2nd Edition

Tracking the trends and news for IT and IT Security

Paul

Gas stations and beyond: Why cybersecurity is a top priority for industrial infrastructure

cropped-Back-End-News-2.png?fit=192%2C192&ssl=1Gas stations and beyond: Why cybersecurity is a top priority for industrial infrastructure>
Backend News
Through our research, we managed to classify what could go wrong in this process. There are several potential operational technology (OT) and IT security issues that can affect the work of the station.

The first group of risks involves potential remote access from external networks. Just like many industrial systems today, the gas station employs solutions that are connected to public services through the internet, these include cloud banking systems or specialized fleet management systems. Remote access to the fuel station allows further malicious actions inside the network.

There are also suppliers and service companies that have access to some parts of the infrastructure. Compromising these third parties may open doors to the target system for attackers. In fact, this type of threat is of great concern for companies of any size profile: a third (32%) of large organizations suffered attacks involving data shared with suppliers. Whatâs more, the financial impact of such incidents on enterprises is the highest across all types of attacks in 2021.

Another set of risks involves network and device issues that may potentially lead to the disruption of fuel station services or direct financial impact. Attacks can come from remote networks or by connecting to wireless networks or wired network ports available onsite.

Another critical but evergreen problem is vulnerabilities or security flaws in the fuel controller, POS terminals, and network equipment, as well as corporate endpoints and applications. In 2015, 5,800 automatic tank gauges (ATGs) were found to be exposed to unauthorized access from the internet because of a lack of password protection on a serial port. ATG is an electronic component placed in the tank that monitors the level of fuel and checks if it is leaking fluid. And through this serial port, the ATG can be programmed. If the signal it transfers is not correct, the operator wonât get an alert about any deviation. Figures from 2015 also suggested that at the time, most systems were in gas stations in the US and represented 3% of those used in the country. By compromising such critical systems as automatic tank gauges, criminals can unlock options for fraud or even physical damage.

Another point to manage is wireless gateways and reader units. A security assessment should be performed to identify insecure industrial protocols, the possibility of jamming and spoofing attacks.
Link: https://backendnews.net/gas-stations-and-beyond-why-cybersecurity-is-a-top-priority-for-industrial-infrastructure/

Categories:

Tags: