CISA Advisory Warns of Malicious Activity Targeting Automatic Tank Gauge Systems Across Energy, Chemical, Food & Agriculture Sectors
What Happened — The Cybersecurity and Infrastructure Security Agency (CISA) together with multiple federal partners disclosed ongoing malicious cyber activity against internet‑exposed Automatic Tank Gauge (ATG) systems. Threat actors have been able to gain access, execute commands, and potentially manipulate tank level, temperature, and leak‑detection data.
Why It Matters for TPRM —
- ATG devices are integral to critical‑infrastructure operations; compromise can disrupt fuel supply chains and safety monitoring.
- The advisory highlights a systemic risk: many operators expose ATG interfaces to the public Internet without adequate hardening.
- Third‑party risk programs must assess OT vendors and service contracts for compliance with basic security hygiene (strong passwords, network segmentation, removal from public exposure).
Who Is Affected — Energy & Utilities, Chemical Manufacturing, Food & Agriculture, Transportation & Logistics sectors that rely on remote tank monitoring.
Recommended Actions —
- Conduct an inventory of all ATG assets and verify they are not directly internet‑facing.
- Enforce strong, unique passwords and enable multi‑factor authentication where supported.
- Apply network segmentation and firewalls to isolate ATG traffic from external networks.
- Review vendor security controls and demand documented hardening procedures.
Technical Notes — Threat actors exploit weak authentication and exposed management interfaces (misconfiguration) to execute remote commands on ATG devices. No specific CVE or malware family has been publicly identified. Data at risk includes real‑time fuel/chemical levels, temperature readings, and leak alerts, which could be falsified to mask theft or sabotage. Source: CISA Advisory