RAND > Congressional Resources >

Cybersecurity Issues

This page offers an easy way for policymakers to access cybersecurity research and analysis that is relevant to current Congressional agendas. For additional information, to request documents, or to arrange a briefing, contact the RAND Office of Congressional Relations at ocr@rand.org or (703) 413-1100 x5643.

Recent Findings

Multimedia

Accountability in Cyberspace: The Problem of Attribution

Jan 14, 2019

Recently, several cyber incidents with geopolitical implications have received high-profile press coverage. Identifying the responsible party behind malicious cyber incidents is a necessary prerequisite for holding these actors accountable, but there are many challenges that accompany cyber attribution.
Commentary

Data Breaches Could Cause Users to Opt Out of Sharing Personal Data. Then What?

Dec 28, 2018

As tech-based systems have become all but indispensable, many institutions might assume user data will be reliable, meaningful and, most of all, plentiful. But what if this data became unreliable, meaningless or even scarce?
Commentary

When Cyber Attacks Occur, Who Should Investigate?

Dec 6, 2018

Data breaches and cyberattacks cross geopolitical boundaries, targeting individuals, corporations and governments. Creating a global body with a narrow focus on investigating and assigning responsibility for cyberattacks could be the first step to creating a digital world with accountability.
Commentary

Financial Frameworks for Cybersecurity Are Failing

Oct 25, 2018

Cybersecurity has become a team sport. But all participants on the field are playing without clear rules, without a team approach, and without knowing when to pass the ball or to whom.
Commentary

Examining the Weak Spots in Tech's Supply Chain Armor

Oct 16, 2018

When an attack on the supply chain occurs, manufacturers and purchasers should be better positioned to respond and recover. Even the simplest devices can rely on parts from multiple suppliers, which may have their own suppliers and so on. But every supplier, no matter how small, represents a potential weak link in the chain.

More Research on Cybersecurity

Briefings

Protecting Consumer Data: Considerations for Congress

Jun 8, 2018

Many of the laws that govern data privacy were developed before the widespread adoption of online communications and social media accounts. Should consumers be in charge of self-regulating what they share and how companies use it? Rebecca Balebako and John Davis will discuss policy opportunities for better protecting consumer data. [Washington, D.C.]
Equifax and the Data-Breach Era: How Worried Should We Be?

Oct 26, 2017

Large-scale data breaches have compromised the identifying information of millions of people. What can policymakers do to improve responses to such breaches, and how can the public protect information that has already been compromised? Lilian Ablon and Sina Beaghley answer these questions and more in a RAND Congressional Briefing.
RAND Cybersecurity Workshop

Aug 17, 2016

In this cybersecurity workshop, legislative staffers can learn how to calculate cyber risk; where to find appropriate information about threats, vulnerabilities, and impact; and better consider options for legislation and federal government response in cyberspace. [Washington, DC]
What Is America's Role in the World?

Nov 11, 2015

One Night with RAND brought together leaders in business, philanthropy, government, academia, and media for a discussion about the international strategic choices that will shape the U.S. role in the world for years to come.
Lessons from a Hacker: Cyber Concepts for Policymakers

Sep 14, 2015

What do policymakers need to know as they confront growing concerns over cybersecurity? Lillian Ablon provides insights into some of the complexities of cybersecurity policymaking, including why software vulnerabilities matter and the motivations of various cyber threats actors.

Alerts & Newsletters

RAND periodically sends alerts and newsletters to update Congress on highlights of recent work about cybersecurity.

Catch Up Quick: Homeland Security Issues for Congress

Aug 14, 2018

Catch up on the homeland security issues facing Congress, including cybersecurity, the Coast Guard and United States border, and countering violent extremism.
Protecting Consumer Data: Considerations for Congress

Jun 28, 2018

What policy opportunities could Congress consider to better protect consumer data? Rebecca Balebako and John Davis discuss the benefits and risks of data sharing at both the personal and industry level.
The Promises and Perils of Speed

May 4, 2018

Across the world, there is a profound sense that life is speeding up, and the faster life gets, the more we have to adjust our norms to keep pace. This ramped-up pace and how we react to it have the potential to fundamentally rework how we interact, think, and create.
In Case You Missed It: Data Thieves

Mar 22, 2018

In 2017, there were more than one thousand data breaches exposing over a billion records of sensitive data. What's happening to stolen data and how is it being monetized? Lillian Ablon addresses these concerns.
In Case You Missed It: Equifax and the Data-Breach Era

Nov 13, 2017

There has been a recent string of large-scale data breaches that have compromised the private information of millions of customers. Lillian Ablon and Sina Beaghley briefed Congressional staff on how the government and breached companies can better protect victims.
In Case You Missed It: Understanding Russian Hybrid Warfare

Mar 31, 2017

Russia's use of covert actions to achieve its national security objectives without escalating to the level of traditional war is known as hybrid warfare. Addressing this threat will take time and effort, but there are strategies the U.S. can use to combat these hybrid operations.
2016 Hill Highlights

Dec 15, 2016

In 2016, RAND experts conducted briefings on Capitol Hill, provided testimonies before congressional committees, hosted workshops, and published reports on some of the nation's most pressing issues, including health care for veterans, autonomous vehicles, NATO military posture, and cyber policy.
The Online Fight Against ISIS

May 10, 2016

The battle against ISIS is taking place both on the ground and in cyberspace: To prevail, the United States and its allies will have to be capable of reacting quickly, while following an overarching strategy.
Ransomware Hackers Are Coming for Your Health Records

Apr 27, 2016

Cybercriminals may be preying on hospitals because cyber protection measures likely have not kept pace with electronic data collection and because hospitals typically do not have backup systems and databases in place. These kind of attacks can strain health care systems and potentially put patients' lives at risk.
Cybersecurity Awareness Month: The Latest RAND Research

Oct 16, 2015

RAND's research on cybersecurity covers national security, cyberdeterrence, cybercrime centers, information sharing, cyber insurance, and cloud computing. Experts are available to discuss their work, as well as related policy proposals.

Subscribe to Congressional Alerts & Newsletters

Testimony

Data Thieves: The Motivations of Cyber Threat Actors and Their Use and Monetization of Stolen Data

Lillian Ablon
Testimony presented before the House Financial Services Committee, Subcommittee on Terrorism and Illicit Finance, on March 15, 2018.
It Takes More than Offensive Capability to Have an Effective Cyberdeterrence Posture

Martin C. Libicki
Testimony presented before the House Armed Services Committee on March 1, 2017.
Emerging Cyber Threats and Implications

Isaac R. Porche III
Testimony presented before the House Homeland Security Committee, Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies on February 25, 2016.
Perspective on 2015 DoD Cyber Strategy

Lara Schmidt
Testimony presented before the House Armed Services Committee on September 29, 2015.
Sharing Information About Threats Is Not a Cybersecurity Panacea

Martin C. Libicki
Testimony presented before the House Homeland Security Committee, Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies on March 4, 2015.

More Testimony

Briefs

Requirements for Better C2 and Situational Awareness of the Information Environment 2018

Every military activity has informational aspects, but the information environment (IE) is not well integrated into military planning, doctrine, or processes. Better understanding of the IE will improve command and control and situational awareness.
The role of the 'dark web' in the trade of illicit drugs 2016

The Internet has fundamentally changed ways of doing business, including the operations of illegal markets. RAND Europe was commissioned to investigate the role of the Internet in facilitating the drugs trade, particularly in the Netherlands.
Cybersecurity of Air Force Weapon Systems: Ensuring Cyber Mission Assurance Throughout a System's Life Cycle 2015

Discusses how the Air Force acquisition/life-cycle management community can improve cybersecurity throughout the life cycle of Air Force weapon systems.
Tallying the U.S.-China Military Scorecard: Relative Capabilities and the Evolving Balance of Power, 1996–2017 2015

Discussion about China's military modernization has focused on new weapon systems, with little comparative analysis of Chinese and U.S. military forces and development. This brief summarizes a RAND Project AIR FORCE study that seeks to fill this gap.
Cybersecurity Economic Issues: Corporate Approaches and Challenges to Decisionmaking 2008

This research brief addresses key cybersecurity concerns, such as protecting critical products and services and ensuring that software will work. It identifies how organizations perceive the importance of cybersecurity in making investment decisions.

More Research on Cybersecurity

Cybersecurity Issues

Recent Findings

Accountability in Cyberspace: The Problem of Attribution

Data Breaches Could Cause Users to Opt Out of Sharing Personal Data. Then What?

When Cyber Attacks Occur, Who Should Investigate?

Financial Frameworks for Cybersecurity Are Failing

Examining the Weak Spots in Tech's Supply Chain Armor

Briefings

Protecting Consumer Data: Considerations for Congress

Equifax and the Data-Breach Era: How Worried Should We Be?

RAND Cybersecurity Workshop

What Is America's Role in the World?

Lessons from a Hacker: Cyber Concepts for Policymakers

Alerts & Newsletters

Catch Up Quick: Homeland Security Issues for Congress

Protecting Consumer Data: Considerations for Congress

The Promises and Perils of Speed

In Case You Missed It: Data Thieves

In Case You Missed It: Equifax and the Data-Breach Era

In Case You Missed It: Understanding Russian Hybrid Warfare

2016 Hill Highlights

The Online Fight Against ISIS

Ransomware Hackers Are Coming for Your Health Records

Cybersecurity Awareness Month: The Latest RAND Research

Testimony

Data Thieves: The Motivations of Cyber Threat Actors and Their Use and Monetization of Stolen Data

It Takes More than Offensive Capability to Have an Effective Cyberdeterrence Posture

Emerging Cyber Threats and Implications

Perspective on 2015 DoD Cyber Strategy

Sharing Information About Threats Is Not a Cybersecurity Panacea

Briefs

Requirements for Better C2 and Situational Awareness of the Information Environment 2018

The role of the 'dark web' in the trade of illicit drugs 2016

Cybersecurity of Air Force Weapon Systems: Ensuring Cyber Mission Assurance Throughout a System's Life Cycle 2015

Tallying the U.S.-China Military Scorecard: Relative Capabilities and the Evolving Balance of Power, 1996–2017 2015

Cybersecurity Economic Issues: Corporate Approaches and Challenges to Decisionmaking 2008

Contact Us

Follow