As more and more human activities — involving governments, businesses, individuals, and society as a whole — move into "cyberspace," they become exposed to a new set of vulnerabilities that can be exploited by a wide spectrum of "bad actors" for a variety of motives. This paper discusses questions such as: (1) How serious are the likely threats to different segments of society, both today and in the future, from cyberspace-based attacks by various "bad actors" — such as hackers, criminals, disgruntled employees, terrorists and nation-sponsored informational attacks? (2) What are the current best strategies for achieving security in cyberspace? (3) What roles and missions should various national entities (police, defense forces, local governments, etc.) be assigned to counter these threats, given that it is often unclear who the perpetrator is, and from where the threat emanates? (4) Are there specific services and institutions in each nation — which we term a "national interest element" — that play such vital roles in society that their protection from cyberspace-based attacks should be of national concern? This paper does not answer all these questions, but at least attempts to structure the discussion so that meaningful answers can be obtained.
This report is part of the RAND Corporation Paper series. The paper was a product of the RAND Corporation from 1948 to 2003 that captured speeches, memorials, and derivative research, usually prepared on authors' own time and meant to be the scholarly or scientific contribution of individual authors to their professional fields. Papers were less formal than reports and did not require rigorous peer review.
Our mission to help improve policy and decisionmaking through research and analysis is enabled through our core values of quality and objectivity and our unwavering commitment to the highest level of integrity and ethical behavior. To help ensure our research and analysis are rigorous, objective, and nonpartisan, we subject our research publications to a robust and exacting quality-assurance process; avoid both the appearance and reality of financial and other conflicts of interest through staff training, project screening, and a policy of mandatory disclosure; and pursue transparency in our research engagements through our commitment to the open publication of our research findings and recommendations, disclosure of the source of funding of published research, and policies to ensure intellectual independence. For more information, visit www.rand.org/about/principles.
The RAND Corporation is a nonprofit institution that helps improve policy and decisionmaking through research and analysis. RAND's publications do not necessarily reflect the opinions of its research clients and sponsors.