It is 3 o'clock in the morning in southern Germany. A hacker gains access to a power plant's control system. Within minutes, the system gets out of control and unplanned feeds too much power into the grid. The instability first extends to the local distribution network and then beyond. A domino effect is in the offing. It is a scenario that is reminiscent of Marc Elsberg's bestseller “Blackout,” a thriller about a Europe-wide power outage caused by cyber attacks.
But how realistic is that? With the energy revolution, this uncertainty is becoming ever greater. Thousands of new, interconnected systems ranging from electric charging stations, decentralized generation systems such as solar and wind power plants to private, industrial and network-connected battery storage systems are connected to the grid and digitally connected. Every interface is a potential gateway. What was previously a theoretical risk is becoming a real challenge. Cybersecurity is evolving from a technical detail to a system issue.
The good news is that such scenarios are categorically avoidable. With well-thought-out planning, communication and physical protective measures and regulated risk management processes based on clear regulatory frameworks, battery storage systems and the entire energy infrastructure can be effectively protected. The energy revolution is not only a question of new technologies, but also a question of their secure integration into an increasingly digitalized and networked system.
The energy revolution in Germany is characterized by four key developments: decentralization and expansion of generation capacity, digitization, network expansion and flexibilization. Where a few major central power plants used to secure the supply, today a highly complex network of millions of decentralized generation, consumption and storage plants is being created.
The expansion of photovoltaic and wind power plants is steadily increasing. At the same time, the need for flexibility in the power grid is increasing, both on the consumption and generation sides. Battery storage systems play a key role in this. They store excess energy, smooth out generation peaks and stabilize the grid.
However, this growing connectivity also creates new security challenges. Battery storage systems are closely integrated into the IT and operational technology (OT) of the energy infrastructure. SCADA systems (Supervisory Control and Data Acquisition), energy management systems (EMS) and battery management systems (BMS) communicate in real time with network operators, market platforms and service partners. This makes cybersecurity an integral part of plant planning right from the start — from project planning to construction to ongoing operation.
Depending on their size and function, battery storage systems are classified as critical infrastructure (KRITIS) in Germany. The BSI Criticism Ordinance defines clear thresholds: systems with a net installed capacity of 104 MW or more automatically fall below this. Smaller systems can also be considered KRITIS if they are contracted for black start or have been prequalified to provide primary control service.
The regulatory framework has significantly tightened in 2025. With the one that came into force in December NIS 2 Implementation Act and the amendment to the BSI Act, there are extended requirements for cybersecurity measures and risk management. Affected institutions must register with the BSI and are subject to comprehensive reporting requirements and governance requirements, which anchor responsibility down to management level. The decision adopted by the Bundestag in January 2026 CRITIS umbrella law expands the focus also on physical protection, fault monitoring and reporting chains.
On a technical level, the IEC 62443 series of standards on the cybersecurity of industrial automation and control systems is a central standard. It defines technical, organizational and procedural requirements for manufacturers, integrators and operators — in particular for SCADA systems of storage systems, which is intended to create inherent cybersecurity at component level.
There are several critical attack vectors in battery storage systems. IT and OT systems such as SCADA, EMS and BMS can be reached via network connections — often also via remote access, which is necessary for maintenance and operation. Attackers could attempt to manipulate control commands, change firmware, or access sensitive operating data via compromised remote access.
The consequences range from grid instabilities — when storage systems feed in or remove power in an uncontrolled manner — to physical damage to battery modules due to targeted overcharging, to economic losses due to downtime and loss of trust. Attacks on critical energy infrastructure around the world have shown in the past that inadequate security measures can have real consequences.
However, these risks are manageable. With the right protective measures, a well-thought-out network architecture and continuous monitoring, attacks can be prevented or at least identified at an early stage, appropriate measures can be taken to control the attack and finally repel them.
Kyon Energy follows the “security by design” principle for all projects. Safety is not set up retrospectively, but is embedded in technology, processes and organization as well as in the selection of suppliers right from the start. The challenge is to provide various stakeholders with service partners, BESS suppliers, network operators, marketers — controlled access while maintaining the highest security standards.
Cybersecurity starts with physical protection. All our systems are secured by robust fences and are video monitored, with camera signals connected directly to the SCADA system. Access controls with prior authentication ensure that only authorized persons enter the system.
The company buildings, which house IT and plant equipment, have also been completed. The USB ports are sealed or locked and the Ethernet ports are permanently assigned to prevent unauthorized devices or data carriers from being tampered with. All accesses and openings of the battery components are closed and the housings are made of steel, making manipulation from outside almost impossible. The components are positioned at a sufficient distance from the fence and the cables run underground.
At the IT level, Kyon Energy uses strict network separation. The plant network is separated from the corporate network. Data exchange takes place exclusively via a dedicated, encrypted VPN connection. Within the plant architecture, clear zones with media breaks are defined where necessary. Communication connections are redundantly designed to increase reliability.
Cybersecurity starts in the supply chain: We rely exclusively on secure components from European manufacturers — data aggregators, routers, gateways and VPN solutions that enable communication and control. For example, the SCADA components in Kyon Energy projects comply with the IEC 62443 standard, which defines international standards for industrial cybersecurity. Belonging to TotalEnergies provides additional security. As a global energy company with many years of expertise in energy systems, TotalEnergies brings in proven standards and best practices that further strengthen plant safety.
Access for external partners such as operations & maintenance service providers, network operators or traders is provided exclusively via firewall-secured connections. These partners can send control commands, but only via controlled and logged channels.
We combine all system data and access mechanisms in a proprietary cloud, which is hosted in Europe. Through this central, secure platform, the various stakeholders can access the data they need. The principle of data economy applies here. Everyone only sees what they actually need for their own tasks.
The company's own monitoring system monitors all plant parameters in real time. Warnings are automatically issued in the event of discrepancies or incidents. In the event of a security incident, the risk management process starts immediately. Affected areas are isolated or switched off, and the cause is immediately searched for and remedied in parallel. If necessary, cyber threats are reported to the relevant authorities.
The goal is preventive safety. Systems are fine-tuned so that anomalies and deviations are identified early on before they could lead to problems, even if they are ultimately unrelated to a cyber threat. Prevention comes before response. Among other things, all data traffic is continuously monitored in order to identify anomalies at an early stage.
The blackout scenario described above remains fiction if plant security is taken seriously in all domains and especially with regard to cybersecurity. The energy revolution is inconceivable without digital connectivity, and connectivity increases the need for robust protective measures. Battery storage systems are only part of a larger picture. The entire energy infrastructure — from wind farms to photovoltaic systems to intelligent networks or smart meters — must be secured against cyber threats. The necessary level of protection can only be achieved through a holistic approach that combines technology, organization, regulation and corporate culture.
Cybersecurity has become a joint task. The regulatory framework is constantly evolving — at the same time, industry-wide exchange is becoming more professional. formats such as UP KRITIS And the Alliance for Cyber Security bring operators, manufacturers, service providers and authorities together. Together, they bundle experience and threat situations and translate them into practical recommendations.
The energy industry itself is driving this process forward. The BDEW, for example, published Guidance on IT/OT security requirements, which in particular address the critical interfaces between control rooms/SCADA, service providers and network operators. These range from “security by design” in the supply chain to incident handling and reporting in companies.
This approach also shapes our work: At Kyon Energy and TotalEnergies, we aim to shape a sustainable and secure energy future. Our systems are designed for safety right from the start — technically, organizationally and culturally. We want to show that you don't have to worry about cyber threats if you deal with them consciously and proactively and implement all necessary measures.
Trust in technology, operators and the security of energy infrastructure is crucial for the energy transition. Cybersecurity is the key to this trust and therefore the key to a successful energy transition.
.avif){kind=logo}
