Earlier today, CNN reported that United States officials suspect Iranian actors to be behind the hacking of tank readers at gas stations. This breach impacted systems monitoring the amount of gas in storage tanks and servicing gas stations across the U.S. The automatic tank gauge (ATG) systems were online and without password protection, enabling the hackers to alter the tanks’ display readings, but not the levels of fuel stored inside. 

At this time, no damage or harm has been reported from this incident. However, the CNN report points out that theoretically, the hackers could’ve made a gas leak pass by undetected. 

A lack of forensic evidence may make it impossible to determine for certain who was behind the attack, but Iran’s history of targeting gas tank systems makes the nation a top suspect for U.S. officials. 

If this is the result of an Iranian actor, it serves as a warning for U.S. critical infrastructure operators to bolster their security systems. 

Below, security leaders share their thoughts on the attack, Iran’s potential involvement, and the broader implications. 

Security Leaders Weigh In 

Nick Tausek, Lead Security Automation Architect at Swimlane:

Iranian threat actors tend to look for pressure points, and this target fits that pattern. U.S. systems are appealing because so much of the critical infrastructure is connected, locally operated, and difficult to defend evenly across every site. Gas stations, tank readers, water systems, and industrial controllers may not sound high-profile, but they give attackers a way to turn a technical breach into public confusion and operational stress.

That is the throughline across many of these campaigns. Some are built for spying, while others are meant to disrupt services or shake confidence in the systems people rely on every day. The common thread is exposed operational technology and weak remote access. Security teams need to get ahead of that pattern with defenses that can spot abnormal activity, prioritize alerts, coordinate response, and contain threats quickly before a local incident becomes a wider infrastructure problem.

Kevin Kirkwood, CISO at Exabeam:

This is on the verge of a kinetic cyber attack.

This incident is not really about gas stations. It is a warning that cyberattacks are increasingly targeting real-world infrastructure and operational systems, not just data and applications. As organizations adopt more AI, agents, and digital workers to automate decisions and operations, the risk grows that compromised data or manipulated systems could trigger larger operational disruptions at machine speed. The companies that will be most resilient are those that combine AI governance, operational technology security, strong identity and cryptographic controls, and human oversight into a single integrated security strategy.

The solution is to build security around trust validation rather than assuming systems and data are always reliable. Organizations need better visibility into operational assets, stronger segmentation between IT and operational systems, verification of sensor and telemetry integrity, and governance controls for AI-driven automation. AI systems and digital workers should validate information from multiple sources before taking action, and critical operational decisions should still include human oversight. Over time, resilience will depend on combining cybersecurity, operational technology security, and AI governance into a unified framework designed for autonomous and highly connected environments.

Gabrielle Hempel, Security Operations Strategist at Exabeam:

The next war is going to have large portions that are waged online. You no longer need to “blow something up” kinetically to create instability. The gas station/tank reader angle is especially interesting because it sits in a gray area between nuisance and legitimate disruption. It is disruptive enough to shake civilians and affect public confidence, but falls below the threshold of conventional military escalation, which is exactly why these types of operations are becoming increasingly common. 

The broader trend here is that our geopolitical conflicts are increasingly targeting operational technology and the systems surrounding it. The “soft connective tissue” is often easier to hit than industrial hardware. 

From a defender perspective, this is why the old ways of separating IT and OT security are outdated. If your fuel availability depends on cloud-connected monitoring or remote management, then your attack surface has widened to IT systems as well.

Ross Filipek, CISO at Corsica Technologies:

Gas stations and tank storage systems may not sound like traditional cyber targets, but they sit right at the intersection of economic pressure and public disruption, which makes them very attractive for threat actors. You don’t need to knock out the entire energy sector to create panic. If fuel access slows, storage readings are manipulated, or operators are forced into manual processes, the impact can quickly move from technical inconvenience to real-world operational risk.

The bigger concern is what happens if this activity scales nationally. Fuel distribution depends on trust in automated readings, connected equipment, and timely logistics. If attackers can disrupt that visibility, they can create chaos across supply chains. Operators should be treating these systems as critical infrastructure, not back-office equipment. Around-the-clock monitoring, strong network segmentation, and having tested recovery plans in place is crucial for halting disruption before it becomes widespread.