Volunteer hackers to lend assistance to water utility companies in bolstering their cybersecurity defenses
DEF CON Franklin: A Community-Driven Initiative to Bolster Cybersecurity for Small Water Utilities
DEF CON Franklin, a collaborative cybersecurity project, unites experts from DEF CON, academia, industry, and philanthropy to offer "hacker-volunteers" to small municipal water systems across the United States. This initiative aims to address the growing cybersecurity threats facing these utilities, including attacks from nation-state actors such as China and Iran [1][2][3].
The partnership between DEF CON Franklin and the National Rural Water Association (NRWA) is pivotal, particularly for smaller communities, whose water systems are often less protected and more vulnerable to cyberattacks. Matt Holmes, CEO of the NRWA, emphasizes the importance of this collaboration [6].
Pilot Phase and Expansion
Over a nine-month period, DEF CON Franklin provided free cybersecurity assistance to five water utilities in Indiana, Oregon, Utah, and Vermont. Services included securing systems by changing default passwords, enabling multi-factor authentication, conducting asset inventories, operational technology assessments, and network mapping and scanning [4]. Following the successful pilot, the initiative aims to expand rapidly to support thousands of water utilities nationwide. This expansion will be facilitated by developing a suite of free cybersecurity tools tailored to the water sector's unique realities, in collaboration with companies like Dragos and other technology partners [1][4][5].
Program Model
The partnership envisions a managed security service provider (MSSP)-like platform, where multiple tech and security companies contribute their capabilities. This model allows for a broad, coordinated delivery of cybersecurity aid to small water utilities, with a focus on voluntary and no-cost assistance without mandates or red tape [2][5].
Goals and Impact
Beyond network protection, the initiative focuses on protecting drinking water, public health, and national resilience, filling the gap left by limited federal funding and enforcement in cybersecurity for small water systems [1][2]. The program's goal is to help smaller communities survive cyberattacks and provide world-class cybersecurity expertise where it is needed most.
For utilities or cybersecurity professionals interested, DEF CON Franklin offers engagement through its website and social media channels, providing connections to volunteer hackers or assistance programs tailored for water utilities [1].
In conclusion, DEF CON Franklin exemplifies a scalable, community-driven cybersecurity defense partnership for small municipal water systems, leveraging volunteer expertise, industry partners, and philanthropic support to enhance water sector resilience in the face of increasing cyber threats. The hack of the Municipal Water Authority of Aliquippa in Pennsylvania in November 2023 serves as a stark reminder of the vulnerability of these systems to cyberattacks [3]. By strengthening the cybersecurity systems of water utilities, DEF CON Franklin aims to protect drinking water, public health, and national resilience, ensuring the safety and security of communities across the United States.
[1] DEF CON Franklin: https://defconfranklin.org/ [2] National Rural Water Association: https://www.nrwa.org/ [3] Hack on Municipal Water Authority: https://www.reuters.com/article/us-usa-cybersecurity-water-idUSKBN2HN21Z [4] DEF CON Franklin Pilot: https://www.darkreading.com/attacks-breaches/def-con-franklin-pilot-program-to-help-water-utilities-strengthen-cybersecurity [5] Dragos: https://www.dragos.com/ [6] Matt Holmes, CEO of the National Rural Water Association: https://www.linkedin.com/in/matt-holmes-a505205/
- DEF CON Franklin's expansion aims to utilize the growth of the technology industry by collaborating with companies like Dragos and other technology partners to develop a suite of free cybersecurity tools for the water sector.
- The community-driven initiative, DEF CON Franklin, focuses on the importance of international health and finance, as it seeks to protect drinking water, public health, and national resilience against cyber threats.
- The initiative's holistic approach encompasses the integration of cybersecurity into the health industry, as it emphasizes the need for world-class expertise to bolster the cyber defenses of small water utilities in the face of increasing cyber challenges.
