(TLP:CLEAR) CISA and Partners Urge Hardening Automatic Tank Gauge Systems

Summary: CISA and federal partners recently issued a joint fact sheet warning of malicious cyber activity targeting U.S.-based Automatic Tank Gauge (ATG) systems. ATG systems are commonly used across the energy, chemical, food and agriculture, and transportation sectors to remotely monitor storage tank conditions, including fuel levels, temperature, and leak detection. ATG systems are also used in the water sector, though not widely.

According to the advisory, threat actors have compromised internet-exposed ATG systems and modified system settings through command execution. The agencies noted that attackers may leverage authentication bypasses, hardcoded credentials, SQL injection, and privilege escalation vulnerabilities to gain unauthorized access. Successful compromise could allow threat actors to alter tank management settings, disable alarms, manipulate fuel and liquid level readings, and create operational disruptions or safety hazards. The advisory urges organizations to remove ATG systems from direct internet exposure, change default credentials, apply available patches, and monitor systems for unauthorized activity.

Analyst Note: Although Automatic Tank Gauge systems are most commonly associated with fuel storage operations, the advisory reinforces a broader concern applicable across the water and wastewater sector: internet-exposed operational technology continues to present an attractive target for cyber threat actors. Many utilities operate remote monitoring and telemetry systems that share similar characteristics with ATG deployments, including legacy protocols, vendor-managed connectivity, and direct internet accessibility.

The report serves as a timely reminder for utilities to identify internet-exposed OT assets, eliminate unnecessary external access, enforce strong credential management, and ensure remote connectivity is protected through secure access controls.

Original Source: https://www.cisa.gov/resources-tools/resources/cisa-and-partners-urge-hardening-automatic-tank-gauge-systems

Related WaterISAC PIRs: 6, 8, 10, 10.2,11, 12