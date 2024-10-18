BY Mike Judd4 minute read

Most of our grid was built in the 1960s and 1970s, and while it has been improved with automation and emerging technologies, this aging infrastructure is straining to meet current electricity needs. Utilities are struggling to integrate renewable energy sources. AI is driving significant power demands from data centers. EV adoption has faltered as consumers consider the availability of charging stations and the grid’s ability to power them.

Grid-scale battery energy storage systems (BESS) can help utilities provide power during peak loads by storing electricity generated from wind and solar sources and deploying that power when it is needed most. While these systems add clean energy capacity, the connected nature of the BESS technology may be susceptible to cyberattacks and must be protected from foreign and domestic threats. CONTROLLING THE DATA STREAM Battery energy storage systems generate a tremendous amount of data, and not controlling that data stream presents a cybersecurity risk.

Subscribe to the Compass newsletter. Fast Company's trending stories delivered to you daily Privacy Policy | Fast Company Newsletters

Consider a BESS deployed on a microgrid. The manufacturer can gather usage information from that system—the status of the demand on that microgrid, when it’s being supplied by solar and when it’s being supplied by the grid, when it’s outputting and when it’s inputting. A microgrid supporting a rural town might not be of interest, but what if that microgrid is powering a military installation? If that microgrid were located on a naval base, operators would be able to tell how many ships are in port. When a vessel transitions from ship power to shore power and connects to the microgrid, data will show that the electrical load has increased. Operators could see the demand load and determine how many ships are tied to the microgrid’s shore power. Combine that information with satellite images, and the exact comings and goings of a fleet could be mapped out. Consider what data is necessary versus what data is available. Who has access to that data? While integrating microgrids and BESS will provide energy resilience, the data generated by these systems must be controlled to protect grid security.

IDENTIFYING VULNERABLE DATA Currently, each battery energy storage system is configured to each customer’s specifications. Those parameters change depending on their unique applications, what they want to get out of the system, or what the BESS is connected to, whether it’s wind or solar. Identifying and protecting critical data is essential as more BESSs are deployed and connected to the grid. Most manufacturers follow some generally accepted practices for warranty purposes. The systems are usually not discharged below 10% and never charged above 90%. This information is typically monitored by the battery management system (BMS). The BMS determines what to do with the battery’s state of charge. It says whether it can charge or discharge, and how much it can charge and discharge.

As renewable energy sources and BESS are deployed, additional access points are created. Data within the BMS of a battery energy storage system can be manipulated. A threat actor could send data down to the BMS that would indicate the BESS isn’t ready to discharge. The grid operators, who do not have visibility into the BMS, would assume the system is ready to go online and provide power to the grid. That disconnect, among thousands of systems connected to the grid, could cause a serious disruption to the power supply. So, now that sensitive data has been identified, how do we protect that data from manipulation? LOCKING DOWN CRITICAL DATA

advertisement

With all the parameters online, there are obvious cybersecurity risks. Consider the dilemma auto manufacturers faced when infotainment systems were first introduced. They discovered that hackers could infiltrate the infotainment system and gain access to critical features such as the antilock brakes or airbags. The auto industry decided to separate the infotainment system from the engine controls and driver assistance technology as a safety precaution. The same should be considered in the world of battery management systems and power. Three critical parameters should be hard coded in battery systems: minimum discharge voltage, maximum voltage charge rate, and state of charge/capacity. By establishing a minimum discharge rate that cannot be altered, potential bad actors could not intentionally drive the BESS to zero and destroy the system. Conversely, a maximum voltage charge rate avoids the likelihood of a thermal event. These limitations address safety concerns as well as cybersecurity risks.

Hard coding the state of charge prevents the battery system from sending false information to the grid. The easiest analogy for the state of charge is your car’s gas tank. If the sensor had been manipulated to show a full tank of gas, but it was empty, you would be stranded on the side of the road wondering what happened. The state of charge is the amount of power the BESS can deliver to the grid. If that information were falsified, operators would not know how much “gas” is in the “tank.” They would assume there is enough power in the BESS to keep the grid stable. The BESS would not be able to deliver, leaving the grid without sufficient power and resulting in brownouts or blackouts. How do we achieve the goal of grid cybersecurity?

TAMING THE WILD WEST OF BATTERY ENERGY STORAGE The current landscape for battery energy storage systems is like the Wild West. Each manufacturer has their own way of doing things, and that wide range of variations is ripe for exploitation. Again, the automotive industry is a good example. Standardized product dimensions were established in 1924, and have expanded to cover terminal types and configurations, voltage specifications, and other aspects of battery design such as terminal placement, venting, and case construction. These standards provide consumers with the confidence that they are purchasing a quality product that will be compatible with their vehicle and allow manufacturers to streamline production processes and reduce costly recalls.