storage

Aon identifies ‘invisible’ cyber risks to global energy storage market

Global professional services firm Aon plc has said that asset owners and operators in the growing battery energy storage system market must bolster their cyber resilience as they face emerging cyber threats, having identified operational technologies (OT) used in BESS control systems as an ‘invisible’ point of vulnerability that could be exposed by increasingly sophisticated threat actors.
Aon identifies ‘invisible’ cyber risks to global energy storage market
Courtesy of NREL.

Aon’s 2021 Global Risk Management Survey reported that cyber attacks are ranked as the number one threat facing businesses today and in the future. Energy businesses, in particular, are facing an increasingly complex cyber risk landscape, with new forms of volatility and current geopolitical tensions driving scrutiny on the security of essential energy infrastructure.

Energy storage installations around the world are projected to reach a cumulative 411 GW - or 1,194 GWh - by the end of 2030, according to the 2H 2022 Energy Storage Market Outlook from BloombergNEF (BNEF). This growth is going hand-in-hand with the increasing digitalisation of the energy system.

Due to the nature of this digital evolution, however, OT assets are now connected more than ever, which may leave asset owners exposed to unknown risks and open to attacks from threat actors.

“In our experience, cyber security for OT is playing catch-up with information technology (IT)” said Andrew Hainault, managing director, EMEA – Security Advisory at Aon. “We see examples of clients who have relatively mature cyber security programmes for IT, with corresponding control frameworks that are established and measured, yet have noticeable control gaps for OT. Indeed, OT environments often fall outside the remit of IT and consequently are invisible when it comes to enterprise – cyber - risk management. To make matters worse, manufacturers are generally not conversant with secure development lifecycles and therefore continue to deploy systems that are not properly hardened for internet-accessible environments.”

While only a handful of successful attacks on clean energy systems have been reported to date, new forms of sophisticated malware emerged in 2022 – including Chernovite’s ‘Pipedream’ – that pose a significant threat to industrial control systems connected to the energy grid, including BESS.

In this context, Aon has cautioned that even BESS asset owners with robust IT security measures in place may be overlooking significant vulnerabilities in their OT systems. Operational systems often have security limitations that prevent regular updates, and the lifespan of operational equipment means that component lifecycles are longer than in the IT world. Furthermore, there may be gaps in reviewing vulnerabilities and managing controls to protect assets from digital threats, as well as the implementation and management of effective controls.

Should these gaps in cyber security for OT be exploited by a threat actor, the consequences may far outweigh the impact of a cyber attack on IT systems – leading to severe operational, financial and physical impacts for BESS asset owners.

Faced with this potential exposure, Aon advocates that BESS asset owners take steps to reinforce their cyber security strategies now, before a major cyber attack impacts the sector. Sustained cyber resilience is contingent on the ability of businesses to continually assess, mitigate and transfer their risks, as well recover from operational and financial loss. These capabilities are crucial to ensure that storage owners are better placed to access insurance cover and maintain business continuity both in preparation for and in the event of a cyber attack on their IT or OT systems.

Aon supports businesses in following a model known as ‘The Cyber Loop’ – a circular and iterative cyber security strategy that builds long-term resilience. To date, Aon has placed insurance for over 2.8 GW of BESS assets and handled over US$100 million of battery storage claims.

For additional information:

Aon Plc

Tags: Storage , Grid
Baterías con premio en la gran feria europea del almacenamiento de energía
El jurado de la feria ees (la gran feria europea de las baterías y los sistemas acumuladores de energía) ya ha seleccionado los productos y soluciones innovadoras que aspiran, como finalistas, al gran premio ees 2021. Independientemente de cuál o cuáles sean las candidaturas ganadoras, la sola inclusión en este exquisito grupo VIP constituye todo un éxito para las empresas. A continuación, los diez finalistas 2021 de los ees Award (ees es una de las cuatro ferias que integran el gran evento anual europeo del sector de la energía, The smarter E).