Computer Viruses

  • Hawaii Air National Guardsmen evaluate network vulnerabilities during the Po’oihe 2015 Cyber Security Exercise at the University of Hawaii Manoa Campus, Honolulu, HI, June 4, 2015, photo by Airman 1st Class Robert Cabuco/Hawaii Air National Guard

    Commentary

    Developing an Objective, Repeatable Scoring System for a Vulnerability Equities Process

    If governments seek to create an objective framework for decision making about whether or when to disclose software vulnerabilities, what might that look like? What questions should be included, how should they influence the outcome and how can one interpret the results?

    Feb 5, 2019

  • Criminal hiding behind a mask on computer screen asking the owner for money

    Commentary

    The WannaCry Cyber Attack Could Be the First of Many If the NHS Takes No Action

    In the UK, the National Health Service (NHS) was one of the organizations most severely affected by the WannaCry ransomware. The NHS and other public sector organizations need to improve their cybersecurity processes and quickly before a more severe cyber attack takes place.

    Dec 1, 2017

  • Computer hacker with magnifying glass

    Commentary

    It's Time for the International Community to Get Serious About Vulnerability Equities

    Multiple countries around the world are likely discovering, retaining and exploiting zero-day vulnerabilities without a process to properly consider the trade-offs. This needs to change. It’s time for the international community to get serious about vulnerability equities.

    Nov 15, 2017

  • The U.S. Capitol building illuminated at night in Washington, D.C.

    Blog

    RAND's Summer Reading List for Congress

    Hill staffers can make the most of the Congressional recess with this list of must-read research and commentary on the policy issues they will be addressing this fall.

    Aug 4, 2017

  • A young man is frustrated by the WannaCry ransomware attack

    Commentary

    WannaCry Virus: A Lesson in Global Unpreparedness

    The WannaCry ransomware attack provides important lessons about how to secure cyber networks. History indicates that other attacks will follow. Preparedness is crucial.

    May 22, 2017

  • News Release

    News Release

    RAND Study Examines 200 Real-World 'Zero-Day' Software Vulnerabilities

    Zero-day software vulnerabilities—security holes that developers haven't fixed or aren't aware of—can lurk undetected for years. They are useful in cyber operations and in defensive and academic settings. Whether to disclose or stockpile them is an ongoing debate.

    Mar 9, 2017

  • Composite image of binary code on a sunset over water

    Report

    The Life and Times of Zero-Day Software Vulnerabilities

    Zero-day software vulnerabilities—security holes that developers haven't fixed or aren't aware of—can lurk undetected for years. They are useful in cyber operations and in defensive and academic settings. Whether to disclose or stockpile them is an ongoing debate.

    Mar 9, 2017

  • Eyeball on a laptop computer screen

    Essay

    The Digital Underworld: What You Need to Know

    A growing threat is emanating from a digital underworld where hackers sell their services like mercenaries and credit-card numbers can be had for pennies on the dollar.

    Jun 24, 2016

  • Department of Homeland Security researchers work at the Idaho National Laboratory in Idaho Falls, April 28, 2010

    Tool

    A Framework for Programming and Budgeting for Cybersecurity

    When defending an organization, cybersecurity professionals must choose from a large set of defensive measures while operating with a limited set of resources. What is the menu of actions for defending against an attack? And how can defenders navigate the selection process?

    Jan 20, 2016

  • A U.S. Air Force airman works at the 561st Network Operations Squadron, which executes defensive cyber operations

    Commentary

    The Two Sides of Cybersecurity

    Securing government networks is certainly necessary, but authorities should not lose sight of the need to couple their defense of America's networks with appropriate resources dedicated to combatting criminal, terrorist, and other threats in cyberspace.

    Nov 13, 2015

  • Malware phishing data concept

    Q&A

    Social Engineering Explained: The Human Element in Cyberattacks

    The human element is the most unpredictable factor in cybersecurity. A social engineer aims to make people do what they want or give the social engineer information, often without the person considering the negative consequences.

    Oct 20, 2015

  • Identify theft illustration

    Commentary

    U.S. Needs a New Electronic Identity-Protection Strategy to Prevent 'Hybrid Warfare' Attacks

    The U.S. government needs to develop a strategy to protect its citizens that includes a unique identifying number or code and a method for protecting these identity keys in online transactions.

    Jul 6, 2015

  • News Release

    News Release

    Companies Are Making Cybersecurity a Greater Priority, but Hackers Still May Be Gaining

    While worldwide spending on cybersecurity is close to $70 billion a year and growing, many chief information security officers believe that hackers may gain the upper hand in two to five years, requiring a continual cycle of development and implementation of stronger and more innovative defensive measures.

    Jun 10, 2015

  • An information security illustration superimposed over a businesswoman holding a tablet

    Report

    Companies Are Prioritizing Cybersecurity, but Hackers Still May Be Gaining

    While spending on cybersecurity is $70 billion a year and growing, many chief information security officers believe that hackers may gain the upper hand in two to five years, requiring a continual cycle of development and implementation of stronger and more innovative defensive measures.

    Jun 10, 2015

  • Service members working in the Global Strategic Warning and Space Surveillance System Center

    Commentary

    Put a Cybercop on the Beat

    What remains vitally needed is legislation that would grant at least one capable government organization the authority to track cyber-intruders and -criminals with the same freedom and speed of maneuver that these adversaries enjoy, while protecting the civil liberties and freedoms that allowed the establishment of the Internet.

    Jan 22, 2015

  • People pose in front of a display showing the word 'cyber' in binary code, Zenica, Bosnia and Herzegovina, December 27, 2014

    Commentary

    After a Year of Major Hacks, 2015 Resolutions to Bolster Cyber Security

    With numerous data breaches and emerging software vulnerabilities, 2014 was the year the hack went viral. But realizing a few New Year's resolutions in 2015 could help defenders make strides in protection, tools, and techniques to gain the edge over cyber attackers in years to come.

    Dec 31, 2014

  • Two boys sitting on a couch playing video games, photo by Sean Davis/Fotolia

    Report

    Living Room Connected Devices: Opportunities, Security Challenges, and Privacy Implications

    The "Internet-connected living room" poses security and privacy implications for industry and consumers, offering potential benefits as well as threats associated with the technical capabilities of living room connected devices.

    Sep 2, 2014

  • hands on a computer keyboard in a dark room

    Commentary

    The Hackers' Bazaar

    Today's cyber black markets have evolved into playgrounds of financially driven, highly organized and sophisticated groups, often connected with traditional crime organizations.

    Apr 11, 2014

  • News Release

    News Release

    Black Markets for Hackers Are Increasingly Sophisticated, Specialized and Maturing

    Black and gray markets for computer hacking tools, services, and byproducts such as stolen credit card numbers continue to expand, creating an increasing threat to businesses, governments, and individuals.

    Mar 25, 2014

  • An analyst looks at code in the malware lab of a cyber security defense lab at the Idaho National Laboratory

    Report

    Black Markets for Hackers Are Increasingly Sophisticated, Specialized, and Maturing

    Black and gray markets for computer hacking tools, services, and byproducts such as stolen credit card numbers continue to expand, creating an increasing threat to businesses, governments, and individuals.

    Mar 25, 2014