BESS cyber physical risk - Industrial Cyber

I recently became involved in a cyber-physical risk analysis project assessing the potential risks associated with the future use of Battery Energy Storage Systems (BESS). While there have been no confirmed cyber attacks on BESS to date, findings indicate that the consequences of such an attack could be severe, affecting operations, safety, and financial stability. This article focuses on identifying risks—not mitigations—related to deploying BESS in an industrial facility that integrates renewable energy to reduce costs, highlighting potential threats and their impact on plant processes. Since effective security starts with awareness, we need to identify risks before planning defenses. Or in other words:

“Know your risks before choosing your defenses—guessing isn’t security.”

BESS are playing an increasingly important role in the global energy landscape. According to Bloomberg New Energy Finance, approximately 4 gigawatts (GW) of BESS projects were installed worldwide in 2019. Since then, deployment has accelerated significantly, with 42 GW added in 2023 alone. Looking ahead, global projections indicate that by 2030, annual additions will reach 110 GW.

Despite this rapid growth, batteries currently account for only about 0.5% of the world’s total energy consumption. However, by 2030, global storage capacity is expected to reach 600 GW, supplying approximately 2.6% of total energy demand, according to Bloomberg.

BESS applications range from small-scale residential units that store energy from solar panels to large-scale battery facilities containing hundreds of battery containers, supporting grid stability and renewable energy integration.

We have basically two types of installations: Front-of-the-Meter (FTM) and Behind-the-Meter (BTM) installations. An FTM BESS is installed on the grid side of the utility meter, typically owned by the energy provider, and is used for grid stabilization, frequency regulation, peak shaving, and energy arbitrage. It interacts directly with the power grid, helping balance fluctuations and improve reliability, making it a common choice for large-scale renewable energy projects like wind and solar farms.

In contrast, a BTM BESS is installed on the asset owner’s side, for example an industrial facility, and is primarily used for self-consumption, backup power, and reducing electricity costs. In an industrial plant that generates part of its energy using wind or solar, a BTM BESS enables local energy storage, reducing grid reliance and improving energy resilience. Meanwhile, an FTM BESS at a utility-scale wind or solar farm stores excess generation for controlled release into the grid. While FTM systems support grid-wide energy management, BTM systems optimize on-site energy use, lowering demand charges and enhancing resilience. This article focuses on a BTM solution.

Apart from FTM / BTM, BESS architectures can be categorized as AC-Block or DC-Block. The AC-Block operates in Alternating Current and is commonly used in grid-scale storage, wind energy integration, and industrial facilities, where it ensures stable power supply, peak demand reduction, and backup for critical operations. The DC-Block operates in Direct Current and is optimized for solar energy storage, allowing direct integration with photovoltaic systems to improve efficiency by minimizing AC/DC conversions. While AC-Block systems provide greater flexibility for integrating mixed energy sources and grid interactions, DC-Block systems optimize efficiency in solar-plus-storage setups, making the choice dependent on energy source and operational requirements. AC-Block systems are more directly connected to the grid, making them more susceptible to grid-originated cyber threats. In contrast, DC-Block systems have greater exposure to risks associated with solar inverters and DC-DC converters. This article focuses primarily on the DC-Block architecture and does not cover solar inverter vulnerabilities, as they fall outside the scope of BESS security considerations.

Figure 1 illustrates a BESS configured as a DC-Block installation in a BTM setting, designed to store and supply power—from renewable sources—to the facility. As BESS becomes increasingly integrated into industrial power systems, understanding its cyber-physical vulnerabilities becomes essential. The following sections in this overview article explore cybersecurity risks associated with industrial BESS deployments and their potential impact on operations, safety, and reliability.

The batteries (left bottom of the figure) are the key component of the BESS. Lithium-ion batteries are the preferred choice due to their high energy density, efficiency, and long cycle life. In this example, the BESS is charged using a combination of wind and solar power, aiming to provide a reliable and energy supply for the plant to reduce energy cost. The option is to either use wind energy or solar energy, or a combination of both. Wind turbines and solar panels have security vulnerabilities independent of the BESS, as they are cyber-physical assets with control, communication, and monitoring systems that can be targeted. In this article I focus exclusively on the BESS.

Wind turbines generate AC power, which is converted to DC through rectifiers, while solar panels provide direct DC energy that is regulated via DC-DC converters. Both sources feed into a unified DC bus at typically 1500V, where energy is stored before being dispatched as needed. The PCS converts the stored DC power into three phase 400V AC (European standard (1995 – IEC 60038), and older European systems use 380V AC) to meet the plant’s electrical requirements. To ensure stable plant operations, the battery system must be sized appropriately, typically allowing for up to four hours of sustained output at rated power.

The BMS function is responsible for ensuring the safe operation, long lifetime, and efficiency of the battery system by continuously monitoring and regulating key parameters. It maintains battery modules within safe operational limits using a network of sensors, electronic control units, and power management circuits. The sensors measure voltage, current, and temperature at multiple points within the battery system, providing real-time data to the BMS microcontroller, which processes this information to regulate charging, discharging, and thermal conditions. The BMS also controls contactors that connect or disconnect the battery from the PCS and, in some cases, manages cooling systems to regulate battery temperature and prevent overheating.

Battery management is not handled by a single system but rather by a hierarchical structure of multiple BMS units, each responsible for different levels of monitoring and control. At the lowest level, module-level systems oversee cell balancing and safety within individual battery segments, while higher-level systems coordinate multiple modules into packs and manage overall energy distribution. A supervisory system ensures communication between these layers, integrating data to optimize charging, discharging, and fault response strategies. In this hybrid renewable energy system, fluctuating generation from wind and solar sources introduces dynamic charging conditions, which must be carefully managed to avoid excessive battery stress. Each level of battery management plays a role in stabilizing these fluctuations, ensuring that state of charge, voltage balance, temperature, and current remain within safe operational limits.

State of Charge (S0C) and State of Health (SoH) are two critical parameters managed by the BMS. SoC represents the available energy in the battery relative to its maximum capacity, with 100% indicating a fully charged battery and 0% representing complete discharge. The BMS relies on SoC calculations to manage charging and discharging cycles, ensuring efficient operation while preventing damage due to overcharging or deep discharge. SoH reflects battery aging and degradation, calculated as the ratio of the battery’s current maximum capacity to its original rated capacity. Over time, as the battery degrades, SoH declines from 100% (new) to 0% (end of life), affecting its ability to store and deliver energy. A battery reaching 20% SoH is typically considered near failure. Accurate SoH estimation is important for predictive maintenance and operational planning, as degraded batteries discharge faster and generate more heat, increasing safety risks.

Beyond physical degradation risks, cybersecurity threats pose an additional concern. Because lithium-ion cells are vulnerable to thermal runaway, they operate within a controlled voltage range, generally between 2.5V and 4.2V, depending on the chemistry. The BMS continuously monitors voltage balance, SoC, temperature, and current flow to prevent unsafe conditions. However, cyber threats targeting voltage and current measurements, as well as the algorithms calculating SoC and SoH, pose risks. Manipulating SoC or SoH data could lead to incorrect charging behaviors, excessive cycling, or failure to detect aging-related faults, ultimately increasing the likelihood of overheating, thermal runaway, or fire.

Remote access to the BMS should be strictly restricted, as it introduces significant cybersecurity risks. While maintenance connections often allow access to the BMS, these should never be linked to the plant network. Although connecting the BESS maintenance interface for remote diagnostics may be convenient, it significantly increases the attack surface, posing a direct risk to the BESS and, indirectly, to the plant’s operations. Minimizing network exposure and enforcing strict access controls to the BESS maintenance functions are essential to safeguarding system integrity.

The Power Conversion System (PCS) is a key component of the BESS, responsible for managing bidirectional energy flow between the battery system and the plant’s AC network. It converts DC from the battery into AC to supply the plant and converts AC into DC to charge the battery. This is performed by a bidirectional inverter, which dynamically adjusts operations based on energy demand and availability.

The PCS interacts with both the ESMS and the BMS. It receives power setpoints from the ESMS, including real and reactive power instructions, and retrieves battery status information from the BMS, such as temperature, State of Charge, and State of Health. Using this data, the PCS determines the appropriate operating mode—charging, discharging, or standby—based on energy market demands and battery conditions.

In this example, both wind and solar energy sources contribute to battery charging. Wind turbines generate AC power, which is converted to DC through rectifiers, while solar panels generate DC power, regulated via DC-DC converters. These conversions ensure that both energy sources can efficiently charge the battery at the required voltage level. A unified DC bus serves as the connection point for all DC inputs before they are stored in the battery.

A BESS incorporates multiple protective measures to detect and mitigate physical hazards, including thermal runaway and fire events. Thermal runaway is identified using gas sensors calibrated to detect specific chemical signatures associated with the battery’s composition. Fire suppression systems are designed not only to extinguish flames but also to cool battery cells, preventing re-ignition due to residual heat. The most commonly recommended fire suppressants, based on battery manufacturer guidelines, include water, carbon dioxide, and chemical or dry powder agents, each selected based on battery chemistry and fire suppression efficiency.

As BESS become increasingly interconnected, securing the integrity of PCS operations is essential. Access to the PCS could also disrupt energy dispatch, cause improper battery cycling, or impact plant power stability. Additionally, remote access to the BMS using the maintenance interface must be strictly controlled, as maintenance interfaces present a potential cybersecurity risk if connected to the plant network. While remote maintenance may offer convenience, it significantly increases exposure to cyber threats, potentially affecting both the BESS and plant operations. Implementing strict access controls, network segmentation (BESS is a level 0 device), and secure communication protocols is critical for maintaining a resilient and secure energy storage system.

The maintenance port connects to all BESS components, allowing for diagnostics, firmware updates, and troubleshooting. This connection should be isolated from the SCADA/DCS network for security reasons. Following protocols are in use:

Modbus TCP/RTU – Common for retrieving diagnostics and configuration settings from BMS, PCS, and ESMS.
CAN Bus – Direct access to low-level battery module data for advanced diagnostics.
OPC UA – Used in modern BESS for secure remote access to operational data.
HTTPS & REST API (Representational State Transfer Application Programming Interface) – For cloud-based maintenance tools and third-party vendor interfaces.
SSH/Telnet – For command-line access to networked controllers, though high-security BESS systems disable this due to cybersecurity concerns.

Integrating cloud connectivity with a BESS requires careful consideration of security risks and system segmentation, particularly when choosing between connecting through the SCADA/DCS interface or the maintenance interface. While linking the cloud to SCADA/DCS allows for real-time operational data exchange and supports grid integration, energy analytics, and virtual power plant (VPP) applications, it must be properly segmented to prevent unauthorized access to critical control functions.

On the other hand, connecting the cloud to the maintenance interface introduces a higher risk, as this interface is used for diagnostics, firmware updates, and direct BMS/PCS/ESMS access, making it a potential attack vector for system manipulation. A compromised maintenance connection could lead to remote tampering with battery parameters, unauthorized firmware modifications, or disruptions in safety mechanisms.

To mitigate these risks, cloud access should be restricted to read-only operational data, preferably through interfacing with a data historian or an intermediary system that limits direct interaction with BESS controls such as BMS, PCS, or ESMS.

The SCADA/DCS port in the BESS diagram enables integration with the plant’s control system for real-time monitoring, dispatch commands, and safety management. Depending on the BESS application (industrial vs. grid-scale), different communication protocols are used.

DNP3 – Common in utility-scale BESS for SCADA communication in North America, enabling event-driven data reporting. DNP3-SA having secure authentication should be mandatory.
IEC 61850 (GOOSE & MMS) – Used in grid-integrated BESS for fast, event-based control and data exchange with energy management systems.
Modbus TCP – Frequently used for PCS and ESMS data exchange with DCS/SCADA.
OPC UA – Provides secure, vendor-neutral interoperability between BESS components and DCS/SCADA.
MQTT – Used for cloud-based energy analytics, particularly in IIoT-enabled BESS.
EtherNet/IP – Rarely used but found in industrial BESS systems, enabling real-time monitoring and control via EtherNet/IP.

If DNP3-SA or OPC UA is used, a secure interface can be established due to their built-in authentication and encryption capabilities. However, GOOSE messages in IEC 61850 are susceptible to spoofing, requiring network whitelisting, VLAN segmentation, and authentication extensions to mitigate risks. Additionally, MMS should always be secured with TLS to ensure encrypted data transfer.

Modbus TCP is inherently insecure, as it is vulnerable to MITM attacks, replay attacks, and unauthorized control, making it unsuitable to be used for critical applications. MQTT also presents security challenges, as it lacks authentication by default. To secure MQTT, TLS encryption, client authentication, and broker-level security measures (such as ACLs and role-based access control) must be enforced. Misconfigurations in MQTT can lead to message interception, so encrypted connections should be mandatory.

For EtherNet/IP, legacy versions do not include authentication or encryption, making them vulnerable to traffic interception and unauthorized access. To mitigate this, IPsec or TLS tunnels should be used for external communications. Additionally, access control measures, such as restricting traffic to trusted IP ranges, should always be enforced to minimize exposure and prevent unauthorized access.

BESS communications can be secured, but this requires careful protocol selection and strict network segmentation. The BESS should be treated as a Level 0 system, ensuring it remains isolated from the more exposed Level 3 network segments, a misconfiguration that is unfortunately common. Direct integration with higher-level networks increases the risk of unauthorized access, and data manipulation.

Another potential vulnerability lies in the supply chain, as China dominates the global BESS market, producing a significant share of lithium-ion batteries, PCS, and BMS. This reliance has raised concerns in the US and Europe about potential cybersecurity risks, particularly the possibility of embedded vulnerabilities allowing unauthorized remote access, and exploitation for malicious purposes. Let’s look at the threats in more detail:

A BESS unit could be pre-installed with hidden backdoors, malicious firmware, or unauthorized remote access mechanisms, enabling future exploitation to disable, disrupt, or manipulate energy storage operations. This risk is particularly concerning for both power grids and industrial plants, where a compromised system could be remotely disabled, have its charging cycles manipulated, or be synchronized to trigger coordinated failures across multiple installations. Such attacks could lead to grid instability, power supply disruptions, or operational failures within a plant, impacting both safety and production continuity.
Many Chinese-manufactured BESS solutions come with default cloud integration, often hosted on Chinese-controlled infrastructure, posing risks of data exfiltration and remote takeover. If a BESS cloud service is compromised, attackers could override system controls, inject false data, or manipulate energy dispatch settings, leading to process disruptions, equipment damage, or unexpected shutdowns in an industrial environment.
If multiple compromised BESS units are triggered simultaneously, they could manipulate frequency regulation services, disrupt power stability, or induce artificial load fluctuations. This could destabilize the grid, while in a plant setting, it could cause electrical fluctuations, interfere with sensitive machinery, or overload critical systems, leading to cascading failures.
A compromised BESS could also serve as an entry point for broader cyber intrusions, targeting SCADA/DCS, plant energy systems, or industrial automation networks. Attackers could move laterally within the plant’s operational network, spreading malicious code, manipulating process controls, or gathering intelligence on grid and plant operations. Such intrusions could disrupt production, compromise safety systems, or enable further attacks on connected infrastructure.

To better understand these risks, I categorize them into access exploits, data integrity attacks, availability attacks, and supply chain risks.

Access Exploits

Unauthorized access to BESS control systems is a major risk, especially when attackers gain entry through exposed interfaces, unsecured remote connections, or weak authentication mechanisms.

Exploitation of the Maintenance Interface – The maintenance port, which connects to BMS, PCS, and ESMS, is a common entry point for remote diagnostics, firmware updates, and troubleshooting. If not properly secured, attackers can alter system parameters, disable protections, or inject malicious commands, leading to unsafe conditions or operational disruptions.
Exploitation of the SCADA/DCS Interface – The SCADA/DCS port enables integration with the plant’s control network, making it a potential vector for attackers who have already infiltrated the process control system. If exploited, adversaries could override energy dispatch settings, manipulate power regulation, or disrupt safety-critical functions.
Remote Access Vulnerabilities – Cloud-based monitoring and vendor platforms create risks if they provide direct control access instead of read-only diagnostics. Weak authentication or poor network segmentation could allow attackers to manipulate charge/discharge cycles, bypass protections, or disable alarms.
Lateral Movement from Process Networks – If BESS interfaces are connected to process control networks, an attacker breaching SCADA, DCS, or other operational systems could use BESS as a pivot point for further attacks, potentially disrupting power stability and plant operations.

Data Integrity Attacks

BESS functionality depends on accurate real-time data from sensors and control systems. False Data Injection attacks target state of charge, state of health, voltage, and current readings, tricking the system into mismanaging energy dispatch or damaging battery cells.

Manipulated Sensor Readings – Attackers can alter battery state data, leading to overcharging, over-discharging, or false lifespan estimations, causing premature degradation or unexpected power loss.
Command Manipulation – By altering control commands, an attacker can disrupt power balancing, drain the battery unexpectedly, or cause excessive cycling, reducing lifespan.
Tampered Protection Parameters – Attackers can disable safety limits, allowing batteries to operate outside safe voltage and temperature thresholds, increasing the risk of thermal runaway or fire.

Availability Attacks

A Denial-of-Service attack can prevent BESS from responding to energy demands, cause process power failures, or disrupt renewable integration in industrial sites.

Disrupting Power Conversion – Attackers can overload communication channels to the PCS, blocking charge or discharge commands, making stored energy unavailable.
Targeting Communication Between Components – If ESMS signals are blocked or delayed, energy dispatch decisions may be incorrect, leading to instability in power supply to industrial equipment.
Interfering with Process Control Network Integration – A DoS attack on process control communications can blind operators to BESS conditions, preventing adjustments.

Supply Chain Risks

With China dominating global BESS manufacturing, concerns over backdoors, malicious firmware, and cloud-based control dependencies raise cybersecurity risks.

Pre-Installed Backdoors & Malicious Firmware – Attackers could introduce undocumented remote access mechanisms, enabling future exploits to disable, manipulate, or disrupt BESS functions.
Cloud Dependencies & Data Exfiltration – Many foreign-manufactured BESS solutions come with default cloud integration, often hosted on Chinese infrastructure, posing risks of data security breaches or remote takeover.
Coordinated Attacks on Multiple BESS Units – If multiple compromised BESS systems are triggered simultaneously, they could manipulate frequency regulation, disrupt power stability, or induce artificial load fluctuations, leading to cascading failures across industrial sites.

Having discussed the categories of cyber threats that could compromise a BESS, I like to examine how these attacks translate into real-world consequences by targeting each of the specific system components. The BMS, ESMS, and PCS each play a distinct role in energy storage operations, and a breach in any of them can lead to severe operational, safety, and financial repercussions. The following sections analyze how attackers can exploit these components, the potential impact on industrial processes, and the risks associated with system manipulation.

Battery Management System

The BMS is together with the PCS the most attractive target for attackers, both of these can be targeted unauthorized access through the maintenance interface is achieved. If exploited, attackers can leverage False Data Injection or Denial of Service to manipulate battery diagnostics, interfere with operational decision-making, and introduce safety risks. These attacks could result in incorrect state-of-charge or state-of-health readings, leading to unexpected battery depletion, overcharging, or failure to provide backup power when required. In an industrial setting, such disruptions may compromise process stability, disrupt power supply to critical safety systems, or increase fire and thermal runaway risks.

Potential Manipulations and Their Consequences:

Manipulated Sensor Readings – Altering temperature, voltage, or current data can trigger unnecessary safety shutdowns or prevent fault detection, leading to unstable operation.
Deceptive Charge State Calculations – Injecting false values for State of Charge or State of Health parameters can cause the BMS to mismanage the charging cycles, potentially draining the battery prematurely or stressing cells beyond safe limits.
Disrupted Protection Mechanisms – Interfering with BMS controls allows an attacker to disable overcharge, over-discharge, or the thermal protections, substantially increasing the risk of battery failure, overheating, and even fire.

But apart from immediate impact there are also long-term effects on battery performance and safety. For example:

Increased Wear and Degradation – Repeated incorrect charge cycles accelerate battery aging, reducing its effective lifespan.
Higher Risk of Thermal Runaway – If critical protection features are disabled or misconfigured, overheating can spiral into uncontrolled chemical reactions.
Loss of Reliability – A compromised BMS can disrupt energy availability, leading to unexpected system failures in grid and industrial applications.

Energy Storage Management System

The ESMS is a critical component that manages the coordination between the BMS, PCS, and the DCS / SCADA functions on the process control network. The ESMS has a direct connection to the DCS/SCADA interface, making it a potential attack surface if an adversary gains access through the process control network. A compromised ESMS could lead to malfunctioning energy dispatch, unstable power supply to critical plant systems, and increased battery safety risks, potentially affecting process continuity and operational safety. Attack strategies against the ESMS include False Data Injection, Denial of Service, and Man-in-the-Middle attacks, which can disrupt power availability, interfere with emergency backup systems, or manipulate process load balancing, leading to unexpected shutdowns, operational inefficiencies, or safety incidents.

Potential Attack Vectors and their Consequences

Manipulated System Data – Altering BMS and PCS information can result in incorrect operational commands, leading to instability in energy management.
Tampered Control Signals – Attackers can send malicious PCS commands, potentially causing harmonic resonance, voltage fluctuations, or power system disturbances.
Firmware Manipulation via MitM Attacks – If software or firmware updates are intercepted and modified, attackers could embed malicious code, introducing backdoors, disabling safety trips, or enabling persistent access.

Possible impact on process operations and battery safety are:

Process Disruptions – A compromised ESMS can lead to unexpected disconnection of the BESS from the plant power network, affecting power stability for critical process equipment, backup power availability, and load balancing. In a refinery or chemical plant, this could jeopardize continuous operations, impact safety-critical systems, or lead to unplanned shutdowns.
Unstable Energy Supply – Malicious firmware modifications could alter BESS operational logic, leading to inconsistent energy dispatch, erratic battery behavior, or failure to provide power when needed. This may cause overloading of auxiliary power systems, failure of emergency energy reserves, or fluctuations in sensitive process equipment.
Compromised Security & Safety Controls – If attackers eavesdrop on ESMS communications, they can intercept control signals, manipulate system parameters, or delay protective actions. This could enable further attacks on power distribution, safety systems, or process automation, potentially preventing proper battery management or disabling safety trips, increasing the risk of thermal events or process hazards.

Power Conversion System

If the BESS is powered by solar or wind energy (or both), the PCS takes care of balancing the renewable energy inputs with the plant’s external power sources, maintaining voltage and frequency stability, and ensuring reliable energy distribution to the plant’s power network. If compromised through false data injection or denial of service attacks, the PCS may fail to regulate power effectively, leading to fluctuations that disrupt process operations, damage connected equipment, or cause unsafe process conditions. To carry out such an attack, adversaries need access to the maintenance port. Access could allow attackers to manipulate PCS functions, disrupt energy flow, or compromise system stability, highlighting the importance of strict access controls and network segmentation.

Potential Attack Vectors and their Consequences

Disrupting Voltage Regulation – A compromised PCS may fail to manage over-voltage or under-voltage conditions, leading to fluctuations in plant power quality. This can cause instability in power-sensitive process control systems and critical safety mechanisms.
Manipulating Frequency Response – Attackers can alter the PCS logic to mismanage power injection from wind and solar sources, either blocking energy absorption or injecting power at the wrong time, resulting in frequency instability that can trip breakers or damage sensitive equipment.
Interfering with Load Balancing Between Renewables, and BESS – By manipulating PCS response to real-time energy demand, an attacker could cause excessive reliance on a single energy source, leading to overloading or underutilization of the BESS, reducing overall system efficiency and reliability.
Preventing BESS from Supporting Process Loads – If the PCS fails to properly convert stored energy for plant power network consumption, essential plant operations could suffer from power shortages, leading to unplanned shutdowns or failures in emergency power backup.

Possible impact on process operations and safety are:

Process Disruptions from Unstable Power – If the PCS does not compensate for voltage and frequency variations from wind and solar, plant equipment could trip, causing interruptions in critical processing operations.
Over-Voltage Risks from Excessive Renewable Input – When the PCS fails to absorb surplus energy, high voltage levels could overload plant electrical infrastructure, leading to equipment damage or protective shutdowns.
Under-Voltage Leading to Equipment Malfunctions – If the PCS fails to support voltage regulation, process control systems and auxiliary power supplies may experience insufficient voltage, disrupting operations.
Frequency Instability Affecting Power Distribution – If frequency deviations from fluctuating wind or solar input are not corrected, motors, pumps, and industrial drives could malfunction, impacting production efficiency.
Load Shedding & Emergency Shutdowns – In cases of severe frequency imbalance, the plant may be forced into load-shedding scenarios, shutting down non-essential equipment and risking disruptions to safety-critical processes.

So overall a cyber-attack on a BESS within an industrial facility can have severe operational, safety, and economic consequences. The impact can be categorized into three key areas:

Operational Disruptions and Equipment Damage – Manipulation of PCS and BMS settings can cause unstable power supply, leading to equipment trips, voltage fluctuations, and potential damage to sensitive process machinery. Unregulated energy flow could disrupt critical control systems, affecting production and safety mechanisms.
Battery Hardware Degradation and Safety Hazards – A compromised BESS can experience overcharging, deep discharging, or unbalanced cell operation, leading to accelerated wear, premature failure, or even thermal runaway and fire risks. In an industrial setting, such incidents could pose serious hazards to personnel and facilities.
Financial and Operational Losses – The inability to deliver stable power from the BESS can increase operational costs, cause downtime, and disrupt plant workflows. A prolonged outage could delay production schedules, increase reliance on backup generators, and lead to financial penalties for unmet energy efficiency targets.

The severity of the impact depends on the power distribution architecture within the industrial site. If proper safeguards, isolation mechanisms, and redundancy are in place, the effects may be contained, limiting disruptions to localized areas. However, if the facility lacks proper configuration, fails to segment energy assets, or does not have adequate protection mechanisms, a single point of failure in the BESS could cascade into widespread disruptions, affecting multiple production units or even leading to plant-wide power loss. Assessing the impact of a cyber-attack on industrial energy storage requires analyzing how power fluctuations influence process systems and overall plant operations.

Sinclair Koelemij

With over 45 years of experience in process automation, Sinclair has developed extensive expertise spanning process automation, networking, security, and risk management for process automation systems. During a 43-year tenure at Honeywell, he contributed to service, engineering, and securing a wide range of control and process safety solutions, from basic to advanced systems, across the wider process industry, including petrochemical, refining, pipeline, and offshore operations. His experience includes software development and the implementation of control and safety systems for more than 100 installations, ranging from smaller setups with fewer than 1,000 I/O points to large-scale systems exceeding 100,000 I/O points.

Sinclair’s approach to OT security and cyber-physical risk is grounded in a deep understanding of production processes. He emphasizes addressing risks from the perspective of the process itself, ensuring that security measures align with the operational and safety requirements of industrial systems. His career includes 25 years focused on process automation and 20 years specializing in networking, cybersecurity, and risk management.

Sinclair also holds multiple patents in the field of cyber-physical risk evaluation and mitigation, reflecting his expertise in integrating technology and safety to protect industrial environments.