CISA WARNS OF CYBERATTACKS ON FUEL TANK SYSTEMS

The joint warning from CISA, the FBI, NSA, and Department of Energy flags a significant threat to fuel distribution networks and related infrastructure. Attackers are actively exploiting vulnerabilities in ATG systems—devices that automatically measure and report fuel levels in storage tanks across the energy sector and other critical industries. Automatic tank gauges are integral to fuel management operations, providing real-time monitoring of inventory levels. When connected to the internet without adequate security measures, these systems become accessible entry points for malicious actors. The agencies did not specify which threat groups are behind the attacks or provide details on successful breaches. However, the coordinated warning indicates the threat level warrants urgent attention from operators managing these systems. ATG systems are widely deployed across gas stations, fuel distribution centers, and industrial facilities that store and manage petroleum products and other liquids. Compromised systems could enable attackers to manipulate fuel inventory data, disrupt supply chains, or pivot to larger infrastructure networks. Recommended Actions: CISA advises organizations operating ATG systems to: - Segment networks to isolate tank monitoring systems from internet access where possible - Implement strong authentication protocols and change default credentials - Apply available security patches and updates promptly - Monitor for suspicious access attempts and unusual data changes - Conduct vulnerability assessments of exposed systems The warning underscores the broader vulnerability of operational technology systems that were often designed without internet connectivity in mind but are increasingly connected for remote monitoring and efficiency gains. Organizations managing critical fuel infrastructure are urged to review their ATG deployments immediately and consult CISA resources for additional mitigation guidance.