Today, CISA and federal partners released the fact sheet CISA and Partners Urge Hardening Automatic Tank Gauge Systems in response to malicious cyber activity targeting U.S. automatic tank gauge (ATG) systems, which are widely used across critical infrastructure sectors.
The recent malicious cyber activity observed by the authoring organizations—which the U.S. government has not yet attributed to a nation-state or threat actor group—involves cyber threat actors compromising internet-exposed ATG systems and subsequently modifying them through command execution.
The fact sheet provides insight into probable tactics, techniques, and procedures (TTPs) leveraged by these cyber actors, highlights risk factors associated with such compromises, and provides mitigation guidance and resources to reduce the likelihood of continued malicious activity targeting U.S.-based ATG systems.
The resource recommends:
- Removing ATG systems from public internet exposure.
- Enforcing strong, unique passwords and multifactor authentication.
- Applying vendor patches and updating software.
- Monitoring unauthorized access and suspicious activity.
