A wide range of computer security threats exists—including faulty software, password trafficking and fraud, and hostile groups intending to inflict damage—and awareness of these threats varies. RAND has conducted research to measure and increase understanding of the impact of cybercrime on businesses and governments and has addressed such issues as the pros and cons of counterattack, the value of deterrence and vigilance, and actions that can be taken in the face of cyberattack.
REPORT
After visiting EU high tech crime units, conducting interviews with stakeholders, and holding a scenario-based workshop, RAND Europe researchers determined that a European Cybercrime Centre hosted by Europol would bring together input from several different entities and drive a common approach to tackling cybercrime.
PROJECT
Cyberspace is increasingly important for economic growth, openness, and democracy, but poor cybersecurity can make governments, businesses, and individuals open to cyber attack and cyber crime. RAND Europe conducts a range of research on the topic to advise policymakers.
REPORT
It has become clear that Stuxnet-like worms pose a serious threat even to critical U.S. infrastructure and computer systems that are not connected to the Internet. However, defending against such attacks involves complex technological and legal issues.
COMMENTARY
A truly monumental attack that could cripple key U.S. computer systems — something akin to the Stuxnet worms attack on Iran's nuclear infrastructure, for example — would take many months of planning, significant expertise, and a great deal of money to pull off, writes Isaac Porche.
REPORT
Passwords are proving less and less capable of protecting computer systems from abuse. Multifactor authentication (MFA) — which combines something you know (e.g., a PIN), something you have (e.g., a token), and/or something you are (e.g., a fingerprint) — is increasingly being required. This report investigates why organizations choose to adopt or not adopt MFA — and where they choose to use it.
REPORT
Cloud computing is a model for enabling on-demand network access to a shared pool of computing resources—such as storage and applications—that can be rapidly provisioned with minimal management effort or service provider interaction. RAND Europe explored the security, privacy, and trust challenges that cloud computing poses.
JOURNAL ARTICLE
Encryption is seen as a way to prevent malicious use of patient data, but there is no empirical evidence that it does.
COMMENTARY
The highly sophisticated Stuxnet computer worm suspected of sending Iran's nuclear centrifuges into self-destruction mode forces a difficult debate on whether longstanding firewalls in our country's democracy should be breached for the sake of national security, writes Isaac Porche.
REPORT
What is the role of government in a borderless internet world? RAND Europe assesses the implications for policy makers.
NEWS RELEASE
Because it will be difficult to prevent cyber attacks on critical civilian and military computer networks by threatening to punish attackers, the United States must focus its efforts on defending these networks from cyber attack.
REPORT
Because it will be difficult to prevent cyber attacks on critical civilian and military computer networks by threatening to punish attackers, the United States must focus its efforts on defending these networks from cyber attack.
COMMENTARY
In the future, the EU will inevitably have to adjust its system of rules to cope with the evolving uses of personal data, globalization and international data flows, write Neil Robinson and Lorenzo Valeri.
RESEARCH BRIEF
This research brief addresses key cybersecurity concerns, such as protecting critical products and services and ensuring that software will work. It identifies how organizations perceive the importance of cybersecurity in making investment decisions.
NEWS RELEASE
Security experts from the technology industry, law enforcement and academia will outline what is needed to better measure and understand the effect of computer-based crime in the United States during a public forum Sept. 25 in Silicon Valley.
REPORT
Explores the potential for and limitations to information warfare, including its use in weapons systems and in command-and-control operations as well as in the generation of “noise” and how far “friendly conquest” in cyberspace extends.
NEWS RELEASE
On behalf of the U.S. Departments of Justice and Homeland Security, the RAND Corporation is fielding the first national survey to measure the impact of cybercrime on American businesses.
REPORT
The Computer Security Incident Response Team (CSIRT) Legal Handbook provides a comprehensive collection of information on European and national rules, regulations, and laws concerning computer misuse, as well as guidelines for when and how law enforcement must be informed of incidents.
REPORT
Understanding an organization’s reliance on information systems and how to mitigate the vulnerabilities of these systems can be an intimidating challenge — especially when considering less well-known weaknesses or even unknown vulnerabilities that have not yet been exploited. The authors introduce the Vulnerability Assessment and Mitigation methodology, a six-step process that uses a top-down approach to protect against future…
REPORT
Reports the results of a workshop on the problems of ensuring the security of information against malevolent actions by insiders in the intelligence community (IC) with access to sensitive information and information systems. Attendees discussed community system models, vulnerabilities and exploits, attacker models, and event characterization, and discussed databases that would aid them in their work.
REPORT
This report reflects the findings of a conference on cyber security and cyber crime in 2002 in The Hague, The Netherlands. It looks into the urgency for a better common understanding and better cooperation on these issues, in the light of the growth of the Internet, both in terms of number of users and in terms of social, cultural and economic impact. Focus was at three themes regarding the role of the public and the private sector in…
RAND® is a registered trademark. Copyright © 1994-2012 RAND Corporation.