Dr. Paul Christensen, director of Lithiumionsafety, writes the last Moss Landing fire highlights vulnerabilities around safety and cybersecurity.
The dramatic and intense fire that started on 16 January destroyed the 300MW Phase I BESS building of the Moss Landing site in California and has raised a lot of issues, including:
- the safety of such facilities
- the ‘controlled burn’ standard operating procedure often adopted by firefighters
- it adds to the increasing pressure for BESS to undergo unit/installation-level fire tests.
Crucially, the incident is already being described as a potentially significant setback for the storage industry and the drive to net zero.
The smoke was seen 30 miles or more away, forced the evacuation of 1,200 local residents and took out 2% of California’s critical energy storage capacity.
The 300MW/1200MWh battery array that burned is part of utility company’s Vistra’s 750MW/3,000 MWh Moss Landing Energy Storage Facility, once the world’s largest BESS. The EPRI database lists the battery module as coming from LGES with Fluence as integrator. The system reportedly uses LG Chem JH4 nickel manganese cobalt battery cells. The local fire service is quoted saying a fire suppression system in one of the facility’s battery racks failed to contain the blaze, though the cause is not yet known.
The most recent incident (previous and much less serious incidents were on 4 September 2021, 13 February 2022 and 20 September 2022) could represent one of the kind of consequences resulting from a cyberattack on a BESS installation.
DNV has been warning against BESS cybersecurity complacency for several years and Aon’s 2021 Global Risk Management Survey ranked cyberattacks as the number one threat facing businesses in the future.
New and sophisticated malware emerged in 2022, including Chernovite’s pipedream. The cyberwar between Ukraine and Russia has undoubtedly contributed to the evolution of sophisticated malware.
A significant worry must be that a cyberattack sends a BESS into thermal runaway or dumps its energy onto the grid. In 2017, TÜV Rheinland found their hackers were able to penetrate battery systems with relative ease and change critical settings, making the BESS like a ‘bomb’.
The challenges
- BESS are an increasingly important component of the smart grid. They are vulnerable to cyberattack through all connected components
- in contrast to EVs, there is a lack of research and knowledge of BESS cyberthreats
- digitisation of the grid escalated dramatically during Covid, with operational technology connected more than ever before. This has exacerbated the technology gap problem: the transmission and storage of operational data
- growing use of small computers to control wind and solar generation increases the surface area open to attack
- interconnection of BESS installations could create vulnerability through supply chains
- lack of investment in cybersecurity
- shortage of cybersecurity experts
- no directly relevant BESS cybersecurity standards.
