A significant increase in cyberattacks is currently threatening a crucial yet often overlooked component of U.S. infrastructure. Automatic Tank Gauge (ATG) systems, instrumental in monitoring fuel levels, liquid volumes, temperatures, and potential leaks, are now under siege from cyber threat actors.
These systems, integral to operations at gas stations, farms, chemical plants, and transportation hubs, typically function unnoticed. However, they have become a prime target due to their widespread deployment in the Energy, Chemical, Food and Agriculture, and Transportation sectors. This network connectivity, while beneficial, has exposed them to potential vulnerabilities, especially when secured with weak or default passwords.
Growing Cyber Threats to ATG Systems
Recent advisories from the Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the FBI, NSA, DOE, EPA, TSA, DOT, and USDA, highlight active cyber threats against U.S.-based ATG systems. These agencies have identified threat actors exploiting internet-exposed systems, gaining unauthorized access, and executing direct commands.
While specific nation-state or threat groups have not been publicly linked to these activities, the risk is tangible. Cybercriminals are manipulating network configurations, altering tank readings, and disabling critical alerts, effectively taking control as if physically present.
The potential ramifications extend beyond mere network breaches. Compromised systems can create ‘denial of view’ situations, obscuring accurate data from operators and leading to physical damage, environmental risks, or spill incidents.
Exploiting System Vulnerabilities
The advisory describes straightforward yet effective attack methods. By bypassing authentication and exploiting hardcoded credentials, attackers infiltrate device management interfaces. Once inside, they employ command execution and SQL injection to manipulate databases that control tank operations.
Attackers may escalate their privileges, gaining full administrative access to device software and operating systems. This allows them to falsify readings, suppress safety alarms, and disrupt component functions, often without immediate detection. Given the extensive deployment of ATG devices, the simplicity of these attacks is alarming.
Protective Measures for ATG Systems
CISA and partner agencies urge ATG operators to take immediate protective steps. Foremost is removing ATG systems from direct internet exposure. The systems’ serial ports, typically running on TCP ports 8001, 9001, or 10001, should be secured behind firewalls or VPNs if remote access is necessary.
Operators are advised to replace default passwords with strong, unique ones across all interfaces and enable phishing-resistant multifactor authentication where possible. Keeping software updated and collaborating with certified service providers for the latest patches is crucial.
Organizations should also implement detailed logging and routinely audit logs for unauthorized access or unusual activity. Suspected incidents should be promptly reported to CISA or the FBI’s Internet Crime Complaint Center.
This situation underscores the need for heightened security around industrial control devices. As cyber threats evolve, leaving critical systems exposed is an unacceptable risk.
For ongoing updates, follow Cyber Security News on Google News, LinkedIn, and X, and set us as a preferred source on Google.
