially. These sleeping giants—massive battery installations quietly balancing our power supply—have become the perfect targets for those looking to turn out the lights.
References
- https://www.cybersecuritydive.com/news/battery-energy-storage-systems-risk-cyberattack/807675/
- https://eepower.com/tech-insights/grid-cyber-threats-a-rising-concern-in-2025/
- https://www.pv-magazine.com/2025/12/05/keeping-the-smart-grid-cyber-secure/
- https://deepstrike.io/blog/cybersecurity-in-the-power-sector-2025
- https://asimily.com/blog/top-utilities-cyberattacks-of-2025/
- https://www.justsecurity.org/123955/securing-solar-infrastructure-risk/
- https://www.energy.gov/sites/default/files/2022-10/Cybersecurity Considerations for Distributed Energy Resources on the U.S. Electric Grid.pdf
- https://www.scworld.com/brief/cyberattacks-against-battery-energy-storage-systems-expected-to-grow
- https://www.anernstore.com/blogs/off-grid-solar-solutions/2025-der-cybersecurity-trends-irena-iea
