- US cyber and security agencies sound the alarm on automatic tank gauge (ATG) systems.
Recent investigations show threat actors exploiting ATGs that are reachable from the internet. Attackers have bypassed authentication, injected SQL, and executed OS commands, allowing them to change tank volumes, disable alerts, or even cause denial‑of‑view conditions. The agencies – CISA, FBI, NSA, DOE, EPA, TSA, DOT and USDA – have not linked the activity to a specific nation‑state.
The guidance is blunt: stop exposing ATG ports (typically TCP 8001‑10001) to the public, replace default credentials with strong, unique passwords, and enable multifactor authentication where possible. Operators should also apply vendor patches, monitor logs for unauthorized changes, and report incidents through CISA’s portal. The advice mirrors broader OT hardening tactics that have been championed since the Colonial Pipeline breach.
While ATGs are niche, they sit at the intersection of energy, food and transport infrastructure, so a compromise can ripple into supply‑chain hiccups or environmental incidents. The push for tighter controls reflects a growing acknowledgment that even low‑profile OT devices are valuable footholds for attackers.