Cybercrime

Featured

A wide range of computer security threats exists—including faulty software, password trafficking and fraud, and hostile groups intending to inflict damage—and awareness of these threats varies. RAND has conducted research to measure and increase understanding of the impact of cybercrime on businesses and governments and has addressed such issues as the pros and cons of counterattack, the value of deterrence and vigilance, and actions that can be taken in the face of cyberattack.

Explore Cybercrime

  • Hawaii Air National Guardsmen evaluate network vulnerabilities during the Po’oihe 2015 Cyber Security Exercise at the University of Hawaii Manoa Campus Center Ballroom, June 4, 2015

    Commentary

    Developing an Objective, Repeatable Scoring System for a Vulnerability Equities Process

    If governments seek to create an objective framework for decision making about whether or when to disclose software vulnerabilities, what might that look like? What questions should be included, how should they influence the outcome and how can one interpret the results?

    Feb 5, 2019

  • Accountability in Cyberspace: The Problem of Attribution

    Multimedia

    How to Achieve Accountability in Cyberspace

    Identifying the responsible party behind malicious cyber incidents is necessary for holding bad actors accountable. But there are many challenges that accompany cyber attribution. Creating an independent, global organization that investigates and publicly assigns blame for major hacks could help.

    Jan 14, 2019

  • Journal Article

    Journal Article

    Economics of Vulnerability Disclosure

    This study serves as a follow up to the 2015 ENISA Good Practice Guide on Vulnerability Disclosure and seeks to provide a glimpse into the economics, costs, and incentives related to discovering and disclosing vulnerabilities.

    Dec 14, 2018

  • World map with electronic circuits

    Commentary

    When Cyber Attacks Occur, Who Should Investigate?

    Data breaches and cyberattacks cross geopolitical boundaries, targeting individuals, corporations and governments. Creating a global body with a narrow focus on investigating and assigning responsibility for cyberattacks could be the first step to creating a digital world with accountability.

    Dec 6, 2018

  • Journal Article

    Journal Article

    The Trade in Small Arms and Light Weapons on the Dark Web: A Study

    A summary of the main findings and implications of the first empirical study investigating the scale and scope of arms trafficking on the dark web, illustrating the range of weapons traded, their market price and most common transit routes.

    Oct 24, 2018

  • Processor pins of a microchip

    Commentary

    Examining the Weak Spots in Tech's Supply Chain Armor

    When an attack on the supply chain occurs, manufacturers and purchasers should be better positioned to respond and recover. Even the simplest devices can rely on parts from multiple suppliers, which may have their own suppliers and so on. But every supplier, no matter how small, represents a potential weak link in the chain.

    Oct 16, 2018

  • Hacker on a laptop

    Commentary

    Have a Victim Response Plan for Data Breaches

    In a large data breach, there could be a real risk to victims' financial or personal security. Though responsible organizations should do everything in their power to ensure data is protected in the first place, they also should prepare a plan to ensure prompt victim response.

    Oct 2, 2018

  • Report

    Report

    Developing Cybersecurity Capacity: A proof-of-concept implementation guide

    This document is a proof-of-concept operational toolbox designed to facilitate the development of national-level cybersecurity capacity building programmes and of holistic policy and investment strategies to tackle challenges in the cyber domain.

    Aug 2, 2018

  • Server room data center with icon representing cloud storage

    Report

    Identifying Law Enforcement Needs for Access to Digital Evidence in Remote Data Centers

    Researchers discuss the challenge of accessing data in remote data centers, summarize the discussion of an expert panel, and provide a list of needs identified and prioritized by the panel to inform concerned communities and stakeholders.

    Apr 23, 2018

  • Padlock generated from a particle vortex

    Multimedia

    Data Thieves: The Motivations of Cyber Threat Actors and Their Use and Monetization of Stolen Data

    An overview of testimony by Lillian Ablon presented before the House Financial Services Committee, Subcommittee on Terrorism and Illicit Finance.

    Mar 15, 2018

  • Brochure

    A focus on cybersecurity

    Cybersecurity has risen to become a prominent issue of national and global security for governments and international organisations worldwide. A focus on cybersecurity looks at the issues and details RAND Europe's expertise and work in the area.

    Feb 15, 2018

  • Opening Ceremony of the 2018 Winter Olympics in Pyeongchang, South Korea, February 9, 2018

    Commentary

    Why the 2018 Winter Olympics Are the Perfect Storm for Cyberattacks

    The Olympic Games could invite the most severe cyber threats to a major sporting event in recent years. The location of the Games and increased connectivity, both among the public and infrastructure, make them a prime target for cyberattacks.

    Feb 12, 2018

  • Shiny gold Bitcoin coin with gun on black background

    Commentary

    Bitcoin and the Dark Web: The New Terrorist Threat?

    Bitcoin has become the prominent currency of the dark web, which is often used to buy illegal goods, such as weapons and drugs. Anecdotal evidence suggests terrorists are using cryptocurrency and the dark web, but further investigation is needed.

    Jan 22, 2018

  • Report

    Report

    Estimating the Global Cost of Cyber Risk: Methodology and Examples

    This report shares a transparent and adaptable methodology for estimating present and future global costs of cyber risk. The report has a companion Excel-based modeling and simulation platform that allows users to alter assumptions.

    Jan 15, 2018

  • A composite image with hands on a keyboard and a padlock surrounded by a visualisation of a computer network

    Tool

    Estimating the Global Cost of Cyber Risk Calculator

    This Excel-based modeling and simulation tool estimates present and future global costs of cyber attacks and incidents. Users can also alter assumptions to investigate a wide variety of research questions.

    Jan 15, 2018

  • A security lock symbol on computer circuit board

    Report

    Law Enforcement Cyber Center: Final Technical Report

    Cybercrime is a challenge for local and state law enforcement. The Law Enforcement Cyber Center (LECC) was established to provide a resource to combat cybercrime. This report summarizes the LECC's activities and provides recommendations.

    Jan 15, 2018

  • Conceptual image of human voice

    Commentary

    Fake Voices Will Become Worryingly Accurate

    New technology can convincingly fake the human voice and create security nightmares. Considering the widespread distrust of the media, institutions, and expert gatekeepers, audio fakery could start wars.

    Jan 8, 2018

  • A child poses with a Lego Boost set, a predicted top seller this Christmas, at the Hamleys toy store in London, Britain, October 12, 2017

    Commentary

    Smart Toys May Pose Risks

    Parents shouldn't avoid buying smart toys during the holidays, particularly if these devices top children's Christmas lists. But parents should definitely be wary of the security and privacy risks that smart toys can pose.

    Dec 21, 2017

Research conducted by