Cyber warfare involves the actions by a nation-state or international organization to attack and attempt to damage another nation's computers or information networks through, for example, computer viruses or denial-of-service attacks. RAND research provides recommendations to military and civilian decisionmakers on methods of defending against the damaging effects of cyber warfare on a nation's digital infrastructure.
Report
This report explores whether and when U.S. cyberattack capabilities can be demonstrated, then goes on to examine difficulties and drawbacks of doing so. Such brandishing is no panacea and could even backfire if misinterpreted.
Report
Testimony presented before the House Foreign Affairs Committee, Subcommittee on Europe, Eurasia, and Emerging Threats on March 21, 2013.
Report
The U.S., while worried about a "9/11 in cyberspace," also ought to worry about what a "9/12 in cyberspace" would look like. The consequences of the reaction to a cyberattack could be more serious than the consequences of the original action itself.
Commentary
Perhaps making war can persuade the attacker to stop. Yet, war also risks further disruption, great cost, as well as possible destruction and death—especially if matters escalate beyond cyberspace, writes Martin Libicki.
Commentary
The European Cyber Security Strategy is remarkable because it tries to co-ordinate policy across three areas whose competences and mandates were formerly very separate: law enforcement, the 'Digital Agenda', and defence, security, and foreign policy, writes Neil Robinson.
Report
How do governments characterize cyber threats and what role does law enforcement play in tackling cyber crime in different countries? These are some of the questions RAND Europe investigated on behalf of the Swedish National Defence College to inform the development of the Swedish Cyber Security Strategy.
Blog
The United States can manage a cybercrisis by taking steps to reduce the incentives for other states to step into crisis, by controlling the narrative, understanding the stability parameters of the crises, and trying to manage escalation if conflicts arise.
Commentary
Understanding when the United States should engage in cyberwar and who should approve cyberattacks requires understanding that cyberwar has multiple personalities: operational, strategic, and that great gray area in-between., writes Martin Libicki.
Report
The chances are growing that the United States will find itself in a crisis in cyberspace. Such crises can be managed by taking steps to reduce the incentives for other states to step into crisis, by controlling the narrative, understanding the stability parameters of the crises, and trying to manage escalation if conflicts arise from crises.
Report
The U.S. Navy requires an agile, adaptable acquisition process that can field new IT capabilities and services quickly. Successful rapid acquisition programs in the Army, Air Force, and Marine Corps offer lessons for the Navy as it develops its own streamlined processes for computer network defense and similar program areas.
Multimedia
In this conference call, RAND senior management scientist Martin Libicki discusses cyber threats—including the declaration of cyber war by "hacktivist" group Anonymous against Israel—with RAND media relations director Jeffrey Hiday.
Commentary
The U.S. military, with its high-tech systems, must protect itself from cyber threats with much the same careful management that protects it against vulnerabilities associated with, say, explosives. But there can be no choice between boots on the ground and fingers on a keyboard, writes Martin Libicki.
Blog
Admiral Dennis Blair, former National Intelligence director, discusses how the government gathers and uses intelligence on issues including Iran, cyber warfare, and the Arab Spring. Blair spoke with Reuters Editor-at-Large Sir Harold Evans during the RAND's Politics Aside event.
Journal Article
Cyberspace has become the new high ground of warfare, the one domain to rule them all and in the ether bind them, which, as this essay will argue, is the wrong way to view cyberspace and what militaries can do by operating within it.
Journal Article
It is impossible to block every cyber attack, so strategy and policy should be focused on how to respond once that attack occurs.
Commentary
Restricting cyberweapon development could be harmful inasmuch as its core activity is the discovery of vulnerabilities in software—the very activity also required to bulletproof software against attacks from criminal hackers, writes Martin Libicki.
Multimedia
In this May 2012 Congressional Briefing, Neil Robinson presented evidence from empirical studies conducted in Europe regarding cyber-security and information exchange, specifically between organizations such as information sharing and analysis centers, computer emergency response teams, and cyber-crime police.
Project
Cyberspace is increasingly important for economic growth, openness, and democracy, but poor cybersecurity can make governments, businesses, and individuals open to cyber attack and cyber crime. RAND Europe conducts a range of research on the topic to advise policymakers.
Journal Article
When it comes to cyber security, the world today is not the future that U.S. policy promised when cyber security first appeared on the national agenda well over a decade ago.
Journal Article
This article defines and explores the concept of cyber security culture within the context of the U.S. Army.
RAND® is a registered trademark. Copyright © 1994-2013 RAND Corporation.