Cybersecurity volunteers, identified as hackers, prepare to lend a hand to water utility companies.

Cybersecurity volunteers, identified as hackers, prepare to lend a hand to water utility companies.

DEF CON Franklin: Community-Driven Cybersecurity Initiative Protecting U.S. Water Systems

DEF CON Franklin, a community-driven cybersecurity initiative, is partnering with small U.S. municipal water systems to bolster their cybersecurity defences against potential threats. The announcement of this partnership was made at DEF CON 2025 in Las Vegas.

The initiative's primary goal is to safeguard drinking water, public health, and national resilience by providing "hacker-volunteers" to water utilities. This comes in response to the increasing number of cyberattacks against water utilities, many of which operate with limited resources and personnel.

The programme, which started as a nine-month pilot involving five utilities in Indiana, Oregon, Utah, and Vermont, has successfully provided free cybersecurity services such as password management, multi-factor authentication, asset inventories, operational technology assessments, and network mapping.

DEF CON Franklin's unique focus lies in addressing the distinct challenges of the water sector, which involves securing operational technology (OT) systems critical to water treatment and distribution. The initiative employs a volunteer-powered model, with top cybersecurity experts and hackers from the DEF CON community donating their time and skills pro bono to defend critical water infrastructure.

Key partnerships include the National Rural Water Association (NRWA), the University of Chicago’s Cyber Policy Initiative, Cyber Resilience Corps, Aspen Digital, and philanthropic supporters such as Craig Newmark Philanthropies. The aim is to scale support statewide and nationally, with ambitions to expand rapidly to cover thousands of water utilities across the country.

Jake Braun, co-founder of the DEF CON hacker convention, stated that this effort is not just about protecting networks, but also about protecting drinking water, public health, and national resilience. He emphasised that this initiative brings together top minds from DEF CON, academia, industry, and philanthropy.

The volunteers are working specifically for the unique realities of the water sector, providing no-cost support on network mapping, password protocols, and OT assessments. The hackers will also run through vulnerabilities in an effort to strengthen the cybersecurity system.

Recently, a breach demonstrated the vulnerability of medium to small municipal water systems to hacking. In November 2023, hackers with ties to the Iranian government hacked into the Municipal Water Authority of Aliquippa in Pennsylvania. This incident underscores the need for initiatives like DEF CON Franklin.

DEF CON Franklin is partnering with the NRWA to bring world-class cybersecurity expertise to vulnerable communities. It's important to note that an attack on a water utility facility could have devastating consequences, such as shutting off access to water, creating a chemical imbalance in the water, and potentially poisoning people.

DEF CON is an annual conference hosted in Las Vegas that brings together cybersecurity professionals from around the world to collaborate on ideas about the profession. The DEF CON Franklin initiative represents a scalable, community-driven cybersecurity solution built on partnerships between volunteer hackers, water sector associations, academia, and industry.

[1] DEF CON Franklin Official Website: https://defconfranklin.org/ [2] National Rural Water Association: https://www.nrwa.org/ [3] DEF CON: https://defcon.org/ [4] Cyber Resilience Corps: https://cyberresiliencecorps.org/ [5] Craig Newmark Philanthropies: https://www.craignewmarkphilanthropies.org/ [6] University of Chicago’s Cyber Policy Initiative: https://cyberpolicy.uchicago.edu/ [7] Aspen Digital: https://www.aspeninstitute.org/programs/aspen-digital/ [8] American Water Works Association: https://www.awwa.org/ [9] UnDisruptable27: https://www.undisruptable.org/

1. DEF CON Franklin, with its focus on the water sector, is aiming to expand nationwide, recruiting top cybersecurity volunteers from the DEF CON community to provide free services like network mapping and operational technology assessments, safeguarding drinking water, public health, and national resilience.
2. In light of the increasing number of cyberattacks on water utilities, especially those with limited resources, DEF CON Franklin's partnership with the National Rural Water Association (NRWA) seeks to bring world-class cybersecurity expertise to vulnerable communities, addressing the distinctive challenges within the water industry.
3. Amidst growing concerns about the vulnerability of medium to small municipal water systems to hacking, as demonstrated by the recent breach of the Municipal Water Authority of Aliquippa in Pennsylvania, DEF CON Franklin provides a scalable, community-driven cybersecurity solution, joining forces with academia, industry, and philanthropy, to protect drinking water and national resilience.

Read also: