Volunteer DEF CON hackers get ready to secure US water • The Register
A plan for hackers to help secure America’s critical infrastructure has kicked off with six US water companies signing up to let coders kick the tires of their computer systems and fix any vulnerabilities.
Launched at this year’s DEF CON, the Franklin project is a scheme to shore up key systems by using the skills of top hackers. As the conference’s founder, Jeff Moss, explained to The Register at the time, it’s an attempt not only to strengthen US resilience to online attacks, but also to chronicle what is being done in a yearly “Hacker’s Almanack” so that others can learn essential skills.
Now the scheme is kicking off in earnest with a partnership between the University of Chicago Harris School of Public Policy’s Cyber Policy Initiative (CPI) and the National Rural Water Association (NRWA). The organizations are deploying top coders to investigate the security of six water companies based in Utah, Vermont, Indiana, and Oregon, fix any issues, and then pass the knowledge on.
“DEF CON’s superpower is that we’re a bunch of hackers that want to help, figure out how things work, or love pointing out how things are broken and might be fixed. It turns out there are a lot of groups that want to hear that perspective, and would like advice and help,” said Moss. “This is our first initiative to turn a single weekend of people together into doing good things year round.”
Program director Paul Chang told The Register that the situation was similar to when DEF CON started a move to sort out problems in voting machines, but a lot more complicated. With voting machines, two manufacturers have 70 percent of the market, but with water companies, there are around 50,000 individual suppliers in the US, and they all have different IT systems.
Volunteers will work with techies, be matched to a water company, and spend time helping suppliers harden their systems against outside attacks. It’s needed – we’ve already seen China, Russia, and Iran having a nose around US critical infrastructure and water systems would make an excellent target in the event of a conflict.
“We’re hopeful that we’ll have raised enough public perception around this and awareness of the issue, and most importantly, have the policymakers – at least some of them – on our side,” Chang explained. “As much as many things are now completely disagreeable for both parties, I think one thing we might be able to get on the same page on is I would love for my drinking water to not be poisoned.”
The volunteers have a broad range of skills, he said, ranging from students to experienced veterans with 30-plus years of experience. The one thing they share is enthusiasm, he said, but there’s a lot of work ahead.
“The water sector faces increasing cybersecurity-related risk,” said NRWA CEO Matt Holmes.
“Over 91 percent of the approximately 50,000 community water systems in the United States are small, serving fewer than 10,000 people. NRWA and our members are at the forefront of this challenge. This partnership brings cybersecurity experts to rural America to provide the tools our sector needs to assess, prepare, and respond to cyberattacks.” ®