Guarding the Gateways: Understanding Cyber Threats to Operational Technology Systems

Heimdall, the all-seeing and all-hearing guardian sentry of Asgard, serves as a powerful metaphor to the importance of vigilance in cybersecurity for Operational Technology (OT) systems. Just as Heimdall in Marvel realm employs his extraordinary abilities to oversee the Bifrost and safeguard Asgard from potential dangers, cybersecurity professionals in OT environments strive to create their own "Heimdalls"—guardians of OT systems to continuously monitor and protect against cyber threats that could disrupt critical infrastructure. There is a perennial tussle to ensure the security of both the digital and physical realms.

As more companies embrace Industry 4.0, there is no question that cyber security has become a top priority. Cyberattacks on operational technology systems have been on the rise since the start of the COVID-19 pandemic. In 2023 alone, more than 349 million people were impacted by data breaches, approximately 90 percent of manufacturing organizations had their production or energy supply hit by some form of cyberattack.

A compelling topic for discussion and motivation for writing this article arises from recent news concerning Critical Automated Tank Gauge (ATG) vulnerabilities that pose a threat to gas infrastructure. A recent investigation by Bitsight TRACE has uncovered several critical zero-day vulnerabilities affecting six ATG systems from five different vendors.

A zero-day vulnerability refers to a security flaw in software or hardware that is unknown to the developer and lacks an existing fix. The term "zero-day" signifies that the developer has no time to prepare a remedy once the vulnerability is identified.

What is an ATG System?

Automated Tank Gauge (ATG) systems are sensor technologies designed to monitor and manage fuel storage tanks, ensuring that fill levels remain within safe limits, detecting leaks in real-time, and facilitating inventory management. These systems automatically measure and record the level, volume, and temperature of the products stored in tanks. They can also monitor for leaks, issue alarms for high or low levels, and trigger sirens, emergency shutoff valves, ventilation systems, fuel dispensers, and other connected devices. By interfacing with internal or external relays, ATGs can control various physical processes. This technology not only helps maintain compliance with environmental regulations but also optimizes inventory management at ubiquitous as well as critical facilities such as gas stations, hospitals, airports, and military bases. However, the capability of these systems to control physical processes presents a significant and an interesting problem for security researchers and hackers, as any misuse could lead to severe consequences.

What’s the risk?

The risk associated with the newly discovered vulnerabilities is significant, as they can grant attackers full administrative control over an ATG (Automated Tank Gauging system). These security flaws may lead to a range of malicious activities, from disrupting fuel availability to causing environmental damage. With the rise of digitization, many ATGs are now online and easily accessible via the Internet, making them attractive targets for cyberattacks, particularly in scenarios involving sabotage or cyberwarfare.

Many of these systems were not originally designed for the level of connectivity we see today. They have been mostly adapted for Internet connectivity; they lack the necessary security features typically required for connected devices. Consequently, they are being employed in ways that vendors never intended, which lies at the heart of these vulnerabilities.

What can potentially happen?

The security vulnerabilities could result in serious consequences, ranging from gas spills to unauthorized access to operational data, impacting gas stations, airports, military bases, and other highly sensitive locations. The potential outcomes could be catastrophic.

Hackers could:

• Resize Tanks: Alter the reported capacity of tanks, making them appear to hold less than they actually do, which could lead to overfilling and leaks.
• Capture Sensitive Corporate Data: Collect operational information (such as delivery schedules, inventory, and alarms) for sale to third parties leading to DDoS (Distributed denial of service) attacks.
• Shut Down IP Cards/Networking Services: Manipulate Ethernet cards, rendering management systems ineffective and disrupting critical operations.
• Manipulate Compliance Data: Alter records, potentially leading to regulatory fines for operating companies and posing ransomware threats.

It’s a long fight..

Industrial Control Systems (ICS) vendors who build and maintain systems such as ATG’s face considerable challenges in balancing security with system reliability. ICS runs on systems that often oversee critical infrastructure, where downtime can lead to significant and problematic disruptions. Many of these systems are outdated and difficult to upgrade, compelling vendors to ensure that new security measures work seamlessly with legacy technology.

Additionally, vendors must navigate increasing regulatory requirements, address vulnerabilities in their supply chains, and keep pace with an evolving cyber threat landscape—all while producing systems designed for long-term reliability. The extended lifecycle of ICS systems, the need to invest in and adopt newer technologies, and customers' resistance to change further complicate vendors' efforts to maintain secure and dependable products. Furthermore, implementing robust security measures can be costly and may sometimes require a complete redesign of the product. Despite these challenges, one thing is clear: change is necessary.

What could possibly be done?

As the industry shifts towards a "secure by design" approach, reports such as these underscore the urgent need for action, not only within the realm of ATGs but across the entire ICS ecosystem. It's not merely about fixing existing vulnerabilities; it's about implementing security practices to prevent risks from arising in the first place. Organizations also need to recognize that critical systems should not be exposed to the public Internet. They must effectively evaluate their exposure, understand their current risks, and begin addressing these issues, regardless of how promptly vendors can update their systems.

For industrial control systems in general, and ATGs specifically—with their unique challenges—the path forward is clear: security must be the foundation rather than an afterthought. The potential costs of neglecting this can be far too high.

Sources:

• https://www.bitsight.com/blog/critical-vulnerabilities-discovered-automated-tank-gauge-systems