The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), the Department of Energy (DOE), the Environmental Protection Agency (EPA), the Transportation Security Administration (TSA), the Department of Transportation (DOT), and the U.S. Department of Agriculture (USDA) recently issued an alert warning of
malicious cyber activity targeting U.S.-based automatic tank gauge (ATG) systems. ATG systems are widelyused throughout the Energy, Chemical, Food and Agriculture, and Transportation Systems Sectors forautomated and remote monitoring of storage tank parameters, including fuel and liquid levels,temperature, and possible leak detection. The authoring organizations urge ATG owners and operators todefend against this malicious activity by securing their ATG systems with strong passwords and byremoving them from the internet to reduce public exposure.
According to the alert, the recent malicious cyber activity “involves cyber threat actors compromising internet-exposed ATG systems and subsequently modifying them through command execution.”
This means that cyber actors could “disrupt or manipulate the below critical functions by interfacing directly with the tank management as though they possessed legitimate physical access to the system console.”
This would enable the threat actors to:
- Alter system(s) attributes, such as network settings, product identifiers, tank volumes, and pump controls;
- Compound operational malfunctions; components operating incorrectly could create a denial of view condition of tank fill levels, which could cause permanent damage to the tank system’s critical function;
- Disable system alerts, reducing an operator’s ability to detect and mitigate system issues increases the risk of environmental or physical hazards from incidents such as leaks or relay failures.
The alert provides mitigation steps which should be implemented immediately.