DEF CON Calls for Cybersecurity Volunteers to Defend Critical Infrastructure
DEF CON conference organizations are looking for volunteers to join a Franklin initiative to help secure critical infrastructure and school systems that lack the expertise required to defend themselves against cyberattacks.
Additionally, the initiative led by The University of Chicago – Harris Cyber Policy Initiative hopes to produce a 2024 Hackers Almanack, an annual report of the most interesting, impactful and cutting-edge talks, research and vulnerabilities identified across DEF CON events by the “villages” that these events are organized around.
Jake Braun, chairman of Franklin and former White House acting principal deputy national cyber director, said that initially effort will focus on critical infrastructure owned by approximately 50,000 water utilities in the U.S., before extending the reach of the effort into other areas.
Jeff Moss, founder of DEF CON, noted that while the initiative itself may be ambitious, the learnings created from these initiatives will more than justify the effort.
The challenge, as always when it comes to cybersecurity, is the professionals who have the necessary expertise are often hard-pressed to find additional time to devote to volunteer efforts. Many already have their hands full trying to defend the organizations they work for, from thousands of daily cyberattacks.
Nevertheless, many cybersecurity professionals also have a deep sense of patriotism that will drive them to volunteer, noted Braun. In many cases, the biggest challenge is simply organizing those efforts across all the potential projects that might need them, he added.
Critical Infrastructure Services Face Ransomware Attacks
The most pressing cybersecurity issue faced by utilities that are usually the stewards of critical infrastructure services is ransomware. Cybercriminals have become especially adept at targeting industrial control systems (ICS) that many utilities rely on to manage flows of water, gas and electricity.
Additionally, nation-states often look to plant malware within critical infrastructure, that in the event of hostilities will be among the first targets they will seek to take offline as part of an effort to cripple an adversary by, for example, taking power offline. Terrorists might also seek to cripple services as part of a campaign to advance a cause they support.
Regardless of the motivation, the ability of utilities, many of which are operated by small cities, to defend critical infrastructure from these attacks is limited. Most of them lack the budget resources to hire a team of cybersecurity experts or contract the services of a managed security services provider (MSSP). As such, there is a crucial need of cybersecurity professionals to voluntarily lend their expertise to defend critical infrastructure in the name of national security, said Braun.
In some instances, it may even behoove organizations or MSSPs that are part of a local community to make the cybersecurity expertise they have in-house available to local utility providers, to help ensure national security.
Just how many cybersecurity experts will be needed is yet to be determined, but disruption of services that can be traced back to a cybersecurity event are only going to become more frequent. The challenge and the opportunity now is to find the best way to collectively thwart those attacks or, at the very least, minimize their impact.