image depicting a graphical model intended to help prevent hackers from attacking important and potentially vulnerable computer resources

Challenges and Opportunities in Cyberspace

A graphical model intended to help prevent hackers from attacking important and potentially vulnerable computer resources

Photo by Pacific Northwest National Laboratory

Cyberspace provides opportunities for innovation, commerce, and societal advancement but also raises significant issues for policymakers in securing cyber vulnerabilities, ensuring privacy and protection of personal data, and considering the use of cyber weapons as a national security asset. Cyber threats pose a broad and deep challenge. Over the past decade, governmental and nonstate hackers have become increasingly sophisticated in their assaults on the cyber systems the nation depends on for essential services, economic prosperity, and security. Such breaches threaten critical infrastructure, intellectual property, privacy of users’ data, sensitive national security information, and government personnel data. Future cyber attacks could threaten the interconnected global economy and raise the prospect of cyber warfare between nation-states. The Internet is also being used for other malign purposes—by criminals to operate their nefarious enterprises and by terrorists to recruit and encourage violent attacks through online propaganda. In this environment, commercial entities, governments, and individuals are just beginning to consider the rules and norms that should govern the relatively new cyber domain.

Different Levels of Participants in the Underground Market

A graphic depicts the different levels of participants in the underground market as a triangular hierarchy. The hierarchy has multiple categories in three basic groupings. At the top of the triangle are Administrators followed by Subject-matter experts, both of which categories are considered sophisticated and highly-skilled. Examples of subject matter experts include elite researchers, exploit developers, zero-day researchers, malware writers, identity collectors, programmers, and tech experts. In the middle of the triangle are intermediaries/brokers, followed by vendors. These categories can be sophisticated or unsophisticated. Examples of vendors include as-a-service providers, virtual money mule services, spammers, botnet owners, drop service, distributors, hosted systems providers, cashiers, and ID/financial data providers. The bottom of the triangle is composed of mules (witting), then general members, and finally mules (unwitting). These categories are all considered unsophisticated, or less skilled. Examples of general members include buyers and observers.

This figure depicts the different participant levels in the underground market proportionally. Included are participant sophistication and skill levels, and examples of various roles. Drawn from Markets for Cybercrime Tools and Stolen Data: Hackers' Bazaar (RR-610)

Why Is the Issue Important for the Incoming Administration?

In such a rapidly evolving environment, the development of policy, legal, economic, and societal parameters for cyberspace—domestically and internationally—have failed to keep pace with the threat. The incoming administration will need to consider actions early on to address this gap, such as the following:

  • Invest in strengthening the cybersecurity of federal systems and replace legacy systems that are insufficiently secure.
  • Accelerate the growth of federal cyber workforce capabilities and capacity through recruitment, training, and retention programs focused on needed cyber skills.
  • Build stronger cybersecurity partnerships between the government and private organizations—including through threat reporting and the implementation of the Cybersecurity Act of 2015—while ensuring appropriate privacy protections.
  • Ensure appropriate regulatory and law enforcement tools to protect against Internet abuse for subversion, radicalization, and criminal activities, and promote international cooperation on cyber investigations.
  • Seek concurrence on international norms for nation-state behavior in cyberspace to limit the prospect of conflict and preserve freedom of expression and commerce.
  • Articulate clear policies on cyber deterrence and cyber warfare to guide Department of Defense and Intelligence Community plans and operations.

To this end, the incoming administration’s great challenge will be to bring order to the policy landscape, treating cyberspace as an integral part of global economic, societal, and geopolitical systems.

Members of the Academy Cyber Competition team

Members of the U.S. Air Force Academy Cyber Competition team run through practice scenarios

Photo by John Van Winkle / U.S. Air Force

RAND Research Addresses Cyber Threats

In Their Own Words

RAND's Lillian Ablon discusses the basics of cyber and information security and provides insights into some of the complexities of cybersecurity policymaking

Contact a RAND Researcher

Use the contact form below, or review a list of selected experts on cybersecurity and information technology.