Technology allows individuals and organizations access to more comprehensive and diverse information, but this access requires that electronic information, networks, data repositories, and data transmissions be adequately safeguarded. RAND has developed a large body of research focused on recognizing the potential threats to information security and data integrity, as well as implications for personal and institutional privacy.
Cyberspace is increasingly important for economic growth, openness, and democracy, but poor cybersecurity can make governments, businesses, and individuals open to cyber attack and cyber crime. RAND Europe conducts a range of research on the topic to advise policymakers.
Testimony presented before the House Foreign Affairs Committee, Subcommittee on Europe, Eurasia, and Emerging Threats on March 21, 2013.
The U.S., while worried about a "9/11 in cyberspace," also ought to worry about what a "9/12 in cyberspace" would look like. The consequences of the reaction to a cyberattack could be more serious than the consequences of the original action itself.
The Swedish Center for Asymmetric Threat Studies asked RAND to investigate cyber-security within national defence and security strategies. The report presents research findings and is of interest to cyber-security practitioners and policymakers.
The chances are growing that the United States will find itself in a crisis in cyberspace. Such crises can be managed by taking steps to reduce the incentives for other states to step into crisis, by controlling the narrative, understanding the stability parameters of the crises, and trying to manage escalation if conflicts arise from crises.
The U.S. Navy requires an agile, adaptable acquisition process that can field new IT capabilities and services quickly. Successful rapid acquisition programs in the Army, Air Force, and Marine Corps offer lessons for the Navy as it develops its own streamlined processes for computer network defense and similar program areas.
After visiting EU high tech crime units, conducting interviews with stakeholders, and holding a scenario-based workshop, RAND Europe researchers determined that a European Cybercrime Centre hosted by Europol would bring together input from several different entities and drive a common approach to tackling cybercrime.
It has become clear that Stuxnet-like worms pose a serious threat even to critical U.S. infrastructure and computer systems that are not connected to the Internet. However, defending against such attacks involves complex technological and legal issues.
The EC Health and Consumer Protection Directorate-General commissioned RAND Europe to provide support in developing a comprehensive data strategy for DG SANCO that meets the needs of increasingly evidence-based policymaking in the future.
Cloud computing is a model for enabling on-demand network access to a shared pool of computing resources—such as storage and applications—that can be rapidly provisioned with minimal management effort or service provider interaction. RAND Europe explored the security, privacy, and trust challenges that cloud computing poses.
What is the role of government in a borderless internet world? RAND Europe assesses the implications for policy makers.
Terrorists use network technologies as they plan and stage attacks. This book explores the purpose and manner of the use of these technologies, their net effect, and security forces' possible responses.
Explores the potential for and limitations to information warfare, including its use in weapons systems and in command-and-control operations as well as in the generation of ''noise'' and how far ''friendly conquest'' in cyberspace extends.
A comprehensive and up-to-date collection of information on rules, regulations and laws concerning computer misuse in all 25 European Union (EU) countries.
Analyzes past U.S. strategic influence campaigns and looks at how and in what circumstances such campaigns can best be applied to today’s struggle against terrorism.
Analyzes the relationship between corporate governance and information assurance
Reports the results of a workshop on ensuring the security of information against malevolent actions by insiders in the intelligence community with access to sensitive information and information systems.
Reflects the findings of a conference on cyber security and cyber crime, looking into the urgency for a better common understanding and better cooperation on these issues, in terms of number of users and in terms of social, cultural and economic impact.
Netwar includes conflicts waged, on the one hand, by terrorists, criminals, gangs, and ethnic extremists; and by civil-society activists on the other. What distinguishes netwar is the networked organizational structure of its practitioners -- with many groups actually being leaderless -- and their quickness in coming together in swarming attacks.
This is the second in a series of conference reports on the topic of R&D initiatives to mitigate and thwart the insider threat to critical U.S. defense and infrastructure information systems.
Discusses the vulnerability of the nation's information infrastructure to external attacks and other kinds of disruptions.