CISA and Partners Urge Hardening Automatic Tank Gauge Systems

p a class="c-button" href="https://www.cisa.gov/sites/default/files/2026-06/fact-sheet-cisa-and-partners-urge-hardening-automatic-tank-gauge-systems_508c.pdf" CISA and Partners Urge Hardening Automatic Tank Gauge Systems /a /p h2 strong Overview /strong /h2 p The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), the Department of Energy (DOE), the Environmental Protection Agency (EPA), the Transportation Security Administration (TSA), the Department of Transportation (DOT), and the U.S. Department of Agriculture (USDA)—hereafter referred to as “the authoring organizations”—are aware of malicious cyber activity targeting U.S.-based automatic tank gauge (ATG) systems. ATG systems are widely used throughout the a href="https://www.cisa.gov/topics/critical-infrastructure-security-and-resilience/critical-infrastructure-sectors/energy-sector" Energy /a , a href="https://www.cisa.gov/topics/critical-infrastructure-security-and-resilience/critical-infrastructure-sectors/chemical-sector" Chemical /a , a href="https://www.cisa.gov/topics/critical-infrastructure-security-and-resilience/critical-infrastructure-sectors/food-and-agriculture-sector" Food and Agriculture /a , and a href="https://www.cisa.gov/topics/critical-infrastructure-security-and-resilience/critical-infrastructure-sectors/transportation-systems-sector" Transportation Systems /a Sectors for automated and remote monitoring of storage tank parameters, including fuel and liquid levels, temperature, and possible leak detection. The authoring organizations urge ATG owners and operators to defend against this malicious activity by securing their ATG systems with strong passwords and by removing them from the internet to reduce public exposure. nbsp; /p h2 strong Threat /strong /h2 p The recent malicious cyber activity observed by the authoring organizations—which the U.S. government has not yet attributed to a nation-state or threat actor group—involves cyber threat actors compromising internet-exposed ATG systems and subsequently modifying them through command execution. This fact sheet provides insight into probable tactics, techniques, and procedures (TTPs) leveraged by these cyber actors, highlights risk factors associated with such compromises, and provides mitigation guidance and resources to reduce the likelihood of continued malicious activity targeting U.S.-based ATG systems. nbsp; /p p Cyber threat actors may exploit flaws in ATG systems through multiple attack vectors: /p ul li strong Authentication Bypass and Hardcoded Credentials: /strong Threat actors gain unauthorized access to device management interfaces. nbsp; /li li strong OS Command Execution and Structured Query Language (SQL) Injection: /strong Threat actors execute arbitrary code and manipulate underlying databases. nbsp; /li li strong Privilege Escalation: /strong Threat actors achieve full administrator privileges over the device applicat