What to Know About ‘Hacker-Volunteers’ Set to Help Water Utilities with Cybersecurity

Who Are Hacker-Volunteers?

Hacker-volunteers, often called ethical hackers or white-hat hackers, are cybersecurity experts who use their skills to identify and fix vulnerabilities in digital systems. Unlike malicious hackers, these individuals collaborate with organizations to strengthen defenses against cyber threats. Recently, groups like Hackers for Good and initiatives such as CISA’s Cybersecurity Advisory Committee have mobilized volunteers to assist water utilities, which are increasingly targeted by cyberattacks.

Why Are Water Utilities Vulnerable?

Water treatment plants, distribution systems, and infrastructure often rely on legacy technology with outdated security protocols. Many utilities operate on limited budgets, making it challenging to invest in modern cybersecurity tools. For example, the 2021 attack on Oldsmar, Florida’s water treatment facility—where hackers attempted to alter chemical levels—highlighted the sector’s risks. With threats ranging from ransomware to nation-state actors, securing these systems is critical to public safety.

The Role of Ethical Hackers

Volunteer hackers work with utilities to:

• Conduct vulnerability assessments to identify weak points in networks and operational technology (OT).
• Perform penetration testing to simulate attacks and gauge system resilience.
• Train staff on cybersecurity best practices, such as recognizing phishing attempts.
• Assist in incident response during breaches to minimize downtime and damage.

Organizations like the Water Information Sharing and Analysis Center (WaterISAC) also facilitate collaboration between utilities and cybersecurity volunteers.

Benefits of Volunteer Involvement

• Cost-Effective Expertise: Many utilities lack in-house cybersecurity teams. Volunteers provide high-value skills at minimal cost.
• Proactive Defense: Identifying vulnerabilities before attackers exploit them prevents service disruptions and safety hazards.
• Knowledge Sharing: Volunteers educate utility staff, fostering long-term security improvements.

Challenges and Considerations

While beneficial, these partnerships face hurdles:

• Legal and Liability Issues: Volunteers must operate under strict agreements to avoid unintended system disruptions.
• Trust and Vetting: Utilities need assurance that volunteers have no malicious intent. Background checks and partnerships with reputable organizations mitigate this risk.
• Sustainability: Volunteer efforts should complement, not replace, long-term investments in cybersecurity infrastructure.

The Path Forward

Government agencies like CISA and the EPA are advocating for stronger cybersecurity regulations in the water sector. Initiatives like the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) provide frameworks for public-private collaboration. However, hacker-volunteers will remain vital in bridging gaps until systemic improvements are implemented. Their involvement underscores the importance of community-driven solutions in safeguarding critical infrastructure.