CISA and Partners Urge Hardening Automatic Tank Gauge Systems
Overview
The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), the Department of Energy (DOE), the Environmental Protection Agency (EPA), the Transportation Security Administration (TSA), the Department of Transportation (DOT), and the U.S. Department of Agriculture (USDA)—hereafter referred to as “the authoring organizations”—are aware of malicious cyber activity targeting U.S.-based automatic tank gauge (ATG) systems. ATG systems are widely used throughout the Energy, Chemical, Food and Agriculture, and Transportation Systems Sectors for automated and remote monitoring of storage tank parameters, including fuel and liquid levels, temperature, and possible leak detection. The authoring organizations urge ATG owners and operators to defend against this malicious activity by securing their ATG systems with strong passwords and by removing them from the internet to reduce public exposure.
Threat
The recent malicious cyber activity observed by the authoring organizations—which the U.S. government has not yet attributed to a nation-state or threat actor group—involves cyber threat actors compromising internet-exposed ATG systems and subsequently modifying them through command execution. This fact sheet provides insight into probable tactics, techniques, and procedures (TTPs) leveraged by these cyber actors, highlights risk factors associated with such compromises, and provides mitigation guidance and resources to reduce the likelihood of continued malicious activity targeting U.S.-based ATG systems.
Cyber threat actors may exploit flaws in ATG systems through multiple attack vectors:
- Authentication Bypass and Hardcoded Credentials: Threat actors gain unauthorized access to device management interfaces.
- OS Command Execution and Structured Query Language (SQL) Injection: Threat actors execute arbitrary code and manipulate underlying databases.
- Privilege Escalation: Threat actors achieve full administrator privileges over the device application and operating system.
Should a cyber threat actor exploit these vulnerabilities and compromise an ATG system, they could disrupt or manipulate the below critical functions by interfacing directly with the tank management as though they possessed legitimate physical access to the system console. The cyber threat actors could:
- Alter system(s) attributes, such as network settings, product identifiers, tank volumes, and pump controls;
- Compound operational malfunctions; components operating incorrectly could create a denial of view condition of tank fill levels, which could cause permanent damage to the tank system’s critical function;
- Disable system alerts, reducing an operator’s ability to detect and mitigate system issues increases the risk of environmental or physical hazards from incidents such as leaks or relay failures.
Mitigations
The authoring organizations recommend ATG owners immediately implement the following recommendations:
- Eliminate public internet exposure: Do not expose the ATG serial port (e.g., default TCP port 8001, 9001, or 10001), or other applicable web interfaces, directly to the internet. If remote access to the port is necessary, consider the following options:
- Restrict access: Use a firewall, access control list (ACL), or virtual private network (VPN) to restrict access.
- Enforce Credential Security: Change any default passwords immediately [CPG 3.A] and implement strong, unique security codes and administrative credentials for all interfaces, including the serial port. Further, implement phishing-resistant multifactor authentication wherever feasible [<
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.This article has been indexed from All CISA AdvisoriesRead the original article: