With cash-strapped utilities under attack by China and Iran, DEF CON's Franklin launches new scalable cybersecurity solution Teams in Indiana, Oregon, Utah, and Vermont already providing cybersecurity as public service—no mandates, no red tape

LAS VEGAS, Aug. 7, 2025 /PRNewswire/ -- In the face of escalating cyberattacks by hostile actors like China and Iran, DEF CON Franklin today unveiled the next phase of its mission: scaling a free, volunteer-powered cybersecurity model to protect thousands of U.S. water systems.

The announcement—made at the DEF CON 2025 conference in Las Vegas—comes after a successful nine-month pilot pairing DEF CON hackers with small water utilities across four states.

"We've seen both the urgency of the threat and the potential of a community-driven solution," said Jake Braun, co-founder of DEF CON Franklin and Executive Director at the University of Chicago's Cyber Policy Initiative. "This next phase brings together top minds from DEF CON, academia, industry, and philanthropy to provide support in ways that are designed specifically for the unique realities of the water sector."

More than 50,000 U.S. water utilities operate with limited cyber capacity. Many lack the staff, resources, or tools to defend themselves against today's threats. With little federal funding or enforcement in place, Franklin is stepping into the gap.

"This isn't just about protecting networks," Braun said. "It's about protecting drinking water, public health, and national resilience."

Franklin is deploying skilled hacker-volunteers to help the most at-risk utilities—offering hands-on support for operational technology (OT) mapping, password protocols, and vulnerability assessments. It's cybersecurity as public service—no mandates, no red tape.

"While Congress debates and agencies sound the alarm, Franklin is already in the field," said Braun. "We're creating real protections, one utility at a time."

The initiative also publishes the Hackers' Almanack—a post-DEF CON report that translates hacker-disclosed vulnerabilities into actionable insights for U.S. cybersecurity policy.

Franklin's expanded network includes new partnerships with DEF CON, the National Rural Water Association (NRWA), Cyber Resilience Corps, Aspen Digital, the American Water Works Association, Cyber Solarium 2.0, Red Queen Security, and UnDisruptable27. The initiative is supported by generous contributions from Craig Newmark Philanthropies, among others.

"Protecting our nation's critical infrastructure isn't a want but a necessity, and for the nearly 50,000 water systems nationwide, they need the tools and resources to not only be cyber aware but also resilient," said Matt Holmes, CEO of the National Rural Water Association, a founding partner of Franklin. "By designing solutions that are scalable, we are ensuring that even our smallest systems have the ability to protect themselves."

The cyber volunteers are now looking at how they can recommend enhanced cybersecurity options for the water utilities, particularly with free tools industry has made available for critical infrastructure like Dragos' Community Defense Program.

"The partnership between DEFCON Franklin and the National Rural Water Association is a model for community cybersecurity," said Ann Cleaveland, Executive Director of the UC Berkeley Center for Long-Term Cybersecurity and a founding partner of the Cyber Resilience Corps. "This is what cyber civil defense looks like, when skilled cyber volunteers are stepping up, when industry is stepping up, and when NRWA and its members are stepping up to fill the cybersecurity gap together."

"Water remains the weakest link in our National critical infrastructure, placing many other infrastructures at risk," said Mark Montgomery, Director, Cyber Solarium 2.0. "Efforts like this to strengthen the cybersecurity of water utilities will enhance national security, economic productivity and public health and safety."

The initiative has already deployed teams in Indiana, Oregon, Utah, and Vermont, offering no-cost support on network mapping, password protocols, and OT assessments. And this is just the beginning—more deployments and partnerships are on the horizon.

About

Named for Benjamin Franklin—founder of America's first volunteer fire department and publisher of Poor Richard's Almanack—DEF CON Franklin's mission is to provide a free cyber volunteer taskforce to help put out cyber "fires" for vulnerable critical infrastructure, starting with water systems, wastewater facilities, and schools across the nation. The project also publishes the Hackers' Almanack, turning insights from DEF CON's annual conference to better U.S. cybersecurity policy. DEF CON Franklin is a collaboration between DEF CON, the National Rural Water Association, and the University of Chicago Harris Cyber Policy Initiative, with support from Craig Newmark Philanthropies.

For more information or to be connected with a hacker or utility, visit defconfranklin.com. 

Follow us for updates: 

Twitter/X: @DefConFranklin │Bluesky: @projectfranklin.bsky.social │LinkedIn: def-con-franklin 

View original content to download multimedia:https://www.prnewswire.com/news-releases/hackers-and-industry-mobilize-to-defend-us-water-systems-302524908.html

SOURCE DEF CON Franklin