Cybersecurity Alert: Automatic Tank Gauge Systems Targeted

The Energy Marketers of America (EMA) has reported active cyberattacks and vulnerabilities targeting automatic tank gauges (ATGs), including 15 confirmed incidents at one Tennessee retailer and multiple successful intrusions through network-connected ATGs across the country.

The Utah Department of Public Safety has identified 76 vulnerable ATGs in the state and more than 4,000 across the U.S., warning that attackers could manipulate tank levels, trigger false alarms, or disrupt remote access. While no physical damage has been reported, attackers have gained unauthorized access to fuel tank and sensor data, and in some cases, have deleted system information.

Whilte the origin of these attacks is still unknown, the activity exploits basic cybersecurity gaps and suggests broader vulnerabilities may exist across connected systems.

EMA, the Department of Homeland Security, and the U.S. Department of Energy strongly encourage members to use available no-cost cybersecurity tools and services through CISA and take immediate steps to strengthen system protections.

Recommended Immediate Actions

• Change default passwords on all ATG consoles (including TLS-350, TLS-450 Plus, and similar systems)
• Place ATGs behind a secure firewall and on a segmented network (no direct internet exposure)
• Restrict remote access to trusted IP addresses and use VPN where possible
• Keep all systems updated with the latest security patches
• Contact your ATG service provider to implement additional security protections and verify compliance
• Securely store updated passwords and system documentation for inspection purposes

IFFA is here to support you. If you have concerns about your ATG systems or cybersecurity protections, please reach out for assistance.