A Guide to ATG Communications Protection

By ARUME

A Simple Analogy

Imagine you need to deliver a secure package from Point A to Point B, like an armored car transporting cash to a bank.

The Challenge: Protect the Package En-route

An ATG communicates using a specific protocol, however by using the internet, just like a public highway, introduces security risks. We need additional measures to ensure the package reaches its destination safely.

Level 1: Disguise (Non-Standard Ports)

The first method involves disguising the package. Traditionally, packages use standard markings (like standard ports for TCP communication) which makes them easily identifiable for hackers - think a brown paper package.

You can then disguise the package by using a non-standard port, purple packaging, which will be less recognizable to potential hackers.

This method offers minimal protection. Hackers might simply target the standard port or other non-standard ports if they know it’s used for ATGs.

Not a secure option.

Level 2: Combination Lock (Password Protection)

The second method is password protection. You add a combination lock to the package, making it harder to open without the correct code.

While this adds a layer of security, passwords are limited. A determined hacker can crack a six-digit password in a relatively short time. Worse, passwords are often stored in plain text (like having the combination written on a note next to the lock), making them even less secure.

This method is slightly better, but still flawed.

Level 3: Known Sender (Firewall)

The third method is like having the bank only accept packages from a specific address. This is similar to how firewalls work.

While this method prevents random attacks, a determined hacker could still:

  • Intercept and Replace: Steal the package, replace the commands with their own, and maintain the sender's address (like a hacker replacing your package with theirs).
  • Breach the Depot (Server): If the server where packages are created (your station's network) is compromised, the hacker can create fake packages with the valid sender's address.

Level 4: Secure Tunnel (VPN)

The fourth method involves creating a secure tunnel (VPN) over the internet between the polling company's server’s network and the station’s network. This encrypts the package contents while it transits the public Internet making it unreadable even if intercepted.

While this method protects against interception, just like firewalls, a hacker could still gain access to the package if they:

  • Breach the Depot (Server): If they hack into the server where packages are created (your station's network), they have access to the VPN and can input malicious commands into the tunnel.
  • Breach the Network (Bank): More concerning is that because a VPN is network to network, if a hacker acquires the credentials to use the VPN they could have access to all other devices connected via the VPN. An example of this was Target when building automation, third-party contractors were given access to corporate networks, a mistake costing them upwards of $200 million in legal fees and payouts. The credentials were stolen allowing hackers access to financial systems that included customer credit card and identity information.

Key Takeaways:

  • The underlying Veeder Root communications protocol was not designed to be used over the Internet.
  • The first two methods are poor and are only effective in that hackers may first try unprotected tank gauges. Like the protection against bears of taking someone with you who runs much slower than you.
  • The biggest vulnerability lies in a single point of access: the companies polling the tank gauges, like the five major service providers who communicate with tank gauges over 50% of the 150,000+ locations. If a hacker breaches just one of these companies, they effectively bypass all four protection methods and could gain access to a vast network of ATGs.
  • VPNs are valuable security measures, but only if their security is maintained. Are your access credentials shared only internally? Or with third-party contractors such as tank gauge monitoring providers? This is recognised consistently as a key area of vulnerability in cyberattacks and is regularly overlooked.

The Solution

Instead of the band-aid methods above, use an alternative technology that does not poll with the legacy Veeder Protocol over the Internet and depends on external protection measures (Firewalls and VPNs). To read more about possible alternatives, read our Secure Ways of Communicating