Technology allows individuals and organizations access to more comprehensive and diverse information, but this access requires that electronic information, networks, data repositories, and data transmissions be adequately safeguarded. RAND has developed a large body of research focused on recognizing the potential threats to information security and data integrity, as well as implications for personal and institutional privacy.
Cyberspace is increasingly important for economic growth, openness, and democracy, but poor cybersecurity can make governments, businesses, and individuals open to cyber attack and cyber crime. RAND Europe conducts a range of research on the topic to advise policymakers.
Report
The objective of this study was to establish a high level understanding of cyber defence capabilities across EDA's participating Member States (pMS) to support progress toward a more consistent level of cyber defence capability across the EU.
Commentary
The fact is that the United States needs to gear up for the coming era of cyber threats — and start by ensuring its financial flank is not catastrophically compromised, writes Mark Sparkman.
Report
Testimony presented before the House Foreign Affairs Committee, Subcommittee on Europe, Eurasia, and Emerging Threats on March 21, 2013.
Report
The U.S., while worried about a "9/11 in cyberspace," also ought to worry about what a "9/12 in cyberspace" would look like. The consequences of the reaction to a cyberattack could be more serious than the consequences of the original action itself.
Commentary
The European Cyber Security Strategy is remarkable because it tries to co-ordinate policy across three areas whose competences and mandates were formerly very separate: law enforcement, the 'Digital Agenda', and defence, security, and foreign policy, writes Neil Robinson.
Report
The Swedish Center for Asymmetric Threat Studies asked RAND to investigate cyber-security within national defence and security strategies. The report presents research findings and is of interest to cyber-security practitioners and policymakers.
Commentary
While the opening of the EC3 at Europol, in line with our first-choice scenario, is very welcome, our study uncovered a range of risks that the EC3 will need to confront if it is to tackle cybercrime in a more coordinated and effective manner, writes Neil Robinson.
Blog
The United States can manage a cybercrisis by taking steps to reduce the incentives for other states to step into crisis, by controlling the narrative, understanding the stability parameters of the crises, and trying to manage escalation if conflicts arise.
Report
The chances are growing that the United States will find itself in a crisis in cyberspace. Such crises can be managed by taking steps to reduce the incentives for other states to step into crisis, by controlling the narrative, understanding the stability parameters of the crises, and trying to manage escalation if conflicts arise from crises.
Report
The U.S. Navy requires an agile, adaptable acquisition process that can field new IT capabilities and services quickly. Successful rapid acquisition programs in the Army, Air Force, and Marine Corps offer lessons for the Navy as it develops its own streamlined processes for computer network defense and similar program areas.
Multimedia
In this conference call, RAND senior management scientist Martin Libicki discusses cyber threats—including the declaration of cyber war by "hacktivist" group Anonymous against Israel—with RAND media relations director Jeffrey Hiday.
Journal Article
This document presents a rapid assessment of the innovation and competitiveness impacts of the measures affecting: automated processing; control of data processing; and data transfers.
Journal Article
A snapshot of the current status of ENISAs support for CERTs and LEAs, and includes good practice and recommendations for both communities.
Journal Article
ENISA conducted a study identifying possible causes inhibiting the cyber-insurance market in Europe and investigating incentives to kick-start its development.
Commentary
Innovative approaches are needed to break the current stalemate of information sharing and to build a solid and reliable evidence base on the state of cyber-security, writes Neil Robinson.
Past Event
The U.S. House and Senate have numerous cyber-security proposals on the agenda to consider in the coming months. In this briefing, Neil Robinson presents evidence from empirical studies conducted in Europe regarding cyber-security and information exchange.
Report
After visiting EU high tech crime units, conducting interviews with stakeholders, and holding a scenario-based workshop, RAND Europe researchers determined that a European Cybercrime Centre hosted by Europol would bring together input from several different entities and drive a common approach to tackling cybercrime.
Journal Article
When it comes to cyber security, the world today is not the future that U.S. policy promised when cyber security first appeared on the national agenda well over a decade ago.
Report
It has become clear that Stuxnet-like worms pose a serious threat even to critical U.S. infrastructure and computer systems that are not connected to the Internet. However, defending against such attacks involves complex technological and legal issues.
RAND® is a registered trademark. Copyright © 1994-2013 RAND Corporation.