CISA, partners flag active threats to automated tank gauges

Inside Cybersecurity reports that CISA and federal partners issued a June 2 joint fact sheet urging automated tank gauging owners and operators to harden systems exposed to the internet after observed threat activity involving command execution and system modification. The first multi-agency automated tank gauging advisory is bigger than an equipment notice. These systems measure fuel and liquid levels, temperature and leaks across energy, chemical, food and agriculture, and transportation operations. CISA says compromise could let an attacker alter tank volumes, product identifiers, network settings and pump controls, or disable alerts operators rely on for leaks and relay failures.

Attribution is the awkward piece. The fact sheet follows media reports that Iran-based cyber actors targeted automated tank gauges at U.S. gas stations, but CISA says the federal government has not attributed the observed activity to a nation-state or threat actor group. Defenders still have to act on the tactics, techniques and procedures now. They should not build incident response around an actor name the government has not adopted.

The practical work is familiar and unglamorous: take automated tank gauging systems off the public internet, tighten credentials, apply patches, monitor for unauthorized access and revisit network segmentation. That is where the advisory lands on executives, municipal IT and critical-infrastructure operators. Tank gauges have often lived like facilities equipment with a network jack. CISA is now treating them like operational technology whose failure can mean denial-of-service conditions, permanent tank damage, environmental hazards and supply-chain disruption.