Kachoolie’s patented solution is specifically designed to securely communicate with remote devices over the Internet, and protect these devices from Cyber Attacks without interfering with, or creating vulnerabilities in other systems. More About Kachoolie Technology
Internet connected devices such as tank gauges, traffic systems, medical devices, cameras, electricity substations, water pump stations, cell towers etc. are part of the 6.4 Billion Internet of Things (IoT). This enormous number shows the usefulness and popularity of remotely accessing devices using the Internet. Unfortunately many IoT devices, especially those designed before the Internet, such as tank gauges, create Cyber Attack vulnerabilities in the IoT device and vulnerabilities in the connected networks and devices. These vulnerabilities provide a means to attack the critical infrastructures on which we are all dependant to maintain our way of life. More about IoT and Cyber Attacks
Kachoolie for Fueling Stations
Why Internet enable tank gauges?
- Every day without monitoring and managing fuel inventory, profits easily become losses through hidden, unanticipated costs. Costs and ROI.
- Non compliance with regulations disrupts station operations, leading to fewer customers, lower sales and fines. Manual methods such as SIR are expensive, time consuming and prone to mistakes.
Before Kachoolie, high cost, poor reliability and reluctance by station owners prevented Internet enabling the majority of tank gauges installed at fueling stations. Why are so few tank gauges successfully connected to the Internet?
The Kachoolie solution for the fuel industry is the only solution that:
- Has affordable, all inclusive and transparent pricing.
- Is an end to end, fully featured, complete solution with individual benefits for both the fuel supplier and station operator.
- Guarantees reliable, secure communication, maintenance free operation, and has an unlimited equipment warranty.
- Provides peace of mind. It protects against Cyber Attacks and does not introduce vulnerabilities that compromise station operations.
- Instant fuel inventory information. Dispatchers do not have to rely on hours old information or initiate and wait for a time consuming manual poll.
- Includes advanced delivery forecasting algorithms with graphically confirmed accuracy.
- Connects to tank gauges independent of manufacturer including gauges from the eighties and nineties.
- Includes software interfaces with most fuel dispatching systems.
- Has “Plug and Play” installation. Expensive IT and tank gauge technicians not required.
Costs and ROI
Monitoring fuel inventory and managing deliveries is mandatory to eliminate the inefficiencies and mistakes that silently erode profits.
Real Time fuel inventory and accurately forecasting delivery arrival, is crucial for creating the delivery schedules that :
- Maximize the use of limited hauling resources.
- Prevent “No-fits”, “Run Outs”, “Spills”, and delivery mistakes.
- Manage “Splits” and minimize freight charges.
- Avoid costly accounting corrections, audits and fines.
- Allow dispatchers to concentrate on scheduling loads to maximize profits instead of spending their time calling stores for inventory information.
- Create goodwill with station owners and managers.
A typical gross margin of 2 cents per gallon on an 8,000 gallon load gives only a $160 gross margin.
A technician visit to reconfigure a router, $300-$400 – Profit on 2 loads! (Kachoolie does not need router configuration.)
Against this margin goes the expenses of paying a supplier invoice, billing and collecting from the customer, managing the dispatching, ensuring the correct pricing, calculating and paying taxes, defending tax audits and the cost of credit.
A single mistake in dispatching or a tank gauge communications breakdown easily turns the profit to a loss!
Our successful Fuel Supplier customers reaping the intangible befits of Kachoolie. They are building customer loyalty by providing their customers with environmental compliance reporting and other benefits included with Kachoolie. They have taken over the paternal role once provided by the major Oil Companies. These customers use Kachoolie to acquire and keep their customers at no extra cost to themselves.
Why are so few tank gauges successfully connected to the Internet?
Major Oil Companies now own less than 5% of all C-Stores in the USA. Between 2003 and 2008 the major Oil Companies sold their stores. These stores, now independently owned, but often branded, no longer have a secure and well managed communications infrastructure which was provided by the Oil Companies WAN’s or satellite communication. Without this infrastructure, the common TCP/IP polling technology used to monitor tank gauges is unuseable or costly to operate. In addition the telephone companies went to digital telephone lines making telephone modem tank gauge polling unreliable. Today, according to NACS, 60% of the C-Store fueling stations, around 70,000 stations are owned by “single owner operators”, most of them acquired from the major Oil Companies. The remaining 40% are owned or managed by chains which provide an IT infrastructure that supports the TCP/IP polling technology. The IT infrastructure at these chains is expensive to maintain and secure and after break ins such as at Target stores, IT managers concerns restrict tank gauge communications and make them expensive to install and operate. Most of the 60% of C-stores now have Internet connections due the demands of Internet based credit card processing and the low cost of simple Internet connections. Although these Internet connections may be PCI compliant, PCI compliance only addresses credit card processing. These Internet connections do not provide the public IP address required by the TCP/IP polling technology . In addition their routers are unmanaged which makes installation and maintenance expensive, complex and insecure. (The router needs firewall, port forwarding and dynamic DNS configuration. Access to the router is required by numerous parties which becomes a security and maintenance nightmare.)
Kachoolie Technology is unique in that it protects at the end device using point to point encryption. Unlike other solutions it does not require a public IP address, passwords, router configuration, and VPN’s; all of which introduce complexity and expense, and by their nature require physical and software access by many people who belong to different organizations.
These other solutions are difficult and expensive to maintain, especially when they include devices belonging to multiple parties where responsibility for security and assignment of liability is blurred.
IoT and Cyber Attacks
According to Gartner’s estimate, in 2016, there are 6.4 billion IoT devices connected to the Internet. Most of these devices do not take into account the Cyber Attack vulnerabilities they create at the locations where they are installed, nor the use of these devices as platforms for Cyber Attacks on the Internet. The attacks on DNS servers by IoT devices in late 2016 which shut down the Internet in the North East USA is an example. Another example is the use of the HVAC system at Target to gain access to customer credit card information.
HD Moore of Rapid7 who worked with Jack Chadowitz, Kachoolie founder, in January 2015 to report tank gauge vulnerability published an article on “Serial Offenders”, IoT devices that include tank gauges. Click here to see the article.
We agree with Admiral Rogers on 3 important points. See his remarks at RSA 2016
1. His first fear is an online attack against US critical infrastructure, which he said was ” a matter of when it will happen, not if”. We believe that tank gauge communications systems have been compromised and their is no way to detect or remove infections. When these infections go active, there will be no time to for defense.
2. Data tampering. “We’re used to data being stolen, he said, or even deleted as in the case of Sony. But if data has been subtly altered rather than stolen, then the results could be severe”. The real damage is data tampering.
Imagine simple random tampering with tank gauge settings so that full tanks are reported as empty and empty tanks as full. Trucks will be trying to fill full tanks and empty stations would not get loads. A logistics nightmare. Then imagine if the random tampering was randomly removed. Tank gauges do not have audit trails. The incidents would be thought of as gauge problems creating a flood of service calls.
Imagine leak detection falsely reporting leaking tanks and ignoring real leaks and water infiltration. Then working perfectly a day later when technicians are looking for the problem.
3. His third nightmare was down to the actions of non-state terrorist groups changing their use of online resources. At the moment, such groups are using the internet to recruit members, raise funds, and distribute propaganda. But if they go on the offensive against a country, the results are going to be grim.
“What happens when they use cyber for destruction?” he asked. “These groups are not interested in maintaining the status quo, but in tearing it down.”
We know that the tools to attack tank gauge systems are readily available to non-state terrorist groups and simple hackers. Its not if but when they will be activated.