Published 2026-04-15 by TechNet New England
The Energy Marketers of America (EMA) has issued an urgent cybersecurity advisory: **cybercriminals are actively targeting Automatic Tank Gauge (ATG) systems at fuel facilities nationwide.** Attacks have already been confirmed in Tennessee, with at least 15 tanks at a single convenience store chain compromised. Federal agencies including CISA and the Department of Energy are involved in the response. This is not a theoretical risk. It is happening right now. ## What Are Automatic Tank Gauges? Automatic Tank Gauging (ATG) systems are critical infrastructure used at gas stations, truck stops, marinas, and emergency generator facilities. They monitor fuel inventory levels, detect leaks, and ensure environmental compliance for underground storage tanks (USTs). Most ATG systems are connected to computer networks for remote access, allowing operators to schedule fuel deliveries and maintain compliance records. The most widely deployed systems are manufactured by **Veeder-Root**, specifically the **TLS-350** and **TLS-450 Plus** series consoles. The problem: many of these devices are connected directly to the internet **without passwords or firewall protection**. ## What the Attackers Are Doing The confirmed attacks have exploited basic security deficiencies in ATG systems that lack network or password protection. Once inside, attackers can: ### Manipulate Tank Information Using unsecured Telnet connections, attackers can locate devices by MAC address and **change tank names, capacities, and alarm thresholds**. This is not just vandalism -- falsifying a 10,000-gallon tank as 20,000 gallons could cause overfill situations leading to environmental leaks and regulatory violations. ### Shut Down Fuel Dispensing Attackers can deprogram relays to prevent pump activation. They can also disable Pipeline Leak Detection (PLLD), meaning **catastrophic leaks may go undetected**. ### Harvest Operational Data By monitoring insecure connections, attackers can gather delivery schedules, inventory levels, and alarm data -- potentially selling this intelligence to third parties or using it to plan further attacks. ### Delete Compliance Records System reprogramming can wipe compliance data, **exposing tank owners to regulatory fines** and leaving no audit trail of what happened. ### Compromise Critical Infrastructure ATG systems are not just at gas stations. They serve **hospitals, emergency providers, cell towers, and power plants**. A compromised ATG network could cascade into failures across critical infrastructure. ## Who Is Behind the Attacks? The origin and purpose of the attacks are currently unknown. **Many suspect Iran is the instigator**, though this has not been officially confirmed. EMA and federal agencies are investigating. Regardless of attribution, the vulnerability is real and the exploitation is active. ## Recommended Immediate Actions The following steps should be taken **today** -- not next week, not after your next scheduled maintenance: ### 1. Change Every Default Password Change the default password on **every ATG console** -- Veeder-Root TLS-350, TLS-450 Plus, and equivalents from other manufacturers. Default credentials are widely known and are the primary attack vector. ### 2. Deploy a Dedicated Firewall Place each ATG on a **segmented network** with a dedicated firewall/router. No ATG system should have direct internet exposure. This is the single most important architectural change you can make. ### 3. Contact Your ATG Service Provider Your certified ATG service provider can implement the hardening measures Veeder-Root recommends and verify your systems meet compliance requirements. Do not attempt to reconfigure industrial control systems without qualified support. ### 4. Secure Password Storage Store updated passwords securely inside or near the console along with setup documentation. Inspectors and service technicians need access to current credentials. ### 5. Report Incidents to CISA If you suspect your systems have been compromised, report immediately through one of these channels: - **CISA Portal:** [https://www.cisa.gov/report](https://www.cisa.gov/report) - **Email:** report@cisa.gov - **Phone:** (888) 282-0870 Use out-of-band communication (not your potentially compromised network email) when sharing sensitive details. ### Information to Include When Reporting - Date and time of detection - Systems or networks affected - Type of incident (intrusion, data manipulation, unauthorized access) - Indicators of Compromise (IOCs) -- IP addresses, domains, hashes - Impact details (data loss, operational disruption) - Mitigation steps already taken - An out-of-band contact method for follow-up ## The Bigger Security Picture EMA and federal agencies are using this incident to highlight a broader point: **organizations that have this vulnerability likely have weaknesses in other systems too.** This attack exploited the most basic cybersecurity deficiency possible -- default passwords and no firewall. If your ATG systems are exposed, ask yourself: - Are your POS (Point of Sale) systems on a segmented network? - Do your security cameras use default credentials? - Is your back-office network separated from your operational technology? - When was your last vulnerability assessment? ## Veeder-Root Security Resources Veeder-Root has published cybersecurity bulletins addressing these issues: - [Ensuring Automatic Tank Gauge Security Compliance](https://www.veeder.com/us/ensuring-automatic-tank-gauge-security-compliance) - [ATG Security Blog](https://www.veeder.com/us/blog/security) - [Take Control of Your Network](https://www.veeder.com/us/blog/take-control-your-network) ## The Bottom Line This is a wake-up call for every fuel retailer, truck stop operator, and facility manager with ATG systems. The attacks are happening now, the fix is straightforward (passwords + firewalls), and the consequences of inaction include environmental damage, regulatory fines, operational shutdowns, and potential liability. **Do not wait.** Change your passwords, segment your network, and call your ATG service provider today. --- *TechNet New England helps businesses across Massachusetts secure their operational technology and IT infrastructure. If you need help assessing your network security posture or implementing segmentation for industrial control systems, [contact us](/contact) today.*