The broker warned that a lack of robust cyber-security for critical operational technologies may be a weakness for battery storage risks being underwritten.
Asset owners and operators in the battery energy storage system market must bolster their cyber resilience as they face emerging cyber threats, Aon has warned, in its annual Global Risk Management Survey.
The report is a shot across the bows for energy underwriters, who are responsible for the growth of the emerging market, deemed critical to efforts to combat climate change.
Energy businesses faces an increasingly complex cyber risk landscape, Aon said, with new forms of volatility and current geopolitical tensions driving scrutiny on the security of essential energy infrastructure.
Previous Russian suspected state-sponsored cyber-attacks have been aimed at its neighbous such as Estonia, or Ukraine, in the case of the 2017 NotPetya attack. However, the blowback from this event also affected many western organisations.
Recent Russian cyber-attacks, since the start of the 2022 Russo-Ukrainian War, have focused on crippling Ukraine’s energy grid, with similar spillover risk for similar assets abroad.
Lack of robust cyber-security for critical Operational Technologies (OT) may be an unmitigated point of vulnerability for battery energy storage systems (BESS), Aon warned.
BESS assets compromised by a threat actor could be exposed not only to data loss, but also to physical damage and catastrophic ‘thermal runaway’ events, the re/insurance broker said.
Energy storage installations around the world are projected to reach a cumulative 411 GW - or 1,194 GWh by the end of 2030, according to the analysis by data provider Bloomberg.
This growth goes hand-in-hand with the digitisation of the energy system, Aon noted.
Due to the nature of this digital evolution, energy sector OT assets are now connected more than ever, which may leave asset owners exposed to unknown risks and open to attacks from threat actors, the broker warned.
“Lithium-ion (Li-ion) batteries – currently the most commonly used in BESS – require careful monitoring and control of their voltage, current and temperature conditions,” said Paul Gooch, head of cyber open market at Tokio Marine Kiln.
Gooch is also the lead underwriter for Aon’s Cyber Property Damage (CYPD) broking facility.
“While only a handful of successful attacks on clean energy systems have been reported to date, new forms of sophisticated malware emerged in 2022 – including Chernovite’s ‘Pipedream’ – that pose a significant threat to industrial control systems connected to the energy grid, including BESS,” he said.
“If a threat actor were to interfere with this monitoring and control, physical damage could occur – ranging from battery cell degradation, caused by overcharging or over-discharging, to a ‘thermal runaway’ event resulting in overheating, fire or explosion,” Gooch continued.
“Should gaps in cyber security for OT be exploited by a threat actor, the consequences may far outweigh the impact of a cyber-attack on IT systems – leading to severe operational, financial and physical impacts for BESS asset owners,” he added.
The report can be downloaded, here.