RAND > Congressional Resources >

Cybersecurity Issues

This page offers an easy way for policymakers to access cybersecurity research and analysis that is relevant to current Congressional agendas. For additional information, to request documents, or to arrange a briefing, contact the RAND Office of Congressional Relations at ocr@rand.org or (703) 413-1100 x5643.

Recent Findings

Commentary

New Technologies Could Help Small Groups Wreak Large-Scale Havoc

Jun 18, 2018

Lone wolves or small groups could use technologies such as drones or AI for nefarious purposes. The threat is even greater when these technologies are used along with disinformation spread over social media.
Commentary

What Do Meltdown, Spectre, and RyzenFall Mean for the Future of Cybersecurity?

May 3, 2018

Unlike most previous cyber threats, a new wave of vulnerabilities attack a computer's hardware, rather than its software. What does this mean for cybersecurity as a whole?
Report

Speed and Security: Promises, Perils, and Paradoxes of Accelerating Everything

May 1, 2018

As new technologies and social dynamics shift society into hyperdrive, speed could catalyze security risks in areas such as transportation, communication, and health. How can policymakers devise strategies to adapt?
Testimony

A Close Look at Data Thieves

Mar 15, 2018

What do cyberattackers do with the data they steal? And how do they monetize it? Grouping hackers by their goals, motivations, and capabilities can shed light on these questions.
Multimedia

Data Thieves: The Motivations of Cyber Threat Actors and Their Use and Monetization of Stolen Data

Mar 15, 2018

An overview of testimony by Lillian Ablon presented before the House Financial Services Committee, Subcommittee on Terrorism and Illicit Finance.

More Research on Cybersecurity

Briefings

Protecting Consumer Data: Considerations for Congress

Jun 8, 2018

Many of the laws that govern data privacy were developed before the widespread adoption of online communications and social media accounts. Should consumers be in charge of self-regulating what they share and how companies use it? Rebecca Balebako and John Davis will discuss policy opportunities for better protecting consumer data. [Washington, D.C.]
Equifax and the Data-Breach Era: How Worried Should We Be?

Oct 26, 2017

Large-scale data breaches have compromised the identifying information of millions of people. What can policymakers do to improve responses to such breaches, and how can the public protect information that has already been compromised? Lilian Ablon and Sina Beaghley answer these questions and more in a RAND Congressional Briefing.
RAND Cybersecurity Workshop

Aug 17, 2016

In this cybersecurity workshop, legislative staffers can learn how to calculate cyber risk; where to find appropriate information about threats, vulnerabilities, and impact; and better consider options for legislation and federal government response in cyberspace. [Washington, DC]
Lessons from a Hacker: Cyber Concepts for Policymakers

Sep 14, 2015

What do policymakers need to know as they confront growing concerns over cybersecurity? Lillian Ablon provides insights into some of the complexities of cybersecurity policymaking, including why software vulnerabilities matter and the motivations of various cyber threats actors.

Alerts & Newsletters

RAND periodically sends alerts and newsletters to update Congress on highlights of recent work about cybersecurity.

The Promises and Perils of Speed

May 4, 2018

Across the world, there is a profound sense that life is speeding up, and the faster life gets, the more we have to adjust our norms to keep pace. This ramped-up pace and how we react to it have the potential to fundamentally rework how we interact, think, and create.
In Case You Missed It: Data Thieves

Mar 22, 2018

In 2017, there were more than one thousand data breaches exposing over a billion records of sensitive data. What's happening to stolen data and how is it being monetized? Lillian Ablon addresses these concerns.
In Case You Missed It: Equifax and the Data-Breach Era

Nov 13, 2017

There has been a recent string of large-scale data breaches that have compromised the private information of millions of customers. Lillian Ablon and Sina Beaghley briefed Congressional staff on how the government and breached companies can better protect victims.
In Case You Missed It: Understanding Russian Hybrid Warfare

Mar 31, 2017

Russia's use of covert actions to achieve its national security objectives without escalating to the level of traditional war is known as hybrid warfare. Addressing this threat will take time and effort, but there are strategies the U.S. can use to combat these hybrid operations.
2016 Hill Highlights

Dec 15, 2016

In 2016, RAND experts conducted briefings on Capitol Hill, provided testimonies before congressional committees, hosted workshops, and published reports on some of the nation's most pressing issues, including health care for veterans, autonomous vehicles, NATO military posture, and cyber policy.
The Online Fight Against ISIS

May 10, 2016

The battle against ISIS is taking place both on the ground and in cyberspace: To prevail, the United States and its allies will have to be capable of reacting quickly, while following an overarching strategy.
Ransomware Hackers Are Coming for Your Health Records

Apr 27, 2016

Cybercriminals may be preying on hospitals because cyber protection measures likely have not kept pace with electronic data collection and because hospitals typically do not have backup systems and databases in place. These kind of attacks can strain health care systems and potentially put patients' lives at risk.
Cybersecurity Awareness Month: The Latest RAND Research

Oct 16, 2015

RAND's research on cybersecurity covers national security, cyberdeterrence, cybercrime centers, information sharing, cyber insurance, and cloud computing. Experts are available to discuss their work, as well as related policy proposals.

Subscribe to Congressional Alerts & Newsletters

Testimony

Data Thieves: The Motivations of Cyber Threat Actors and Their Use and Monetization of Stolen Data

Lillian Ablon
Testimony presented before the House Financial Services Committee, Subcommittee on Terrorism and Illicit Finance, on March 15, 2018.
It Takes More than Offensive Capability to Have an Effective Cyberdeterrence Posture

Martin C. Libicki
Testimony presented before the House Armed Services Committee on March 1, 2017.
Emerging Cyber Threats and Implications

Isaac R. Porche III
Testimony presented before the House Homeland Security Committee, Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies on February 25, 2016.
Perspective on 2015 DoD Cyber Strategy

Lara Schmidt
Testimony presented before the House Armed Services Committee on September 29, 2015.
Sharing Information About Threats Is Not a Cybersecurity Panacea

Martin C. Libicki
Testimony presented before the House Homeland Security Committee, Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies on March 4, 2015.

More Testimony

Briefs

The role of the 'dark web' in the trade of illicit drugs 2016

The Internet has fundamentally changed ways of doing business, including the operations of illegal markets. RAND Europe was commissioned to investigate the role of the Internet in facilitating the drugs trade, particularly in the Netherlands.
Cybersecurity of Air Force Weapon Systems: Ensuring Cyber Mission Assurance Throughout a System's Life Cycle 2015

Discusses how the Air Force acquisition/life-cycle management community can improve cybersecurity throughout the life cycle of Air Force weapon systems.
Tallying the U.S.-China Military Scorecard: Relative Capabilities and the Evolving Balance of Power, 1996–2017 2015

Discussion about China's military modernization has focused on new weapon systems, with little comparative analysis of Chinese and U.S. military forces and development. This brief summarizes a RAND Project AIR FORCE study that seeks to fill this gap.
Cybersecurity Economic Issues: Corporate Approaches and Challenges to Decisionmaking 2008

This research brief addresses key cybersecurity concerns, such as protecting critical products and services and ensuring that software will work. It identifies how organizations perceive the importance of cybersecurity in making investment decisions.

More Research on Cybersecurity

Cybersecurity Issues

Recent Findings

New Technologies Could Help Small Groups Wreak Large-Scale Havoc

What Do Meltdown, Spectre, and RyzenFall Mean for the Future of Cybersecurity?

Speed and Security: Promises, Perils, and Paradoxes of Accelerating Everything

A Close Look at Data Thieves

Data Thieves: The Motivations of Cyber Threat Actors and Their Use and Monetization of Stolen Data

Briefings

Protecting Consumer Data: Considerations for Congress

Equifax and the Data-Breach Era: How Worried Should We Be?

RAND Cybersecurity Workshop

Lessons from a Hacker: Cyber Concepts for Policymakers

Alerts & Newsletters

The Promises and Perils of Speed

In Case You Missed It: Data Thieves

In Case You Missed It: Equifax and the Data-Breach Era

In Case You Missed It: Understanding Russian Hybrid Warfare

2016 Hill Highlights

The Online Fight Against ISIS

Ransomware Hackers Are Coming for Your Health Records

Cybersecurity Awareness Month: The Latest RAND Research

Testimony

Data Thieves: The Motivations of Cyber Threat Actors and Their Use and Monetization of Stolen Data

It Takes More than Offensive Capability to Have an Effective Cyberdeterrence Posture

Emerging Cyber Threats and Implications

Perspective on 2015 DoD Cyber Strategy

Sharing Information About Threats Is Not a Cybersecurity Panacea

Briefs

The role of the 'dark web' in the trade of illicit drugs 2016

Cybersecurity of Air Force Weapon Systems: Ensuring Cyber Mission Assurance Throughout a System's Life Cycle 2015

Tallying the U.S.-China Military Scorecard: Relative Capabilities and the Evolving Balance of Power, 1996–2017 2015

Cybersecurity Economic Issues: Corporate Approaches and Challenges to Decisionmaking 2008

Contact Us

Follow