Safeguard Critical Fueling Infrastructure With Cybersecurity

Stranded business travelers. Airless buildings. Silenced elevators. Rush-hour chaos. From Detroit to Toronto to Manhattan and beyond, more than 50 million people across eight northeastern U.S. states and parts of Canada were without power. 

Millions lived again with uncertainty during the largest blackout in North American history almost 20 years ago. At the time, the suspicion was that the blackout represented a cyberattack on the U.S. power grid.

Thankfully, the cause was much more benign. A cascading series of events: human error, software issues, and equipment failures caused what the media called the Northeast Blackout.

But human suffering and business losses were significant

Make no mistake. The threat of cyberattacks is real. U.S. support of Ukraine as it wards off Russian aggression has invoked hostilities toward NATO and especially the United States, according to evolving intelligence.

As Putin’s military invasion of Ukraine wears on, his back is against the wall, said President Joe Biden. He recently warned of Russian cyberattacks against the U.S. Putin’s frustration grows as his suppression of Ukraine falters; some speculate that a cyberattack could be the next step.

Brian Harrell, a former assistant secretary for infrastructure protection at DHS, said “the most logical enemy avenue approach is through vulnerable 3rd parties and the critical supply chain.”

This points directly at critical infrastructure and the U.S. retail fuel supply. The threat to web-connected fuel tanks is no small matter.

Tank Monitors Susceptible to Cyber Risk

The vulnerability of the gauges used to monitor gasoline tanks is the latest security issue challenging industrial devices which are increasingly being connected to the Internet of Things (IoT). Automated tank gauges (ATGs) are used by nearly every fueling station in the United States and tens of thousands of systems internationally. 

While ATGs are typically accessed to monitor fuel inventories, attackers could easily alter the settings. Imagine if hackers concentrated their efforts to make changes to hundreds of systems simultaneously, locking out access which would lead to a host of problems.

Frequent run outs and loss of alarm notifications could result in ATG alarms being missed. A security breach on ATGs could raise issues with fuel compliance, fuel theft, and even terrorism.

Many independent operators connect to the Internet with an off-the-shelf home router and use a public IP address. They haven’t given much thought to security or firewall protection. Tank monitors that are connected remotely using public IP addresses are highly susceptible to cyberattacks. 

As a leader in data security, we factor security into every decision we make. From our IoT hardware to our Web platform, we strive to optimize security and minimize the risks associated with sensitive data. Here’s what we recommend to protect your convenience store operation.

5 Ways to Guard Against Cyberattacks

1. Close the system

Unlike the TCP/IP method of monitoring automatic tank gauges, which leaves multiple ports exposed to third parties for manipulation, the Canary cellular-based system is closed and entirely proprietary. It has no physical or digital “open ports” that expose a client’s network to potential unknown attack vectors.

2. Limit application access

Canary’s system is the only application running on our hardware, limiting the number of potential security holes from third parties. A site connected via TCP/IP can be connected to many applications, increasing risk exposure.

3. Encrypt communications

All communications between our device and the cloud are encrypted to ensure confidentiality; APIs are accessible only via HTTPS and use a 2048-bit TLS certificate.

4. Leverage trusted partners

We exclusively use best-in-class hosting via established and trusted hosting companies like Amazon Web Services, using ISO 27001, 27010, and 27018 physical security and risk management.

5. Manage user access and security

Canary employs strong password requirements, and access control lists to prevent users from controlling applications or devices that are not theirs.

Wrap Up

Being proactive and cyber aware is the first line of defense for every owner/operator connected to the Web. Using a secure, encrypted cell modem like a Canary box is a guaranteed way to eliminate the risk of a cyberattack to your network via your tank gauge by taking it off-network. 

While cybercriminals exist, you can protect yourself from rogue agents. You can limit the applications you use, manage user access, encrypt communications, and work with partners you trust.

What are you doing to ensure your ATG, a vulnerable network endpoint, is properly secured from increasing online threats to fueling infrastructure?

Learn more about Canary today.

You may also be interested in this great content.

Titan around the forecourt
Watch
Environmental compliance software for convenience stores illustration
How Compliance Professionals Can Manage Risk with Confidence
Read More
Convenience store perspective on environmental compliance and software solutions
Tank Talk: C-Store Perspective on Compliance Software
Listen