How to protect your fuel station from cyber attacks

Fuel stations today face a growing threat of cyberattacks that can compromise their accounting, control and payment systems, as well as the personal information of employees and customers.

To better understand this threat, Manuel Díez, Global Head of Electrical and Mechanical Engineering in Buildings and Cybersecurity and Functional Safety at TÜV Rheinland, points out the main risks and the preventive measures necessary to protect these critical infrastructures. In this context, TÜV Rheinland-Burotec, with extensive experience in the fuel distribution sector, is working to prevent cyberattacks at petrol stations.

In addition, the company stresses the importance of staff training and compliance with regulations such as the General Law on the Protection of Personal Data and the NIS (Security of Information Networks) directive. These regulations are essential to establish a robust security framework that protects both sensitive data and the operability of service stations.

With the implementation of new technologies and increasing digitalization, the adoption of preventive measures and the creation of business continuity plans become crucial to minimize the impact of possible cyberattacks.

Among the threats most highlighted by Manuel Díez for service stations are:

'Ransomware': An attack that encrypts data and systems, demanding a ransom for release. Shutdown of automated supply and metering systems, and potential loss of critical data.

Denial of Service (DoS): An attack that overloads systems, preventing them from functioning normally. Disruption of transactions and payment systems, causing immediate losses and affecting customer satisfaction.

Unauthorized access to the wireless network: Intrusion into the station's wireless network to intercept communications and data. Theft of sensitive information and possibility of compromising other connected systems.

Personal data breach: Theft of sensitive employee and customer data, such as personal and payment information. Privacy violation, potential legal penalties, and damage to the station's reputation.

EV charger commitment: Exploiting vulnerabilities in chargers to access the station's data network. It allows lateral and vertical movements in the network, affecting other systems and exposing critical information.

Phishing: Sending deceptive emails or messages to obtain confidential information. Compromise of accounts and data, unauthorized access to systems and networks.

Insider attacks: Malicious actions by disgruntled employees or former employees. Intentional damage to systems and networks, information leakage, and sabotage.

Service stations face multiple cybersecurity risks due to the various connected elements, such as metering, metering and control systems, electric vehicle chargers, or card payment systems.

Main risks

According to Díez, service stations face multiple cybersecurity risks due to the various connected elements, such as metering, metering and control systems, electric vehicle chargers, or card payment systems.

These computers can have security vulnerabilities throughout their life cycle, "usually due to insecure user identification and authentication, lack of secure encryption, key sharing and use of obsolete and outdated equipment. Without forgetting that physical access to computer equipment and panels should be restricted to authorized personnel." These weaknesses make the systems attractive to attackers, who seek to exploit them to access sensitive information or disrupt services.

In addition, the leakage of private data of employees and customers, as well as images from closed circuit television, represents a violation of the General Law on the Protection of Personal Data. Not only does this expose gas stations to legal penalties, but it can also damage their reputation and customer trust.

Among the most common attacks affecting service stations are ransomware incidents, which can paralyze automated supply and metering systems. This type of attack encrypts data and systems, demanding a ransom for release. Other common attacks include denial-of-service attacks on payment systems, which can disrupt transactions and cause immediate losses. In addition, unauthorized access to the station's wireless network can allow attackers to intercept sensitive communications and personal data.

"We never recommend paying the ransom. If Burotec has collaborated to prevent correctly and we have both the backups and the action plan, we will ensure that everything is restored in the shortest possible time, minimizing damage to our customers," says the head of Cybersecurity TÜV Rheinland-Burotec.

Díez also stresses that "in the case of chargers for electric vehicles, the lack of protection of many of them has already been revealed, as has the ease of lateral and vertical movement in data networks".

Full article at How to prepare your service station against cyberattacks? - Service Stations (interempresas.net)