The Grid Gets Smarter, and So Do the Attackers

A Dragos report finds hackers are targeting battery storage and distributed energy systems, with exploit windows shrinking to just 24 days

13 Apr 2026

As electricity grids grow more interconnected and reliant on distributed energy resources, a major industry cybersecurity assessment has found that adversaries targeting grid infrastructure are becoming more capable and more numerous, with battery storage systems and renewable energy assets now squarely in their sights.

The 2026 OT/ICS Cybersecurity Year in Review, published by Dragos in February, identified three previously unknown threat groups and brought the total number of tracked adversaries to 26, with 11 active during 2025. Two groups with documented histories of causing electricity outages in Ukraine have substantially expanded their operations. One conducted systematic reconnaissance of industrial control systems across North American grid infrastructure throughout last year, according to the report. Another targeted combined heat and power facilities and renewable energy management systems in Poland in December 2025, in what Dragos described as the first major coordinated attack aimed specifically at distributed energy assets at scale.

Researchers also identified authentication bypass and command injection vulnerabilities in connected battery energy storage systems, finding more than 100 internet-exposed devices, including grid-scale power inverters. The findings arrive as utilities across North America accelerate deployment of battery storage and distributed energy resources, a buildout that analysts have noted carries inherent security risks when outpacing protective investment.

The report drew a pointed distinction between utilities that have invested in operational technology visibility and those that have not. Organizations with comprehensive monitoring resolved ransomware incidents in an average of five days, compared to a sector-wide average of 42, the report found. Vulnerability exploit windows, meanwhile, shrank to a median of just 24 days in 2025, a compression that leaves limited time for detection and response.

The findings add to a growing body of evidence that grid modernization and cybersecurity investment are not parallel priorities but inseparable ones. How utilities and regulators respond to that reality could shape the resilience of critical infrastructure for years to come.