The weakest link in your c-store’s cybersecurity strategy? It may not be what you think.

Author:

Using an unordered list, summarize the following article with between 4 and 8 key points.

Listen to the article

6 min

This audio is auto-generated. Please let us know if you have feedback.

Adam Reynolds is the vice president of Device Software Engineering at Gilbarco Veeder-Root.

Convenience store operators invest heavily in securing their payment systems and customer data. Yet one critical piece of infrastructure is often missing from broader security planning: the automatic tank gauge, or ATG.
This technology monitors both aboveground and underground fuel tanks by tracking inventory levels, detecting leaks and helping companies ensure they’re in environmental compliance. As cyberattacks on critical infrastructure become more common, ATGs have emerged as a potential entry point in the absence of proper security protocols — and the scale of the threat is growing fast.

In the first nine months of 2025, ransomware incidents targeting critical sectors rose 34% year over year, with half of all attacks striking industries such as energy, manufacturing and transportation. Fueling infrastructure sits firmly within that risk landscape, with cyberattacks on U.S. utilities rising nearly 70% in 2024.
Convenience store operators spend years strengthening the security of their most visible systems. Payment networks are protected. Point-of-sale upgrades are routine. Loyalty data is carefully managed. However, ATGs — many of which were deployed long before today’s threat landscape — are not always evaluated with the same rigor as enterprise IT infrastructure.
These devices present a potential access point many would not have considered, particularly as geopolitical tensions and increasingly sophisticated threats place added pressure on legacy infrastructure, according to the World Economic Forum’s Global Cybersecurity Outlook.
As convenience retail becomes more connected, ATGs provide critical operational data that help retailers monitor inventory and make more informed business decisions. Realizing that value, however, requires those systems to connect with broader networks and platforms. As a result, securing the device itself is just as important as protecting the data it generates.
When left unsecured, these systems can expose business data such as inventory levels and enable unauthorized changes to system configurations. In more severe cases, tampering can create compliance risks or even interfere with fuel dispensing.

Many legacy ATGs were designed in the era of dial-up. Remote connectivity and present-day cyber threats were not priorities, leaving many operators exposed without realizing it. Companies built these systems for reliability and longevity, not for the security requirements that accompany modern connectivity.
For c-store operators already facing volatile energy costs and broader economic uncertainty, avoiding preventable disruption is imperative. Cybersecurity decisions directly affect operational continuity and business performance.

“Convenience store operators spend years strengthening the security of their most visible systems. … However, ATGs — many of which were deployed long before today’s threat landscape — are not always evaluated with the same rigor as enterprise IT infrastructure. ”

Adam Reynolds
Vice President, Device Software Engineering, Veeder-Root

Below are five practical steps c-store managers can take to reduce risk, strengthen resilience and protect the systems that keep fuel moving:
1. Follow manufacturer guidance on routine updates: Treat ATG firmware and software updates as standard site maintenance rather than optional IT tasks. Like smartphones and computers, ATGs require regular updates to stay secure and perform properly. Threats targeting connected devices continue to evolve, and manufacturers regularly release patches for newly identified vulnerabilities. Planning these updates during low-impact windows helps secure your system without disrupting daily operations.
2. Place ATGs behind a firewall or router: Our guidance is always: Never expose ATGs directly to the internet. Putting these systems behind a properly configured firewall creates a critical layer of protection that limits unauthorized access and blocks automated scanning from external threats.
3. Implement IP address limiting: Restrict ATG access to only the systems and service partners that genuinely need it. Review access rules with your IT or service partners to ensure every permitted connection has a clear operational purpose. Fewer access points mean fewer opportunities for intrusion.
4. Harden default settings and improve passwords: Default serial command ports and credentials are an easy target for attackers. Change default port numbers, enable serial command passwords and maintain strict credential hygiene to make tampering significantly more difficult.
5. Evaluate the security capabilities of legacy systems: Operators should periodically assess whether older systems can realistically meet today’s security expectations, even with updates and network controls in place. For long-term planning, considering the security capabilities of newer platforms designed for connected environments can help reduce risk over time.
Why this matters now
As convenience retail evolves, customer expectations around uptime and reliability continue to rise. Consumers expect fuel to be available when they need it, and have little tolerance for disruption at the pump.
While an ATG cyber incident does not expose customer data, it can directly impact fuel availability. Disruptions to tank monitoring or system configurations can delay deliveries or temporarily prevent fuel sales, turning a back-office issue into a customer‑facing problem.
Energy price volatility, labor constraints and tighter operating margins limit tolerance for downtime. A system disruption can affect fuel sales, create staffing challenges, introduce compliance risks and damage customer trust long after the immediate issue is resolved.
Ensuring the security and resilience of connected fueling infrastructure, including ATGs, helps operators maintain dependable forecourt operations and meet growing expectations for convenience and reliability.