New Brattle/Dragos White Paper Provides Critical Cybersecurity Guidance for Battery Energy Storage Systems
WASHINGTON, Dec. 9, 2025 /PRNewswire/ -- As global power systems transform to meet soaring demand from data centers and electrified loads – and to deliver affordable, reliable, secure energy – battery energy storage systems (BESS) have emerged as essential infrastructure for the grid. In a new white paper, experts from The Brattle Group and Dragos analyze the cybersecurity risks facing the rapidly expanding global fleet of BESS and offer practical strategies to help the electricity industry and key stakeholders safeguard critical grid assets.
With BESS deployments expected to grow by 20–45% annually over the next five years, Securing Battery Energy Storage Systems from Cyberthreats: Best Practices and Trends outlines recommended strategies for secure system design, supply chain verification, network architecture, and operational resilience to support cybersafe BESS.
The paper's release comes amid heightened attention from US policymakers, including recent congressional letters urging action on inverters and integrated battery systems manufactured by foreign entities of concern (FEOCs), as well as new calls for restrictions on FEOC-linked technologies across critical infrastructure. These developments reflect mounting concern that vulnerabilities in FEOC-controlled equipment could create systemic grid risks.
"BESS are becoming central to grid operations, but their increasing deployment makes it essential that cybersecurity is embedded from the start," said Dr. Peter Fox-Penner, a Brattle Principal and coauthor of the paper. "The electricity industry and policymakers need clear, actionable guidance to ensure these assets strengthen reliability rather than introduce new points of failure."
Key findings from the paper include:
- Escalating threat activity: 18 known threat groups are now targeting the electric sector, including nation-state actors seeking to compromise US critical infrastructure.
- Supply-chain vulnerabilities: Reliance on FEOC-sourced controls increases exposure and often limits the ability to inspect equipment.
- High-impact consequences: A single 100 MW/400 MWh BESS outage could result in up to $1.2 million in monthly losses, with permanent damage potentially reaching $10 million or more.
- Regulatory momentum: Experts anticipate stronger US policies addressing FEOC controls, while the European Union's NIS2 Directive and upcoming Cyber Resilience Act will expand cybersecurity obligations for BESS assets of all sizes.
Securing Battery Energy Storage Systems from Cyberthreats: Best Practices and Trends was authored by Dr. Fox-Penner, Dr. Noah Rauschkolb, and Purvaansh Lohiya of The Brattle Group, and Phil Tonkin and Justin Pascale of Dragos. The full paper is available on Brattle's website: https://www.brattle.com/insights-events/publications/securing-battery-energy-storage-systems-from-cyberthreats-best-practices-and-trends-for-protecting-critical-energy-infrastructure/.
Webinar Today: December 9, 2025, 2:30 p.m. (ET). Later today, The Brattle Group will host a webinar featuring paper authors Peter Fox-Penner (Brattle) and Phil Tonkin (Dragos), who will present the paper's findings and discuss insights with industry experts. The session will include an overview of key findings, a panel discussion on policy implications, and an audience Q&A. To register, click here. Can't make the live event? A recording will be shared following the webinar with those who register. For questions, please contact [email protected].
ABOUT BRATTLE
The Brattle Group answers complex economic, finance, and regulatory questions for corporations, law firms, and governments around the world. We are distinguished by the clarity of our insights and the credibility of our experts, which include leading international academics and industry specialists. Brattle has 500 talented professionals across North America, Europe, and Asia-Pacific. For more information, please visit brattle.com.
SOURCE The Brattle Group
Share this article