---
title: "Critical Alert: CISA Urges Immediate Hardening of ATG Systems Against Cyber Threats"
short_title: "CISA warns of ATG system cyber threats"
description: "CISA and federal partners urge ATG system owners to secure internet-exposed devices against cyberattacks. Learn mitigation steps to prevent disruptions and environmental hazards."
author: "Vitus"
date: 2025-01-24
categories: [Cybersecurity, Vulnerabilities]
tags: [atg systems, cisa, cybersecurity, critical infrastructure, threat mitigation]
score: 0.85
cve_ids: []
---
## TL;DR
CISA, FBI, NSA, and other federal agencies warn of rising cyber threats targeting Automatic Tank Gauge (ATG) systems in the Energy, Chemical, Food and Agriculture, and Transportation sectors. Attackers exploit vulnerabilities to manipulate tank levels, disable alerts, and cause operational malfunctions. Immediate action—such as removing ATGs from the internet, enforcing strong passwords, and monitoring for unauthorized access—is critical to prevent disruptions and environmental risks.
Main Content
### Introduction
The Cybersecurity and Infrastructure Security Agency (CISA), alongside the FBI, NSA, and other federal partners, has issued an urgent alert about malicious cyber activity targeting U.S.-based Automatic Tank Gauge (ATG) systems. These systems, essential for monitoring fuel levels, temperature, and leak detection in critical infrastructure sectors, are increasingly vulnerable to exploitation. Cyber threat actors are compromising internet-exposed ATGs to alter settings, disrupt operations, and disable critical alerts. This article explores the threat landscape, potential impacts, and actionable mitigation steps to safeguard these systems.
### Key Points
- Multi-agency alert: CISA, FBI, NSA, DOE, EPA, TSA, DOT, and USDA warn of cyber threats targeting ATG systems in critical infrastructure sectors.
- Attack vectors: Threat actors exploit authentication bypass, hardcoded credentials, OS command execution, SQL injection, and privilege escalation to compromise ATGs.
- Potential impacts: Compromised ATGs can lead to operational disruptions, environmental hazards, and physical damage to tank systems.
- Mitigation priorities: Remove ATGs from the internet, enforce strong passwords, apply patches, and monitor for unauthorized access.
Technical Details
#### How ATG Systems Are Targeted
ATG systems are used for remote monitoring and management of storage tanks in industries such as energy, chemical, food and agriculture, and transportation. Cyber threat actors are exploiting vulnerabilities in these systems through:
1. Authentication Bypass and Hardcoded Credentials
- Attackers gain unauthorized access to device management interfaces by exploiting weak or default credentials.
2. OS Command Execution and SQL Injection
- Threat actors execute arbitrary code or manipulate databases to take control of ATG systems.
3. Privilege Escalation
- Once inside, attackers escalate privileges to gain full administrative control over the device and its operating system.
#### Consequences of Compromise
If an ATG system is compromised, cyber threat actors can:
- Alter system attributes, such as network settings, tank volumes, and pump controls.
- Cause operational malfunctions, leading to incorrect tank fill levels, equipment damage, or denial-of-view conditions.
- Disable critical alerts, increasing the risk of environmental hazards like leaks or relay failures.
### Impact Assessment
The compromise of ATG systems poses significant risks to critical infrastructure sectors:
- Operational disruptions: Manipulation of tank levels or pump controls can halt operations, leading to financial losses and supply chain delays.
- Environmental hazards: Disabled alerts or leaks can result in spills, contamination, or other environmental incidents.
- Safety risks: Malfunctions in chemical or fuel storage tanks could endanger lives and property.
- Regulatory consequences: Organizations may face fines or legal action for failing to secure critical systems.
### Mitigation Steps
CISA and its partners recommend the following actions to harden ATG systems against cyber threats:
#### 1. Eliminate Public Internet Exposure
- Do not expose ATG serial ports or web interfaces (e.g., TCP ports 8001, 9001, or 10001) directly to the internet.
- If remote access is necessary, use firewalls, access control lists (ACLs), or virtual private networks (VPNs) to restrict access.
#### 2. Enforce Credential Security
- Change default passwords immediately and implement strong, unique credentials for all interfaces.
- Enable phishing-resistant multifactor authentication (MFA) wherever possible.
#### 3. Apply Patches and Updates
- Work with certified ATG service providers to verify compliance, update software, and apply the latest security patches.
#### 4. Monitor and Report Suspicious Activity
- Enable logging and audit logs to detect unauthorized access, alarm modifications, or system changes.
- Report incidents to CISA’s [24/7 Operations Center](mailto:[email protected]) or the FBI’s IC3 portal.
#### 5. Engage Third-Party Service Providers
- Ensure service providers adopt CISA’s Primary Mitigations to Reduce Cyber Threats to Operational Technology.
### Affected Systems
ATG systems are widely used in the following sectors:
- Energy: Fuel storage and distribution.
- Chemical: Storage of hazardous materials.
- Food and Agriculture: Liquid storage for processing and distribution.
- Transportation: Fuel management for vehicles and infrastructure.
## Conclusion
The rising cyber threats to Automatic Tank Gauge (ATG) systems highlight the urgent need for organizations to secure their critical infrastructure. By removing ATGs from the internet, enforcing strong credentials, applying patches, and monitoring for unauthorized access, owners and operators can mitigate risks and prevent potentially catastrophic disruptions. Immediate action is essential to safeguard operations, protect the environment, and ensure public safety.
For more information, review CISA’s Internet Exposure Reduction Guidance and Primary Mitigations to Reduce Cyber Threats to Operational Technology.
## References
[^1]: Cybersecurity and Infrastructure Security Agency (CISA). "CISA and Partners Urge Hardening Automatic Tank Gauge Systems." June 3, 2026.
[^2]: Pedro Umbelino. "Critical Vulnerabilities Discovered in Automated Tank Gauge Systems." Bitsight, October 11, 2023.
[^3]: CISA. "Cybersecurity Performance Goals (CPG) 2.0." 2025.