In the film Ocean’s Eleven, the criminals use a device known as a “pinch” to generate a strong electromagnetic pulse that shuts down power across the Las Vegas Strip. Security systems fail, cameras go dark, and chaos ensues.

The scene works because it taps into a real vulnerability of modern infrastructure: when operators lose visibility, they lose control.

Moving from fiction to the real world, in December 2025, a cyberattack on Poland’s energy infrastructure illustrated how this principle applies to the real grid. The attack targeted distributed energy resources across roughly 30 sites, including wind farms, solar installations and combined heat and power facilities. Rather than targeting a single large generating station, attackers focused on the distributed edge of the grid, disrupting communications and operational visibility across multiple facilities.

Polish officials later confirmed that operators came close to losing visibility into roughly a quarter of the nation’s energy mix during the event, which occurred amid temperatures approaching –15°C. The incident was ultimately contained, thanks to strong network segmentation, redundancy protocols and rapid response by national cyber defense teams.

But the attack revealed an important lesson for energy operators worldwide: as the grid becomes more decentralized, the attack surface expands. And the systems most critical to balancing modern power grids, including battery energy storage systems (BESS), may represent the next major target.

Why battery storage is becoming a critical cyber target

Because they balance supply and demand, stabilize frequency and help integrate intermittent renewable generation, BESS are rapidly becoming central to grid stability. It makes sense then that global BESS deployment is expanding quickly. According to the International Energy Agency, global energy storage capacity is expected to grow more than sixfold by 2030, with grid-scale batteries accounting for the majority of that growth.

As adoption grows, it’s important to remember that BESS assets operate very differently from traditional generation. A modern battery facility is essentially a software-based digital control environment. It includes battery management systems (BMS), programmable logic controllers (PLCs), energy management software, remote communications networks and automated dispatch signals tied to grid frequency and market conditions.

Since BESS respond to software commands and software is a honey pot for malicious activity, gaining access to control systems or communications channels that could intentionally destabilize grid balancing mechanisms is only a matter of a few keystrokes.

The goal would not necessarily be to destroy infrastructure but to manipulate the grid itself.

Five emerging BESS cybersecurity risks

As BESS deployment accelerates, several cybersecurity risks are becoming increasingly relevant for utilities and operators. Let’s look at six very real scenarios:

1. Loss of Visibility into Distributed Assets
The Poland attack demonstrated how attackers can target communication systems connecting distributed energy assets to grid operators.

When operators lose telemetry from multiple distributed resources simultaneously, situational awareness disappears. This can make it difficult to understand system conditions, coordinate response actions, or maintain frequency stability.

In distributed grids, a lack of visibility means that control becomes guesswork.

2. Manipulation of Dispatch Signals
Battery storage systems respond automatically to grid signals. These signals may include frequency data, dispatch instructions, or market-based price signals.

If these communications are manipulated, attackers could potentially trigger coordinated battery behavior across multiple assets. For instance, batteries could discharge simultaneously during periods of grid stress or dispatch timing could be deliberately altered. Systems could even be forced to charge when the grid requires additional supply.

These actions could create frequency instability or strain protection systems designed to maintain grid balance.

3. Remote Access Infrastructure
Battery installations are often remotely managed, meaning operators rely on remote connectivity for monitoring, maintenance and software updates. Vendors frequently access systems through secure VPN connections or cloud-based management platforms.

However, remote access infrastructure can introduce risk if it is not properly secured. A recent BESS cybersecurity assessment found that remote access and VPN management represented one of the most significant potential vulnerabilities in storage facilities, particularly where monitoring and access controls were insufficient.

Without strict authentication controls and network monitoring, unauthorized access could allow attackers to interact with operational systems.

4. OT Security Gaps in Distributed Environments
Many battery facilities rely on operational technology systems originally designed for isolated industrial environments. But, as grid infrastructure becomes more connected, vulnerabilities can become entry points for attackers.

Supervisory Control and Data Acquisition (SCADA) systems and battery management platforms are now increasingly connected to wider networks. In some deployments, outdated firewalls, infrequent patching, or poor vulnerability management leave systems exposed to modern cyber threats.

OT environments must now contend with threats ranging from ransomware to unauthorized command injection and denial-of-service attacks.

5. Compliance Lagging Behind Deployment
Energy storage systems are being deployed rapidly, often faster than regulatory frameworks can adapt. In some jurisdictions, smaller battery installations fall below certain regulatory thresholds for cybersecurity oversight, even though they may still influence grid stability.

As distributed energy resources grow in scale and complexity, operators will need to ensure that cybersecurity protections evolve alongside deployment.

6. Local Manufacturing, Supply Chain Risk and Geopolitics
BESS rely on embedded electronics, firmware and control components that often move through complex global supply chains. When manufacturing occurs outside trusted or local production environments, operators may have limited visibility into how firmware is developed, secured and maintained throughout the product's lifecycle.

These opaque supply chains can introduce risks related to embedded firmware integrity, update mechanisms, potential hardware backdoors and patch lifecycle management. As geopolitical tensions and energy security concerns grow, many operators are beginning to view local manufacturing, supply chain transparency and vendor accountability as core elements of their cybersecurity posture, not simply procurement preferences.

These risks are not theoretical. As battery deployments expand, the consequences of compromised control systems extend beyond individual assets and into grid stability itself.

The real risk: Manipulating grid balancing

Traditional cyber incidents in the energy sector often focus on data theft or IT system disruption. As the distributed edge continues to grow, the greater risk for modern grids lies elsewhere.

Because battery storage participates directly in grid balancing, manipulating these assets could affect real-time system stability. If attackers can influence charging or discharging behavior across multiple battery sites simultaneously, they could potentially disrupt frequency control mechanisms or overload protective systems.

In extreme cases, this could trigger cascading instability across interconnected power systems, resulting not only in the loss of power generation but also in the loss of grid balancing.

To address these risks, utilities and storage operators should prioritize several key cybersecurity measures:

• Real-time visibility across operational technology environments
• Segmentation between IT and operational control systems
• Strong authentication and monitoring for remote access infrastructure
• Continuous vulnerability management and patching
• Monitoring for abnormal control commands or network activity

These capabilities help ensure that distributed energy resources remain both visible and controllable, even during inevitable cyber incidents.

A new era of grid security

The modern grid is becoming increasingly decentralized, digital and automated, and BESS play a central role in the transformation. These systems help integrate renewable energy, balance supply and demand and maintain stability in increasingly complex power systems.

But as the Poland incident demonstrated, distributed infrastructure can also create new cybersecurity challenges. And while the “pinch” in Ocean’s Eleven disabled the grid in seconds, we are in the real world where bad actors don’t need Hollywood magic to disrupt critical infrastructure. They only need access to the systems that control it.