Periodic updates to Congress on RAND research | Web version

Follow OCR on Twitter
October 16, 2015


October Is Cybersecurity Month

Illustrated photo of a person typing on a keyboard

Kacper Pempel/Reuters

As part of cybersecurity awareness month, we bring you highlights of RAND's large and growing body of research focused on recognizing the potential threats to information security and data integrity, as well as implications for personal and institutional privacy.

This research covers national security, cyberdeterrence, cybercrime centers, information sharing, cyber insurance, and cloud computing. RAND experts are available to discuss their work and related policy proposals.

Featured Research

Define Acceptable Cyberspace Behavior

Define Acceptable Cyberspace Behavior

Daniel Gerstein writes in U.S. News & World Report that while a U.S.-China cyberspace agreement is a welcome step, it underscores greater issues facing the United States and the international community in this largely ungoverned space. He explains the need for an overarching cyber doctrine that defines acceptable behavior and allows the U.S. to defend its networks against threats.

Read the commentary »

Perspective on 2015 Department of Defense Cyber Strategy

Perspective on 2015 DoD Cyber Strategy

Lara Schmidt explained in testimony before the House Armed Services Committee that the DoD's cyber strategy is aligned with its mission, but there will be challenges to implementation—including building and maintaining a capable workforce, assessing risk across DoD networks and systems, and planning for operations.

Read the testimony »

War on the Web

War on the web

Isaac Porche writes in Newsweek that while the U.S. Cyber Command is preparing the nation's defenses for the coming ramp-up in cyberwarfare-like attacks, the messages spread instantly by hordes of attackers through social media may not be receiving the attention they deserve.

Read the commentary »

Learning to Stop Worrying and Love the Internet of Things

Learning to Stop Worrying and Love the Internet of Things

Late last month, Fiat Chrysler recalled 1.4 million cars to fix a defect that allowed hackers to imperil drivers from afar. Martin Libicki explains on The RAND Blog that—in essence—what was considered a huge threat was converted into a solved or at least solvable problem.

Read the commentary »

Strategies for Defending U.S. Government Networks in Cyberspace

Strategies for Defending U.S. Government Networks in Cyberspace

Daniel Gerstein discussed in testimony before the House Homeland Security Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies how hackers, including state and non-state actors, are continuing to find opportunities to penetrate U.S. government networks. Defending these networks will require a systems approach.

Read the testimony »

Privacy vs Security? Europeans' Preferences on Transport Security and Surveillance Measures

Privacy vs security?

RAND Europe has collected evidence from one of the largest-ever surveys of citizens' views across Europe on security, surveillance and privacy issues in three scenarios: train travel, internet use, and storage of health records.

Read the research brief »

Defender's Dilemma: Charting a Course Toward Cybersecurity

Defender's Dilemma

While spending on cybersecurity is $70 billion a year and growing, Martin Libicki and Lillian Ablon found in a RAND report that many chief information security officers believe that hackers may gain the upper hand in two to five years, requiring a continual cycle of development and implementation of stronger and more innovative defensive measures.

Read the report »

Is It Time to Appoint a Data Security Czar?

Is It Time to Appoint a Data Security Czar?

Susan Everingham and Lillian Ablon discuss how cybersecurity needs to become more of a priority for the government and private corporations. Whatever the solution, public and private officials need to do a better job of weighing the risk-benefit calculation of storing data on Internet-accessible computers and justifying data-handling protocols.

Read the commentary »

The High Cost of Hacks

The High Cost of Hacks

Sasha Romansky explains how the cyber insurance industry can play a critical role in informing corporations about effective security controls, monitoring the use of those controls, and therefore help reduce the probability and magnitude of breaches. But it may be squandering this opportunity.

Read the commentary »

RAND Cyber Experts

Lillian Ablon

Lillian Ablon @LilyAblon
Information Privacy
Information Security
Open Source Intelligence

Susan Everingham

Susan Everingham
Modeling and Simulation

Daniel Gerstein

Daniel Gerstein @daniel_gerstein
Big Data
Critical Infrastructure Protection

Martin Libicki
Information Sharing
Cyber Warfare

Isaac Porche @IsaacPorche
Cyber Warfare
Information Security

Sasha Romanosky

Sasha Romanosky
Cyber Insurance
Information Privacy
Information Security

Lara Schmidt
Cyber Warfare
Military Technology

Cynthia Dion-Schwarz

Cynthia Dion-Schwarz @CDionSchwarz
Cyber Warfare
Threat Assessment

RAND Congressional Resources Staff

Jayme Fuglesten
Director, Office of Congressional Relations

Laura Patton
Legislative Analyst

RAND Office of Congressional Relations
(703) 413-1100, ext. 5395


To unsubscribe, please write to or call (703) 413-1100, ext. 5156.

Members of Congress and staff may receive a free copy of RAND reports by writing to or calling (703) 413-1100, ext. 5395.

RAND can also provide briefings, research assistance, testimony, and other services to Congressional offices.

Sign up for other RAND Congressional Newsletters and Alerts

Learn More

RAND Congressional Resources offers an easy way for policymakers to access research and analysis that is relevant to current congressional agendas. For more information, visit

Get Weekly Updates from RAND

Policy Currents Newsletter

Subscribe to the weekly RAND Policy Currents newsletter and stay on top of important research and analysis on today's most pressing issues. Policy Currents provides highlights of new research findings, commentary, multimedia, and events.

The RAND Corporation is a nonprofit institution that helps improve policy and decisionmaking through research and analysis.

Follow RAND

Privacy statement | Email to unsubscribe | Manage your email subscriptions

RAND Corporation

RAND Corporation. 1776 Main Street, Santa Monica, CA 90401-3208.
RAND® is a registered trademark.