Full Report
Utility-scale battery energy storage systems are facing heightened risks of attack from nation-state and criminal threat groups, and immediate action needs to be taken to secure critical industries from potential disruption, according to a white paper from Brattle Group and Dragos. BESS deployments are expected to grow between 20% and 45% over the next five years, driven…
Analysis Summary
# Threat Actor: Nation-State and Criminal Threat Groups (General Grouping)
## Attribution & Identity
The summary refers to two broad categories of threat actors targeting critical infrastructure:
1. **Nation-state actors**: Linked to states competing with the U.S. for dominance in AI and clean energy.
2. **Criminal threat groups**.
No specific APT names or formal aliases are provided in this excerpt.
## Activity Summary
The primary activities described involve targeting **Utility-scale Battery Energy Storage Systems (BESS)** to potentially cause disruption. This trend is driven by the expected 20%-45% growth in BESS deployments over the next five years. The focus of nation-state actors is specifically on disrupting critical industries, particularly those related to clean energy and AI competition.
## Tactics, Techniques & Procedures
The article focuses on the *impact* of the activity (disruption/outage) rather than listing specific TTPs.
- Tactics mentioned: Malicious hacking, causing an extended outage.
- Specific TTPs and MITRE ATT&CK IDs are **not** detailed in this summary.
## Targeting
- **Sectors**: Critical industries, specifically **Utilities** and **Battery Energy Storage Systems (BESS)** providers (utility-scale).
- **Geography**: Implied focus on the U.S. context, particularly concerning actors competing with the U.S. for dominance in strategic areas.
- **Victims**: BESS deployments, utility providers, and entities involved in clean energy infrastructure. (Specific organization names, other than the example facility *Mossy Branch Battery Facility, Georgia*, are not detailed as targets).
## Tools & Infrastructure
No specific malware families, command and control infrastructure, or targeted URLs/IPs are mentioned in relation to the BESS threat.
## Implications
The primary implication is the **heightened risk of system disruption** across the rapidly expanding BESS sector. Experts warn that the **need** for these systems is outpacing the **ability to secure them** against malicious activity, necessitating immediate defensive action.
## Mitigations
The white paper suggests the need for taking immediate action to better secure these systems.
- General recommendation: Steps need to be taken to ensure BESS systems are better able to withstand malicious hacking or an extended outage.
- Specific defense recommendations are referenced as being in the full white paper but are **not** detailed in this summary excerpt.