LAS VEGAS — DEF CON, the world’s largest hacker conference, is trying to put its legions of experts to work by creating a volunteer army to help protect America’s vulnerable water systems and schools.
The project is part of a larger attempt to harness the talent of the roughly 30,000 hackers who now make the annual pilgrimage to Las Vegas. It also aims to help the broader public access the cybersecurity research the hackers produce during the conference each year.
“There’s a very small number of people that can do this,” said Jeff Moss, who founded DEF CON in 1993. “So how do we best help them help other people?”
The project has two main elements. The first involves publishing a detailed report of what hackers disclose at the conference, in the hopes that the information can be used to better U.S. cybersecurity policy.
The second is connecting hackers with places that are in desperate need of cybersecurity help, starting with water and wastewater facilities and schools.
The project’s title — Def Con Franklin — is a nod to two of Benjamin Franklin’s distinct accomplishments: annually publishing Poor Richard’s Almanack and co-founding the first all-volunteer fire department in the U.S.
Moss said he’s “really excited to see what the response is” to the new project — and whether it’ll inspire others to replicate their efforts to help.
“Does real work get done? Maybe the finding is, it’s really valuable,” he said. “Then, other people copy the idea and more people do it. That would be the great win, that we’ve figured out a new way to allow hackers and creators to connect and help.”
Water is a clear first choice. While cyberattacks are routine against every industry that’s connected to the internet, the network of the roughly 50,000 independent water and wastewater facilities spread across the U.S. is particularly vulnerable. Larger plants typically can afford a dedicated security team, but smaller ones often run with only a handful of employees. Even if they only use a few automated systems, those can prove enticing victims for malicious hackers.
U.S. officials have repeatedly warned that they believe China has tried to position its hackers to be able to conduct cyberattacks against U.S. critical infrastructure if it believed conflict with the U.S. was imminent. A group of Iranian hackers broke into several U.S. facilities last year without causing significant damage. The Environmental Protection Agency found in a survey last year that around 70% of inspected water and wastewater facilities didn’t meet basic cybersecurity standards.
This article appeared on NBC