A Green Dashboard Can Still Be a Red Flag: Operational Data Integrity as a Board Risk

Recent reporting on suspected Iran-linked breaches of fuel tank monitoring systems at US gas stations should not be treated as a narrow gas-station cybersecurity story.

It is a board-level warning about operational trust.

According to CNN reporting, US officials suspect Iranian hackers were behind breaches of systems that monitor fuel in storage tanks serving gas stations across multiple states. The reported target was not the fuel itself. It was the systems that tell operators what is happening underground: fuel levels, leak detection, delivery decisions and operational status. In some cases, attackers were reportedly able to manipulate displayed readings, but not the actual fuel levels. [1]

That distinction matters.

In operational environments, management often treats the screen as reality. A site manager trusts the tank reading. A distributor trusts inventory data. An executive trusts the status report. A board trusts the green dashboard.

But what happens when the business is looking at data an attacker has already touched?

That is not only a cybersecurity issue.

It is an oversight issue.

The Board-Level Lesson

The board lesson is simple: a green dashboard is not evidence of control unless the data behind it can be trusted.

Many organizations still govern cybersecurity as if the main asset is information. In operational environments, the asset is trust: trust in readings, alarms, processes, controls and management’s view of reality.

When that trust is compromised, the board problem has already begun.

For boards, CEOs and risk committees, the issue is not whether directors understand the technical details of an Automatic Tank Gauge system. The issue is whether management can prove that critical operational data remains reliable under pressure.

That is the difference between being briefed and exercising oversight.

What Boards Should Ask Now

This is the practical test.

Boards do not need to become cybersecurity engineers. They do need to challenge the assumptions behind management’s cyber reporting.

1. Which operational systems are exposed online, directly or indirectly?

2. Which dashboards rely on data attackers could manipulate?

3. Who owns OT cyber risk at executive level?

4. Can management prove operational data remains reliable under attack?

5. What manual fallback exists when digital readings cannot be trusted?

6. Has the board reviewed this as continuity, safety and financial exposure?

7. Which third parties have remote access to operational systems?

8. Are remote access decisions documented, reviewed and periodically challenged?

9. Which operational systems would create business disruption if their data integrity failed?

10. Has management tested a scenario where systems remain online but cannot be trusted?

These are governance questions, not technical trivia.

If the board cannot get clear answers, the issue is not only cybersecurity. It is oversight.

What Good Oversight Looks Like

Good oversight is not a longer dashboard.

It is better evidence.

A serious OT cyber review should not end with a maturity score. It should produce clear answers in four areas.

1. What are we relying on?

Management should identify the operational systems that support safety, production, logistics, service delivery, compliance and business continuity.

The board does not need every asset detail. It does need to know which operational systems create business exposure if their data becomes unreliable.

2. Who owns the risk?

Ownership should not sit vaguely between IT, security, operations, engineering and vendors.

A named executive should be accountable for OT cyber risk, with a clear route to the CEO, executive committee and board.

3. What evidence supports management’s confidence?

“Protected,” “monitored” and “compliant” are not enough.

Boards should ask for evidence of exposure control, segmentation, remote access governance, authentication, logging, backup procedures and tested recovery paths.

4. What happens when the data cannot be trusted?

This is the hardest question and often the most revealing.

If digital readings are unavailable or unreliable, management should know how the business continues, who makes decisions, what manual checks exist and how long the organization can operate safely.

What Happened?

The reported incident involved Automatic Tank Gauge systems, commonly known as ATGs. These systems are used to monitor underground fuel tanks and support operational activities such as fuel inventory, leak detection, delivery scheduling and environmental compliance records. [2]

The Energy Marketers of America reported in April 2026 that cyberattacks were targeting ATG systems in Tennessee and that systems were being targeted nationwide. One convenience store chain reportedly had at least 15 tanks affected, with no physical impacts reported at that time. [2]

CNN later reported that US officials suspected Iran-linked hackers were behind breaches of ATG systems serving gas stations in multiple states. The systems were reportedly exposed online without password protection, allowing attackers to manipulate displayed readings. [1]

The board-level point is not that attackers changed the fuel.

The board-level point is that attackers may have changed what operators, management and ultimately the board believed to be true.

Why This Is Bigger Than Gas Stations

Automatic Tank Gauge systems may sound narrow. They are not.

Bitsight has reported that ATGs are used not only at gas stations, but also at facilities such as military bases, hospitals, airports, emergency services and power plants. In 2024, Bitsight disclosed multiple critical zero-day vulnerabilities across six ATG systems from five vendors. [3]

The wider issue is not one product or one sector.

The issue is operational dependence on connected systems whose readings, alarms and dashboards inform real-world decisions.

Operational technology risk rarely begins as an abstract cybersecurity concern. It begins as a practical business dependency:

• Can we trust the reading?

• Can we trust the alarm?

• Can we trust the delivery schedule?

• Can we trust the compliance record?

• Can we trust the operational dashboard?

If the answer becomes uncertain, the issue moves beyond cyber controls. It becomes a problem of business continuity, safety, regulatory exposure, executive accountability and board oversight.

The Real Risk: Compromised Operational Reality

In information technology, the cyber conversation often starts with confidentiality, data theft, ransomware and business email compromise. Those risks are real. But in operational technology, the risk picture is different.

In OT environments, cybersecurity is often about the integrity and availability of operational reality.

If attackers can manipulate a display, suppress an alarm, alter a reading, interfere with a control system or degrade the reliability of operational information, they can affect business decisions even without causing immediate physical damage.

This is not theoretical. CISA and partner agencies warned in April 2026 that Iranian-affiliated actors had targeted internet-exposed programmable logic controllers across US critical infrastructure. The advisory stated that the activity included manipulation of data displayed on HMI and SCADA systems, resulting in operational disruption and financial loss in some cases. [4]

That is the pattern boards should recognize.

The risk is not only that the system becomes unavailable.

The risk is that management continues making decisions based on a false view of reality.

Financial, Operational and Personal Ramifications

Unreliable operational data can create financial exposure quickly.

In the fuel monitoring scenario, manipulated or unreliable readings can affect delivery decisions, inventory confidence, manual verification costs, downtime, environmental response costs, insurance discussions and regulatory scrutiny.

At board level, the financial question is not only:

“Was there a cyber incident?”

The stronger question is:

“What business decisions depended on the integrity of the compromised system?”

That question matters because financial impact often emerges downstream. A technical weakness becomes a delayed delivery. A delayed delivery becomes a service failure. A service failure becomes a customer issue. A customer issue becomes lost revenue, regulatory attention or litigation risk.

Operationally, compromised data slows decision-making at the exact moment leadership needs speed and confidence.

Many continuity plans assume system unavailability. Fewer test what happens when the system remains available but cannot be trusted.

That difference is critical.

A dashboard that goes dark is obvious.

A dashboard that stays green while reporting compromised data is more dangerous.

Personally, this is where the issue becomes uncomfortable for executives and directors.

After a serious incident, nobody is impressed that the cyber report was green.

The questions change.

Who owned the risk? Who approved remote access? Who accepted exposed systems? Who tested the fallback? Who documented the decision? Who understood the business consequence?

That is why boards should treat OT cyber risk as a business continuity, safety and accountability issue, not only as a technical control issue.

A Decade of Warnings

This problem did not appear suddenly.

In 2015, Rapid7 reported that an internet-wide scan had identified approximately 5,800 ATGs with TCP port 10001 exposed to the internet and no password set. Rapid7 warned that an attacker with access to the serial port interface of an ATG could spoof reported fuel levels, generate false alarms and potentially lock monitoring services out of the system. [5]

More than a decade later, the lesson remains uncomfortable.

Some operational systems are still exposed because convenience won over control. Remote access, third-party maintenance, legacy configuration, weak authentication and unclear ownership often create a control gap that nobody fully owns.

That is exactly the kind of gap boards should be challenging.

Not at packet level.

At accountability level.

Why the Green Dashboard Problem Keeps Happening

Boards often receive cybersecurity reporting through simplified status indicators: red, amber, green, maturity levels, compliance scores and trend lines.

That reporting can be useful.

It can also be dangerous if it hides the assumptions behind the score.

A green cyber dashboard may tell the board that controls are monitored. It may not tell the board whether the operational data feeding management decisions can be trusted under attack.

A maturity score may show progress. It may not show whether a vendor still has remote access to a sensitive operational system.

A compliance report may confirm that a process exists. It may not confirm that the fallback process works when digital readings become unreliable.

This is the governance gap.

Boards do not need more technical noise. They need clearer evidence of operational resilience.

The Board Lesson

This story is bigger than gas stations.

It is about whether boards can trust the operational reality management is reporting.

Many organizations still govern cyber as if the main asset is information. In operational environments, the asset is trust.

Trust in the reading. Trust in the alarm. Trust in the process. Trust in management’s view of reality.

When that trust is compromised, the board problem has already begun.

If your board cannot clearly answer the questions above, the issue is not only cybersecurity.

It is oversight.

That is the work boards should test before pressure arrives.

FAQ

What is operational data integrity?

Operational data integrity is the reliability and trustworthiness of the data used to run physical or operational processes. This includes readings, alarms, status reports, control-system data, delivery information and compliance records.

Why is operational data integrity a board risk?

Operational data integrity is a board risk because executives and directors rely on management reporting to make decisions. If the underlying operational data is manipulated, incomplete or unreliable, leadership may make decisions based on a false view of business reality.

What is an Automatic Tank Gauge system?

An Automatic Tank Gauge, or ATG, is a system used to monitor fuel levels and related tank conditions. ATGs support fuel inventory, leak detection, delivery scheduling and environmental compliance processes.

Why should boards care about ATG cybersecurity?

Boards should care because ATGs are an example of a broader operational technology risk. If attackers can manipulate operational readings or undermine confidence in those readings, management may make business decisions based on unreliable data.

Is this only relevant to fuel companies?

No. The same governance issue applies to any operational environment that depends on connected monitoring systems, including energy, water, manufacturing, logistics, transportation, healthcare, emergency services and critical infrastructure.

What is the key board-level lesson?

The key lesson is that cyber oversight should test the reliability of operational data, not only the security status of systems. A green dashboard is not enough if the data behind it can be manipulated.

What should boards ask management after this kind of incident?

Boards should ask which operational systems are internet-exposed, which dashboards depend on manipulable data, who owns OT cyber risk, what fallback exists when digital readings cannot be trusted and whether the issue has been reviewed as a continuity, safety and financial exposure.

What does good OT cyber governance produce?

Good OT cyber governance produces named accountability, exposure evidence, tested fallback procedures, documented risk decisions and clear escalation paths between operations, cybersecurity, executive management and the board.

Sources

[1] CNN reporting, via CNN Newsource syndication[2] Energy Marketers of America advisory on ATG cyberattacks[3] Bitsight research on critical ATG vulnerabilities[4] CISA advisory AA26-097A on Iranian-affiliated actors targeting PLCs[5] Rapid7 research on internet-exposed gas station tank gauges