Four years ago, Coast Guard officers boarded a rust-colored oil tanker while it was moored in Wisconsin’s Fox River.
The officers found antennas and computer devices running an automated attack against a local wireless network as it was docked near an oil terminal in the Port of Green Bay, according to a Coast Guard report reviewed by the Houston Chronicle and first obtained by the publication IHS Jane’s. The attack on the unknown target failed, but it was set to restart automatically, the report said.
“You think you’ve seen it all until something like this comes along,” said Brian Calkin, vice president of operations at the Multi-State Information Sharing and Analysis Center, a non-profit group that collects and distributes information about cyber security threats, based in New York and Virginia. Hackers have “changed the game yet again.”
Wireless networks represent another avenue of attack for hackers and another potential vulnerability for oil and gas production facilities, refineries, pipelines and other industrial plants, government and private cyber security specialists said.
Homeland Security said network scanning and probing accounted for 79 cyber incidents involving industrial controls in 2014 and 2015, but would not disclose additional details.
Many companies have adopted advanced encryptions, but Kevin Dunn, senior vice president at the Austin security firm NCC Group, said the most common security setting for wireless networks in energy and other industrial facilities remains the password-protected WPA-2 protocol, used for household wireless networks.
Skilled hackers, with a modest equipment that costs a few hundred dollars, could break into these in about two hours.
“If this were a targeted attack,” Dunn said, “whether it be ‘hactivism’ or a nation-state, all they have is time and money and opportunity.”