US Agencies Warn of Attacks on Exposed Fuel Tank Gauges
Multiple US federal agencies have issued a joint warning about cyberattacks targeting Internet-exposed automatic tank gauge (ATG) systems, urging immediate action to secure these critical infrastructure components.
Cyberattackers are actively targeting automatic tank gauge (ATG) systems that are exposed to the internet in the United States, prompting a coordinated warning from several US federal agencies. These ATGs are essential for monitoring liquid storage tanks at industrial sites, including those containing fuel, chemicals, and other hazardous materials. The Cybersecurity and Infrastructure Security Agency (CISA), FBI, NSA, Department of Energy (DoE), Environmental Protection Agency (EPA), Transportation Security Administration (TSA), Department of Transportation (DOT), and the US Department of Agriculture (USDA) jointly issued a notice highlighting the growing threat.
The agencies stated they are aware of malicious cyber activity targeting these systems but have not attributed the attacks to a specific threat group. However, the warning comes amid reports of a campaign loosely linked to Iran that has been targeting ATGs at gas stations across the country. The potential consequences of a successful attack are severe, as threat actors could manipulate tank readings, alter pump controls, and disable safety alerts, potentially leading to dangerous incidents and disruptions.
Recent scans conducted by The Shadowserver Foundation reveal a significant concentration of vulnerable ATGs in the United States, with 909 discoverable devices identified. While this number represents an improvement from a decade ago when nearly 6,000 ATGs were exposed, it still indicates a substantial risk. Canada, Australia, the UK, and Brazil follow with significantly fewer exposed devices, underscoring the US's disproportionate vulnerability.
ATGs often carry legacy cyber risks due to their design, which prioritizes longevity and reliability over security. Many devices run on outdated software, lack robust security features, and are difficult to patch without causing downtime. Researchers have previously identified critical zero-day vulnerabilities in popular ATG models, including command-injection flaws with CVSS scores of 10 out of 10, authentication bypass issues, and hardcoded credentials.
Exploiting these vulnerabilities could allow threat actors, including sophisticated state-sponsored groups, to gain intelligence for further attacks or, more critically, to disrupt operations by cutting off access to vital data. The ability to manipulate safety-critical system readings or disable alerts poses a direct threat to operational integrity and safety.
In response to the escalating threat, US authorities are strongly recommending that organizations immediately disconnect ATGs from the open internet. For systems that absolutely must remain accessible online, agencies advise rigorous hardening measures, including enabling auto-updates, enforcing strong password policies, encrypting all communications, and ensuring robust credential security.
Applying patches is also a key recommendation, though acknowledged as challenging for industrial sites that cannot afford downtime. Continuous monitoring for unauthorized network access is crucial. Experts also suggest implementing "cyber-informed engineering" principles, which include deploying analog or "unhackable" digital mitigations to prevent catastrophic consequences, even in the event of a successful cyber intrusion.
The joint advisory serves as a critical reminder of the persistent and evolving threats facing industrial control systems and the importance of proactive security measures to protect essential infrastructure from cyberattacks.