The Cybersecurity and Infrastructure Security Agency (CISA) has issued a formal advisory warning that malicious cyber actors are actively targeting internet-exposed automatic tank gauge (ATG) systems. These systems, which are critical for monitoring fuel levels in storage tanks across the United States, have been compromised by threat actors who are leveraging command execution to modify system settings. This activity poses a direct risk to critical infrastructure, necessitating immediate attention from operators and facility managers to secure their hardware against unauthorized access.
Automatic tank gauge systems are essential for the safe and efficient management of fuel storage, providing real-time data on inventory levels and leak detection. When these systems are exposed to the public internet without proper security controls, they become vulnerable to exploitation. According to CISA’s official resources, threat actors are gaining unauthorized access to these devices, which can lead to the manipulation of operational data or the disruption of essential services. The agency emphasizes the importance of identifying and mitigating these risks to maintain the resilience of the nation’s critical infrastructure.
Understanding the Risks to Fuel Infrastructure
The core of the issue lies in the accessibility of industrial control systems (ICS) and operational technology (OT) via the internet. When an ATG system is connected to the network without being placed behind a firewall or utilized through a secure virtual private network (VPN), it becomes discoverable by automated scanning tools used by cyber threat actors. Once access is achieved, attackers can execute commands that alter the configuration of the tank gauges, potentially leading to inaccurate readings or the disabling of monitoring capabilities.
CISA, which serves as the National Coordinator for Critical Infrastructure Security and Resilience, works to identify and manage risks to the cyber and physical infrastructure that Americans rely on daily. The agency’s recent guidance highlights that protecting these systems is a shared responsibility between the public and private sectors. By following established cybersecurity practices, operators can significantly reduce the likelihood of a successful intrusion and ensure the continued safety of fuel storage environments.
Recommended Mitigations for System Operators
To defend against these intrusions, CISA recommends that organizations conduct a thorough audit of their internet-exposed devices. If an automatic tank gauge system does not strictly require an internet connection for its primary function, it should be removed from the public-facing network immediately. For systems that must be accessible remotely, the agency advises implementing robust authentication mechanisms, such as multi-factor authentication, and ensuring that all firmware is kept up to date to patch known vulnerabilities.
Furthermore, organizations are encouraged to utilize the various tools and technical assistance provided by CISA. The agency offers free cybersecurity assessments and resources designed to help entities identify weaknesses in their infrastructure before they can be exploited. By proactively managing these assets, facility operators can better defend against today’s threats and contribute to a more secure and resilient future for critical infrastructure sectors.
Next Steps for Critical Infrastructure Stakeholders
CISA continues to monitor the threat landscape and provides ongoing updates through its official alerts and fact sheets. Stakeholders are encouraged to review the latest guidance on securing automatic tank gauge systems to ensure their security protocols align with current best practices. Regularly checking the CISA website for new advisories is a critical step for IT and security professionals responsible for maintaining the integrity of industrial control systems.
As the regulatory and threat environment evolves, maintaining a forward-looking posture—what CISA describes as a commitment to “Defend Today, Secure Tomorrow”—remains essential. For those involved in the management of critical infrastructure, staying informed through official channels is the most effective way to respond to emerging risks. We invite readers to share their thoughts or experiences regarding infrastructure security in the comments below, and to stay tuned for further updates as more information becomes available.