insights

15 Sep 2020 By Sumi

Detecting Unauthorised ATG Programming Changes

  • Are your ATG access permissions what you think they are?
  • Has someone made any unauthorised changes to the ATG program?
  • Are your fuel management processes detecting unauthorised critical ATG program changes?
  • How would you know if your ATG settings have been compromised?

An Automated Tank Gauge (ATG) is a device installed at petrol stations to monitor and measure fuel movements. A probe in the tank automatically sends data to a display installed in an office or room on site, therefore negating the need to manually measure fuel using a dipstick, which is known to be a dirty and dangerous procedure.

A great number of Oil Companies invest in ATG systems as they are a proven solution to the once arduous job of manual tank measuring – but they leave it at that. The reality is an ATG is not a set and forget device once initially commissioned. Depending upon the many enabled features that go well beyond simple tank fuel measurement, undetected changes to the ATG program settings can cause major issues, that you may only learn when it’s all too late!

Such unauthorised changes to the ATG’s programming can result in physical stock losses such as: overfills, leaks, shutdowns or lack of shutdown when a critical event arises that may cause environmental contamination leading to significant fines.

With so many ATG’s brands and model options available such as Veeder-Root, Franklin, OPW, ProGauge, Hectronic and others, it can be difficult to know what to select, what it will actually do and what one offers the best security against intrusion.

An audit conducted across seven clients representing about 1,400 retail sites highlighted the majority were using their ATG’s simply as an electronic dip stick! 67% featured incorrect programming parameters and 55% were missing key software enhancements that the client was unaware! Furthermore, one client introduced what they thought to be strong password protection to learn that 12% of their ATG’s passwords had changed that was not authorised.

ATG’s are typically remotely programmed and monitored through a built-in serial port, plug-in serial port, TCP/IP module or a fax/modem. In order to facilitate remote monitoring over the internet, ATG serial interfaces are often mapped to an internet-facing port. This opens doors to potential trouble, especially since serial interfaces are rarely password protected.

The other point of concern is that many ATG protocols are freely available on the Internet for hackers to easily download!

Recently it was in the news that Hackers attacked at least one internet-connected gas (petrol) station pump monitoring system in the US.

An outage of the ATG or a compromised ATG through an attack, whilst not always catastrophic, could cause serious data loss and supply chain problems. For instance, should fuel volume be misrepresented such as lower than the physical reality, the arriving tanker will not be able to fully unload, that may lead to an overfill or a re-direct to off-load the excess fuel to a nearby site with capacity, or a haul-back to the depot/terminal.

An attacker with programming knowledge who have penetrated the ATG, can easily disable fuel dispensing for pressure systems whilst trading – imagine what a pain that would be for a major retail or highway truck stop at peak hour!

Avoid such ATG and Fuel Management hell

Fuelsuite brings together your EPA compliance, fuel inventory, delivery, reconciliation, price and ATG alarms within one Wetstock Management solution. This gives you the tools to effectively manage your leak detection, maintenance and fuel consumption and inventory for both above and below-ground tanks Globally.

Fuelsuite polls the ATG via various connection methodologies to retrieve data such as: Alarms, Inventory, Leak detection, Deliveries, Diagnostics, Sales transactions, Line pressure, Sensor and Vapour Recovery for the purpose of analytics, presentation and reporting for asset management and performance.

Our servers collate the information into Fuelsuite making it available to you in real time – removing the need to visit site and manually collect data, check sensors and monitor wells and fuel tank levels.

Fuelsuite is an all-round, remote Wetstock Management system that allows you to regain visibility over your fuel site operations using real-time data.

Manage as if you were actually on site

You control who gets what…and when. Using a cloud-based remote Wetstock Management solution, you can easily schedule various reports such as inventory, delivery, reconciliation and alarms, etc. Our 24/7 support service monitors your critical alarms in the background and escalates (if you choose) to your service contractor to attend and resolve.

With Fuelsuite you can compare settings and check your programming status and security on a daily basis. Whether you operate 25 or 1,000 retail or commercial fueling facilities, Fuelsuite has your Fuel Risk Management, Fuel Operations and Fuel Asset Management covered.

If you’re concerned that your ATG isn’t performing, could have been compromised or may not be the right solution for your fuel site, get in touch with EMS today to find the right solution for you.

If you’re looking at improving your value offering to customers by delivering superior Wetstock managementclick here to contact EMS and discuss Fuelsuite licensing.