ENERGY & RENEWABLES
OT Security for Energy & BESS Operators
Discover internet-exposed industrial assets across power generation, transmission, distribution, and battery energy storage systems.
Threat Landscape
The energy sector is the primary target for nation-state cyber operations against critical infrastructure. VOLT TYPHOON has pre-positioned inside U.S. energy networks, targeting OT systems for potential disruption during geopolitical conflict. CHERNOVERITE specifically targets energy infrastructure with OT-capable malware.
Renewable energy and BESS installations are growing faster than security controls can keep up. Distributed solar sites, battery storage systems, and wind farms often have internet-exposed Modbus and DNP3 endpoints that internal monitoring tools never see—because they sit outside the traditional control center perimeter.
ShiftSix maps your external energy OT exposure from the adversary’s perspective, correlating findings with active threat campaigns and CISA KEV data.
Relevant OT Protocols
Modbus/TCP
Widely used in power generation, BESS, and distribution automation. Exposed Modbus devices allow unauthenticated read/write access to registers controlling physical processes.
DNP3
Standard protocol for SCADA communications in electric utilities. Exposed DNP3 outstations can be queried or commanded by any internet-connected attacker.
IEC 60870-5-104
Used in European and international energy grid communications. Exposed IEC 104 endpoints represent direct SCADA access paths.
Compliance Requirements
Energy operators face an expanding regulatory landscape requiring visibility into external OT exposure:
- NERC CIP-002 to CIP-015 — Bulk Electric System cybersecurity standards requiring identification and protection of critical cyber assets, including external access points
- TSA Security Directives — Pipeline and LNG facility cybersecurity requirements mandating network segmentation and access control validation
- NIST CSF 2.0 — Identify (ID.AM) and Protect (PR.AC) functions require external asset inventory and access control
- NIS2 Directive — EU critical infrastructure requirements for risk management and incident reporting
Customer Story
Renewable Energy Operator
Challenge
A large renewable energy operator with 40+ solar and BESS sites had no visibility into internet-exposed OT assets across their distributed infrastructure.
Discovery
ShiftSix discovered 23 exposed Modbus devices and 8 DNP3 endpoints, including battery management systems with unauthenticated access.
Results
Complete external OT inventory delivered within 24 hours, mapped to NERC CIP gaps. Three critical findings matched active VOLT TYPHOON targeting patterns.
Outcome
All critical exposures remediated within 72 hours.
See Your OT Exposure
See What Attackers See
Get a free external exposure assessment of your organization’s OT attack surface.
See What Attackers See
Get a free external exposure assessment of your organization’s OT attack surface.