China has a dominant position in the battery supply chain, limiting the options of procuring Battery Energy Storage Systems (BESS) from US suppliers or other friendly nations. The claim that BESS from China poses a national security risk is making it difficult for utilities, integrators, and contractors to develop renewable energy generation resources. The critics allege that undetectable malware on BESS equipment from China could be activated remotely to cascade into a widespread blackout of the US electric grid. This claim is leading to costly attempts to ban acquisitions of Chinese BESS and to remove ones that are already in place.
Given the tremendous expense involved in these “rip and replace” policies and the major obstacles they place in the path of cleaner energy, it is wise for the United States to investigate the alleged costs and risks. This paper delves deeply into the BESS technology, meticulously examining its components and analyzing potential cyber-attack scenarios. By drawing on existing research literature, conducting interviews with key stakeholders, and applying a customized threat model, this study strives to accurately quantify the risk of implementing a BESS from China in a renewable Distributed Energy Resource (DER).
This paper finds little evidence to support the claim that BESS from China poses a serious national security risk from a cyber event. In the worst case, a cyber event on a BESS from China will impact the battery itself and not the overall grid. To address the risks that might exist, it presents a comprehensive strategy for managing the cyber risks associated with implementing a 100% BESS from China (battery modules plus controls). The risks can be further managed by implementing only the battery modules from China integrated with a domestic or friendly nation control system.
About Juan F. Villarreal: With a Bachelor’s degree in Nuclear Engineering and a Master’s degree in Cybersecurity, coupled with extensive international experience managing multidisciplinary teams across Europe, Latin America, and the United States, Juan brings a diverse skill set to the intersection of cybersecurity and the electric industry. His background in nuclear engineering provides a solid foundation for understanding complex power systems, while his cybersecurity expertise enables him to address the evolving threats facing critical infrastructure. Throughout his career, he’s successfully led teams in diverse cultural contexts, fostering collaboration and innovation to tackle challenges head-on. Juan’s passion lies in leveraging this broad expertise to ensure the security and resilience of electric infrastructure worldwide, driving forward progress in an increasingly interconnected and digitized world.