2018 Cybersecurity Reports: Cybercrime and the Darknet, and Multiyear Plan for Energy Sector Cybersecurity - Protecting Electricity Delivery, Energy Reliability, and Power Utilities from Cyber Attack

Professionally converted for accurate flowing-text e-book format reproduction, this is a compilation of two vital and unique government reports issued in 2018 about cyber security issues: Cybercrime and the Darknet: Effects on Cybersecurity Practices (Homeland Security) and the Multiyear Plan for Energy Sector Cybersecurity (Energy Department).

DARKNET: Darknet platforms and their growing popularity present unique challenges to cybersecurity. Blocking all Darknet traffic is difficult and often unduly burdensome for many system operators. Command-and-Control (C2) servers hosted on the Darknet are difficult to uncover and shutdown, making the Darknet an attractive haven. The proliferation of stolen credentials on Dark Web markets leave systems vulnerable, even if systems have secure networks. Tor, often called The Onion Router, is a Darknet platform that anonymizes users' Internet Protocol (IP) addresses. Tor is primarily used in two ways: to access the Open Web (the portion of the Web accessible with traditional Web Browsers) or to access the hidden services of the Dark Web (which is only accessible via Darknet platforms). In 2017, Tor use grew more than 50 percent, rising steadily from 2 million daily users at the end of 2016 to 3 million daily users by December 2017. Tor and other Darknet platforms present unique challenges for cybersecurity.

ENERGY SECTOR: Protecting America's energy systems from cyber attacks and other risks is a top national priority. Reliable energy and power is the cornerstone of our advanced digital economy and is essential for critical operations in transportation, water, communications, finance, food and agriculture, emergency services, and more. Today, any cyber incident has the potential to disrupt energy services, damage highly specialized equipment, and threaten human health and safety. As nation-states and criminals increasingly target energy networks, the federal government must help reduce cyber risks that could trigger a large-scale or prolonged energy disruption. The U.S. Department of Energy's Office of Electricity Delivery and Energy Reliability (DOE OE) has prepared this DOE Multiyear Plan for Energy Sector Cybersecurity to improve cybersecurity and resilience of the nation's energy system. It lays out an integrated strategy to reduce cyber risks in the U.S. energy sector by pursuing high-priority activities that are coordinated with other DOE offices, and with the strategies, plans, and activities of the federal government and the energy sector.

This includes close alignment with the cybersecurity priorities of the 2017 National Security Strategy and with recommendations from private-sector executives in the National Infrastructure Advisory Council's 2017 Securing Cyber Assets study—both of which recognize that energy sector cybersecurity is imperative for national security and economic prosperity. The Multiyear Plan framework helps to align the efforts of government at all levels with those of energy owners and operators and key energy stakeholders in the private sector.

Letter from the Assistant Secretary * Executive Summary * 1. Introduction * The Cyber Risk Landscape * Strategic Imperatives for Energy Sector Cybersecurity * 2. DOE's Cybersecurity Partnership * OE's Partnership with the Energy Sector * Partnerships with National Laboratories and the Research Community * Coordination with Federal Cybersecurity Efforts * 3. DOE Roles and Authorities for Cybersecurity * Drivers for the OE Multiyear Plan * 4. OE Cybersecurity Strategy: Winning Today and Changing the Game for Tomorrow * Goal 1 * Strengthen Energy Sector Cybersecurity Preparedness * Goal 2 * Coordinate Cyber Incident Response and Recovery * Goal 3 * Accelerate Game-Changing RD&D of Resilient Energy Delivery Systems