Cybersecurity volunteers, identified as hackers, set to aid water utility companies in digital defense efforts
DEF CON Franklin Initiative Bolsters Cybersecurity for Small Water Utilities
The DEF CON Franklin initiative, a community-driven cybersecurity program, is partnering with small municipal water systems across the United States to provide free, volunteer-powered cybersecurity support. The program, announced at DEF CON 2025 in Las Vegas, aims to protect drinking water, public health, and national resilience against escalating cyberattacks, particularly from hostile nation-state actors like China and Iran.
Key details about the initiative and its partnerships include:
- Scale and Reach: After a successful nine-month pilot with small water utilities in Indiana, Oregon, Utah, and Vermont, DEF CON Franklin is expanding to scale protections for thousands of water systems nationwide, many of which have limited cybersecurity resources or staffing.
- Partnerships: DEF CON Franklin collaborates with multiple organizations, including the National Rural Water Association (NRWA), Cyber Resilience Corps, Aspen Digital, the American Water Works Association, and UnDisruptable27. These partners bring water sector expertise, community engagement, and additional cyber resilience resources to enhance the initiative's impact.
- Volunteer Model: Instead of imposing mandates or regulations, the program operates on a voluntary, no-red-tape basis, providing cybersecurity services as a public good. Volunteers conduct vulnerability assessments, penetration testing, and general cyber-hardening efforts tailored specifically to the operational realities of small water utilities.
- Urgency and Impact: The initiative responds to increasing cyberattacks targeting critical water infrastructure, including a notable breach in Aliquippa, Pennsylvania in 2023 linked to Iranian hackers. The goal is not just to secure IT networks but to protect public health, ensure safe drinking water, and enhance national resilience against cyber threats targeting physical systems.
- Leadership: Jake Braun, co-founder of DEF CON Franklin and Executive Director at the University of Chicago's Cyber Policy Initiative, leads the effort to connect expert hackers, academia, industry, and philanthropy in a coordinated defense of vital water systems.
This community-driven approach, leveraging top cybersecurity minds paired directly with vulnerable municipal utilities, represents a scalable, replicable model to defend critical water infrastructure from cyberattacks through a mix of volunteer expertise and strategic partnerships. The goal is to provide "hacker-volunteers" to water utilities to strengthen their cybersecurity systems and help them survive potential cyberattacks.
- Despite limited resources or staffing in many small water utilities, the DEF CON Franklin initiative aims to bolster their cybersecurity through a partnership with these systems, playing a crucial role in protecting drinking water, public health, and national resilience against escalating cyberattacks.
- With a successful pilot program in Indiana, Oregon, Utah, and Vermont, DEF CON Franklin is scaling up its protections for thousands of water systems nationwide, incorporating partnerships with various organizations like the National Rural Water Association, Cyber Resilience Corps, Aspen Digital, and UnDisruptable27.
- Lake Braun, co-founder of DEF CON Franklin and Executive Director at the University of Chicago's Cyber Policy Initiative, leads the effort to fortify vulnerable municipal utilities by connecting expert hackers, academia, industry, and philanthropy in a coordinated defense against cyber threats, similar to providing "hacker-volunteers" to strengthen their cybersecurity systems.
- The success of this community-driven model lies in its ability to defend critical water infrastructure from cyberattacks through a mix of volunteer expertise and strategic partnerships, ultimately providing security to water systems, thus ensuring the safety of drinking water and public health.
