The press has reported several recent crimes, committed by thieves and employees, which involve tampering with the pump software or gas station controllers to allow a free flow of gasoline. This new kind of attack is in addition to the widely reported skimmers that thieves install at pumps to capture credit card information.
In 2015, the hacker alliance Anonymous is reported to have exploited vulnerabilities in Internet-connected gas pumps. TrendMicro then found that pumps were easy to crack due to flaws in the Internet-connected systems that track fuel levels. In March, Kaspersky Lab identified security flaws that could make over 1,000 gas stations vulnerable to hackers.
Read more in Fortune’s article “Hackers Have a New Favorite Target: Gas Stations”.
These vulnerabilities are common across industry due to the lack of role-based access control and the absence of immutable records. To defend against these kinds of cyber attacks, the oil and gas industry–from production to retail–requires decentralized identity and access management that authenticates users and controls their access.
By deploying decentralized security technologies, companies can protect their operations. With these solutions, operators can easily manage user and device identities, passwords, credentials, and access control policies, while tracking all changes in a tamper-proof audit-log to avoid the reputational and financial losses that follow these types of security breaches.