cybersecurity
get started
Battery energy storage systems (BESS) are central to grid modernization; however, their intricate supply chains-particularly the reliance on BMS components, chips, and processor boards sourced from international vendors-combined with legacy OT protocols, introduce heightened and multifaceted cybersecurity risks that demand rigorous oversight. At Jinko US, we adopt a defense-in-depth strategy anchored by Zero Trust Architecture (ZTA) into every BESS deployment-ensuring that no device, user, or vendor is inherently trusted. Our multi-layered approach combines continuous authentication, real-time Security Operations Center (SOC)-driven incident response, and robust encryption of data both at rest and in transit, all underpinned by rigorous supply chain security through SBOM validation for every component. This comprehensive framework not only minimizes attack surfaces and mitigates emerging threats but also delivers proven resilience. For customers, deploying Jinko US battery storage systems cybersecurity would be integral to their operational reliability, regulatory assurance, and long-term protection of battery assets. In this environment where malware threats and vendor “phone-home” vulnerabilities are real and rising, we go beyond with ISA-62443 audits, enforcing SBOM transparency, and compliance to NERC CIP and NIST CSF standards.
Microsegmentation + Zero Trust Architecture for Secure Edge Based Battery Access
At Jinko US, we embed secure remote access for battery storage systems by integrating Zero Trust Architecture (ZTA) with hardware-agnostic Microsegmentation. Our approach enables operational agility without compromising security:
CS-1F

PROTOCOL-AGNOSTIC ISOLATION

Remote users connect via encrypted HTTPS/443-only sessions, while industrial protocols (Modbus, DNP3) remain confined within trusted zones. Operational data is transmitted as encrypted streams, eliminating direct exposure of raw OT traffic to untrusted networks.

CS-1F

ZERO TRUST ENFORCEMENT

Every session requires continuous multi-factor authentication, with granular role-based permissions reviewed in real time by our real-time Security Operations Center (SOC). No “always-on” access exists-connections terminate automatically after 15 minutes of inactivity.

CS-1F

GATEWAY AS SECURITY BOUNDARY

Jinko's solution offers a secure gateway which acts as a protocol breakpoint, inspecting and sanitizing all data flows between untrusted (IT/Internet) and trusted (OT) zones. Industrial protocols never traverse the boundary; instead, operators interact with an encrypted proxy interface to the BMS/DAS for warranty and maintenance purposes.

Security Operations Center (SOC)
As is known, Battery Storage Systems and BMS security in particular are critical due to their role in grid stability and the risks posed by complex supply chains, where compromised components can enable security risks thereby destabilizing the grid. Jinko US addresses these challenges through its NERC CIP  and ISO27001 certified Security Operations Center (SOC), operated by Jinko US partner DirectDefense based out of Denver, CO, which provides 24/7 threat monitoring, rapid device isolation, and recovery support.
 
This ensures real-time detection of anomalies (e.g., manipulated battery readings or unauthorized access) and enforces network segmentation to prevent lateral movement. Key metrics include a sub-15-minute Mean Time to Detect (MTTD) for threats through real-time SOC. These measures enhance our customers cyber posture and minimize downtime thereby ensuring compliance with US Department of Energy and NIST CSF standards.
Integrated Cyber Assurance
Jinko US has implemented a comprehensive Cybersecurity Management System (CSMS) designed to meet IEC 62443-2-4 OT security standards for system integrators while its organizational security practices align with the NIST Cybersecurity Framework’s core functions: identify, protect, detect, respond, and recover. When implementing battery storage solutions, Jinko US performs rigorous acceptance tests, periodic cybersecurity assessments, strict change management, and provides comprehensive documentation, ensuring that every step from risk assessment to operations and maintenance is thoroughly evaluated. The table below outlines the requirements fulfilled by Jinko US security services team.

AreaDescription
IEC 62443-2-4 program scopeSecurity requirements for IACS service providers
Main ObjectiveEnsure secure integration, maintenance, and support of battery storage systems
Key Requirements, ApproachDocumented policies, risk management, lifecycle security, personnel training
AlignmentSupports battery storage systems and battery management system component security
CertificationEnables assessment and certification of battery storage service provider security programs

Dedicated BESS Deployment focused Cyber Team

The BESS deployment security personnel for Jinko US’s battery energy storage operations features a dedicated SOC Manager with decades of US government experience overseeing all security activities and coordinating with customers BESS Site Safety Manager responsible for facility operations. Supporting these leaders is a specialized Jinko US security team comprising Network Analysts, who design and maintain the plant’s security architecture; Lead Security Analysts, who serve as first responders to cybersecurity threats or incidents; and Threat Hunters, who focus on identifying and mitigating emerging threats. This layered approach ensures comprehensive protection and rapid response to security challenges across the facility.

Product Incident Response Management​

All product-related cybersecurity incidents and vulnerabilities should be promptly reported so they can be addressed swiftly and effectively.
Prompt reporting enables our team to quickly investigate and resolve potential threats, helping to protect customers, maintain operational reliability, and strengthen the overall security of our products.
To report an incident or vulnerability, please contact: cyberna@jinkosolar.com
Please include the following information to help us process your submission efficiently:

Please include the following details in your report:

REPORTER INFORMATION

Your name, organization, and contact details (or specify if anonymity is preferred)

VULNERABILITY DETAILS

Type of vulnerability and estimated severity

IMPACT ASSESSMENT

Potential consequences if exploited

REPRODUCTION STEPS

Clear instructions to verify the issue, including proof of concept if available